Bookmark and Share [ [link removed] ]

a { color:#0073AF !important;} a:hover { color:#004673 !important;} <!-- body { font-family: arial; } p { font-size: 12px; } li { font-size: 12px; } h2 { font-size: 24px; font-style: italic;} -->
IRS.gov Banner
IRS Newswire December 6, 2024

News Essentials

What's Hot [ [link removed] ]

News Releases [ [link removed] ]

IRS - The Basics [ [link removed] ]

IRS Guidance [ [link removed] ]

Media Contacts [ [link removed] ]

Facts & Figures [ [link removed] ]

Around The Nation [ [link removed] ]

e-News Subscriptions [ [link removed] ]

________________________________________________________________________

The Newsroom Topics

Multimedia Center [ [link removed] ]

Noticias en Español [ [link removed] ]

Radio PSAs [ [link removed] ]

Tax Scams [ [link removed] ]

The Tax Gap [ [link removed] ]

Fact Sheets [ [link removed] ]

IRS Tax Tips [ [link removed] ]

Armed Forces [ [link removed] ]

Latest News Home [ [link removed] ]

________________________________________________________________________

IRS Resources

Contact My Local Office [ [link removed] ]

Filing Options [ [link removed] ]

Forms & Instructions [ [link removed] ]

Frequently Asked Questions [ [link removed] ]

News [ [link removed] ]

Taxpayer Advocate [ [link removed] ]

Where to File [ [link removed] ]

IRS Social Media [ [link removed] ]

________________________________________________________________________


Issue Number:    IR-2024-308

Inside This Issue
________________________________________________________________________

*National Tax Security Awareness Week, Day 5: Tax pros urged to guard against identity theft with updated Written Information Security Plan*  

WASHINGTON – On the final day of National Tax Security Awareness Week, the Internal Revenue Service and its Security Summit partners urged tax professionals to reassess their plans for protecting themselves and their clients’ sensitive information amid increasing attempts by identity thieves to steal tax data. 

Identity thieves on the hunt for taxpayer data aren’t just targeting taxpayers, they’re going after the tax professionals, who hold enormous amounts of sensitive taxpayer data, in hopes of filing fraudulent tax returns. This year, the IRS has already received more than 250 reports of data breach incidents from tax professionals affecting approximately 200,000 clients. 

Amid these continuing reports of tax professionals encountering data breaches, the Security Summit partners urged practitioners to review the newly updated Written Information Security Plan (WISP) [ [link removed] ]. 

Tax professionals are required by federal law to have written plans identifying foreseeable data security risks and safeguards, and a plan of action to take in the event of a security breach. To simplify this complex task, a special team of Security Summit members from the tax community released an updated WISP that tax professionals can use as a roadmap to apply to their own practice. 

The IRS also reminds taxpayers that additional safeguards, like multi-factor authentication (MFA), are required by federal law to better protect themselves and their clients. MFA provides an extra layer of security to ensure the proper people are accessing sensitive accounts and systems. 

“Countering identity theft is a collective effort, and tax pros are the first line of defense when it comes to protecting taxpayer information,” said IRS Commissioner Danny Werfel. “Millions of taxpayers entrust their personal data to tax professionals, and we want to make it as easy as possible for tax pros to know what they need to do to keep themselves and their clients’ information safe. The Written Information Security Plan forms an essential part of the tax professionals’ defense against data breaches and identity thieves, helping protect their clients and protect themselves.” 

The WISP, available in IRS Publication 5708, Creating a Written Information Security Plan for your Tax & Accounting Practice [ [link removed] ], walks tax professionals through the steps of assembling a plan, including understanding security compliance requirements and professional responsibilities. It also provides a sample template that tax professionals can use as they draft a plan for their business.

 The new version of the WISP, the result of a year-long collaborative effort between the IRS and its Security Summit partners, includes several updates, like highlighting best practices for implementing multi-factor authentication. 

During National Tax Security Awareness Week [ [link removed] ], now in its ninth year and concluding today, the Security Summit partnership of the IRS, tax professionals, tax software and financial companies as well as state tax agencies work to raise awareness among taxpayers and tax professionals about the importance of safeguarding information to protect against identity theft. The Security Summit formed in 2015 to combat tax-related identity theft through better public-private sector coordination as well as strengthening internal protections in the tax community and raising public awareness about security threats. 

Tax pros are on the front lines of defense in protecting taxpayer information. The Summit partners highlighted several key steps that tax pros – regardless of the size of their practice – should take to protect their systems and comply with federal standards. 

*WISPs and MFA are crucial – and necessary* 

Members of the Summit's tax professional team developed a helpful guide that allows practitioners to quickly develop their own WISP to provide a blueprint for information security.  

“This helpful guide with sample templates provides a starting point for businesses large or small, and can be scaled for a company's size, scope of activities, complexity and customer data sensitivity,” said Kimberly Rogers, the IRS Return Preparer Office director and co-chair of the Summit’s tax pro group. “There's not a one-size-fits-all WISP. A sole practitioner can use a more abbreviated and simplified plan than a 10-partner accounting firm. This flexibility is reflected in the sample policies and pre-populated templates included in the publication.” 

Addressing security issues for a tax professional can be difficult and expensive. A WISP addresses risk considerations for inclusion in an effective plan and provides a blueprint of applicable actions in the event of a security incident, data loss or theft. 

Tax pros can also review IRS Publication 5709, How to Create a Written Information Security Plan for Data Safety [ [link removed] ]_,_ for more information on WISPs. 

In addition to requirements to have a WISP, the IRS also reminds the tax community that the Federal Trade Commission last year updated its safeguards standards and now require tax professionals to use MFA to protect client information. MFA, which can include sending text/SMS verification codes to a user or asking additional questions to confirm the identity of a person logging into a system, provides an extra layer of security to ensure the proper people are accessing sensitive accounts and systems. 

"Building and maintaining a resilient security plan is more than just a requirement — it's a safeguard for both tax professionals and their clients," said Jared Ballew, president of the National Association of Computerized Tax Processors and one of the Summit members who helped develop the WISP. 

"There’s no single silver bullet for security; effective protection requires multiple layers of defense,” Ballew continued. “Our goal with these resources is to help tax pros create and reinforce those layers, with the WISP providing a solid foundation to start or enhance that process. The Security Summit partners remain committed to helping every tax professional stay proactive and protected in today’s digital landscape." 

*IRS Tax Pro Account: Protects pros and their clients’ data and saves time, too* 

The IRS and Summit partners also emphasize another way to help protect sensitive information from identity thieves is through secure online tools such as the Tax Pro Account [ [link removed] ]. These tools can help manage client information to safeguard sensitive taxpayer and financial data from cyberthreats. 

The Tax Pro Account is a secure, mobile-friendly, digital, self-service application that enables tax professionals to act on a taxpayers' behalf, view the taxpayers' information and manage their authorization relationships more efficiently.  

As part of IRS transformation efforts, the IRS will continue adding new features to the Tax Pro Account in the future to help tax professionals securely and efficiently serve their clients. 

Currently, tax professionals can use Tax Pro Account to send Power of Attorney and Tax Information Authorization requests directly to a taxpayer's individual IRS Online Account [ [link removed] ]. Once the taxpayer approves the request, it's processed in real time — no faxing, mailing, uploading or long waits. 

Visit the Tax Professionals [ [link removed] ] page on IRS.gov to learn more about E-Services, Tax Pro Account, Employer Identification Numbers, filing, forms, third-party authorizations as well as other safe and secure online tools to serve clients. 

*Data breaches: What to do when the worst happens* 

The IRS also recommends tax professionals create an action plan to outline the steps to take in the event of a breach or data theft, in addition to the required Written Information Security Plan. Tax pros now need to report a security event affecting 500 or more people to the Federal Trade Commission as soon as possible, but no later than 30 days from the date of discovery. 

A key component to an effective action plan is knowing who to contact. In addition to reporting data loss to the IRS, tax professionals should contact law enforcement, the appropriate states, clients and security professionals. 

*Places to get help in case of a data breach:* 


* IRS Stakeholder Liaison [ [link removed] ] – The IRS recommends reporting data theft to the local Stakeholder Liaison first. Liaisons will notify IRS Criminal Investigation and others within the agency on the tax professional's behalf. Speed is critical. If reported quickly, the IRS can take steps to block fraudulent returns in clients' names.
* Federal Trade Commission [ [link removed] ] – Data breaches involving 500 or more people are now required to be reported to the FTC as soon as possible, but no later than 30 days from the date of discovery.
* Federal Bureau of Investigation [ [link removed] ] – the local office.
* Secret Service [ [link removed] ] – the local office (if directed).
* Local police – to file a police report on the data breach.* *

*Contacting states in which tax pros prepare state returns:* 


* Federation of Tax Administrators [ [link removed] ] – Tax professionals can reach this special "report a data breach" web page for victim reporting guidance to the states.
* State Attorneys General [ [link removed] ]* *–* *most states require that the state attorney general be notified of data breaches.* *

*Additional resources* 


* Go to National Tax Security Awareness Week 2024 [ [link removed] ] for additional information.
* For more information on preventing tax information theft, visit Security Summit [ [link removed] ].
* Victims of identity theft, or a client that is, can visit Identity Theft Central [ [link removed] ].
* Publication 4557, Safeguarding Taxpayer Data [ [link removed] ]_._
* Publication 5293, Data Security Resource Guide for Tax Professionals [ [link removed] ].
* Publication 4524, Security Awareness for Taxpayers [ [link removed] ]_._
* National Institute of Standards and Technology — Small Business Information Security: The Fundamentals [ [link removed] ]_._
* Federal Trade Commission's Cybersecurity for Small Businesses [ [link removed] ]_._ 

Tax professionals should also stay connected to the IRS through subscriptions to e-News for tax professionals [ [link removed] ] and its social media sites [ [link removed] ]. 

 

Back to Top [ #Fifteenth ]

________________________________________________________________________

FaceBook Logo [ [link removed] ]  YouTube Logo [ [link removed] ]  Instagram Logo [ [link removed] ]  Twitter Logo [ [link removed] ]  LinkedIn Logo [ [link removed] ]

________________________________________________________________________

Thank you for subscribing to the IRS Newswire, an IRS e-mail service.

If you know someone who might want to subscribe to this mailing list, please forward this message to them so they can subscribe [ [link removed] ].

This message was distributed automatically from the mailing list IRS Newswire. *Please Do Not Reply To This Message.*


________________________________________________________________________

Update your subscriptions, modify your password or email address, or stop subscriptions at any time on your Subscriber Preferences Page [ [link removed] ]. You will need your email address to log in. If you have questions or problems with the subscription service, visit subscriberhelp.govdelivery.com [ [link removed] ].

This service is provided to you at no charge by the Internal Revenue Service (IRS) [ [link removed] ].


body .abe-column-block {min-height: 5px;} ________________________________________________________________________

This email was sent to [email protected] by: Internal Revenue Service (IRS) · Internal Revenue Service · 1111 Constitution Ave. N.W. · Washington, D.C. 20535 GovDelivery logo [ [link removed] ]
body .abe-column-block { min-height: 5px; } table.gd_combo_table img {margin-left:10px; margin-right:10px;} table.gd_combo_table div.govd_image_display img, table.gd_combo_table td.gd_combo_image_cell img {margin-left:0px; margin-right:0px;}