IRS Press Release:
IR-2017-136, Aug. 29, 2017
WASHINGTON – The IRS, state tax agencies and the tax industry today offered important tips for how tax professionals can get started protecting their clients and their business from cybersecurity threats.
All tax practitioners, from the largest of firms to the smallest of offices, have a legal obligation to protect taxpayer information in their care. That means securing sensitive data from unauthorized disclosure, improper disposal and outright theft.
Explaining how to address security threats is part of the “Don’t Take the Bait” campaign, a 10-part series aimed at tax professionals. The IRS, state tax agencies and the tax industry, working together as the Security Summit, urge practitioners to learn to protect their clients and themselves from cybersecurity threats. This is part of the ongoing Protect Your Clients; Protect Yourself effort.
“More and more, we see the data held by tax professionals being targeted by national and international criminal syndicates that are highly sophisticated, well-funded and technologically adept,” said IRS Commissioner John Koskinen. “No tax practitioner today can afford to ignore cybersecurity threats or overlook putting in place strong safeguards.”
To get started, preparers can review IRS Publication 4557, Safeguarding Taxpayer Data, which outlines the practitioners’ legal obligations and offers a checklist to help create a security plan.
Most tax professionals are also small business operators. Recently, the Commerce Department’s National Institute of Standards and Technology (NIST) issued new guidance called Small Business Information Security: the Fundamentals. NIST sets cybersecurity frameworks that government agencies, including the IRS, follow
The Security Summit coalition urges tax practitioners to fully review both Publication 4557 and NIST’s Small Business Information Security: the Fundamentals. Here’s a summary of key recommendations: