Don’t Take the Bait – Safeguarding Taxpayer Data
“How to Start Protecting Clients, Businesses from Cybersecurity Threats” is the title of the eighth installment of the IRS series “Don’t Take the Bait.” The 10-week series focuses on security updates for tax professionals. This week’s article, published on September 1st, offers a summary of the Internal Revenue Service’s Publication 4557, Safeguarding Taxpayer Data and the National Institute of Standards and Technology’s (NIST, a subset of the Commerce Department) Small Business Information Security: the Fundamentals.
Publication 4557 both outlines the legal obligations of tax practitioners and offers a checklist to aid them in creating a security plan. The document recommends the following initial steps for tax professionals:
- Put someone in charge of taking responsibility for safeguards
- Assess all areas of the office for taxpayer risk
- Compile a complete list of all areas where taxpayer information is kept
- Make a plan for safeguarding taxpayer information and put it into place
- Use exclusively service providers who also have adequate safeguards in place
- Continually monitor, evaluate, and adjust your safeguards
NIST’s Small Business Information Security: the Fundamentals outlines a cybersecurity framework that many government agencies employs and recommends that tax professionals adhere to it. The document offers five specific actions areas for tax practitioners:
- Identify who has access to business information and control how they can access it
- Protect your business information via limiting access, employing cybersecurity safeguards, training employees, etc.
- Detect intrusions with cybersecurity programs and consistent monitoring
- Respond to any security incidents with a plan that you’ve already put in place
- Recover any lost or corrupted data with up-to-date backups and consider purchasing cyber insurance
For more information, read the article in full at irs.gov.