Skip to Content

December 4, 2021


Cybersecurity checklist for tax professionals

Protecting client data is essential for all businesses, especially tax preparers who possess sensitive financial and personal information for their customers. Failing to protect that information can be costly and harm a business’s reputation.

Securing client information is crucial and mandated by The Financial Services Modernization Act of 1999, which requires tax pros and others to create and maintain a data security plan. Below is a list of actions tax pros can implement to keep customer data safe.

Data theft is on the rise

Cybercriminals have increased their efforts during the pandemic using phishing emails, malware, and other scams designed to steal sensitive client information. The best defense is working with a cybersecurity expert to safeguard data.

But tax pros can take other steps to increase security without being cyber experts themselves. The first is never opening a link or attachment from a suspicious email. The most common phishing scams pretending to be messages from the IRS. Remember that the agency never contacts tax professionals via email for information about returns, refunds, passwords, or other sensitive data.

Internal security steps for tax pros

In addition to warding off phishing scams, tax preparers should review in-house protocols. This includes:

  • Installing anti-virus and anti-malware security software on all devices
  • Using strong and unique passwords of eight or more mixed characters
  • Encrypt all sensitive files and emails and use password protections
  • Back up sensitive data on a safe and secure external hard drive not permanently connected to the network
  • Double-check the customer’s return information before filing, especially direct deposit info
  • Wipe or destroy computer hard drives no longer in use that contained sensitive data
  • Limit access to customer data to only those who need to know
  • Check the number of returns filed weekly with EFIN on the IRS e-Services account

Stay vigilant to protect customer data

Your business can stay ahead of cyber thieves by putting these protocols in place and doing daily or weekly checks. It’s also vital to recognize the signs of data theft as soon as possible to minimize damage if hackers break through your defenses. Under federal law, you must have an emergency response plan in place if you experience a data breach.