National Tax Security Week begins on November 27, 2017 which highlights where your security is the most at risk and steps to protect yourself. Here are some tips to keep your tax, financial, and personal data safe.
Protect your passwords and computer
Identity theft and tax information are stolen most often because people often use the same password for all of their online accounts. Here at HPC, we use LastPass, which keeps your logins and passwords secure with AES-256 bit encryption and two-factor authentication. Data stored in your LastPass account is kept secret (not even Lastpass has access to your passwords). Strong passwords can also be generated from LastPass so you don’t have to worry about creating a password for each site. Guard your computer files from security breaches by password-protecting your tax returns using PDF encryption software. Other steps to protect your computer include installing anti-virus software, keeping confidential information in a password protected folder that cannot be shared, and running regular malware checks.
Avoid phishing emails and phone calls
Scammers may use emails and phone calls to gain personal information from you, especially during the holiday season. They may call you and pretend to be from the IRS demanding an immediate tax payment or send an email requesting information like your social security number. The IRS will never contact taxpayers spontaneously by phone or email so people should never provide personal information over the phone or by email. Doing so greatly increases your risk of identity theft. If you do receive an email claiming to be from the IRS, remember to also refrain from clicking on any links or attachments which could infect your computer with a virus. We also suggest sending a reminder to staff about these phishing emails as well. Immediately contact HPC if you receive any letters/emails or call from the IRS or other state agencies and we’ll help determine if it is accurate.
Safeguard your business from stolen tax information
Business owners are also at risk from having their business identities stolen. Steps to protect your business include protecting your Electronic Filing Identification Number (EFIN) and storing important business and tax documentation in a secure cloud storage like Box, the secure document storage tool that HPC uses. Box uses two-factor authentication and utilizes their partnerships with Data Loss Prevention and mobile security to protect user’s documentation. As a business owner or global entrepreneur, you may often travel or meet clients in public places. If you use the public Wi-Fi network, it may allow your businesses’ information to be discovered by people attempting to hack into your computer. To protect your business from identity theft, only use secure wireless networks to send personal, tax, and financial data when you are traveling or working in public places.
Create a security plan for your tax data
1. Complete a tax risk assessment - evaluate how vulnerable your business is to unauthorized access and what you can do to reduce your risk.
2. Create an Information Security Plan - plan a solution for each of the items in your risk assessment and appoint a responsible person in your company to monitor, test, and revise the Information Security Plan on a periodic basis.
3. Run an internal assessment of your security plan annually - run tests and look for deficiencies / solutions.
What to do if you suffer a security breach
In the case you or your business suffers a tax data compromise, there are a few steps you can take to attempt to recover that information. First, contact the IRS, Federal Bureau of Investigation, Secret Service, Federal Trade Commission, Credit Bureaus, tax software provider, a Credit/ID Theft Agency, and file a local police report. Then, contact each state’s tax agency and attorney general offices that you prepare returns in. Contact your insurance company and security experts to see if data breach mitigation is covered and to prevent future data breaches. Finally, contact your clients and let them know of the data breach, that you are working with law enforcement, and to change their passwords for their accounts.
For more security awareness tips, visit the IRS website.