Security Summit urges tax professionals to educate all employees about data security, computing safeguards
IRS representation in Houston
The IRS and its Security Summit partners called on tax professionals to step up security education for all office employees, including themselves, to better protect taxpayer data and help prevent fraudulent return filings.
The warning from the IRS, state tax agencies and the nation's tax industry follows an increase this year in reports of data thefts from tax professionals. The Security Summit partners remind professionals that their clients’ data and their businesses are only as secure as their least informed employee.
All professional tax return preparers must adhere to the “Safeguards Rule” set out by the Gramm-Leach-Bliley Act of 1999 and administered by the Federal Trade Commission. The FTC sets out a series of suggested areas to address, including for employee management and training. The FTC suggests following this list, and the IRS has added some updates specifically for tax professionals:
- Check references or conduct background checks before hiring employees who will have access to customer information.
- Ask every new employee to sign an agreement to follow the company’s confidentiality and security standards for handling customer information.
- Limit access to customer information to employees who have a business reason to see it. For example, give employees who respond to customer inquiries access to customer files, but only to the extent they need it to do their jobs.
- Control access to sensitive information by requiring employees to use “strong” passwords that must be changed on a regular basis. (Tough-to-crack passwords require the use of at least six characters, upper- and lower-case letters, and a combination of letters, numbers and symbols.) (IRS suggestion: passwords should be a minimum of eight characters.)
- Use password-activated screen savers to lock employee computers after a period of inactivity.
- Develop policies for appropriate use and protection of laptops, personal digital assistants, cell phones or other mobile devices. For example, make sure employees store these devices in a secure place when not in use. Also, consider that customer information in encrypted files will be better protected in case of theft of such a device.
- Train employees to take basic steps to maintain the security, confidentiality and integrity of customer information, including:
- Locking rooms and file cabinets where records are kept;
- Not sharing or openly posting employee passwords in work areas;
- Encrypting sensitive customer information when it is transmitted electronically via public networks;
- Referring calls or other requests for customer information to designated individuals who have been trained in how the company safeguards personal data; and
- Reporting suspicious attempts to obtain customer information to designated personnel.
- Regularly remind all employees of the company’s policy — and the legal requirement — to keep customer information secure and confidential. For example, consider posting reminders about their responsibility for security in areas where customer information is stored, like file rooms.
- Develop policies for employees who telecommute. For example, consider whether or how employees should be allowed to keep or access customer data at home. Also, require employees who use personal computers to store or access customer data to use protections against viruses, spyware and other unauthorized intrusions.
- Impose disciplinary measures for security policy violations.
- Prevent terminated employees from accessing customer information by immediately deactivating their passwords and user names and taking other appropriate measures.
- All employees within a tax professional's office should familiarize themselves with FTC regulations and IRS publications and websites that will help increase security awareness.
To improve data security awareness by all tax professionals, the IRS will host a webinar on Sept. 26, 2018. The focus will be on the same topics as this series: "Protect Your Clients; Protect Yourself: Tax Security 101." Although tax preparers will be eligible for one CPE credit, the IRS welcomes tax professionals and their employees. Protecting taxpayer information takes everyone working together.
The Security Summit reminds all professional tax preparers that they must have a written data security plan as required by the Federal Trade Commission and its Safeguards Rule. They can get help with security recommendations by reviewing the recently revised IRS Publication 4557, Safeguarding Taxpayer Data, and Small Business Information Security: the Fundamentals by the National Institute of Standards and Technology.
Alfredo Gaxiola has worked on numerous IRS problem cases and has successfully settled with the IRS to release liens on houses, bank accounts and wages and, if needed, setting a payment installment plan that is not burdensome for the client. He has conducted appeals before the U.S. Tax Court and obtained favorable resolutions in reducing the tax debt of his clients. Mr. Gaxiola served as Treasurer of Camara de Empresarios Latinos, one of the largest and strongest Hispanic organizations in the city of Houston. He has conducted financial and accounting seminars for the Houston Small Business Development Corporation, as well.
IRS representation in Houston.
CPA in Houston, Alfredo Gaxiola in Houston, Certified Public Accountant in Houston, Bookkeeping in Houston, Certified QuickBooks Proadvisor in Houston, QuickBooks Set Up and Training in Houston, Complete CPA Services in Houston, Business Tax Returns in Houston, Personal Tax Returns in Houston, Quarterly & Monthly Filings in Houston, Financial Statement Preparation in Houston, Form Preparation in Houston, Payroll Preparation in Houston, Compilations in Houston, Reviews Temporary Bookkeeping Services in Houston, Reducing your taxes in Houston, IRS representation in Houston