Top ways to safeguard your taxpayer data

How-to
By Rob Clymo
last updated

Safeguarding your details and the data of others is crucial if you run a tax firm that handles sensitive information

Hacker Typing
(Image credit: Shutterstock)

With cyberattacks on the increase across the board we all need to be increasingly vigilant about protecting our data. If you’re running a tax firm then the responsibility of safeguarding client taxpayer data is also of paramount importance. During tax season the risks are heightened still further as businesses and tax firms share information as they work towards tax filing time.

This is naturally of great interest to cybercriminals who would love the opportunity to gain access to both your tax firm data and also the information held on clients. If they manage to infiltrate this taxpayer data they can use it to file fraudulent tax returns, as well as causing your tax firm and its client database serious knock-on effects into the bargain.

It’s therefore crucial to ensure that both individuals and tax firms have measures in place to help reduce the threat from cybercriminals. For individuals, an identity theft protection package is a great idea. 

For tax businesses there are some steps that can be taken, many of which are relatively straightforward and involve nothing more than liberal amounts of common sense. However, for a more robust set of preventative measures you’ll want to enlist the help of a more complete solution, the options for which we'll explore below.

Hacking threats

Anyone can be a victim of cybercrime and that doesn't just include people at home e-filing tax returns on their laptops, computers or smartphones. The news carries regular headlines about security breaches at big companies, often with customer data being placed at risk as a result. It might just be an email address that gets lost, although more serious breaches can involve things like address details, credit card numbers and, worse, Social Security numbers being compromised.

If you run a tax firm the responsibility is therefore considerable, meaning that you need to ensure that you have all the measures in place to protect client data. There’s useful documentation provided by the IRS that can help outline the key responsibilities and safeguards that need to be in place to help combat this issue. Entitled Safeguarding Taxpayer Data it’s a handy guide that outlines measures your tax firm needs to take.

If your company handles a lot of e-filing work when it comes to personal income tax returns then this is a good read. Working out a plan of action and the best preventative measures to take will certainly help your tax firm secure client data more effectively.

Hacker

(Image credit: ozrimoz / Shutterstock)

Security software

No matter how good security software gets there are cybercriminals who seem able to stay one step ahead of the game. However, if you run a tax firm then ignoring the threat and not bothering with security software at all really isn’t a great idea. If you invest in antivirus and firewall software you will definitely be in a better place than not having anything at all.

Subscription-based security packages are constantly being updated too, which means that any new threats are hopefully stopped in their tracks before cybercriminals can gain access to your client data. Having as many obstacles in place to stop cybercriminals and prevent identity theft fraudsters getting hold of clients details, which might include their all-important Social Security number, is vital so it’s prudent to pick the best one available.

While many security software and firewall packages update dynamically it's worth keeping tabs on what your subscription does. Also ensure that you stop anything from lapsing, such as a subscription account expiring. While you’re reviewing your security software setup it’s also a wise move to take a look at getting better drive encryption software, if you don't already have that in place too, in order to cover other bases in your tax firm’s network arrangements.

Data protection

If you're running a tax firm then it's highly likely you’ll need to have a sizeable amount of stored data within the business. As is often also frequently reported, instances of stored data being compromised are quite commonplace, with many systems hacked into by external sources. That means you should take steps to ensure all of your client data, as well as internal tax firm information too, is encrypted.

Increasingly, companies are making use of the many different options provided by external servers and cloud-based back-up systems. Many of these have way better security measures in place than perhaps a standalone business can hope to have. It’s well worth checking out your options when it comes to something like one of the best cloud-based backup systems, as they’re often surprisingly affordable.

If you’re moving over to a cloud-based setup then be sure that you’re sensible when it comes to decommissioning old drives. Any hardware that has been used within your tax firm will need to be wiped; ensure that any data on drives has been backed up beforehand. While an obsolete piece of hardware like an old drive might not seem of much interest to anyone, cybercriminals could find it extremely useful. So be sure to spend time rendering these old units unreadable.

Monitor movement

No matter how big or small your tax firm might be, there’s a constant need to monitor activity within your client accounts. Keeping tabs on anything that might not look or seem right is vital. One of the most useful aids for doing this is by making use of the Electronic Filing Identification number, or EFIN, which the IRS issues to individuals and firms that have been approved as authorised e-file providers by the internal revenue service.

You’ll need to closely safeguard the amount of tax returns that are being filed within your firm, which can be done with the aid of the EFIN. This should enable much easier monitoring and allow you to spot any fraudulent return activity because it needs to be included with all of the electronic return material that is supplied to the IRS.

However, while the system that the IRS has in place is good, you can help the cause by remaining diligent and ensuring that your tax firm is doing all it can to safeguard client data. Lookout for tell-tale signs of fraudulent activity and threats from cybercriminals, such as rejected returns, notices pertaining to client returns that haven't as yet been filed or other irregularities that could, and should, get those alarm bells ringing.

security threat

(Image credit: Shutterstock.com)

Reporting fraud

If you do come across anything untoward, or uncover something that is blatantly fraudulent, then the next step is to take action as rapidly as possible. For the likes of tax-related breaches you’ll want to get in touch with the IRS immediately, by making them aware of the details. If you use the services of other companies to help safeguard your client data then you’ll also want to let them know too.

However, while all of this is going on it’s also vital to remember about safeguarding your sensitive client information, so be sure not to share anything with anyone other than the IRS. Even if you use the help of external IT and security professionals it’s still wise to keep the circle of people involved with any investigation as small as is realistically possible.

Rob Clymo
Rob Clymo

Rob Clymo has been a tech journalist for more years than he can actually remember, having started out in the wacky world of print magazines before discovering the power of the internet. Since he's been all-digital he has run the Innovation channel during a few years at Microsoft as well as turning out regular news, reviews, features and other content for the likes of TechRadar, TechRadar Pro, Tom's Guide, Fit&Well, Gizmodo, Shortlist, Automotive Interiors World, Automotive Testing Technology International, Future of Transportation and Electric & Hybrid Vehicle Technology International. In the rare moments he's not working he's usually out and about on one of numerous e-bikes in his collection.