Whether in public accounting or business and industry, accountants are key stakeholders in cybersecurity. In organizations of all types, accountants play crucial roles in developing budgets that help determine how to protect tax data from hackers are implemented.
The IRS considers identity theft to be at the top of its annual “dirty dozen” tax scams to avoid. Tax-related identity theft occurs when stolen Social Security numbers are used to file tax returns claiming fraudulent refunds. Taxpayers affected by the recent incidents will be notified via mail by the IRS. They (or their tax preparer) may also find out when their return is filed electronically and rejected—and they receive a message that a return has already been filed under that Social Security number.
If there was an attempt to file a tax return in your name, you can apply to the IRS for an identity protection personal identification number (IP PIN). An IP PIN is a six-digit number used to confirm your identity and prevent misuse of your Social Security number on federal tax returns you subsequently file. If you e-file your return and your IP PIN is missing or incorrect, the IRS’s system will reject the return. If you file a paper return, the IRS will validate the IP PIN before the return is processed.
Here are some suggestions on how firms can help to protect tax data from hackers.
Protect birth dates, your mother’s maiden name, account numbers, passwords, and Social Security. Carefully consider all requests to provide your Social Security number before you give it out. Do not carry your Social Security card. Shred documents with sensitive personal data. Use third-party private storage applications to store and protect passwords.
Cybercriminals gather information over time. Separate what you share publicly from what you share only with your contacts. Do not post your birthday. Do not provide specific information about your personal finances.
Use up-to-date security software (antivirus and malware protection and firewalls). Consider updating software automatically. If possible, use a different computer for business and finances than you do for social media, games, and family use. Use strong passwords and change them often.
Criminals use robotic dialers and automated questions to call thousands of targets a day. Do not provide personal information to any caller you do not know. Any time you click on a link in an email, you are launching something. Do not open an attachment unless you know who sent it and what it is. The IRS will not send emails with links or request sensitive information online. Internet sites should be encrypted; if you go to a site that does not have a lock symbol displayed, do not enter sensitive data into it.
Review your bank and credit card statements often. Check your credit report frequently.
Before running tax return software programs, run virus scans and make sure all software updates have been completed. Users preparing their own returns should load the application on a personal computer and not stay connected to the internet the entire time unless the program requires it. Remove the application once you are finished with it. Remove tax information from your computer and store the data on a remote drive and as PDF files. Keep paper returns in a secure place and shred tax documents before trashing them.
