More and more, tax professionals are relying on working remotely, also known as teleworking, in order to stay connected with clients and remain productive.
In order to protect the vital information so critical to the income tax process, the Internal Revenue Service and its Security Summit partners are urging tax pros to secure their remote locations by using Virtual Private Networks (VPNs) to protect against cyber threats.
A VPN provides a secure, encrypted “tunnel” to transmit data between a remote user through the internet and the company’s network. With teleworking or working from home increasing during the pandemic, VPNs are critical for protecting and securing internet connections.
Part Three in a Series
The Security Summit has issued a five-part series of guidance articles entitled “Working Virtually: Protecting Tax Data at Home and at Work.” This is the third in that series.
The security awareness initiative by the IRS, state tax agencies and the private-sector tax industry – working together as the Security Summit – spotlights basic security steps for all practitioners, but especially those working remotely or social distancing in response to COVID-19.
"For firms expanding telework options during this time, a virtual private network is a must have," said IRS Commissioner Chuck Rettig. "We continue to see tax pros fall victim to attacks every week. These networks are something you can't afford to go without. The risk is real. Taking steps now can protect your clients and protect your businesses."
Costly Sins of Omission
Teleworking practitioners who fail to use VPNs risk remote takeovers by cyber-thieves, giving criminals access to the tax pro’s entire office network merely by accessing an employee’s remote internet connection.
Tax professionals should seek out cybersecurity experts if they can afford it. If not, tax pros can search online for “Best VPNs” to find a legitimate vendor. Major technology websites also provide lists of top services.
However, never click on a “pop-up” ad hawking a security product. Usually, it’s a scam.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) also encourages companies and organizations to use VPNs.
CISA offers this advice:
- Update VPNs, network infrastructure devices and devices being used to remote into work environments with the latest software patches and security configurations.
- Alert employees to an expected increase in phishing attempts.
- Ensure information technology security personnel are prepared to ramp up these remote access cybersecurity tasks: log review, attack detection, and incident response and recovery.
- Implement multi-factor authentication on all VPN connections to increase security. If multi-factor is not implemented, require teleworkers to use strong passwords
- Ensure IT security personnel test VPN limitations to prepare for mass usage and, if possible, implement modifications—such as rate limiting—to prioritize users that will require higher bandwidths.
For more information on VPNs and other security measures, check out the newly revised IRS Publication 4557, Safeguarding Taxpayer Data, and Small Business Information Security: The Fundamentals by the National Institute of Standards and Technology.
In addition, Publication 5293, Data Security Resource Guide for Tax Professionals, can provide a compilation of data theft information available on IRS.gov.
To stay connected to the IRS for the latest in security alerts and recommendations, subscribe to e-News for Tax Professionals and Social Media; or visit Identity Theft Central at IRS.gov/identitytheft.