We’re always looking for a good analogy to help describe the dangers facing today’s tax preparers.
One that comes to mind comes from the story of our gallant pilots in World War II. Like those carrier pilots, today’s tax pros take off on a mission using all the planning and information they can get in advance. And in spite of weather, air traffic and other conditions, they manage to deliver their payloads (in this case, tax returns accepted by the IRS) and return to base and their congratulatory colleagues.
There’s just one catch: Carrier pilots and tax practitioners both have people shooting at them. Pilots faced bullets; tax pros face hackers armed with malware. Lots of malware.
So we turn to a pilot’s phrase to describe how to keep flying the taxing skies: Stay ahead of the curve. What it meant to carrier pilots was to keep the engine running strong enough (ahead of the “power curve”) during an approach to stay in control should the landing be aborted. Be ready for anything.
In the tax business it should mean keeping our defenses up at all times and always doing the most we can to guard our firm’s and our customers’ data from identity thieves.
The Full Metal Jacket
The Internal Revenue Service has released a new, expanded guide for tax professionals that can be used in the fight to protect data. It’s part of the Security Summit’s “Protect Your Clients; Protect Yourself: Tax Security 101” awareness campaign.
The campaign is aimed at providing tax offices with the basic information they need to better protect taxpayer data and to help prevent the filing of fraudulent tax returns.
As with any good pilot “staying ahead of the curve,” here are some of the steps tax professionals can take before they take off, ensuring they can complete the mission without getting “shot down:”
- Learn to recognize phishing emails, especially those pretending to be from the IRS, a tax software provider, cloud storage provider or state tax agencies. Never open a link or any attachment from a suspicious email.
- Create a data security plan using IRS Publication 4557, Safeguarding Taxpayer Data, and Small Business Information Security – The Fundamentals, by the National Institute of Standards and Technology.
- Review internal controls for their business. Preparers should:
- Install anti-malware and anti-virus security software on all devices, such as laptops, desktops, routers, tablets and phones. Keep software set to automatically update.
- Create passwords of at least eight characters; longer is better. Use different passwords for each account, use special and alphanumeric characters, use phrases, password protect wireless devices and consider a password manager program.
- Encrypt all sensitive files and emails using strong password protections.
- Back up sensitive data to a safe and secure external source not connected full time to a network.
- Wipe clean or destroy old computer hard drives and printers that contain sensitive data.
- Limit access of taxpayer data to individuals who need to know.
- Check IRS e-Services account weekly for number of returns filed with your EFIN.
- Report any data theft or data loss to the appropriate IRS Stakeholder Liaison.
- Stay connected to the IRS through subscriptions to e-News for Tax Professionals, Quick Alerts and Social Media.
Another good source of material and concrete steps tax pros can take, is the Federal Trade Commission’s download page. Here you can get copies of Protecting Personal Information: A Guide for Business; and
Start with Security: A Guide for Business. Both these publications can help with writing a security plan and structuring tax office data defense policies.