ASK THE CALIFORNIA EMPLOYMENT TAX AND PAYROLL TAX ATTORNEY – IRS WARNING: CYBER THREATS ARE ON THE RISE FOR TAX PROFESSIONALS – WHAT YOU CAN DO TO PROTECT YOUR PRACTICE AND YOUR CLIENTS – PART 3
By Robert S. Schriebman
In Part 3 of this series we will examine the list of Security Summit recommendations concerning anti-virus software, firewalls, two-factor authentication, drive encryption and date security plans.
Cyber endangerment has become so pervasive that the IRS has issued a series of Information Releases entitled, “Protect Your Clients; Protect Yourself: Tax Security 101.” The IRS will be issuing a series of warnings and instructions over the next several weeks. As I receive these publications, I will inform you.
On August 7, 2018 the IRS issued Information Release (IR) 2018-161. This IR is unique because the advice set forth is not from the IRS or its security partners. This advice is coming from tax professionals who have been victimized by scammers and hackers. Their invaluable advice concerns the following topics:
- Obtaining cyber insurance coverage.
- Protecting each client’s account with separate passwords.
- Using a virtual private network (VPN) for remote connections.
- Constantly updating your security software.
It is very important for you to listen to the voices of experience. Last year I attended a tax controversy forum in Los Angeles. On one panel there were representatives from the IRS who polled the audience to determine if tax practitioners from both the private and public sectors had taken what they found to be basic security steps. Out of the almost 200 attendees, only a handful had done so – and these are very sophisticated practitioners. Also on the panel were two CPA partners whose files had been hacked. They told of their ordeal and what they had to go through to report the breaches and protect their clients – talk about going to hell and back!
Listen to and heed the voices of experience!
IR-2018-161, August 7, 2018
Data thefts involving tax professional’s internal data and breaches of client files are on the rise. They will continue to be on the rise in the foreseeable future. This is truly Cyber Darwinism. The primary objectives in cyber theft are to file fraudulent refund claims and to obtain private client data especially back account and credit card information. These thieves are smart and they are backed by world-wide criminal organizations. The efforts of hackers and legitimate governmental activities is getting harder to distinguish. The most you can do is to educate yourself, be diligent and implement whatever is necessary to protect yourself and your clients – when you protect your client, you protect yourself.
The following advice is given, not by the IRS, but by actual tax practitioners who have been the victims of hacker invasions.
Get Cyber Insurance Coverage
Most tax professionals in private practice have some form of insurance. This insurance usually covers property damage and public liability insurance – the usual stuff. Victimized practitioners advise you to go one step further and obtain cyber coverage for data breaches. This may require new insurance or a rider to your current policy. These practitioners also advise that you obtain a policy with a large dollar amount sufficient to cover losses and other expenses. Perhaps the most important factor for you to consider is to “know your carrier.” Do some investigation on how the insurance company is rated. Ask for references and check them out. Cloud service providers may also recommend coverage. There are quite a few articles online that will explain cyber insurance, what it covers, and the precautions you should take in selecting the broker and company.
Obtaining the right broker and the right company brings back personal memories of my California military service. I was both a JAG and a rabbinical chaplain. We were deploying soldiers to various parts of the Middle East. I often had conversations with deploying soldiers who were forced to leave their small businesses. We discussed the benefits of prayer and I advised them to also pray that when they returned to civilian life, that their insurance companies would still be in business.
Protect Each Client’s Account with Separate Passwords
Tax professionals who have been victimized were thankful that they took the steps to assign different passwords to different clients. ‘It was a hassle but worth the trouble.’ By now we all know that strong passwords help prevent theft and that these passwords should be a minimum of 8 characters, with a mixture of numbers, letters and symbols.
Use a Virtual Private Network (VPN) for Remote Connections
These professionals also found that they benefited by using a Virtual Private Network (VPN) instead of remote access software. IR-2018-161 gives an example of thieves who remotely accessed client accounts, prepared and filed e-File returns and changed the deposit information to their own accounts. VPN is also available on your electronic devices such as iPhone, iPads, etc.
Constantly Update Your Security Software
Today most computers come with security software installed. You are advised to purchase additional anti-malware, anti-virus software, firewalls, etc. This software should be updated regularly. This software can be set to update automatically. You should also have a written data security plan because it is now required by the Federal Trade Commission. The IRS recommends that you can keep yourself current on updated security systems by obtaining and reviewing IRS Publication 4557, Safeguarding Taxpayer Data, and Small Business Information Security: the Fundamentals by the National Institute of Standards and Technology.
You should also stay connected to the IRS’ ongoing series of security recommendations by obtaining a subscription e-News for Tax Professionals.
The IRS and its security partners will continue to issue press release known as “IRs.” in the weeks to come. I will endeavor to keep you informed of these publications as they are released.
Robert Schriebman has a successful practice in the Rolling Hills Estates area of Los Angeles County serving clients throughout California and the United States. He has successfully dedicated more than 40 years to helping individual taxpayers, business owners, CPAs, Enrolled Agents, and tax attorneys navigate the complicated tax systems of the federal and state governments. Mr. Schriebman is in private practice. He is not affiliated in any way with the EDD and he is not employed by the EDD or any other agency of the State of California.
Robert Schriebman has written the only 2 books ever published dealing with how California Employment Development Department (EDD) operates. See “California Tax Collection Practice and Procedures” and “California Taxation Practice and Procedure,” both published by Commerce Clearing House.
Robert Schriebman has written over 20 books including the major manual used nationally by practitioners and the IRS, “IRS Tax Collection Procedures – A Manual for Practitioners” published by Commerce Clearing House.
Robert Schriebman has written over 20 books including the major manual used nationally by practitioners and the IRS, “IRS Tax Collection Procedures – A Manual for Practitioners” published by Commerce Clearing House in addition to the only 2 books ever published dealing with how California Employment Development Department (EDD) operates. See “California Tax Collection Practice and Procedures” and “California Taxation Practice and Procedure,” both published by Commerce Clearing House.
Web Site Article 343