Remembering former IRS Commissioner Mortimer Caplin
N.H. enacts anti-Wayfair online sales tax nexus bill

6 tax security tips for pros and taxpayers alike

Computer identity theft_Don Hankins-Flickr
Computer hacking ID theft image by Don Hankins via Flickr

The $700 million deal reached by the credit-reporting company Equifax and federal and state agencies has brought the issue of identity theft back into the public consciousness.

Truth be told, it never really left.

Every day, we're bombarded by warnings about how crooks are constantly trying to steal our personal information so they can use it take our money and take over our lives.

That's a message the Internal Revenue Service is still working to get out to taxpayers and tax professionals alike.

Its latest effort is a six-point tax security checklist.

Tax pros as first bulwark against crooks: The IRS, in conjunction with its Security Summit partners in the states and tax industry, is urging tax professionals to review critical security steps to ensure they are fully protecting their computers and email as well as safeguarding sensitive taxpayer data.

Tax preparer offices are prime targets for ID thieves since a successful breach of these locations gives the crooks tons of data on all the pros' clients.

The officially titled Taxes-Security-Together Checklist offers specific actions tax pros should take. But many of these basic protections could and should be employed by everyone.

1. Install and update anti-virus software.
Anti-virus software scans computer files or memory for certain patterns that may indicate the presence of malicious software, known as malware. The software looks for patterns based on the signatures or definitions of known malware from cyber criminals.

Anti-virus vendors find new issues and update malware daily. You need to take advantage of this latest data by scanning your entire computer and/or network periodically. It's easy to do so by conducting:

  • Automatic scans, which are easy to configure so that the program automatically scan specific files or directories in real time and prompt users at set intervals to perform complete scans.
  • Manual scans, where you manually deploy the software to scan files and media received from an outside source before opening them. This manual process includes:
    • Saving and scanning email attachments or web downloads rather than opening them directly from the source and
    • Scanning portable media, including CDs and DVDs, for malware before opening files.

When selecting an anti-virus package, take time to earn about its features.

Make sure it includes protections against spyware, a type of malware intended to steal sensitive data and passwords without the user's knowledge: Strong security software should protect against spyware.

A strong security package also should contain anti-phishing capabilities. Never open an email from a suspicious source, click on a link in a suspicious email or open an attachment. If you do, your and your clients' data could be compromised.

2. Set up firewalls.
Firewalls provide protection against outside attackers by shielding your computer or network from malicious or unnecessary web traffic and preventing malicious software from accessing your systems.

Firewalls can be configured to block data from certain suspicious locations or applications while allowing relevant and necessary data through, according to the U.S. Computer Emergency Readiness Team (US-CERT), a division of the Department of Homeland Security.

FirewallFirewalls may be broadly categorized as hardware or software.

Hardware types typically are called network firewalls. These external devices are positioned between a computer and the internet or another network connection. Hardware-based firewalls are particularly useful for protecting multiple computers and control the network activity that attempts to pass through them.

Software firewalls are found in most operating systems (OS). This built-in firewall feature provides added protection even if you're using an external firewall. If it's not part of your OS, you can obtain firewall software from a local computer store, software vendor or internet service provider.

One warning here. If you download firewall software from the internet, make sure it is from a reputable source, such as an established software vendor or service provider, and is delivered via a secure website.

3. Use two-factor authentication. 
Many email providers now offer customers two-factor authentication protections to access email accounts. Tax professionals should always use this option to prevent their accounts from being compromised.

Two-factor authentication helps by adding an extra layer of protection beyond a password. Often two-factor authentication means the returning user must enter credentials (username and password) plus another step, such as entering a security code sent via text to a mobile phone. The idea is a thief may be able to steal the username and password but it's highly unlikely they also would have a user’s mobile phone to receive a security code and complete the process.

Check your email account settings to see if the provider offers two-factor protections.

4. Make sure you back up data.
Critical files on computers should routinely be backed up, either using software or services, to external sources.

This means a copy of the file is made and stored either online as part of a cloud storage service or similar product. Alternately, a copy of the file should be made to an external disk or hard drive.

Also take care that taxpayer data that is backed up also is encrypted.

5. Encrypt your computer drive.
As far as encryption, tax pros should consider drive encryption software for full-disk encryption that can help protect the sensitive client data maintained by tax practitioners on their computers and networks.


Drive encryption, or disk encryption, transforms data on the computer into unreadable files for an unauthorized person accessing the computer to obtain data. Drive encryption may come as a stand-alone security software product. It may also include encryption for removable media, such as a thumb drive and its data.

6. Use a Virtual Private Network.
If a tax firm's employees must occasionally connect to unknown networks or work from home, establish an encrypted Virtual Private Networks (VPN) to allow for a more secure connection. A VPN provides a secure, encrypted tunnel to transmit data between a remote user via the Internet and the company network.

Don't be your worst security enemy: While these security steps are important ways to stymie cyber crooks looking to steal your tax and personal data, they do not guarantee that you won't be a target or eventual victim.

Despite your best technological efforts, you still could be your data's worst threat.

There's no protection if you fall for email phishing scams and divulge sensitive data, such as usernames and passwords.

The Security Summit reminds the tax community — and individual taxpayers — that computer tax data users, not any software or security system, is the first-line of defense in protecting sensitive material.

More steps on the way for all: This security checklist is the first of a five-part weekly series the IRS will be making available on a weekly basis to help tax pros improve their office's security measures.

And at the risk of being repetitive — although redundancy is never bad when fighting tax crimes — note that while tax pros are the prime audience, the steps detailed here can be used by anyone.

Yes, tax preparer offices offer the criminals a bigger bang for the cyber break-in buck, they still target individuals, regardless of status or age. That's important to remember since millions of us do our taxes ourselves online each year, as well as keep electronic tax records and financial data needed to complete our 1040 forms.

"These six steps are simple actions that anyone can take," said IRS Commissioner Chuck Rettig. "The important thing to remember is that every tax professional, whether a sole practitioner or a partner in a large firm, is a potential target for cybercriminals. No tax business should assume they are too small or too smart to avoid identity thieves."

You also might find these items of interest:





Feed You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.