ASK THE CALIFORNIA EMPLOYMENT TAX AND PAYROLL TAX ATTORNEY – IRS WARNING: CYBER THREATS ARE ON THE RISE FOR TAX PROFESSIONALS – WHAT YOU CAN DO TO PROTECT YOUR PRACTICE AND YOUR CLIENTS – PART 2
By Robert S. Schriebman
In Part 2 of this series we will examine the list of Security Summit recommendations concerning anti-virus software, firewalls, two-factor authentication, drive encryption and date security plans.
Cyber endangerment has become so pervasive that the IRS has issued a series of Information Releases entitled, “Protect Your Clients; Protect Yourself: Tax Security 101.” The IRS will be issuing a series of warnings and instructions over the next several weeks. As I receive these publications, I will inform you.
Before discussing, in general terms, the specific recommendations made by the IRS, I want to direct your attention two fairly new IRS publications that you need to obtain from the IRS website (www.irs.gov). See “Scams Targeting Tax Professionals.” First, the IRS revised Publication 4557, Safeguarding Taxpayer Data. This Publication has been updated to reflect current threats to tax professionals. Second, the IRS has created new Publication 5293, Data Security Resource Guide for Tax Professionals. Both Publications promote the basic things you need to know from the experts in the US government and the private sector.
Protecting Yourself from Hacking – The Basics
IRS Publication 2018-147 describes, in general terms, the first steps necessary to begin to protect your clients and yourself from invasion.
1. Learn to recognize phishing emails. These pretend to be from the IRS, state taxing agencies, a software provider, and Cloud storage providers. If you are at all suspicious do not open a link or download any attachment. I’ve said this before, but it bears repeating: the IRS still does not initiate any email communication. On the other hand, the EDD does. However, if you get an EDD unsolicited email, there will always be the agent’s name, phone number, fax number, and email address. If you are suspicious call the EDD agent instead of opening the email.
2. Review IRS Publication 4557 and create a security plan as outlined therein. IR 2018-147 also makes reference to Small Business Information Security – The Fundamentals, by the National Institute of Standards and Technology.
3. How good are your internal controls? Here is what the IRS suggests you do as a minimum:
- Limit access to client data to only staff members who need to know.
- Check IRS e-Services account weekly for number of returns filed with EFIN.
- Destroy old computer hard drives as well as printers, as modern printers store client data.
- Have an effective backup system and a secure external source that is not connected to a network.
- Have strong passwords and encrypt all sensitive material.
- All passwords should have at least 8 characters. The longer the better. Consider using different passwords for different clients.
- Install anti-virus and anti-malware security software on all devices including phones, tables, and routers.
- Report any data theft to the appropriate IRS Stakeholder Liaison and state equivalent.
- Subscribe to IRS e-News for Tax Professionals
The IRS reminds tax professionals that hackers obtained a huge amount of 2016 tax information and used it to file phony 2017 refunds. In fact they got so much data that they were able to hack into taxpayers bank accounts. They even called taxpayers who received fraudulent refunds to try to trick them into returning these refunds to them through phony IRS destinations.
The IRS is currently offering nationwide seminars to tax professionals. Consider signing up for one in your area. If you missed this year’s seminar, there will be one next year. You may want to go on the IRS website to determine the date and place of a seminar near you.
Beware of Taxpayer Advocate Fraud
Regardless of whether we are referring to the IRS or EDD Taxpayer Advocate, we know that these hard-working people attempt to do good on behalf of the taxpaying public. The IRS website warns that there are now scammers posing as representatives of the Taxpayer Advocacy Panel (TAP) who try to trick innocent victims into providing financial information in order to steal their refunds. This is only the beginning. The Advocate covers a wide field of taxpayer issues. By posing as Advocates, there is no end to the information that can be used to separate people from their money. Now we have to be alert to determine if the call from the Advocate is genuine. You can obtain a directory from the IRS of Advocates throughout the country. The EDD has one Advocate headquarters in Sacramento. When in doubt call the Advocate to determine if the contact is legitimate.
Robert Schriebman has a successful practice in the Rolling Hills Estates area of Los Angeles County serving clients throughout California and the United States. He has successfully dedicated more than 40 years to helping individual taxpayers, business owners, CPAs, Enrolled Agents, and tax attorneys navigate the complicated tax systems of the federal and state governments. Mr. Schriebman is in private practice. He is not affiliated in any way with the EDD and he is not employed by the EDD or any other agency of the State of California.
Robert Schriebman has written the only 2 books ever published dealing with how California Employment Development Department (EDD) operates. See “California Tax Collection Practice and Procedures” and “California Taxation Practice and Procedure,” both published by Commerce Clearing House.
Robert Schriebman has written over 20 books including the major manual used nationally by practitioners and the IRS, “IRS Tax Collection Procedures – A Manual for Practitioners” published by Commerce Clearing House.
Robert Schriebman has written over 20 books including the major manual used nationally by practitioners and the IRS, “IRS Tax Collection Procedures – A Manual for Practitioners” published by Commerce Clearing House in addition to the only 2 books ever published dealing with how California Employment Development Department (EDD) operates. See “California Tax Collection Practice and Procedures” and “California Taxation Practice and Procedure,” both published by Commerce Clearing House.
Web Site Article 342