The Security Summit opened the 2021 “Protect Your Clients; Protect Yourself” campaign by highlighting the benefits of multi-factor authentication. Since its creation in 2015, the Summit—a group consisting of the Internal Revenue Service, state departments of revenue, and private members of the tax industry—has worked to combat the threat of tax-related identity theft scams.

What is the “Protect Your Clients; Protect Yourself” Campaign?

The annual “Protect Your Clients; Protect Yourself” campaign is the Security Summit’s annual educational outreach that has been dedicated to raising awareness of data security issues since 2016. This year’s theme—"Boost Security Immunity: Fighting Against Identity Theft”—is an obvious nod to the pandemic that has spawned several new phishing scams.

When the Summit announced the focus of this year’s event, they acknowledged an increase in scams that have successfully targeted tax pros who are increasingly relying on digital client communications. Those concerns were once again echoed in this week’s IRS press release.

“Through June 30, 2021, there have been 222 data theft reports this year from tax professionals to the IRS, outpacing the rate of 211 in 2020 and 124 in 2019,” the IRS warns. “Each individual report may involve hundreds to thousands of taxpayers. Client information stolen from tax professionals’ offices is used to create fraudulent tax returns that are difficult to detect because the identity thief is using real financial data.”

How can multi-factor authentication help protect my accounts?

The term “multi-factor authentication” may sound like a mouthful, but the premise is quite simple. Most user accounts require a password to access: a single “authentication factor.” Those requiring more than one piece of user-provided information are protected by multi-factor authentication. The more factors, generally, the safer the account.

For many accounts, multi-factor authentication is an optional security feature that uses a third-party application—like Google Authenticator—to randomly generate a code that users enter as part of the login process. When installed on a separate device (your smart phone, for example), this can further complicate scammers’ attempts to hijack your accounts by requiring physical access to the device on which the authenticator is installed.

To encourage adopting multi-factor authentication, the IRS says that “many tax professionals whose client data was stolen failed to use multi-factor authentication.”

What else should I do to protect my accounts?

The IRS and Security Summit say that everyone should follow these five tips to protect their data:

• Use anti-virus software and set it for automatic updates. Anti-virus software scans existing files and drives on computers - and mobile phones – to protect from malware.
• Use a firewall to shield digital devices from external attacks.
• Use backup software/services to protect data. Making a copy of files can be crucial, especially if the user becomes a victim of a ransomware attack. 
• Use drive encryption to secure computer locations where sensitive files are stored. Encryption makes data on the files unreadable to unauthorized users.
• Create and secure Virtual Private Networks. A VPN provides a secure, encrypted tunnel to transmit data between a remote user via the Internet and the company network. Search for “Best VPNs” to find a legitimate vendor; major technology sites often provide lists of top services.

Finally, the agency notes that tax pros that they are required by the Federal Trade Commission’s Safeguards Rule to create and maintain a written data security plan for their practice. If you need an example of a written data security plan, check out the Drake Software Tax Office Security Plan: “Easy Steps to Create Your Mandatory Tax Office Security Plan (SAMPLE INCLUDED!).”

Source: IR-2021-155