Don’t Risk IRS Exposure by Failing to Protect Sensitive Data
On the heels of New York passing the Stop Hacks and Improve Electronic Data Security (SHIELD) Act in September 2019, the IRS issued a warning to tax preparers and accounting firms to ensure that they appropriately secure their customer data against the “evolving” and “sophisticated” techniques used by cybercriminals to access their systems. The warning identified several steps that firms can take to limit their risk of sensitive data loss. The penalties for disclosing FTI (Federal Taxpayer Information), whether intentionally or through negligence, can be very severe and costly.
Human Errors Cause a Significant Portion of Data Breaches and Cyberattacks
Even the best systems can be vulnerable when the individuals utilizing your data and platforms do not have the necessary tools and training in place to be successful. Depending on which source you read, it’s striking to see the sheer volume of attacks that are caused by negligence and other forms of human error.
- Infosecurity Magazine quotes that 60% of data breaches and cyberattacks are caused by human error
- Cyber Security Intelligence quotes a 90% rate of human error in their statistics
- Security Magazine notes a Ponemon Institute study that shows that 27% of data breaches are caused by human error
What is most important for your business is knowing that you will need to align people, processes and technology in order to form an effective barrier around your organization.
Protecting Your Confidential Taxpayer Information from Cybercriminals
The IRS provides several documents that detail the procedures in place to protect your firm from unauthorized disclosures. For information on your requirement to protect FTI, the regulations that mandate it, and other useful information, see the IRS Publications below.
- Publication 4557: “Safeguarding Taxpayer Data” discusses the FTC Safeguards Rule, provides a checklist to ensure you are meeting the requirements of the Rule, and provides tips for preventing and detecting abuse of your Filing Number.
https://www.irs.gov/pub/irs-pdf/p4557.pdf - Publication 5293: “Data Security Resource Guide for Tax Professionals” is intended to provide a basic understanding of minimal steps to protect client data. It references Publication 4557 above as well as NIST’s website about small business security fundamentals.
https://www.irs.gov/pub/irs-pdf/p5293.pdf - Publication 1075: “Safeguards for Protecting Federal Tax Returns and Return Information” provides guidance to ensure the policies, practices, controls, and safeguards employed by recipient agencies, agents, or contractors adequately protect the confidentiality of FTI.
https://www.irs.gov/pub/irs-pdf/p1075.pdf - Last but not least, don’t forget Publication 1345: “Handbook for Authorized IRS e-File Providers” which outlines your responsibility as an Electronic Return Originator, including in the area of e-File security and privacy.
https://www.irs.gov/pub/irs-pdf/p1345.pdf
Understanding where to look for this information and ensuring that you always have the latest research close to hand can be a distraction for business and technology leaders. This is why so many organizations are choosing to partner with trusted IT services providers to help ensure their compliance and data security standards are always up-to-date with the latest government recommendations.
You Can Trust Mathe to Provide Exceptional Business Technology Services and Manage Your Compliance
You deserve the peace of mind that comes from knowing that your business is being actively protected against data breaches and cyberattacks. When you partner with the professionals at Mathe, you can be confident that our team is continually studying the compliance and cybersecurity landscape, always scanning for threats and working to harden your IT systems. Contact us at 973-221-2509 for a complimentary initial consultation and see how we can help avoid the risk associated with IRS security audits.
With over 35 years in the business of supporting and implementing technology for the SME market, and 6 years previously in Corporate IT and Voice. I have seen a great deal of change. The only common thread is I have always focused on the Business Wise application of Technology. We always try to look 5 years ahead of the current technology to make sure our clients are on the right track to meet current and future needs.
