Tax professionals victimized by data thefts offer hard-won security lessons to colleagues
IRS representation in Houston
As cybercriminals continue to increasingly pursue tax professionals’ data, the Internal Revenue Service and the Security Summit partners released lessons learned by victims in the tax community to help others avoid being targeted by identity thieves.
In recent years, hundreds of tax professionals experienced data thefts or breaches that exposed their clients’ personal information to cybercriminals and to tax-related identity theft.
Today, several of those tax professionals offer their suggestions to their colleagues, actions they wish they had taken to safeguard their customers and their businesses. The tips range from taking out cyber insurance to using stronger private networks. These suggestions – pulled anonymously from victimized professionals -- offer an opportunity for the tax community to learn from these common mistakes and avoid a devastating data loss for their clients and their business.
Lesson: Get cyber insurance coverage
A common refrain from tax professionals who have been victimized by cybercriminals is they either were glad they had – or wish they had – insurance coverage for data loss.
Many tax professionals maintain business policies that may cover property and liability, but it may not fully coverage data thefts. Tax professionals victimized by these crimes recommend they also explore cyber coverage for data breaches. This may require an addendum or rider to the policy. Practitioners also suggest that that the dollar amount of the policy be large enough to cover expenses.
Some insurance companies provide teams of experts in the event of a data theft, assisting tax professionals in identifying the source of the data breach and resolving it. These teams may also help notify clients or provide extended protections. Just as important, these teams of experts may assist tax professionals proactively, helping make sure adequate safeguards are in place to prevent a data theft.
Another recommendation: If using cloud storage, ask the cloud service provider about cyber insurance coverage in case the provider’s systems are breached.
Lesson: Password protect each client account
Many tax software products also enable tax professionals to password protect each client account. Tax professionals who have experienced data thefts acknowledge that this can be a hassle, but worth the trouble should they experience a breach. They suggest password-protecting every account as a critical safeguard against cyberthieves.
Strong passwords can help prevent cybercriminals from accessing computer systems and accounts. Passwords should be eight characters or longer, a mix of letters, special characters and numbers, include an easy to remember phrase and be unique for each account.
See Protect Your Clients, Protect Yourself: Tax Security 101 for more information on passwords and encryption.
Lesson: Use a virtual private network (VPN) for remote connections
Tax professionals who have been victimized also wish they had used a virtual private network (VPN) instead of remote access software. A VPN allows for teleworkers or branch offices to securely connect to the firm’s computer system and to send and receive information.
There have been cases where cybercriminals have taken over remote access of a tax professionals’ computer systems. In one example, the thieves remotely accessed client accounts via the tax pro’s computer, completed and e-filed pending returns and changed the deposit information to their own accounts.
Technology media often provide lists of top VPN services.
Lesson: Keep all security software updated
Tax professionals who experienced data thefts also suggest colleagues keep all security software up to date. This includes the computer operating system, anti-malware, anti-virus software, firewalls, etc. While most computers come with security software installed, tax professionals also can purchase additional security software products.
Updated software helps protect users from emerging threats that can lead to data thefts. Users can set the security software to update automatically.
In addition to these steps, the Security Summit reminds all professional tax preparers that they must have a written data security plan as required by the Federal Trade Commission and its Safeguards Rule. Tax Professionals also can get help with security recommendations by reviewing the recently revised IRS Publication 4557, Safeguarding Taxpayer Data, and Small Business Information Security: the Fundamentals by the National Institute of Standards and Technology.
Alfredo Gaxiola has worked on numerous IRS problem cases and has successfully settled with the IRS to release liens on houses, bank accounts and wages and, if needed, setting a payment installment plan that is not burdensome for the client. He has conducted appeals before the U.S. Tax Court and obtained favorable resolutions in reducing the tax debt of his clients. Mr. Gaxiola served as Treasurer of Camara de Empresarios Latinos, one of the largest and strongest Hispanic organizations in the city of Houston. He has conducted financial and accounting seminars for the Houston Small Business Development Corporation, as well.
IRS representation in Houston.
CPA in Houston, Alfredo Gaxiola in Houston, Certified Public Accountant in Houston, Bookkeeping in Houston, Certified QuickBooks Proadvisor in Houston, QuickBooks Set Up and Training in Houston, Complete CPA Services in Houston, Business Tax Returns in Houston, Personal Tax Returns in Houston, Quarterly & Monthly Filings in Houston, Financial Statement Preparation in Houston, Form Preparation in Houston, Payroll Preparation in Houston, Compilations in Houston, Reviews Temporary Bookkeeping Services in Houston, Reducing your taxes in Houston, IRS representation in Houston