Cybersecurity is now a universal concern in every walk of life. What are the risks to tax professionals and their clients, and how can both parties mitigate them?
Data security is a major consideration for any industry and, unfortunately, tax preparation is no exception. Tax professionals need to ensure that appropriate safeguards are in place so that their business and clients are protected from cyberattacks, and individual and business filers need to remain equally vigilant.
Progress has been made to combat taxpayer identity theft. The IRS reported that the number of reported identity theft victims fell 71 percent between 2015 and 2018. However, identify theft tactics continue to evolve and pose risks to the data of the entire tax community regardless of this progress since scammers change their approaches when security is improved.
The 2019 Identity Fraud Study from Javelin found that while fraud overall was down 15 percent in 2018, more victims of the fraud were paying out of pocket to deal with it. These avoidable costs can add up fast for an individual and a business.
The most common types of fraud may change each year, but time and again attackers wait for tax season—and big impacts are felt by taxpayers and tax professionals alike.
Understand the risks and update safeguards
Tax season is one of the most common times that scams occur. Consider all of the data that’s shared online during this time: a host of financial information and personal details, like dates of birth, account statements, and Social Security numbers. Cybercriminals love to attack during tax season.
Identify thieves often use stolen information to file fraudulent tax returns or try to claim tax benefits. And they file as soon as they can since their scam will only work with returns that haven’t yet been filed by the people they’re claiming to be.
Start by reviewing your current security practices, whether you’re an individual or a business. Even if you’ve taken steps to better protect data, there are still recommendations that the IRS has made as a checklist to ensure that you’re doing everything you can to mitigate risk.
The checklist applies to both tax professionals and taxpayers since both groups are impacted by tax fraud and “everyone has a responsibility to protect sensitive data,” as the IRS says.
Employ the following recommended six security measures as the baseline for a cybersecurity plan:
- Anti-malware software
- A firewall
- Two-factor authentication
- Backup software or services
- Drive encryption
- Virtual private networks
Train yourself and other team members
Next, learn how to watch for phishing attempts and other scams that aim to collect personal information.
There are many red flags for tax professionals and taxpayers to watch out for, including if an individual receives an IRS letter that questions their tax return, if there are more tax returns filed than submitted for a given Electronic Filing Identification Numbers, and if tax transcripts are sent to clients when they didn’t request them.
Common tax scams that target taxpayers include phone scams, in which a scammer impersonates the IRS and tries to get personal information; phishing emails and malware schemes from cyber criminals; and fraudulent tax returns. Note that the IRS will never contact a taxpayer through the common phone and email methods with questions about an individual tax return.
Implement a recovery plan
In the instance that you become a victim of data theft, you’ll want to have a plan in place already to deal with this. The IRS offers this guidance:
- Individuals and tax professionals must contact the local IRS Stakeholder Liaison right away.
- Tax professionals must help the IRS in protecting all of their client accounts.
- Implement cybersecurity measures—business professionals should engage the services of cybersecurity professionals to help set up a plan.
A data security plan should be revisited and updated regularly. Because identity theft adapts to new technologies, this isn’t something you can put together once and move on. The plan must also change with shifting scam tactics.
Some of the key areas of a business that a data security plan needs to address are:
- HR: employee management and training
- Information systems
- System failure management and detection
While the number of tax-related identity theft cases has fallen a bit, it’s still crucial that tax professionals, other business owners, and individual taxpayers alike are aware of the risks and remain educated about how to both protect against them and deal with breaches if they should occur. By going through the checklist from the IRS and continuing to stay vigilant, the risks can be vastly mitigated during tax season.
The professionals at Provident CPA & Business Advisors implement strong security procedures while offering a range of tax planning services to a host of businesses and individuals. To discuss how our services can help you come tax time, get in touch with the Provident team today.