{"id":68950,"date":"2024-12-06T10:00:08","date_gmt":"2024-12-06T18:00:08","guid":{"rendered":"https:\/\/lapost.us\/?p=68950"},"modified":"2024-12-06T10:00:08","modified_gmt":"2024-12-06T18:00:08","slug":"national-tax-security-awareness-week-day-5-tax-pros-urged-to-guard-against-identity-theft-with-updated-written-information-security-plan","status":"publish","type":"post","link":"https:\/\/lapost.us\/?p=68950","title":{"rendered":"National Tax Security Awareness Week, Day 5: Tax pros urged to guard against identity theft with updated Written Information Security Plan"},"content":{"rendered":"

IR-2024-308, Dec. 6, 2024,\u00a0WASHINGTON<\/strong> \u2013 On the\u00a0final day of National Tax Security Awareness Week,\u00a0the Internal Revenue Service and its Security Summit partners urged tax professionals to reassess their plans for protecting themselves and their clients\u2019 sensitive information amid increasing attempts by\u00a0identity thieves to steal tax data.<\/p>\n

Identity thieves on the hunt for taxpayer data aren\u2019t just targeting taxpayers, they\u2019re going after the tax professionals, who hold enormous amounts of sensitive taxpayer data, in hopes of filing fraudulent tax returns. This year, the IRS has already received more than 250 reports of data breach incidents from tax professionals affecting approximately 200,000 clients.<\/p>\n

Amid these continuing reports of tax professionals encountering data breaches, the Security Summit partners urged practitioners to review the newly updated\u00a0Written Information Security Plan (WISP)<\/a>.<\/p>\n

Tax professionals are required by federal law to have written plans identifying foreseeable data security risks and safeguards, and a plan of action to take in the event of a security breach. To simplify this complex task, a special team of Security Summit members from the tax community released an updated WISP that tax professionals can use as a roadmap to apply to their own practice.<\/p>\n

The IRS also reminds taxpayers that additional safeguards, like multi-factor authentication (MFA), are required by federal law to better protect themselves and their clients. MFA provides an extra layer of security to ensure the proper people are accessing sensitive accounts and systems.<\/p>\n

\u201cCountering identity theft is a collective effort, and tax pros are the first line of defense when it comes to protecting taxpayer information,\u201d said IRS Commissioner Danny Werfel. \u201cMillions of taxpayers entrust their personal data to tax professionals, and we want to make it as easy as possible for tax pros to know what they need to do to keep themselves and their clients\u2019 information safe. The Written Information Security Plan forms an essential part of the tax professionals\u2019 defense against data breaches and identity thieves, helping protect their clients and protect themselves.\u201d<\/p>\n

The WISP, available in IRS\u00a0Publication 5708, Creating a Written Information Security Plan for your Tax & Accounting Practice<\/a>, walks tax professionals through the steps of assembling a plan, including understanding security compliance requirements and professional responsibilities. It also provides a sample template that tax professionals can use as they draft a plan for their business.<\/p>\n

The new version of the WISP, the result of a year-long collaborative effort between the IRS and its Security Summit partners, includes several updates, like highlighting best practices for implementing multi-factor authentication.<\/p>\n

During National Tax Security Awareness Week<\/a>, now in its ninth year and concluding today, the Security Summit partnership of the IRS, tax professionals, tax software and financial companies as well as state tax agencies work to raise awareness among taxpayers and tax professionals about the importance of safeguarding information to protect against identity theft. The Security Summit formed in 2015 to combat tax-related identity theft through better public-private sector coordination as well as strengthening internal protections in the tax community and raising public awareness about security threats.<\/p>\n

Tax pros are on the front lines of defense in protecting taxpayer information. The Summit partners highlighted several key steps that tax pros \u2013 regardless of the size of their practice \u2013 should take to protect their systems and comply with federal standards.<\/p>\n

WISPs and MFA are crucial \u2013 and necessary <\/strong><\/p>\n

Members of the Summit’s tax professional team developed a helpful guide that allows practitioners to quickly develop their own WISP to provide a blueprint for information security.<\/p>\n

\u201cThis helpful guide with sample templates provides a starting point for businesses large or small, and can be scaled for a company’s size, scope of activities, complexity and customer data sensitivity,\u201d said Kimberly Rogers, the IRS Return Preparer Office director and co-chair of the Summit\u2019s tax pro group. \u201cThere’s not a one-size-fits-all WISP. A sole practitioner can use a more abbreviated and simplified plan than a 10-partner accounting firm. This flexibility is reflected in the sample policies and pre-populated templates included in the publication.\u201d<\/p>\n

Addressing security issues for a tax professional can be difficult and expensive. A WISP addresses risk considerations for inclusion in an effective plan and provides a blueprint of applicable actions in the event of a security incident, data loss or theft.<\/p>\n

Tax pros can also review\u00a0IRS Publication 5709, How to Create a Written Information Security Plan for Data Safety<\/a>, for more information on WISPs.<\/p>\n

In addition to requirements to have a WISP, the IRS also reminds the tax community that the Federal Trade Commission last year updated its safeguards standards and now require tax professionals to use MFA to protect client information. MFA, which can include sending text\/SMS verification codes to a user or asking additional questions to confirm the identity of a person logging into a system, provides an extra layer of security to ensure the proper people are accessing sensitive accounts and systems.<\/p>\n

“Building and maintaining a resilient security plan is more than just a requirement \u2014 it’s a safeguard for both tax professionals and their clients,” said Jared Ballew, president of the National Association of Computerized Tax Processors and one of the Summit members who helped develop the WISP.<\/p>\n

“There\u2019s no single silver bullet for security; effective protection requires multiple layers of defense,\u201d Ballew continued. \u201cOur goal with these resources is to help tax pros create and reinforce those layers, with the WISP providing a solid foundation to start or enhance that process. The Security Summit partners remain committed to helping every tax professional stay proactive and protected in today\u2019s digital landscape.”<\/p>\n

IRS Tax Pro Account: Protects pros and their clients\u2019 data and saves time, too<\/strong><\/p>\n

The IRS and Summit partners also emphasize another way to help protect sensitive information from identity thieves is through secure online tools such as the\u00a0Tax Pro Account<\/a>. These tools can help manage client information to safeguard sensitive taxpayer and financial data from cyberthreats.<\/p>\n

The Tax Pro Account is a secure, mobile-friendly, digital, self-service application that enables tax professionals to act on a taxpayers’ behalf, view the taxpayers’ information and manage their authorization relationships more efficiently.<\/p>\n

As part of IRS transformation efforts, the IRS will continue adding new features to the Tax Pro Account in the future to help tax professionals securely and efficiently serve their clients.<\/p>\n

Currently, tax professionals can use Tax Pro Account to send Power of Attorney and Tax Information Authorization requests directly to a taxpayer’s individual\u00a0IRS Online Account<\/a>. Once the taxpayer approves the request, it’s processed in real time \u2014 no faxing, mailing, uploading or long waits.<\/p>\n

Visit the\u00a0Tax Professionals<\/a>\u00a0page on IRS.gov to learn more about E-Services, Tax Pro Account, Employer Identification Numbers, filing, forms, third-party authorizations as well as other safe and secure online tools to serve clients.<\/p>\n

Data breaches: What to do when the worst happens<\/strong><\/p>\n

The IRS also recommends tax professionals create an action plan to outline the steps to take in the event of a breach or data theft, in addition to the required Written Information Security Plan. Tax pros now need to report a security event affecting 500 or more people to the Federal Trade Commission as soon as possible, but no later than 30 days from the date of discovery.<\/p>\n

A key component to an effective action plan is knowing who to contact. In addition to reporting data loss to the IRS, tax professionals should contact law enforcement, the appropriate states, clients and security professionals.<\/p>\n

Places to get help in case of a data breach:<\/strong><\/p>\n