IRS Press Release:
==============
IR-2018-161, Aug. 7,
2018
WASHINGTON — As
cybercriminals continue to increasingly pursue tax professionals’ data, the
Internal Revenue Service and the Security Summit partners today released
lessons learned by victims in the tax community to help others avoid being
targeted by identity thieves.
In recent years,
hundreds of tax professionals experienced data thefts or breaches that exposed
their clients’ personal information to cybercriminals and to tax-related
identity theft.
Today, several of
those tax professionals offer their suggestions to their colleagues, actions
they wish they had taken to safeguard their customers and their businesses. The
tips range from taking out cyber insurance to using stronger private networks.
These suggestions – pulled anonymously from victimized professionals -- offer
an opportunity for the tax community to learn from these common mistakes and
avoid a devastating data loss for their clients and their business.
This is the fifth in a
series called "Protect Your Clients; Protect Yourself: Tax Security 101."
The Security Summit awareness campaign is intended to provide tax professionals
with the basic information they need to better protect taxpayer data and help
prevent the filing of fraudulent tax returns.
Although the Security
Summit -- a partnership between the IRS, states and the private-sector tax
community -- is making progress against tax-related identity theft,
cybercriminals continue to evolve, and data thefts at tax professionals’
offices is on the rise. Thieves use stolen data from tax practitioners to
create fraudulent returns that can be harder to detect and harder to
distinguish from legitimate taxpayer returns.
Lesson: Get cyber insurance coverage
A common refrain from
tax professionals who have been victimized by cybercriminals is they either
were glad they had – or wish they had – insurance coverage for data loss.
Many tax professionals
maintain business policies that may cover property and liability, but it may
not fully coverage data thefts. Tax professionals victimized by these crimes
recommend they also explore cyber coverage for data breaches. This may require
an addendum or rider to the policy. Practitioners also suggest that that the
dollar amount of the policy be large enough to cover expenses.
Some insurance
companies provide teams of experts in the event of a data theft, assisting tax
professionals in identifying the source of the data breach and resolving it.
These teams may also help notify clients or provide extended protections. Just
as important, these teams of experts may assist tax professionals proactively,
helping make sure adequate safeguards are in place to prevent a data theft.
Another
recommendation: If using cloud storage, ask the cloud service provider
about cyber insurance coverage in case the provider’s systems are breached.
Lesson: Password protect each client account
Many tax software
products also enable tax professionals to password protect each client account.
Tax professionals who have experienced data thefts acknowledge that this can be
a hassle, but worth the trouble should they experience a breach. They suggest
password-protecting every account as a critical safeguard against cyberthieves.
Strong passwords can
help prevent cybercriminals from accessing computer systems and accounts.
Passwords should be eight characters or longer, a mix of letters, special characters
and numbers, include an easy to remember phrase and be unique for each account.
See Protect Your Clients, Protect Yourself: Tax Security 101 for
more information on passwords and encryption.
Lesson: Use a virtual private network (VPN)
for remote connections
Tax professionals who
have been victimized also wish they had used a virtual private network (VPN)
instead of remote access software. A VPN allows for teleworkers or branch
offices to securely connect to the firm’s computer system and to send and
receive information.
There have been cases
where cybercriminals have taken over remote access of a tax professionals’
computer systems. In one example, the thieves remotely accessed client accounts
via the tax pro’s computer, completed and e-filed pending returns and changed
the deposit information to their own accounts.
Technology media often
provide lists of top VPN services.
Lesson: Keep all security software updated
Tax professionals who
experienced data thefts also suggest colleagues keep all security software up
to date. This includes the computer operating system, anti-malware, anti-virus
software, firewalls, etc. While most computers come with security software
installed, tax professionals also can purchase additional security software
products.
Updated software helps
protect users from emerging threats that can lead to data thefts. Users can set
the security software to update automatically.
In addition to these
steps, the Security Summit reminds all professional tax preparers that they
must have a written data security plan as required by the Federal Trade
Commission and its Safeguards Rule. Tax Professionals also
can get help with security recommendations by reviewing the recently revised
IRS Publication
4557, Safeguarding Taxpayer Data, and Small Business Information Security: the Fundamentals by
the National Institute of Standards and Technology.
Publication 5293, Data Security Resource Guide
for Tax Professionals, provides a compilation of data theft information
available on IRS.gov. Also, tax professionals should stay connected to the IRS
through subscriptions to e-News for
Tax Professionals, QuickAlerts and Social Media.
==============
Read the original IRS Press Release here.
No comments:
Post a Comment