Safeguarding Taxpayer Data with IRS Publication 4557

Safeguarding Taxpayer Data with IRS Publication 4557

Along with tax season comes an increase in taxpayer data theft and associated fraud. So, the IRS has issued Publication 4557 to help tax preparation professionals safeguard the data that has been entrusted to them.

Last week, we looked at the Safeguards Rule of the Gramm-Leach-Bliley Act (GLBA) and why tax preparers need a written data security plan. This week, we’ll look at some other practical steps that you can take to protect your customers’ data against theft and fraud.

Secure Your Workstation

Good security practice starts on the workstations that you and your employees use for their work. Install antivirus software and keep it up to date. And when your computer asks you to reboot to install updates, do it! These updates contain security fixes that keep your computer and your data secure. Many recent high-profile data breaches were caused by out-of-date software, so updates will help you to stay one step ahead of hackers and viruses.

Both Windows and MacOS have built-in firewalls as well, so make sure they’re turned on. A firewall can help keep malicious software from getting a foothold on your network and spreading to other machines.

And, be sure to use disk encryption, especially if you use laptops. On Windows, there’s BitLocker, while MacOS has FileVault. If your computer were stolen, disk encryption will keep others from reading the data stored on your hard drive -- keeping it from falling into the wrong hands.

Secure Your Network

If you use Wi-Fi in your business, make sure that it’s properly secured. It should have a strong password with WPA2 encryption enabled -- anything older, such as WPA or WEP, are too insecure for serious use. Additionally, if you allow clients to connect to your network, have a separate guest network set up for their use, which doesn’t allow access to your data and files.

Any devices you use on your network should also be secured. This includes your router, access points, modem, and printers. Don’t leave these set to their default passwords -- change them to something strong and hard to guess.

Secure Your Passwords

With so many passwords to remember, many people fall into two dangerous password habits: using weak, easy-to-guess passwords, and re-using the same password on different sites. In a common scenario, a low-security site has its password database stolen. Then, those usernames, emails, and passwords are tried on many other sites, such as email or banking sites. In many cases, this gives hackers exactly what they’re looking for.

Using a good password manager can solve both of these problems. You just need to remember one strong password, and then the password manager will automatically create and store strong, unique passwords for all the sites you use. This is even more important if you’re using cloud suites like Office 365 or QuickBooks Online. Keeping these passwords secure means keeping your client data secure.

Secure Your Data

Ultimately, all of these steps are designed to protect the data that your clients are trusting you to protect. So, it’s important to make sure that the data itself is physically protected as well.

Keep an inventory of any devices or locations where you are storing taxpayer data. This could include external drives, backups on CD or tape, laptops, desktops, and cloud services. Make sure that these are both physically secure (i.e., locked up) and digitally secure (encrypted).

Additionally, backups are an important part of data protection. If the devices storing your data were destroyed due to fire, flood, or a malware infection, how would you recover them? If you back up to physical media, store them somewhere offsite but secure, like a safe at your house. Or, many companies offer cloud backup solutions. But be sure to choose a trusted provider and encrypt your backups before uploading them.

While this covers many of the technical aspects of securing taxpayer data, there is also the human element. Next week, we’ll cover some of the processes and safeguards you can put in place for yourself or your employees that will help you keep your clients’ data secure.