IRS Tax Tip 2024-90, Dec. 2, 2024 The IRS and the Security Summit partners remind tax professionals that multifactor authentication is more than an important protection for their businesses and their clients – it’s now a federal requirement. Multifactor authentication Multifactor authentication is a cybersecurity best practice that requires users to provide two or more forms of verification to access to an account. Many people with smartphones use their fingerprint or facial recognition to authenticate their identity before they unlock their device. And some of their smartphone applications can also rely on that biometric factor along with a PIN or password for multifactor authentication within an app. Most online banks, financial applications and payroll services use multifactor authentication to verify account holders’ identities before granting access or allowing high-risk transactions such as money transfers. Best practices to set up multifactor authentication Tax pros should implement multifactor authentication across all their services and data access points and offer a variety of authentication factors to suit the needs of different clients. In addition, they should regularly evaluate current multifactor authentication methods, standards and new technologies to stay protected against the latest threats. Finally, tax pros should always enable multifactor authentication within tax software products and cloud storage services that contain sensitive client data. Other ways tax pros can protect their business Review Publication 5293, Data Security Resource Guide for Tax Professionals PDF, which provides an overview and resources about how to avoid data theft. Review security recommendations in IRS Publication 4557, Safeguarding Taxpayer Data PDF, and get additional identity theft information for tax pros on IRS.gov. Read Small Business Information Security: The Fundamentals PDF, by the National Institute of Standards and Technology. Review More than a Password, the Cybersecurity and Infrastructure Security Agency’s guidance on multi-factor authentication. Connect to the IRS through subscriptions to e-News for tax professionals and the IRS’ verified social media accounts. How to report a data breach Report the incident to a local IRS Stakeholder Liaison. Speed is critical. IRS stakeholder liaisons will ensure all the appropriate IRS offices are alerted. If reported quickly, the IRS can take steps to block fraudulent returns in the clients' names. Visit the Federation of Tax Administrators to find state contact information. Tax professionals can share information with the appropriate state tax agency by visiting the Report a Data Breach page.
