Email
IR-2023-224: National Tax Security Awareness Week, Day 2: Security Summit reminds tax pros about importance of written security plans and data breach response; special webinar planned for Nov. 30
| From | IRS Newswire <[email protected]> |
| Subject | IR-2023-224: National Tax Security Awareness Week, Day 2: Security Summit reminds tax pros about importance of written security plans and data breach response; special webinar planned for Nov. 30 |
| Date | November 28, 2023 3:10 PM |
Links have been removed from this email. Learn more in the FAQ.
Links have been removed from this email. Learn more in the FAQ.
Bookmark and Share [ [link removed] ]
a { color:#0073AF !important;} a:hover { color:#004673 !important;}
IRS.gov Banner
IRS Newswire November 28, 2023
News Essentials
What's Hot [ [link removed] ]
News Releases [ [link removed] ]
IRS - The Basics [ [link removed] ]
IRS Guidance [ [link removed] ]
Media Contacts [ [link removed] ]
Facts & Figures [ [link removed] ]
Around The Nation [ [link removed] ]
e-News Subscriptions [ [link removed] ]
________________________________________________________________________
The Newsroom Topics
Multimedia Center [ [link removed] ]
Noticias en Espa?ol [ [link removed] ]
Radio PSAs [ [link removed] ]
Tax Scams [ [link removed] ]
The Tax Gap [ [link removed] ]
Fact Sheets [ [link removed] ]
IRS Tax Tips [ [link removed] ]
Armed Forces [ [link removed] ]
Latest News Home [ [link removed] ]
________________________________________________________________________
IRS Resources
Contact My Local Office [ [link removed] ]
Filing Options [ [link removed] ]
Forms & Instructions [ [link removed] ]
Frequently Asked Questions [ [link removed] ]
News [ [link removed] ]
Taxpayer Advocate [ [link removed] ]
Where to File [ [link removed] ]
IRS Social Media [ [link removed] ]
________________________________________________________________________
*Issue Number:?* ??IR-2023-224
*Inside This Issue*
________________________________________________________________________
*National Tax Security Awareness Week, Day 2: Security Summit reminds tax pros about importance of written security plans and data breach response; special webinar planned for Nov. 30*
WASHINGTON ? As part of a larger effort to protect taxpayers against identity theft, the Internal Revenue Service and the Security Summit partners today reminded tax professionals to protect themselves and their client?s sensitive information, including putting in place written security plans and following new requirements to use multi-factor authentication.
Under updated standards set by the Federal Trade Commission, tax professionals now not only need to have a Written Information Security Plan (WISP), but they also need to use multi-factor authentication to protect taxpayer accounts and client information. To help tax professionals with this during National Tax Security Awareness Week, the IRS and the Security Summit partners [ [link removed] ] will hold a special webinar on Nov. 30 to help tax professionals develop a security plan.
?Tax professionals play a key role in the nation?s tax system, and it?s critical that they take important steps to protect their systems from identity thieves,? said IRS Commissioner Danny Werfel. ?A system breach for a tax professional can be devastating not just to their business, but to their clients. The IRS and the Security Summit partners remind tax professional to follow required guidelines, including developing a Written Information Security Plan, to protect themselves and their clients from identity thieves.?
During National Tax Security Awareness Week, now in its eighth year, the Security Summit partnership of the IRS, state tax agencies and the nation?s tax community work to raise awareness among taxpayers and tax professionals about the importance of safeguarding information to protect against identity theft. The Security Summit formed in 2015 to combat tax-related identity theft through better public-private sector coordination as well as strengthening internal protections in the tax community and raising public awareness about security threats.
With the holiday shopping season underway and tax season fast approaching, the Security Summit partners today alerted taxpayers and tax professionals during day 2 of the special week to take extra steps to protect their financial and tax information. As the IRS and the Summit partners have strengthened their internal defenses in recent years to protect against fraud, identity thieves have increasingly focused on tax professionals as one of the ways to obtain sensitive taxpayer information in hopes of evading systemic defenses by the IRS and the tax community.
Tax pros are the first line of defense in protecting taxpayer information. The Summit partners highlighted several key steps that tax pros ? regardless of the size of their practice ? should take to protect their systems and comply with federal standards.
*WISP, Multi-factor authentication can help tax pros protect their clients, protect themselves*
The IRS and Security Summit partners remind tax professionals that federal law requires them to have a written information security plan. The plans, called WISPs for short, provide a blueprint for security.
Members of the Summit's Tax Professional team developed a special document that allows practitioners to quickly develop their own WISP. This sample document, Written Information Security Plan (WISP) [ [link removed] ], provides a starting point for businesses large or small, and can be scaled for a company's size, scope of activities, complexity and customer data sensitivity. There's not a one-size-fits-all WISP. For example, a sole practitioner can use a more abbreviated and simplified plan than a 10-partner accounting firm, which is reflected in the sample WISP from the Security Summit group.
Addressing security issues for a tax professional can be difficult and expensive. A WISP addresses risk considerations for inclusion in an effective plan and provides a blueprint of applicable actions in the event of a security incident, data loss or theft.
?We continue to see instances where tax professionals struggle to maintain security plans or know how to protect themselves against identity thieves and other fraudsters,? said Kimberly Rogers, director of the IRS Return Preparer Office and co-chair of the Security Summit tax professionals working group. ?This WISP document goes a long way in helping even the smallest tax professional firm protect themselves against security threats.?
To help tax professionals learn more about these plans, the IRS and Summit partners plan a special webinar at 10:30 ET, Nov. 30. Tax professionals can earn one continuing education (CE) credit by registering [ [link removed] ] and attending.
The session will be conducted by the IRS and Jared Ballew, one of the Summit members who helped develop the WISP. Ballew serves as Vice President of Government Relations at Taxwell, representing Drake Software and TaxAct. He conducted special IRS Nationwide Tax Forum sessions this summer to standing-room-only audiences.
?These security plans provide valuable tips and information to help tax pros develop an effective plan that's appropriate for their business," Ballew said. "The Security Summit partners continue to urge tax pros to make sure they have a strong security plan in place, and the WISP is a great place to start for many practices.?
Tax pros can also review IRS Publication 5709, How to Create a Written Information Security Plan for Data Safety [ [link removed] ], for more information on WISPs.
In addition to requirements to have a WISP, the IRS also reminds the tax community that the Federal Trade Commission this summer updated their safeguards standards and now require tax professionals to use multi-factor authentication to protect client information. Multi-factor authentication provides an extra layer of security to ensure the proper people are accessing sensitive accounts and systems.
*IRS Tax Pro Accounts: Another important line of defense*
The IRS and Summit partners also emphasize another way to help protect sensitive information from identity thieves is through secure online tools such as Tax Pro Account [ [link removed] ]. These can manage client information to safeguard sensitive taxpayer and financial data from cyberthreats.
Tax Pro Account is a secure, mobile-friendly, digital, self-service application that enables tax professionals to act on a taxpayers? behalf, view the taxpayers? information and manage their authorization relationships more efficiently.
Tax professionals can use Tax Pro Account to send Power of Attorney and Tax Information Authorization requests directly to a taxpayer?s individual IRS Online Account [ [link removed] ]. Once the taxpayer approves the request, it?s processed in real time ? no faxing, mailing, uploading or long waits.
Establishing a Tax Pro Account for your clients is easy, doesn?t require forms, and eliminates risks associated with storing and sending paper records.
Visit the Tax Professionals page [ [link removed] ] on IRS.gov to learn more about E-Services, Tax Pro Account, EINs, filing, forms, third party authorizations, and other safe and secure online tools to serve your clients.
*Data breaches: What to do if a tax pro is victimized*
The IRS also recommends tax professionals create an action plan to outline the steps to take in the event of a breach or data theft, in addition to the required information security plan. This will save valuable time should the worst occur.
A key component to an effective action plan is knowing who to contact. In addition to reporting data loss to the IRS, tax professionals should contact law enforcement, the appropriate states, clients and security professionals.
Places to get help from the IRS and law enforcement in case of a data breach:
* IRS Stakeholder Liaison [ [link removed] ] - The IRS recommends reporting data theft to the local Stakeholder Liaison first. Liaisons will notify IRS Criminal Investigation and others within the agency on the tax professional?s behalf. Speed is critical. If reported quickly, the IRS can take steps to block fraudulent returns in clients? names.
* Federal Bureau of Investigation [ [link removed] ] - the local office.
* Secret Service [ [link removed] ] - the local office (if directed).
* ?Local police ? to file a police report on the data breach.
*Contacting states in which tax professionals prepare state returns:*
* Federation of Tax Administrators [ [link removed] ] ? Tax professionals can reach this special ?report a data breach? web page for victim reporting guidance to the states. [link removed]
* State Attorneys General [ [link removed] ] - most states require that the state attorney general be notified of data breaches.
For more details on National Tax Security Awareness Week, visit IRS.gov/securitysummit [ [link removed] ].
*Additional resources*
* Publication 4557, Safeguarding Taxpayer Data [ [link removed] ].
* Publication 5293, Data Security Resource Guide for Tax Professionals [ [link removed] ].
* Publication 4524, Security Awareness for Taxpayers [ [link removed] ].
* Tax professionals, individuals and businesses can find security recommendations by visiting Identity Theft Central [ [link removed] ] at IRS.gov.
* National Institute of Standards and Technology ? Small Business Information Security: The Fundamentals [ [link removed] ].
* Federal Trade Commission?s Cybersecurity for Small Businesses [ [link removed] ].
* Stay connected to the IRS through subscriptions to e-News for Tax Professionals [ [link removed] ]and social media [ [link removed] ].
* Tax Talk Today highlights National Tax Security Awareness Week [ [link removed] ]
?
Back to Top [ #Fifteenth ]
________________________________________________________________________
FaceBook Logo [ [link removed] ]??YouTube Logo [ [link removed] ] ?Instagram Logo [ [link removed] ]? Twitter Logo [ [link removed] ] ?LinkedIn Logo [ [link removed] ]
________________________________________________________________________
Thank you for subscribing to the IRS Newswire, an IRS e-mail service.
If you know someone who might want to subscribe to this mailing list, please forward this message to them so they can subscribe [ [link removed] ].
This message was distributed automatically from the mailing list IRS Newswire. Please Do Not Reply To This Message.
?
________________________________________________________________________
Update your subscriptions, modify your password or email address, or stop subscriptions at any time on your Subscriber Preferences Page [ [link removed] ]. You will need to use your email address to log in. If you have questions or problems with the subscription service, please contact subscriberhelp.govdelivery.com [ [link removed] ].
This service is provided to you at no charge by the Internal Revenue Service (IRS) [ [link removed] ].
body .abe-column-block {min-height: 5px;} ________________________________________________________________________
This email was sent to [email protected] by: Internal Revenue Service (IRS) ? Internal Revenue Service ? 1111 Constitution Ave. N.W. ? Washington DC 20535 GovDelivery logo [ [link removed] ]
body .abe-column-block { min-height: 5px; } table.gd_combo_table img {margin-left:10px; margin-right:10px;} table.gd_combo_table div.govd_image_display img, table.gd_combo_table td.gd_combo_image_cell img {margin-left:0px; margin-right:0px;}
a { color:#0073AF !important;} a:hover { color:#004673 !important;}
IRS.gov Banner
IRS Newswire November 28, 2023
News Essentials
What's Hot [ [link removed] ]
News Releases [ [link removed] ]
IRS - The Basics [ [link removed] ]
IRS Guidance [ [link removed] ]
Media Contacts [ [link removed] ]
Facts & Figures [ [link removed] ]
Around The Nation [ [link removed] ]
e-News Subscriptions [ [link removed] ]
________________________________________________________________________
The Newsroom Topics
Multimedia Center [ [link removed] ]
Noticias en Espa?ol [ [link removed] ]
Radio PSAs [ [link removed] ]
Tax Scams [ [link removed] ]
The Tax Gap [ [link removed] ]
Fact Sheets [ [link removed] ]
IRS Tax Tips [ [link removed] ]
Armed Forces [ [link removed] ]
Latest News Home [ [link removed] ]
________________________________________________________________________
IRS Resources
Contact My Local Office [ [link removed] ]
Filing Options [ [link removed] ]
Forms & Instructions [ [link removed] ]
Frequently Asked Questions [ [link removed] ]
News [ [link removed] ]
Taxpayer Advocate [ [link removed] ]
Where to File [ [link removed] ]
IRS Social Media [ [link removed] ]
________________________________________________________________________
*Issue Number:?* ??IR-2023-224
*Inside This Issue*
________________________________________________________________________
*National Tax Security Awareness Week, Day 2: Security Summit reminds tax pros about importance of written security plans and data breach response; special webinar planned for Nov. 30*
WASHINGTON ? As part of a larger effort to protect taxpayers against identity theft, the Internal Revenue Service and the Security Summit partners today reminded tax professionals to protect themselves and their client?s sensitive information, including putting in place written security plans and following new requirements to use multi-factor authentication.
Under updated standards set by the Federal Trade Commission, tax professionals now not only need to have a Written Information Security Plan (WISP), but they also need to use multi-factor authentication to protect taxpayer accounts and client information. To help tax professionals with this during National Tax Security Awareness Week, the IRS and the Security Summit partners [ [link removed] ] will hold a special webinar on Nov. 30 to help tax professionals develop a security plan.
?Tax professionals play a key role in the nation?s tax system, and it?s critical that they take important steps to protect their systems from identity thieves,? said IRS Commissioner Danny Werfel. ?A system breach for a tax professional can be devastating not just to their business, but to their clients. The IRS and the Security Summit partners remind tax professional to follow required guidelines, including developing a Written Information Security Plan, to protect themselves and their clients from identity thieves.?
During National Tax Security Awareness Week, now in its eighth year, the Security Summit partnership of the IRS, state tax agencies and the nation?s tax community work to raise awareness among taxpayers and tax professionals about the importance of safeguarding information to protect against identity theft. The Security Summit formed in 2015 to combat tax-related identity theft through better public-private sector coordination as well as strengthening internal protections in the tax community and raising public awareness about security threats.
With the holiday shopping season underway and tax season fast approaching, the Security Summit partners today alerted taxpayers and tax professionals during day 2 of the special week to take extra steps to protect their financial and tax information. As the IRS and the Summit partners have strengthened their internal defenses in recent years to protect against fraud, identity thieves have increasingly focused on tax professionals as one of the ways to obtain sensitive taxpayer information in hopes of evading systemic defenses by the IRS and the tax community.
Tax pros are the first line of defense in protecting taxpayer information. The Summit partners highlighted several key steps that tax pros ? regardless of the size of their practice ? should take to protect their systems and comply with federal standards.
*WISP, Multi-factor authentication can help tax pros protect their clients, protect themselves*
The IRS and Security Summit partners remind tax professionals that federal law requires them to have a written information security plan. The plans, called WISPs for short, provide a blueprint for security.
Members of the Summit's Tax Professional team developed a special document that allows practitioners to quickly develop their own WISP. This sample document, Written Information Security Plan (WISP) [ [link removed] ], provides a starting point for businesses large or small, and can be scaled for a company's size, scope of activities, complexity and customer data sensitivity. There's not a one-size-fits-all WISP. For example, a sole practitioner can use a more abbreviated and simplified plan than a 10-partner accounting firm, which is reflected in the sample WISP from the Security Summit group.
Addressing security issues for a tax professional can be difficult and expensive. A WISP addresses risk considerations for inclusion in an effective plan and provides a blueprint of applicable actions in the event of a security incident, data loss or theft.
?We continue to see instances where tax professionals struggle to maintain security plans or know how to protect themselves against identity thieves and other fraudsters,? said Kimberly Rogers, director of the IRS Return Preparer Office and co-chair of the Security Summit tax professionals working group. ?This WISP document goes a long way in helping even the smallest tax professional firm protect themselves against security threats.?
To help tax professionals learn more about these plans, the IRS and Summit partners plan a special webinar at 10:30 ET, Nov. 30. Tax professionals can earn one continuing education (CE) credit by registering [ [link removed] ] and attending.
The session will be conducted by the IRS and Jared Ballew, one of the Summit members who helped develop the WISP. Ballew serves as Vice President of Government Relations at Taxwell, representing Drake Software and TaxAct. He conducted special IRS Nationwide Tax Forum sessions this summer to standing-room-only audiences.
?These security plans provide valuable tips and information to help tax pros develop an effective plan that's appropriate for their business," Ballew said. "The Security Summit partners continue to urge tax pros to make sure they have a strong security plan in place, and the WISP is a great place to start for many practices.?
Tax pros can also review IRS Publication 5709, How to Create a Written Information Security Plan for Data Safety [ [link removed] ], for more information on WISPs.
In addition to requirements to have a WISP, the IRS also reminds the tax community that the Federal Trade Commission this summer updated their safeguards standards and now require tax professionals to use multi-factor authentication to protect client information. Multi-factor authentication provides an extra layer of security to ensure the proper people are accessing sensitive accounts and systems.
*IRS Tax Pro Accounts: Another important line of defense*
The IRS and Summit partners also emphasize another way to help protect sensitive information from identity thieves is through secure online tools such as Tax Pro Account [ [link removed] ]. These can manage client information to safeguard sensitive taxpayer and financial data from cyberthreats.
Tax Pro Account is a secure, mobile-friendly, digital, self-service application that enables tax professionals to act on a taxpayers? behalf, view the taxpayers? information and manage their authorization relationships more efficiently.
Tax professionals can use Tax Pro Account to send Power of Attorney and Tax Information Authorization requests directly to a taxpayer?s individual IRS Online Account [ [link removed] ]. Once the taxpayer approves the request, it?s processed in real time ? no faxing, mailing, uploading or long waits.
Establishing a Tax Pro Account for your clients is easy, doesn?t require forms, and eliminates risks associated with storing and sending paper records.
Visit the Tax Professionals page [ [link removed] ] on IRS.gov to learn more about E-Services, Tax Pro Account, EINs, filing, forms, third party authorizations, and other safe and secure online tools to serve your clients.
*Data breaches: What to do if a tax pro is victimized*
The IRS also recommends tax professionals create an action plan to outline the steps to take in the event of a breach or data theft, in addition to the required information security plan. This will save valuable time should the worst occur.
A key component to an effective action plan is knowing who to contact. In addition to reporting data loss to the IRS, tax professionals should contact law enforcement, the appropriate states, clients and security professionals.
Places to get help from the IRS and law enforcement in case of a data breach:
* IRS Stakeholder Liaison [ [link removed] ] - The IRS recommends reporting data theft to the local Stakeholder Liaison first. Liaisons will notify IRS Criminal Investigation and others within the agency on the tax professional?s behalf. Speed is critical. If reported quickly, the IRS can take steps to block fraudulent returns in clients? names.
* Federal Bureau of Investigation [ [link removed] ] - the local office.
* Secret Service [ [link removed] ] - the local office (if directed).
* ?Local police ? to file a police report on the data breach.
*Contacting states in which tax professionals prepare state returns:*
* Federation of Tax Administrators [ [link removed] ] ? Tax professionals can reach this special ?report a data breach? web page for victim reporting guidance to the states. [link removed]
* State Attorneys General [ [link removed] ] - most states require that the state attorney general be notified of data breaches.
For more details on National Tax Security Awareness Week, visit IRS.gov/securitysummit [ [link removed] ].
*Additional resources*
* Publication 4557, Safeguarding Taxpayer Data [ [link removed] ].
* Publication 5293, Data Security Resource Guide for Tax Professionals [ [link removed] ].
* Publication 4524, Security Awareness for Taxpayers [ [link removed] ].
* Tax professionals, individuals and businesses can find security recommendations by visiting Identity Theft Central [ [link removed] ] at IRS.gov.
* National Institute of Standards and Technology ? Small Business Information Security: The Fundamentals [ [link removed] ].
* Federal Trade Commission?s Cybersecurity for Small Businesses [ [link removed] ].
* Stay connected to the IRS through subscriptions to e-News for Tax Professionals [ [link removed] ]and social media [ [link removed] ].
* Tax Talk Today highlights National Tax Security Awareness Week [ [link removed] ]
?
Back to Top [ #Fifteenth ]
________________________________________________________________________
FaceBook Logo [ [link removed] ]??YouTube Logo [ [link removed] ] ?Instagram Logo [ [link removed] ]? Twitter Logo [ [link removed] ] ?LinkedIn Logo [ [link removed] ]
________________________________________________________________________
Thank you for subscribing to the IRS Newswire, an IRS e-mail service.
If you know someone who might want to subscribe to this mailing list, please forward this message to them so they can subscribe [ [link removed] ].
This message was distributed automatically from the mailing list IRS Newswire. Please Do Not Reply To This Message.
?
________________________________________________________________________
Update your subscriptions, modify your password or email address, or stop subscriptions at any time on your Subscriber Preferences Page [ [link removed] ]. You will need to use your email address to log in. If you have questions or problems with the subscription service, please contact subscriberhelp.govdelivery.com [ [link removed] ].
This service is provided to you at no charge by the Internal Revenue Service (IRS) [ [link removed] ].
body .abe-column-block {min-height: 5px;} ________________________________________________________________________
This email was sent to [email protected] by: Internal Revenue Service (IRS) ? Internal Revenue Service ? 1111 Constitution Ave. N.W. ? Washington DC 20535 GovDelivery logo [ [link removed] ]
body .abe-column-block { min-height: 5px; } table.gd_combo_table img {margin-left:10px; margin-right:10px;} table.gd_combo_table div.govd_image_display img, table.gd_combo_table td.gd_combo_image_cell img {margin-left:0px; margin-right:0px;}
Message Analysis
- Sender: Internal Revenue Service
- Political Party: n/a
- Country: United States
- State/Locality: n/a
- Office: n/a
-
Email Providers:
- govDelivery