Creating Data Security Plans – What Tax Pros Should Know
Tax pros must create a written security plan to protect their clients’ data. In fact, the law requires them to make this plan. Creating a data security plan is one part of the new Taxes-Security-Together Checklist. The IRS and its Security Summit partners created this checklist. It helps tax professionals protect sensitive data in their offices and on their computers.
Many tax preparers may not realize they are required under federal law to have a data security plan. Each plan should be tailored for each specific office. When creating it, the tax professional should take several factors into consideration. This includes things like the company’s size, the nature of its activities, and the sensitivity of its customer information.
Creating a plan
Tax professionals should make sure to do these things when writing and following their data security plans:
- Include the name of all information security program managers.
- Identify all risks to customer information.
- Evaluate risks and current safety measures.
- Design a program to protect data.
- Put the data protection program in place.
- Regularly monitor and test the program.
Selecting a service provider
Companies should have a written contract with their service provider. The provider must:
- Maintain appropriate safety measures.
- Oversee the handling of customer information review.
- Revise the security program as needed.
Follow the “Security Six” steps to help protect taxpayer data
Tax professionals should review security steps to make sure they are fully protecting sensitive taxpayer data…
Here is more info about these basic protections that everyone – especially tax professionals handling sensitive data – should use:
- Anti-virus software
- This software scans computer files or memory for certain patterns that may indicate there’s malicious software – also called malware – on the device.
- Anti-virus vendors find new issues and update malware daily. This is why it’s important for users to install the latest updates of the software.
- Firewalls provide protection against outside attackers. The firewall shields computers and networks from malicious or unnecessary web traffic. This helps prevents malicious software from accessing the user’s system.
- Two-factor authentication
- Two-factor authentication adds an extra layer of protection beyond a password.
- The returning user enters credentials like a username and password. Then, there’s another step, such as entering a security code.
- Backup software or services
- Users should routinely back up critical files on their computers and hard drives to external sources.
- Drive encryption
- Because tax professionals keep sensitive client data on their computers, users should consider drive encryption software.
- Drive encryption is also known as disk encryption. It transforms data on the computer into unreadable files. This means only people who are authorized to access the data can do so.
- Virtual private network
- Many tax firms’ employees must occasionally connect to unknown networks or work from home. So, the office should establish an encrypted virtual private network. This allows for a more secure connection.
- A VPN provides a secure, encrypted tunnel to transmit data between a remote user over the internet and the company network.
More information :
- Publication 4557, Safeguarding Taxpayer Data
- Small Business Information Security: The Fundamentals by the National Institute of Standards and Technology
- Publication 5293, Data Security Resource Guide for Tax Professionals