Practice Management How to Update Your Tax Firm’s Data Safeguards Based on IRS Pub 4557 Read the Article Open Share Drawer Share this:Click to share on Twitter (Opens in new window)Click to share on Facebook (Opens in new window)Click to share on LinkedIn (Opens in new window) Written by Jim Buffington, CPA Modified May 20, 2020 3 min read Protecting taxpayer information isn’t just good for clients and good for business – it’s also the law. Part of tax season readiness should include a review and update of your firm’s plan to safeguard taxpayer data. The Gramm-Leach-Bliley Act requires that tax professionals create and implement a data security plan. Here are some of the important updates to Publication 4557, Safeguarding Taxpayer Data, and related actions tax professionals should take today to protect taxpayer data. Create a Written Security Plan. Create a data security plan using IRS Publication 4557 and Small Business Information Security – The Fundamentals by the National Institute of Standards and Technology. The IRS also may treat a violation of the FTC Safeguards Rule as a violation of IRS Revenue Procedure 2007-40, which sets the rules for tax professionals participating as an authorized IRS e-file provider. Use Strong, Unique Passwords and Change Them Regularly. It is critical that all tax practitioners establish strong, unique passwords for all accounts, whether it’s to access a device, tax software products, cloud storage, wireless networks or encryption technology. The IRS recommends a minimum of eight characters; longer is better. Use a combination of letters, numbers and symbols such as XYZ, 567, or !@#. Use a password manager program to track passwords, but protect it with a strong password. Use Multi-Factor Authentication (MFA). Whenever it is an option for a password-protected account, users also should opt for a multi-factor authentication process. Many email providers now offer customers two-factor authentication protections to access email accounts. Tax professionals should always use this option to prevent their accounts from being taken over by cybercriminals, and putting their clients and colleagues at risk. Two-factor authentication helps by adding an extra layer of protection. Often, two-factor authentication means the returning user must enter credentials (username and password) plus take another step such as entering a security code sent via text to a mobile phone. The idea is that a thief may be able to steal your username and password, but it’s highly unlikely they also would have your mobile phone to receive a security code and complete the process. Drive Encryption. Use drive encryption to lock all files on your computer and on all devices. Drive encryption makes stored data unreadable by hackers until the user enters a password, at boot up or login, to access the drive data. Microsoft operating systems include encryption tools that may be configured to protect stored data. For example, Microsoft BitLocker Drive Encryption is an encryption feature available for recent Windows operating system. Secure Wireless Networks. Take protective steps when setting up your router and wireless network. Change default administrative password of your wireless router; use a strong, unique password. Reduce the wireless range so you are not broadcasting further than you need. Choose a router name (Service Set Identifier – SSID) that is not personally or professionally identifying, and disable the SSID broadcast so that it cannot be seen by those who have no need to use your network. Use Wi-Fi Protected Access 2 (WPA-2) with the Advanced Encryption Standard (AES) for encryption. Anti-Virus Security Software. Use anti-virus security software on all workstations, educate staff about phishing emails and scams, and watch for suspicious activity that might indicate a hack or data theft. Educate Yourself. There are a number of resources to help navigate tax-related rules and regulations related to protecting data. IRS Publication 4557, Safeguarding Taxpayer Data, details critical security measures, includes information on how to comply with the FTC Safeguards Rule, and includes a checklist of items for a prospective data security plan. Protect Your Clients; Protect Yourself: Tax Security 101. Is an IRS and Security Summit series that provides tax professionals with basic information they need to better protect taxpayer data and to help prevent the filing of fraudulent tax returns. Intuit® ProConnect™ offers “Safeguarding Taxpayer Data,” a free webinar with more information to protect taxpayer data. Safeguarding taxpayer data should feel routine now, but updating your security plan will always be necessary to keep up with changing technology and new tactics by hackers. Make a few updates now and sleep better at night. Previous Post Why I Use 4 Monitors Next Post Beat Busy Season Burnout With These Morale Boosters Written by Jim Buffington, CPA Jim Buffington, CPA, is an advisory services leader with Intuit® Accountants. He has 20+ years of professional experience in sales management, public accounting, strategic alliances, product marketing, business process design, new business development and strategic planning. Connect with Jim on Twitter @jimatintuit. More from Jim Buffington, CPA Comments are closed. Browse Related Articles Tax Law and News Annual inflation adjustments for TY24 and TY25 Practice Management Intuit is committed to your success Practice Management Lacerte® Tax spotlight: Karl J. Strube, CPA Practice Management ProConnect™ Tax Online spotlight: Alejandra Matias Practice Management ProConnect Tax Virtual Bootcamp: Jan. 15-16 Webinars Navigating Common IRS Red Flags: Jan. 20 Webinars Pay-by-Refund: Jan. 20 Webinars Practical Security Checklist: Jan. 14 Tax Law and News January 2025 tax and compliance deadlines Workflow tools On the Books podcast: Merry books-to-tax season