Week 7 of “Protect Your Clients; Protect Yourself” series focuses on six simple steps to increase data security IR-2024-218, Aug. 20, 2024 WASHINGTON — As data thieves continue evolving their tactics, the Internal Revenue Service and the Security Summit partners today reminded tax professionals of six essential steps to protect their sensitive taxpayer information. The “Security Six” protections offer a relatively simple but important starting point for tax pros to protect their offices, computers and data as well as their clients. These best practices include using anti-virus software, firewalls, multi-factor authentication, backup software or services, encrypted drives and virtual private networks or VPNs. “Tax professionals face a number of challenges running a business and keeping up with the latest tax law changes, but they shouldn’t overlook some security basics,” said IRS Commissioner Danny Werfel. “They should keep in mind these six simple security tips that provide an important foundational defense that protects their systems, their clients and ultimately their business.” The Security Six recommendations are being promoted in a special eight-part summer news release series designed to help tax professionals better protect themselves. Now in its ninth year, the "Protect Your Clients; Protect Yourself" campaign provides timely tips to help secure sensitive taxpayer data that tax pros have in their possession, while also protecting their own businesses from identity thieves. This is part of an annual education effort by the Security Summit, a group that includes the IRS, tax professionals, industry partners and state tax agencies. The public-private partnership has worked since 2015 to protect the tax system against tax-related identity theft and fraud. In addition to the series of eight news releases, the tax professional security focus is featured at the Nationwide Tax Forum, being held this summer in five cities throughout the U.S. The three-day continuing education events continue this week in Dallas and conclude the week of September 9 in San Diego, which has already sold out. Security Six adds up to more protection The Security Summit partners reminded tax professionals not to overlook these six important security basics that form a critical defense against identity thieves and hackers: Anti-virus software scans computer files or memory for certain patterns that may indicate there’s malicious software – also called malware – on the device. Anti-virus vendors find new issues and update malware daily. This is why it’s important for users to install the latest updates of the software. Firewalls provide protection against outside attackers. The firewall shields computers and networks from malicious or unnecessary web traffic. This helps prevents malicious software from accessing the user’s system. Multi-factor authentication adds an extra layer of protection beyond a password. The returning user enters credentials like a username and password. Then, there’s another step, such as entering a security code, token or a biometric like a fingerprint. Under new rules from the Federal Trade Commission, all tax professionals are required to use multi-factor authentication. Backup software or services should be routinely used by tax pros to back up critical files on their computers and hard drives to external sources. This is helpful not just to protect against a cyber-attack but is also helpful in case of device failure or a natural disaster. Drive encryption: Because tax professionals keep sensitive client data on their computers, users should consider drive encryption software. Drive encryption is also knowns as disk encryption. It transforms data on the computer into protected files that are unreadable to outsiders. This means only people who are authorized to access the data can do so. Virtual Private Network: Because many tax firms’ employees must occasionally connect to unknown networks or work from home, the office should establish an encrypted virtual private network (VPN). This allows for a more secure connection. A VPN provides a secure, encrypted tunnel to transmit data between a remote user over the internet and the company network. Tax pro with a security problem? Contact an IRS Stakeholder Liaison, states and FTC As part of a security plan, the IRS also recommends tax professionals create a data theft response plan, which includes contacting their IRS Stakeholder Liaison to report a security incident. Tax professionals can also visit the Federation of Tax Administrators to find state contact information. Tax professionals can share information with the appropriate state tax agency by visiting their special Report a Data Breach page. Tax professionals should also understand the Federal Trade Commission data breach response requirements PDF as part of their overall information and data security plan. Additional resources Review Publication 5293, Data Security Resource Guide for Tax Professionals PDF, which provides an overview and resources about how to avoid data theft. Tax professionals can also get help with security recommendations by reviewing IRS Publication 4557, Safeguarding Taxpayer Data PDF, and the IRS' Identity theft information page for tax pros. Publication 5709, How to Create a Written Information Security Plan for Data Safety PDF Publication 5708, Creating a Written Information Security Plan for your Tax & Accounting Practice PDF Read Small Business Information Security: The Fundamentals PDF, by the National Institute of Standards and Technology. Tax professionals should also stay connected to the IRS through subscriptions to e-News for tax professionals and its social media sites.