Don’t Take the Bait – Safeguarding Taxpayer Data

“How to Start Protecting Clients, Businesses from Cybersecurity Threats” is the title of the eighth installment of the IRS series “Don’t Take the Bait.” The 10-week series focuses on security updates for tax professionals. This week’s article, published on September 1st, offers a summary of the Internal Revenue Service’s Publication 4557, Safeguarding Taxpayer Data and the National Institute of Standards and Technology’s (NIST, a subset of the Commerce Department) Small Business Information Security: the Fundamentals.

Publication 4557 both outlines the legal obligations of tax practitioners and offers a checklist to aid them in creating a security plan. The document recommends the following initial steps for tax professionals:

  • Put someone in charge of taking responsibility for safeguards
  • Assess all areas of the office for taxpayer risk
  • Compile a complete list of all areas where taxpayer information is kept
  • Make a plan for safeguarding taxpayer information and put it into place
  • Use exclusively service providers who also have adequate safeguards in place
  • Continually monitor, evaluate, and adjust your safeguards

NIST’s Small Business Information Security: the Fundamentals outlines a cybersecurity framework that many government agencies employs and recommends that tax professionals adhere to it. The document offers five specific actions areas for tax practitioners:

  1. Identify who has access to business information and control how they can access it
  2. Protect your business information via limiting access, employing cybersecurity safeguards, training employees, etc.
  3. Detect intrusions with cybersecurity programs and consistent monitoring
  4. Respond to any security incidents with a plan that you’ve already put in place
  5. Recover any lost or corrupted data with up-to-date backups and consider purchasing cyber insurance

For more information, read the article in full at