Tax Preparers: Your Clients are Counting on You to Keep Their Data Safe.
The Federal Government is Too.
If you don’t know what the “Security Six” refers to, it’s time we talk. The Federal Trade Commission’s Safeguards Rule requires all tax prepares to establish a sound data security plan, including the “Security Six” to help prevent data theft. Cyber crime continues to grow, and tax professionals’ offices are more frequently being targeted by thieves to create fraudulent returns.
The Security Six outlines basic safeguards all tax professionals must have in place. Mandated by the International Revenue Service and the Security Summit, these critical steps help protect your computers and email, and safeguard sensitive client data.
For tax professionals, it’s not just a Rule. It’s the Law. All tax professionals, from large firms to one person shops, much enact these safeguards. In fact, these steps are a good idea for any small business.
The Security Six includes:
- Antivirus Software with the latest updates installed on your computer. Most programs allow you to setup automatic scanning.
- Firewalls – Provide protection against outside attackers by shielding your computer and network and hardening your internet connection permitting companies to open specific computer ports and to only specific IP addresses if required.
- Two-Factor Authentication – Available from many email providers, this adds an extra layer of protection to access your email account. When some tries to logon to your email, they may get passed the password, but a txt or email is sent you to verify it is you doing it.
- Backup Software/Services – Critical files must be routinely backed up to external sources, either online as part of a cloud or similar. We recommend you test your backup software to make sure your data restores. Roughly only 20% of the computer are backed up and 50% of the backed up computers fail restore test.
- Drive Encryption – Consider full-disk or drive encryption to transform your data into unreadable files for any unauthorized person accessing the computer. Full disk encryption works when the computer is shut down for the night. If a thief breaks into the office to steal the tax computer, they have to turn it off first. When the computer goes off, the encryption kicks in.
- Virtual Private Networks – Encrypted tunnels between computer networks. Most often from the home of the employee back to the office. Arnold Consulting does not recommend the use of VPN. What IRS fails to mention is that if a computer is infected with a virus, the virus will ride down the VPN encrypted tunnel and infect the corporate network.
Data Security Plan – All professional tax preparers must have a written data security plan in place.
Arnold Consulting specializes in these services. We help tax preparers and other small businesses enact and document Security Six requirements on their systems. Let us help you – whether it’s a consultation, or full security plan, we give tax preparers peace of mind. To learn more about the services we provide, visit our website or contact us directly!
IRS Resource Links:
Protect Your Clients; Protect Yourself: Tax Security 101
IRS Publication 4557, Safeguarding Taxpayer Data
Small Business Information Security: The FundamentalsPublication 5293, Data Security Resource Guide for Tax Professionals