2 minute read
Cybersecurity 101- From Victimized Tax Pros
As cybercriminals continue to prey on tax professionals’ data, the Security Summit a par tnership between the IRS, states, and the private-sector tax community is sharing some lessons learned by victimized tax professionals in hopes of helping others avoid being cybercrime targets
In recent years, hundreds of tax professionals experienced data thef ts or security breaches that exposed their clients’ personal information to cybercriminals and tax-related identity thieves, warns the Security Summit
Thieves use stolen data from tax professionals and their firms to create fraudulent returns that are becoming harder to detect and distinguish from legitimate taxpayer returns, meaning CPAs and their firms must be especially vigilant if they want to defend against a devastating data loss
Below, the Security Summit of fers insights from victimized tax professionals to help you better protect against cyberattacks
Lesson 1: Get cyber insurance
Tax professionals who’ve been victimized by cybercriminals say they either were glad they had, or wish they had, insurance coverage for data loss
While it’s common to maintain business insurance policies that cover property and liability, data thefts often go overlooked Cyberspecific coverage for data breaches also needs a special look
This may require an addendum or rider to your current policy or an entirely separate one
It’s suggested that the dollar amount of the policy be large enough to cover all expenses But also look for insurance companies and/or coverage that provides exper ts that will assist in setting up safeguards and identifying the source of the data breach and resolving it if one occurs
Another recommendation: If you’re using a cloud storage solution, ask the provider about cyber insurance coverage in case their systems are breached
Lesson 2: Password-protect client accounts
This could be a critical safeguard against cyber thieves Tax professionals who have experienced data thefts acknowledge that protecting each individual client account with a unique password can be a hassle, but it’s wor th the trouble should a breach occur, and many tax software solutions are making this easier to manage
Further, strong passwords can help prevent or slow cybercriminals from accessing computer systems and accounts Passwords should be a mix of a minimum of eight letters, special characters, and numbers
Lesson 3: Use a vir tual private network (VPN)
This may require help from your IT team, but tax professionals who have fallen victim to cybercriminals say they wish they had used a vir tual private network (VPN) instead of remote access sof tware when working of fsite A VPN allows for teleworkers or branch of fices to securely connect to the firm’s central computer system to send and receive information
Why avoid remotely accessing your work computer system? The Security Summit warns of cases where cybercriminals have taken over remote access of tax professionals’ computer systems, accessing client accounts via the highjacked computers, completing and e-filing pending returns, and changing direct deposit information to their own accounts
Lesson 4: Keep security sof tware updated
Tax professionals who experienced data thefts warn colleagues to keep all security sof tware current This includes the computer operating system, anti-malware and anti-virus sof tware, firewalls, etc While most computers come with security sof tware installed, you can purchase additional security sof tware products relevant to your specific practice and uses To make managing updates easier, set all sof tware to update automatically
In addition to these lessons, the Security Summit reminds all tax professionals that they must have a written data security plan as required by the Federal Trade Commission and its Safeguards Rule The IRS has a variety of security resources available, including Publication 455 7, “Safeguarding Taxpayer Data,” and Publication 5293, “Data Security Resource Guide for Tax Professionals,” which provides a compilation of data thef t information and is available on IRS gov
