Tax practitioners are warned to safeguard client data

By Sally P. Schreiber, J.D.

The IRS began a new campaign to warn tax practitioners to beware of new threats from cybercriminals that target client data, allowing the criminals to prepare fraudulent tax returns that are difficult to detect. As part of that campaign, the IRS has introduced a new publication, Publication 5293, Data Security Resource Guide for Tax Professionals.

The IRS warns that data theft from tax practitioners continues to be a growing problem, with technically sophisticated cybercriminals employing evolving tactics to steal data.

The campaign is a joint effort by the IRS and its Security Summit partners, which include state tax agencies and the private-sector tax preparation industry.

The IRS announced that, as part of its efforts, it has also updated Publication 4557, Safeguarding Taxpayer Data, to better reflect current threats tax professionals face.

The IRS announcement also reiterated the steps it has urged tax practitioners to take to ensure client information is not breached:

  • Recognize phishing emails, especially those pretending to be from the IRS, a tax software provider, cloud storage provider, or state tax agencies. Never open a link or any attachment from a suspicious email. The IRS does not contact a tax professional via email initially.
  • Create a data security plan using Publication 4557, and Small Business Information Security — The Fundamentals, by the National Institute of Standards and Technology.
  • Review internal controls for the business by:
    • installing anti-malware/anti-virus security software on all electronic devices and keeping software set to automatically update;
    • creating string passwords or passphrases and using different passwords for each account. (Use a password manager program to keep track of different passwords.);
    • encrypting all sensitive files and emails;
    • backing up sensitive data to a secure external source not connected full time to a network;
    • wiping clean or destroying old computer hard drives and printers that contain sensitive data;
    • limiting access to taxpayer data to those who need to know;
    • checking IRS e-Services account weekly for the number of returns filed with the practitioner's electronic filing identification number (EFIN) to be sure only the practitioner has used it;
    • reporting any data theft or data loss to the appropriate IRS Stakeholder Liaison; and
    • staying connected to the IRS through subscriptions to e-News for Tax Professionals, QuickAlerts, and social media.

The IRS further emphasized the dangers posed by cybercriminals who have often outwitted efforts to stop them. The IRS noted that in many cases, tax practitioners were not aware that their client's data had been stolen.

Sally P. Schreiber (Sally.Schreiber@aicpa-cima.com) is a Tax Adviser senior editor.

Newsletter Articles

50th ANNIVERSARY

50 years of The Tax Adviser

The January 2020 issue marks the 50th anniversary of The Tax Adviser, which was first published in January 1970. Over the coming year, we will be looking back at early issues of the magazine, highlighting interesting tidbits.

TAX RELIEF

Quirks spurred by COVID-19 tax relief

This article discusses some procedural and administrative quirks that have emerged with the new tax legislative, regulatory, and procedural guidance related to COVID-19.