These criminals can use stolen data to steal accounts, money, credit card information or even commit identity theft. If cybercriminals intercept your data, there can be serious consequences. Following this checklist is a great starting point for tax professionals who want to protect their offices, computers and data, and help clients ensure their information is secure.
- Those who receive a scam email should save it as a file and then send it as an attachment to They also should notify the Treasury Inspector General for Tax Administration to report the IRS impersonation scam.
- All tax professionals should remember they must have a written data security plan.
- All states currently have breach notification laws requiring reporting to the state and to individuals affected by a data breach.
Services
Instead of sending these documents as regular email attachments, use encrypted email services or secure file-sharing portals provided by your tax preparer. These tools protect your data by ensuring that only the intended recipient can access it. Even if a cybercriminal manages to steal your password, they won’t be able to access your account without the second authentication factor. For tax season, enable MFA on all relevant accounts, including tax preparation software, your IRS account, financial institution logins, and payroll systems. This significantly reduces the risk of unauthorized access to your sensitive financial data.
Tips to protect your tax and personal information
The IRS and Security Summit partners remind tax professionals that federal law requires them to have a written information security plan. In addition to the required information security plan, tax pros also should consider an emergency response plan should they experience a breach and data theft. This time-saving step should include contact information for the IRS Stakeholder Liaisons, who are the first point of contact for data theft reporting to the IRS and to the states. Cliff Steinhauer is the Director of Information Security and Engagement at the National Cybersecurity Alliance — a nonprofit that advocates for safe technology use. He shared steps tax professionals can take, tips for guiding clients on data security, and emerging threats to watch for. A well-timed ransomware attack can lock down entire systems, preventing tax professionals, banks, and even payroll departments from accessing critical files.
Beware of phone and phishing scams
A cyberattack such as a sudden massive data upload doesn’t look like a day-to-day activity. Monitoring can help discover discrepancies, safeguard your data, and prevent cybersecurity breaches. Top-notch cybersecurity products are not only reserved for businesses. These products are developed to perform real-time device and connection monitoring and early malware detection, and can help clean your device from malware and viruses.
Keep Software and Systems Updated to Prevent Vulnerabilities
Think of MFA as the backup if your unique, complex passwords are compromised. MFA requires a second method of authentication which is usually a code sent by SMS text, email or via an authenticator app. SMS and email codes are the weakest forms of MFA because a cybercriminal could theoretically get into these accounts as well, but they’re still better than no MFA at all. On compatible devices, TurboTax supports biometric log ins by letting you sign in using facial recognition or a fingerprint instead of typing in a password. Because biometric data is extremely difficult to replicate and fast to gain access, this method delivers both security and convenience. This news release is part of a series called the Tax Time Guide, a resource to help taxpayers file an accurate tax return.
Additional help is available in Publication 17, Your Federal Income Tax. Attackers also might spoof a phone number, so it looks like their call is coming from the tax professional. Steinhauer suggests advising clients that if they are suspicious of a call purporting to be from their tax preparer, they should hang up and call back to a trusted phone number. By planning for worst-case scenarios, your business can avoid disruptions, data loss, and financial setbacks, keeping everything running smoothly during tax season. A memory stick is easy to carry if you need to quickly evacuate the area.
Smishing is a similar and newer type of scam conducted through SMS text. Spoofing, a related scam, directs users to fake web pages where their credentials will be stolen if they enter them. Using a temporary email – often called a “burner” – when online shopping and in other situations where you need an account can make your digital footprint harder to trace in the event of a leak. Those who receive a scam email should save it as a file and then send it as an attachment to They also should notify the Treasury Inspector General for Tax Administration to report the IRS impersonation scam. Both TIGTA and the IRS Criminal Investigation division are aware of the scam. People should be alert to scammers posing as the IRS to steal personal information.
If you’ve already gone ahead and clicked yes, take-backs are allowed. According to the Post, “if you agreed to these requests while preparing your taxes and have now changed your mind, you can try to revoke access.” He also recommends offering clients a “trusted method of communication” — which could simply be handing them your business card with your phone number. “When unexpected things happen, they can go back to that business card and call the number on the business card,” Steinhauer explained. Here are some tips to follow to keep you and your private information safe in various situations.
Even if someone manages to tap into your connection and steal your data, they won’t be able to decipher and use it. Some people with otherwise good password habits overlook their home WiFi network. The default network name and password for your WiFi make it easy for cybercriminals to guess your credentials. Here are our eleven tips for keeping your data secure when conducting everyday online activities. If you’re still keeping old tax returns and receipts stuffed in a shoe box stuck in the back of the closet, you might want to rethink that approach. With structured training programs, your team becomes a human firewall, adding an extra layer of security beyond what automated systems can provide.
Choose strong passwords and enable two-factor authentication
- Software vendors regularly release updates and patches to address security vulnerabilities.
- The number of data breaches keeps growing each year, and online security is becoming a big issue.
- Fostering a workplace culture where data security is a shared responsibility can lead to more vigilant and proactive security practices among all team members.
- Even with strong security measures in place, no system is 100% immune to cyber threats.
- SMS and email codes are the weakest forms of MFA because a cybercriminal could theoretically get into these accounts as well, but they’re still better than no MFA at all.
To avoid the growing risk of tax-related scams and identity theft, keep your financial data safe by following certain procedures. It’s also important to back up your information for easy access if an unexpected disaster strikes. TurboTax can protect you at every step—from securing your account to helping you avoid tax scams and fraud. By the end of this article, you’ll see how convenient and secure TurboTax can be, giving you peace of mind to tackle tax season with confidence. Tax professionals should review security steps to make sure they are fully protecting sensitive taxpayer data.
If you click on the link, it will take you to a fake page where you’ll be asked to enter your password, username, or ID, allowing the perpetrator to access your bank account. Software companies release security patches when vulnerabilities are discovered. However, you won’t be protected from known vulnerabilities until you download the updates to fix them. By using tips for keeping your tax data secure TurboTax you can quickly import details from previous years’ returns, cutting down on manual data entry. Plus, real-time error checks catch potential mistakes before you submit, and on-screen guidance walks you through any tricky sections. Once a criminal hacks an email or social media account, they may try to scam the victim’s contacts by posing as the victim.
According to the Identity Theft Resource Center, there were 3,205 data breaches in 2023 — a 78% increase from 2022 and an all-time high. Role-Based Access Control (RBAC) restricts employee access to only those data and systems essential for their specific job roles. This approach significantly reduces the likelihood of both accidental and deliberate data breaches. Conducting frequent audits of access rights helps to discover and correct any improper access permissions, thereby guaranteeing that only those with proper authorization can access sensitive information. She combines her background in digital marketing from DePaul University with a passion for cybersecurity to create content that helps people and businesses stay secure. Her writing covers everything from password best practices to Privileged Access Management (PAM), with a focus on making technical topics easy to understand.
