IR-2020-163, July 17, 2020
WASHINGTON — The Internal Revenue Service and the Security Summit partners today urged tax professionals this summer to review critical security steps to ensure they are fully protecting client data whether working in the office or a remote location.
To help tax practitioners, the IRS, state tax agencies and the nation’s tax industry next week will begin a five-part summer awareness initiative called Working Virtually: Protecting Tax Data at Home and at Work. The initiative highlights security actions key to protecting tax professionals as they respond to COVID-19 while working remotely from their office and clients. Taxpayers can also benefit from some of the security tips.
“During COVID-19, the community should remember there’s more than one virus to be concerned about,” said IRS Commissioner Chuck Rettig. “This challenging period creates new opportunities for cybercriminals and new threats for tax professionals. Our latest Security Summit initiative calls on tax professionals to make sure to take precautions to meet the new challenges of the workplace. With more practitioners working from home or dealing with clients via email, it’s critical to make sure your security measures are keeping pace.”
Since the IRS, state tax administrators and the nation’s tax industry created the Security Summit five years ago, stolen identity refund fraud has dropped dramatically. Between 2015 and 2019, the number of taxpayers reporting they were identity theft victims to the IRS fell 80%, and the number of confirmed identity theft returns stopped by the IRS declined by 68%. In 2019, there were 443,000 confirmed identity theft tax returns compared to 1.4 million in 2015.
As the IRS and Summit partners increased their defenses, cybercriminals have adjusted their sights to focus on tax professionals and their client data. While trying to obtain taxpayer information, data thefts from practitioner offices continue. Tax records and information stolen from preparer offices allow thieves to create fraudulent tax returns that are more difficult to detect.
The Security Summit launched the “Protect Your Clients, Protect Yourself” campaign in 2016 to heighten security awareness among tax professionals and their personnel. Security measures are only as good as the least informed employee in the office.
In its fourth year, the 2020 campaign will feature a series of news releases each Tuesday for the next five weeks. The campaign will highlight:
- The “Security Six” − basic protections that all practitioners should take
- Multi-Factor Authentication to protect accounts
- Virtual Private Networks to protect remote sites
- Phishing scams, including COVID-19 and Economic Impact Payments
- Protect Yourself: The need for a security plan and data theft plan
In addition, tax professional security will be a special focus of this year’s Nationwide Tax Forums, which will be virtual this year. The sessions begin July 21 and conclude August 20.
Tax professionals also can get help with security recommendations by reviewing the recently revised IRS Publication 4557, Safeguarding Taxpayer Data (PDF), and Small Business Information Security: the Fundamentals (PDF) by the National Institute of Standards and Technology.
Publication 5293, Data Security Resource Guide for Tax Professionals (PDF), provides a compilation of data theft information available on IRS.gov. Also, tax professionals should stay connected to the IRS through subscriptions to e-News for Tax Professionals and Social Media or visit Identity Theft Central at IRS.gov/identitytheft.