6 cybersecurity tips for tax offices in 2022
Cybersecurity is increasingly important in a digital world, especially in the tax industry. More than ever, hackers are looking for weaknesses in computer systems to steal client data. The FBI’s Internet Crime Complaint Center (ICCC) reported in 2020 there were 3,000 to 4,000 cyberattacks being reported daily to the agency.
It’s an IRS requirement that all tax preparers have a data security plan in place to keep their clients’ data safe. The requirement is flexible, but tax preparers are asked to focus on key areas including employee management and training, information systems, and detecting and managing system failures.
Here are six additional tips to keep your data and client information safe and secure in 2022:
Educate yourself on phishing scams
- Phishing emails are emails sent by hackers, often with an urgent call to action. When someone clicks on a link or attached file, they can unleash an attack that could embed files in devices and networks that can be activated later to steal information.
- These emails are harder to spot too, especially during tax season when your attention is divided. Before opening an attachment or clicking a link, hover over the document, link and sender’s email address to look for clues of phishing.
Do not send or receive personal information via email or text
- Although texting and emailing is now the default way to send information, sending tax information through a phone can be problematic. As tempting as it may be to accept and open these emails and files, don’t. It could contain malware. If you need to do this, consider forwarding the link or attachment to a device that’s not connected to your office network.
Keep a lookout for signs of client data theft
- Being proactive and aware of signs of client data theft can help you get ahead of the game if data is compromised. Having an open relationship with your clients also helps because they will feel they can come to you with questions. Common signs of attempted client data theft include: clients receiving letters about suspicious tax returns in their name, you find there are more returns filed with your PTIN/EFIN than you submitted or clients receiving tax transcripts they did not request.
Require strong passwords and implement a policy to change them frequently
- If your employees complain about memorizing new passwords that change frequently, consider using a secure password keeper. Multi-factor authentication is also important, which requires more than one mode of authentication before accessing systems, websites and emails. When used correctly, multi-factor authentication makes it more difficult for hackers to steal data.
Create a data theft recovery plan/backup system
- If you believe you’ve been a victim of data theft, contact your local IRS stakeholder liaison immediately. They will help you with next steps. A preventative measure you should also take now is coming up with a plan to back up your data, operating systems and applications. This is prudent not only for cyberattacks, but also if a natural disaster occurs and you can’t access the documents in a physical location or on a damaged server. It’s recommended to store your documents in the cloud and back them up regularly. Regularly scheduled backups help ensure very little information is compromised or lost.
Discuss the importance of data security with your staff
- Your staff is the first line of defense against cyber security hackers. Accessing social media sites, checking personal email and surfing the web can make your files vulnerable. Staff should also not use USB drives on office computers because spyware and viruses can easily be transferred this way. They should also be locking their computers when stepping away for any amount of time – especially if they are in an appointment with a client.
No matter the size of your firm, there’s still the possibility of an attack. In reality, small practices can be the most vulnerable and attractive to a cybercriminal.
If you’re looking for more information on creating a security plan for your office, we have an online workshop (free for Premium level members!) you can attend on demand from your home or office whenever is convenient for you. There’s also an on-demand webinar, completely free for all NATP members.