Provided below is a summary of the IRS Security Summit’s 2020 security awareness campaign, as well as how to identify and report a business that is a victim of tax identity theft.
Security Summit 2020 Working Virtually Awareness Campaign
As the IRS and Summit partners have increased their defenses, cybercriminals have adjusted to focus on tax professionals in order to obtain their client data to commit tax identity fraud. As digital data thefts from tax practitioners continue, it is imperative that professional tax preparers take steps to secure their computer software and systems.
In its fourth year, the IRS and Security Summit partners have issued a five-part summer awareness campaign called Working Virtually: Protecting Tax Data at Home and at Work. This campaign highlights the key security actions that tax professionals should be taking as they respond to COVID-19 while working remotely.
The campaign gives information in five weekly news releases that began on July 17, 2020 and covers the following:
- Details on the basic “Security Six” protections that all practitioners should take:
- Using anti-virus software
- Setting up a firewall
- Using Two-Factor Authentication
- Backing up their systems
- Considering the use of drive encryption software for full disk encryption
- Using a Virtual Private Network (VPN) when working remotely
- Using Multi-Factor Authentication to protect accounts
- Using VPNs to protect remote sites
- Phishing scams
- Creating a security and data theft plan
See the Working Virtually: Protecting Tax Data at Home and at Work page on the IRS website for more information.
Reporting Identity Theft for a Business
A business, trust, estate, or tax-exempt organization may have been a victim of tax identity theft if one of the following has occurred:
- They filed their tax return electronically and it was rejected as already being filed
- They received a notice regarding a tax return they did not file
- They received a notice about Forms W-2 filed with the Social Security Administration they did not file
- They received a notice of balance due that they do not owe
If one of these has occurred there is a possibility that someone is using the business name or EIN to submit fraudulent tax returns or Forms W-2 and the business, trust, estate, or tax-exempt organization should complete Form 14039-B (Business Identity Theft Affidavit), sign it, include all requested documents, and send it to the IRS immediately. This form may be mailed or faxed to the IRS.
See the following on the IRS website for more information: