Dear Tax Professional,
Increasingly, there has been a lot of discussion and messaging around the importance of data and information security. It’s because tax professionals are the prime targets for identity thieves and data breaches continue to affect tax professionals at an alarming rate. Cybercriminals use sophisticated and ever evolving techniques to gain access to your systems. These criminals steal sensitive taxpayer data, file fraudulent tax returns and create financial havoc for you and your clients. Data security is a necessity for every tax professional; protecting taxpayer data is your legal responsibility.
While there are many steps you can take to reduce the risk of becoming a victim of cybercriminals, creating and maintaining a data security plan tops the list. The Federal Trade Commission requires all financial institutions (yes, tax return preparers are included in the definition of financial institutions) to have a data security plan. Your plan should be designed to protect all the sensitive taxpayer data entrusted to you as a tax professional. A data security plan is an essential step in protecting your business against data loss and tax related identity theft. A security plan does not guarantee that your business will not be targeted, but it will help you identify what aspects of your business may be vulnerable and how to improve your security posture related to that weakness.
Getting started on a security plan is a challenge for some. Many tax professionals seek the help of a cybersecurity professional to customize a data security plan for their business. Because every business is unique, cybersecurity pros can address your individual business needs and craft a security plan that safeguards both your business and your clients’ data. There is a big market for cybersecurity professionals, but before hiring a cyber pro:
- Ask for recommendations – talk to other tax professionals and business owners for references
- Be selective – hire a professional that you feel comfortable with and trust discussing the safety and security of your business and your clients
- Do interviews – ask about their level of experience in data and systems protection, available options for backing up data, experience developing security plans for similar sized businesses, and the scope of monitoring for current and emerging security threats.
- Make it official – secure an agreement or engagement letter that details the terms of each service provided.
Our hope is that you never become the victim of a security breach; however, no computer or business is immune to compromise. Being prepared goes a long way in helping to protect your clients and yourself. Remember, protecting taxpayer information is not only good for your clients and your business – it’s the law.
Have a secure and successful filing season and watch for your next email on what you can do to help safeguard your clients and your business.
IRS Return Preparer Office