The latest meeting of the IRS’ Security Summit working group has grabbed a lot of headlines recently. Among the news is that income tax preparers will be expected to secure the taxpayer data under their control from hackers and identity thieves.
For large accounting firms with large-scale computer systems, that could be as simple as turning the whole issue over to their IT department. But what does it mean for the thousands of independent preparers who use, at most, a handful of computers in one office?
Assess Your Risk
To get a better picture of what the Security Summit members had in mind when they made that recommendation, is to download IRS Publication 4557, Safeguarding Taxpayer Data. The publication has a number of helpful checklists that can help shepherd preparers through the process of assessing their cyber-security.
One of the first things any security check-up entails is a risk assessment. This means realistically posing questions based on your security setup and see where various scenarios lead. As the Pub 4557 checklist puts it:
“Identify the risks and potential impacts of unauthorized access, use, disclosure, disruption, modification or destruction of information and information systems that can be used to access taxpayer data.
“How vulnerable is your customer’s data to theft, disclosure, unauthorized alterations or unrecoverable loss? What can you do to reduce the impact to your customers and your business in such an event? What can you do to reduce vulnerability?”
Another approach to risk assessment is offered by StaySafeOnline.org, a website of the National Cyber Security Alliance. SSO narrows an assessment to just five questions:
- What information do you collect?
- How do you store the information?
- Who has access to the information?
- How do you protect your data?
- What steps are you taking to secure your computers, network, email and other tools?
And security doesn’t stop just with your computers. Pub 4557’s checklists cover your physical office security as well as how you handle employee security.
If you do have employees, you’ll also want to look over the Media Security section, detailing best practices for the use of USB drives, flash drives and other writable media within the office.
More to Come
The Security Summit working group – which is made up of members of the tax preparation industry, state tax agencies, and the IRS – is working on further developing security measures and standards for all income tax preparers. Expect more guidance and developments between now and filing season.