From IRS Newswire <[email protected]>
Subject IR-2022-209: Security Summit offers tools, tips to tax pros during National Tax Security Awareness Week; highlights importance of security plans
Date November 30, 2022 3:09 PM
  Links have been removed from this email. Learn more in the FAQ.
  Links have been removed from this email. Learn more in the FAQ.
Bookmark and Share [ [link removed] ]

a { color:#0073AF !important;} a:hover { color:#004673 !important;}
IRS.gov Banner
IRS Newswire November 30, 2022

News Essentials

What's Hot [ [link removed] ]

News Releases [ [link removed] ]

IRS - The Basics [ [link removed] ]

IRS Guidance [ [link removed] ]

Media Contacts [ [link removed] ]

Facts & Figures [ [link removed] ]

Around The Nation [ [link removed] ]

e-News Subscriptions [ [link removed] ]

________________________________________________________________________

The Newsroom Topics

Multimedia Center [ [link removed] ]

Noticias en Espa?ol [ [link removed] ]

Radio PSAs [ [link removed] ]

Tax Scams [ [link removed] ]

The Tax Gap [ [link removed] ]

Fact Sheets [ [link removed] ]

IRS Tax Tips [ [link removed] ]

Armed Forces [ [link removed] ]

Latest News Home [ [link removed] ]

________________________________________________________________________

IRS Resources

Contact My Local Office [ [link removed] ]

Filing Options [ [link removed] ]

Forms & Instructions [ [link removed] ]

Frequently Asked Questions [ [link removed] ]

News [ [link removed] ]

Taxpayer Advocate [ [link removed] ]

Where to File [ [link removed] ]

IRS Social Media [ [link removed] ]

________________________________________________________________________


Issue Number:????IR-2022-209

Inside This Issue
________________________________________________________________________

*Security Summit offers tools, tips to tax pros during National Tax Security Awareness Week; highlights importance of security plans*

WASHINGTON ? With tax season quickly approaching, the Internal Revenue Service and the Security Summit partners today urged tax professionals to remain focused on security issues and to review resources available to them, including sample security plans and checklists.

During National Tax Security Awareness Week, now in its seventh year, the Security Summit partnership of the IRS, state tax agencies and the tax software and tax professional communities work to highlight data security and provide scam prevention tips. Part of the Summit?s effort continues to be focusing tax professionals, including smaller practices, on ways to protect themselves and safeguard client information. Day three of this special week focuses on several important aspects for the tax community to keep in mind.

?Taxpayer information can be a gold mine for identity thieves. As the Security Summit partners strengthened our internal defenses in recent years, we?ve seen identity thieves shift their focus onto the tax professional community and their client information,? said IRS Acting Commissioner Doug O?Donnell. ?Specific taxpayer information can help a scammer prepare a more authentic looking tax return, so tax professionals maintaining strong security is a critical line of defense for themselves, their clients and the nation?s tax system.?

*Written Information Security Plan (WISP)*
The IRS and Security Summit partners remind tax professionals that federal law requires them to have a written information security plan. Earlier this year, members of the Summit?s tax professional team developed a special document that allows practitioners to quickly develop their own written security plans.

This sample document, a Written Information Security Plan (WISP) [ [link removed] ], can be scaled for a company?s size, scope of activities, complexity and customer data sensitivity. There?s not a one-size-fits-all WISP. For example, a sole practitioner can use a more abbreviated and simplified plan than a 10-partner accounting firm, which is reflected in the sample WISP from the Security Summit group.

There are many aspects to running a successful business in the tax preparation industry, including reviewing tax law changes, learning software updates and managing and training staff. But an often overlooked but critical component is creating a WISP.

"There's no way around it for anyone running a tax business. Having a written security plan is a sound business practice ? and it's required by law," said Jared Ballew of Drake Software, co-lead for the Summit tax professional team and chair of the Electronic Tax Administration Advisory Committee (ETAAC). "The sample provides a starting point for developing your plan, addresses risk considerations for inclusion in an effective plan and provides a blueprint of applicable actions in the event of a security incident, data losses and theft."

Security issues for a tax professional can be daunting. The Summit team worked to make this document as easy to use as possible, including special sections to help tax professionals get to the information they need.

Here are a few WISP considerations for tax pros:


* Save the WISP in a format others can easily access and read, such as a PDF or Word document.
* Make the WISP available to all employees for training purposes.
* Store a copy offsite or in the cloud in the event of an incident or natural disaster.

*Taxes-Security-Together Checklist*
Unfortunately, tax practitioners remain high-value targets of cybercriminals seeking to steal sensitive tax information. With this in mind, the Security Summit created the ?Taxes-Security-Together? Checklist [ [link removed] ] to help tax professionals identify basic cybersecurity measures to implement.

These six easy steps can make a big difference in protecting information, both for tax pros and taxpayers:


* Use anti-virus software and set it for automatic updates to keep systems secure. This includes all digital products, computers and mobile phones.
* Use firewalls. Firewalls help shield computers from outside attacks but cannot protect systems in cases where users accidentally download malware, for example, from phishing email scams.
* Use multi-factor authentication to protect all online accounts, especially tax products, cloud software providers, email providers and social media.
* Back up sensitive files, especially client data, to secure external sources, such as external hard drive or cloud storage.
* Encrypt data. Tax professionals should consider drive encryption products for full-drive encryption. This will encrypt all data.
* Use a Virtual Private Network (VPN) product. As more practitioners work remotely during the pandemic, a VPN is critical for secure connections.

For more information on how to protect client information, tax professionals should look to Publication 4557, Safeguarding Taxpayer Data [ [link removed] ].

Phishing scams, malware and ransomware present risks
For both tax professionals and taxpayers, phishing emails generally have an urgent message and try to direct users to an official-looking link or attachment. But the link instead may take users to a fake site made to appear like a trusted source where it requests a username and password. The attachment may also contain malware, which secretly downloads software that tracks keystrokes and allows thieves to eventually steal all the tax professional?s passwords.

Some thieves also pose as potential clients and may interact repeatedly with a tax professional and then send an email with an attachment that claims to include their tax information. The attachment may contain malware that allows the thief to track keystrokes and eventually steal all passwords or take over control of the computer systems.

The IRS warns tax pros not to take any of the steps demanded in these types of email, and to delete the email.? Recipients of these IRS-related scams can report them to [email protected].

Sometimes, phishing scams are ransomware schemes [ [link removed] ] in which the thief gains control of the tax professional?s computer systems and holds the data hostage until a ransom is paid. The Federal Bureau of Investigation (FBI) has warned against paying a ransom because thieves often leave the data encrypted.

*Security plan requirement and recommended data theft plan*
In addition to the required information security plan, tax pros also should consider an emergency response plan should they experience a breach and data theft. This time-saving step should include contact information for the IRS Stakeholder Liaisons [ [link removed] ], who are the first point of contact for tax professional data theft reporting to the IRS and to the states.

IRS Publication 5293, Data Security Resource Guide for Tax Professionals [ [link removed] ], provides a compilation of data theft information available on IRS.gov, including the reporting processes.

In addition to reviewing IRS Publication 4557, Safeguarding Taxpayer Data [ [link removed] ], tax professionals can also get help with security recommendations by reviewing Small Business Information Security: The Fundamentals [ [link removed] ] by the National Institute of Standards and Technology. The IRS Identity Theft Central [ [link removed] ] pages for tax pros, individuals and businesses have important details as well.

Employers can share Publication 4524, Security Awareness for Taxpayers [ [link removed] ], with their employees and customers and tax professionals can share with clients.

For more details on National Tax Security Awareness Week, visit IRS.gov/securitysummit [ [link removed] ].

Back to Top [ #Fifteenth ]

________________________________________________________________________

FaceBook Logo [ [link removed] ]??YouTube Logo [ [link removed] ] ?Instagram Logo [ [link removed] ]? Twitter Logo [ [link removed] ] ?LinkedIn Logo [ [link removed] ]

________________________________________________________________________

Thank you for subscribing to the IRS Newswire, an IRS e-mail service.

If you know someone who might want to subscribe to this mailing list, please forward this message to them so they can subscribe [ [link removed] ].

This message was distributed automatically from the mailing list IRS Newswire. *Please Do Not Reply To This Message.*



?

________________________________________________________________________

Update your subscriptions, modify your password or email address, or stop subscriptions at any time on your Subscriber Preferences Page [ [link removed] ]. You will need to use your email address to log in. If you have questions or problems with the subscription service, please contact subscriberhelp.govdelivery.com [ [link removed] ].

This service is provided to you at no charge by the Internal Revenue Service (IRS) [ [link removed] ].


body .abe-column-block {min-height: 5px;} ________________________________________________________________________

This email was sent to [email protected] by: Internal Revenue Service (IRS) ? Internal Revenue Service ? 1111 Constitution Ave. N.W. ? Washington DC 20535 GovDelivery logo [ [link removed] ]
body .abe-column-block { min-height: 5px; } table.gd_combo_table img {margin-left:10px; margin-right:10px;} table.gd_combo_table div.govd_image_display img, table.gd_combo_table td.gd_combo_image_cell img {margin-left:0px; margin-right:0px;}
Screenshot of the email generated on import

Message Analysis