With the start of the new year comes the tax season, which means gathering up sensitive information like your payment stubs, SSN or FEIN, receipts and other financial documents and turning them over to a tax preparer.
There are certain types of professionals – like doctors and tax professionals – that people inherently trust because they have knowledge we don’t, and we can’t get along without them.
But, when you turn over information that could easily be used for identity theft, it pays to ask a few questions up front to ensure your sensitive details are properly protected. Otherwise the simple act of having your taxes done could end up bringing you years of costs associated with cleaning up financially targeted identity fraud.
76% of all data breaches are financially motivated.
Some of the biggest targets for hackers are companies that hold databases full of other people’s personal information. This includes banks, social media platforms, tax preparers, and others.
What are some of the things a hacker can do with your name, address, and SSN combination?
- File a fraudulent tax return in your name, and you won’t know until you try to file one and the IRS tells you it’s a duplicate.
- Get a job using your SSN and information, then anything they do while there (like embezzlement) is tied to you, not them.
- They can apply for a loan or credit card in your name and when they don’t pay it, the default shows on your credit report.
How well a tax preparer is protecting your data and whether they have a managed IT security plan is important to know if you’re going to do business with them.
While the first question that may come to mind to ask a tax preparer is, “How much will my refund be?”, there are several questions dealing with data security that you should ask before handing over your confidential information.
What Should I Ask About Data Security Before Having My Taxes Done?
The IRS warns that tax professionals should protect themselves against cybercriminals seeking access to their client data. They’re such a big target of hackers that the IRS started a campaign called, “Protect Your Clients; Protect Yourself” to help raise awareness of the problem of data breaches of client databases in this industry.
It pays to ask several data security questions up front before you decide to work with a tax professional or give them your SSN and other sensitive information. If they faulter on answering any of these, then you may want to go looking for someone else with stronger cybersecurity protections of the information you’re entrusting to them.
1. Do They Have a Secure Firewall?
A firewall monitors all traffic going in and out of a network so it can block anything that looks suspicious. Firewalls are an important protection against unauthorized access to a company’s network and their connected devices (computers, servers, etc.).
Any company that you’re entrusting with your sensitive information should have a firewall as one of the security measures they take to prevent data breaches.
2. Do They use an Antivirus/Anti-Malware Program?
A phishing attack that injects a network with spyware or other types of malware is typically the first step a hacker takes to gain entry to sensitive data. Once in the system, the malware can then open backdoors for hackers to get in and steal databases worth of client information that a tax preparer has on their network.
You want any tax professional that you work with to have a strong antivirus/anti-malware program that can block sophisticated threats like fileless attacks and zero-day malware (which is malware that hasn’t yet been seen and catalogued).
3. Where is Your Data Going to Be Stored?
Is your tax information being stored on a computer? Is it being stored in a cloud storage system? Is another copy being kept in a filing cabinet in paper form?
It’s important to know where exactly your information is going to be kept by the tax preparer so you can ask follow up questions or do additional research. For example, if they’re using a cloud storage service, you’ll want to know what security guarantees are made by that provider.
4. What Steps Do They Take to Secure Client Data?
Ask what steps they are taking to ensure security of their client data. This should include multiple layers of security that go beyond the firewall and antivirus applications.
Additional steps that will be a good sign that they’re properly safeguarding your data include:
- Ongoing employee data privacy and cybersecurity training
- Endpoint protection applications
- Using safeguards like multi-factor authentication
- Regular security audits to check their vulnerabilities
- Following proper data privacy practices as laid out by the IRS and others
5. Are They Aware of IRS Publication 4557?
The IRS provides a guide titled “Safeguarding Taxpayer Data” for tax professionals to use. It’s referred to as Publication 4557 and it includes multiple security measures for tax professionals to take to protect themselves and their clients from data breaches.
If your tax preparer is aware of and is using this publication as a guide, that’s a very good sign that you can trust them to secure your information.
How is Your Network and Device Security?
Whether you have a small number of devices on a home network or several computers connected at a school or business, Cris’s Tech Repair can help you with a security review to ensure your own network and data are protected from a breach.
Contact us today to schedule your security review. Call 561-985-4961 or reach out online.