In a recent announcement, the Internal Revenue Service (IRS) and the Security Summit partners underscored the need for tax professionals to bolster their security measures and protect sensitive client information. The call comes as part of an ongoing effort to safeguard taxpayers against identity theft.
Under updated standards set by the Federal Trade Commission, tax professionals are now required to have a Written Information Security Plan (WISP) and use multi-factor authentication to protect taxpayer accounts and client data.
“Tax professionals play a key role in the nation’s tax system, and it’s critical that they take important steps to protect their systems from identity thieves,” said IRS Commissioner Danny Werfel. He added that a system breach could be devastating to both the tax professional’s business and their clients.
As the holiday shopping season begins and tax season looms, the Security Summit partners have issued a warning to taxpayers and tax professionals to take extra precautions to protect their financial and tax information. With strengthened internal defenses in recent years, the IRS and the Summit partners have noted a shift in identity thieves’ tactics, with tax professionals increasingly targeted as a means to obtain sensitive taxpayer information.
The Summit partners outlined several key steps that tax professionals, regardless of their practice size, should take to protect their systems and comply with federal standards. These include developing a WISP, using multi-factor authentication, and remaining vigilant against potential security threats.
IRS and Security Summit Partners Urge Tax Professionals to Develop Written Information Security Plans
The Internal Revenue Service (IRS) and its Security Summit partners are reminding tax professionals of the federal requirement to have a written information security plan (WISP) in place. These plans serve as a vital blueprint for maintaining security and protecting client data.
To assist practitioners in developing their own WISPs, the Tax Professional team of the Security Summit has created a special sample document. This template can be adapted by businesses of all sizes, reflecting the varying needs and complexities of different organizations.
Addressing security concerns can be a challenging and costly process for tax professionals. A robust WISP, however, provides a comprehensive plan of action for potential security incidents, data loss, or theft.
Kimberly Rogers, director of the IRS Return Preparer Office and co-chair of the Security Summit tax professionals working group, highlighted the importance of these plans. She said, “We continue to see instances where tax professionals struggle to maintain security plans or know how to protect themselves against identity thieves and other fraudsters. This WISP document goes a long way in helping even the smallest tax professional firm protect themselves against security threats.”
Ballew emphasized the value of these plans, stating, “These security plans provide valuable tips and information to help tax pros develop an effective plan that’s appropriate for their business. The Security Summit partners continue to urge tax pros to make sure they have a strong security plan in place, and the WISP is a great place to start for many practices.”
Tax professionals can also refer to IRS Publication 5709, “How to Create a Written Information Security Plan for Data Safety,” for additional guidance on creating a WISP.
The IRS has also reminded the tax community about the Federal Trade Commission’s updated safeguard standards, which now require tax professionals to utilize multi-factor authentication to protect client information. This measure provides an added layer of security, ensuring that only authorized individuals can access sensitive accounts and systems.
IRS and Summit Partners Promote Use of Tax Pro Account for Enhanced Data Security
The Internal Revenue Service (IRS) and its Security Summit partners are urging tax professionals to utilize online tools like the Tax Pro Account to better safeguard sensitive client information. This comes amid rising concerns over cyber threats and data breaches.
The Tax Pro Account is a secure, digital, self-service application that enables tax professionals to efficiently manage client information and authorization relationships. Mobile-friendly and easy to use, it allows tax professionals to send Power of Attorney and Tax Information Authorization requests directly to a taxpayer’s individual IRS Online Account. Once approved by the taxpayer, the request is processed in real time, eliminating the need for faxing, mailing, or long waits.
Additionally, establishing a Tax Pro Account for clients does not require forms, further streamlining the process and reducing risks associated with storing and sending paper records.
In the event of a data breach, the IRS recommends tax professionals to have an action plan outlining the necessary steps to take. This includes knowing who to contact. Reporting data loss to the IRS, law enforcement, appropriate states, clients, and security professionals is crucial.
The IRS Stakeholder Liaison should be the first point of contact for reporting data theft. The liaison will notify IRS Criminal Investigation and other relevant parties within the agency on the tax professional’s behalf. Quick reporting can enable the IRS to take steps to block fraudulent returns in clients’ names.
Other agencies to contact in the event of a data breach include the local offices of the Federal Bureau of Investigation and the Secret Service, as well as local police. For tax professionals who prepare state returns, the Federation of Tax Administrators and State Attorneys General should also be notified as most states require them to be informed of data breaches.
These recommendations underscore the IRS and Summit partners’ commitment to enhancing data security and protecting sensitive taxpayer information. The use of secure online tools like the Tax Pro Account and the implementation of robust action plans are essential steps in this ongoing effort.
For the latest news on everything happening in Chester County and the surrounding area, be sure to follow MyChesCo on Google News and MSN.