Tax and accounting professionals are responsible for information that, if compromised, can threaten the identity and financial security of their clients, their firms and staff, third parties, and more. No big revelation there – this has been the case since long before I started my career in this profession almost 20 years ago, so why all the recent focus on data security?
As you may already know, hackers are more frequently committing tax fraud for illegal financial gain. In May 2015, criminals used information obtained from social media and stole around 724,000 taxpayers’ return data from the IRS’s Get Transcript system. Then in January 2016, criminals stole Social Security numbers from outside the IRS and used them to get IRS e-filing personal identification numbers that could be used to file fraudulent returns electronically.
Do these threats seem irrelevant to the professional tax preparer? Think again. With new security requirements, the IRS has effectively and drastically reduced the number of fraudulent cases with do-it-yourself consumer tax preparation software ... and because that well is drying up, the hackers are turning their focus on professional tax preparers.
Case in point: On Sept. 2, 2016, the IRS released a notice, “IRS Warns of a New Wave of Attacks Focused on Tax Professionals.” Some key excerpts stand out in the notice and have shocked many practitioners with whom I’ve spoken:
- “… new wave of attacks that allow identity thieves to file fraudulent tax returns by remotely taking over practitioners’ computers …”
- “… accessing client data and completing and e-filing returns but directing refunds to criminals’ own accounts …”
- “Victims in the tax community learned of these thefts while reconciling e-file acknowledgements …”
The hackers of today aren’t loud and obvious – they’re not physically breaking into your office or destroying your computers (although these attacks do also happen). Instead, they hide behind anonymity and strike from anywhere in the world, quietly breaking into your system and filing returns in your clients’ names, taking the money, and leaving you and your firm to cope with the devastating aftermath – which is often only discovered after the damage is already done.
This is real. This is now. This is a potential security threat, whether you’re a sole proprietor or part of a top 100 firm.
While the threats are serious, the future is not hopeless. The IRS and software vendors are taking many steps to address security. The security of your data and your clients’ data is a top priority. Information security is not a new priority. We’ve all been focused on it for a long time – and we’ll continue to do our part to keep data as safe and secure as possible.
Security in IT is like locking your house or car – it doesn’t stop the bad guys, but if it’s good enough they may move on to an easier target. — Paul Herbka
Resources Available to Firms
While security concerns are not new, knowing how to handle current security threats might be new for you, and you should know what resources are out there.
- Keep an eye on blogs offering insights on a range of timely professional topics, including the ever-important subject of data security.
- Consult with your advisors for guidance on data security practices and legal standards applicable to your practice.
- Check the IRS website regularly for security news and alerts. A good place to start is the IRS resources page, “Protect Your Clients; Protect Yourself.”
Working together, we can continue to maintain the identity and financial security of those that trust the tax and accounting profession.
This article originally appeared on the Boomer Blog site.