Preparer Security and Tax Identity Theft

This page is designed to give tax preparers the information they need to meet their security obligations and to improve their defenses against tax related identity theft which includes safeguarding their computer systems from cybercriminals. It will also let preparers know the latest ways identity thieves are attempting to obtain personal information from individuals.

Cybercriminals continue to step up their attacks on tax preparers. Therefore preparers need to take steps to protect their client’s data and their computer networks from these threats.

It is important to note that tax preparers are required by federal law Gramm-Leach-Bliley Act of 1999) to create and maintain a written data security plan. The Federal Trade Commission administers this law and created a Safeguards Rule to administer it.

Just to give you an idea the extent of the threat to preparers during last year’s filing season the IRS received five to seven reports per week from tax firms that had experienced a data theft. Through early November 2018, the IRS received 234 reports for the year. This was a 29 percent increase from 2017. These are just the tax firms that reported to the IRS, which means that there were probably hundreds more tax practitioners who also experienced data theft during 2018.

Here are basic security steps that preparers should take:

• Learn to recognized phishing emails. Never open a link or any attachment from a suspicious email.

  For more information see:

• Surge in Phishing Scams
• Don’t Take the bait: Here’s how taxpayers can avoid getting caught by a phishing scam

• Create a data security plan using IRS Publication 4557 (Safeguarding Taxpayer Data) and Small Business Information Security – Fundamentals by the National Institute of Standards and Technology.

  For more information see:

• Data Security Plan Requirement for Tax Preparers
• How to create a Data Security Plan
• Basic Safeguards for tax professionals’ computers and email
• Educate employees about Data Security and Computing Safeguards
• Publication 5293 (Data Security Resources Guide for Tax Professionals)

• Create Better and Stronger Passwords
  All preparers should review the new, stronger password guidance for all of their online accounts.

  This new guidance suggests using a passphrase such as a favorite line from a movie or a series of associated words rather than using a traditional password.

  For more details on this guidance see:

• Password guidance
• Strong passwords help protect accounts against cybercriminals
• Tax Preparers must use strong passwords and encryption to protect client data

• Review internal controls
• Install anti-malware/anti-virus security software on all devices (laptops, desktops, routers, tablets, and phones) and keep software set to automatically update.
• Encrypt all sensitive files/emails.
• Back up sensitive data to a safe and secure external source not connected to a network.
• Wipe clean and destroy old computer hard drives and printers that contain sensitive data.
• Limit access to taxpayer data to individuals that need to know.
• Check IRS e-Services account weekly for number of returns filed with EFIN.

• Report any data theft or data loss to appropriate IRS Stakeholder Liaison

• See IRS Security 101 News Release Data Theft Reporting Process for further information.

• Become more aware of preparer risk of data theft attacks by reviewing the following on the IRS website:
• Preparer risk for data theft attacks
• How tax preparers can protect themselves and their clients
• Warning Signs of Data Theft
• Protect Client Data, Learn Signs of Identity Theft

Additional Links for More Information on Identity Theft and Preparer Security

• National Security Awareness Week 2018
• Tax Security 101
• Protect Your Clients; Protect Yourself
• Don’t Take the Bait
• Homeland Security Cyber Topics Toolkits
• Federal Trade Commission Identity Theft
• Department of Homeland Security – Protect Myself from Cyberattacks
• IRS Security Awareness Tax Tips
• IRS Identity Protection

Recent Tax Updates

IRS Accepting Renewal Applications for Expiring ITINs
August 7, 2019

Tax Preparer Security Awareness
June 19, 2019

2019 Federal Tax Changes
April 24, 2019

When a Rental Activity Can Be Included as Qualified Business Income
March 19, 2019

Safe Harbor Rule for Autos that Claim Bonus Depreciation
February 27, 2019

2018 Federal Return and Taxpayer Expectations
January 30, 2019