Creating Data Security Plans – What Tax Pros Should Know

NSTPInternal Revenue Service (IRS), Security, Security Summit

Creating Data Security Plans - What Tax Pros Should Know

Creating Data Security Plans – What Tax Pros Should Know Tax pros must create a written security plan to protect their clients’ data. In fact, the law requires them to make this plan. Creating a data security plan is one part of the new Taxes-Security-Together Checklist. The IRS and its Security Summit partners created this checklist. It helps tax professionals protect sensitive data in their offices and on their computers. Many tax preparers may not realize they are required under federal law to have a data security plan. Each plan should be tailored for each specific office. When creating it, the tax professional should take several factors into consideration. This includes things like the company’s size, the nature of its activities, and the sensitivity of its customer information. Creating a plan Tax professionals should make sure to do these things when writing and following their data security plans: Include the name of all information security program managers. Identify all risks to customer information. Evaluate risks and current safety measures. Design a program to protect data. Put the data protection program in place. Regularly monitor and test the program. Selecting a service provider Companies should have a written contract with their … Read More

ICYMI: Security Summit Warns of New IRS Impersonation Email Scam

NSTPInternal Revenue Service (IRS), Online Scams, Security Summit

ICYMI: Security Summit Warns of New IRS Impersonation Email Scam

ICYMI: Security Summit Warns of New IRS Impersonation Email Scam; Reminds Taxpayers the IRS Does Not Send Unsolicited Emails Note to NSTP members – please get out the word to your clients about this new scam. This is a fast growing scam and many taxpayers have been affected. The link in the email sends them to a website that is an exact duplicate of the IRS Website. Remind your clients that the IRS NEVER communicates by email to taxpayers. The first point of contact will always be a notice or assessment through the U.S. mail. The Internal Revenue Service and its Security Summit partners warned taxpayers and tax professionals about a new IRS impersonation scam campaign spreading nationally on email. Remember: the IRS does not send unsolicited emails and never emails taxpayers about the status of refunds. The IRS this week detected this new scam as taxpayers began notifying phishing@irs.gov about unsolicited emails from IRS imposters. The email subject line may vary, but recent examples use the phrase “Automatic Income Tax Reminder” or “Electronic Tax Return Reminder.” The emails have links that show an IRS.gov-like website with details pretending to be about the taxpayer’s refund, electronic return or tax account. … Read More

Taxes-Security-Together Checklist – Step 2: Written Data Security Plan

NSTPInternal Revenue Service (IRS), Security, Security Summit

'Taxes-Security-Together' Checklist - Step 2: Tax Professionals Reminded

Taxes-Security-Together Checklist – Step 2: Written Data Security Plan The IRS, state tax agencies and the nation’s tax industry today reminded all “professional tax preparers” that federal law requires them to create a written information security plan to protect their clients’ data. The reminder came as the IRS and its Security Summit partners urged tax professionals to take time this summer to review their data security protections. To help them in this complex area, the Summit created a special “Taxes-Security-Together” Checklist as a starting point. “Protecting taxpayer data is not only a good business practice, it’s the law for professional tax preparers,” said IRS Commissioner Chuck Rettig. “Creating and putting into action a written data security plan is critical to protecting your clients and protecting your business.” Creating a data security plan is the second item on the “Taxes-Security-Together” Checklist. The first step for tax professionals involved deploying the “Security Six” basic steps to protect computers and email. Although the Security Summit — a partnership between the IRS, states and the private-sector tax community — is making major progress against tax-related identity theft, cybercriminals continue to evolve, and data thefts at tax professionals’ offices remain a major threat. Thieves use … Read More

TAX SECURITY 101: TAX PROFESSIONALS MUST MAINTAIN, PROTECT EFINS; MONITOR EFINS, PTINS AND CAF NUMBERS

NSTPElectronic Filing Identification Number (EFIN), Fraud, Individual Taxpayer Identification Number (ITIN), Preparer Tax Identification Number (PTIN), Security, Security Summit, Uncategorized

The Internal Revenue Service and the Security Summit partners warned tax professionals that savvy cybercriminals target IRS-issued identification numbers to help impersonate practitioners as well as taxpayers.

TAX SECURITY 101 – TAX PROFESSIONALS VICTIMIZED BY DATA THEFTS OFFER HARD-WON SECURITY LESSONS TO COLLEAGUES:

NSTPData Theft, Security Summit, Uncategorized

As cybercriminals continue to increasingly pursue tax professionals’ data, the Internal Revenue Service and the Security Summit partners today released lessons learned by victims in the tax community to help others avoid being targeted by identity thieves.

IRS, Summit Partners warn on tax deadline scams, ‘IRS Refunds’ email

NSTPInternal Revenue Service (IRS), Security Summit

With the April 17 tax deadline approaching, the Internal Revenue Service and Security Summit partners urge taxpayers and tax professionals to be alert to identity theft scams, especially a new email version currently pretending to be from “IRS Refunds.” The “IRS Refunds” scam is a common tactic used by cybercriminals to trick people into opening a link or attachment associated with the email. This link takes people to a fake page where thieves try to steal personally identifiable information, such as Social Security numbers. Often these links or attachments also secretly download malware that can perform many functions, such as giving the thief control of the computer or tracking keystrokes to determine other sensitive passwords or critical data. The IRS does not randomly contact taxpayers or tax professionals via email, including asking people to confirm their tax refund information. The IRS initiates most contacts through regular mail delivered by the United States Postal Service. However, there are special circumstances in which the IRS will call or come to a home or business, such as when a taxpayer has an overdue tax bill, to secure a delinquent tax return or a delinquent employment tax payment, or to tour a business as part … Read More