Security Summit partners urge tax practitioners to use multi-factor authentication
WASHINGTON DC (KVOA) – With the increase in security incidents, the Internal Revenue Service, state tax agencies and the tax industry are urging tax practitioners and taxpayers to use a special feature – multi-factor authentication – available on tax software products to help protect against identity and data theft.
The Security Summit partners launched the annual 2021 summer campaign on Tuesday “Protect your customers; protect yourself ”for tax professionals. This year’s theme is “Improving Security Immunity: Fighting Identity Theft” to inspire tax professionals to step up their efforts to protect customer data amid the pandemic and its aftermath. .
Multi-factor authentication, also known as two-factor authentication, offers more security. It allows the tax professional or taxpayer to use another functionality such as a security code sent to a mobile device, a PIN code or a fingerprint in addition to the username and password. A thief can steal usernames and passwords, but cannot access accounts without the additional multi-factor functionality.
“The Security Summit has made great strides in protecting the tax community, but we need the help of all tax professionals,” IRS Commissioner Chuck Rettig said. “Using the multi-factor authentication feature available on tax preparation products is one of the easiest and cheapest security measures any tax professional can take. It is offered free of charge by tax software providers. As people continue to get vaccinated, we urge tax professionals and taxpayers to strengthen their security immunity and help fight identity theft. “
This is the sixth year of the Tax Professionals Campaign, part of a larger effort by the Security Summit Coalition from the IRS, state tax agencies, and the national tax community to strengthen protections against identity and data theft threatening the tax system. This is the first in a series of weekly press releases issued through August 17.
As of June 30, 2021, there have been 222 reports of data theft this year from tax professionals at the IRS, exceeding the rate of 211 in 2020 and 124 in 2019. Each individual report can involve hundreds to thousands of taxpayers. Customer information stolen from the offices of tax professionals is used to create fraudulent tax returns that are difficult to detect because the identity thief uses real financial data.
Based on reports to the IRS in 2020, many tax professionals whose client data was stolen did not use multi-factor authentication, and the feature could have prevented some of the thefts. Tax practitioners should also use multi-factor authentication features wherever they are offered, such as commercial messaging products and cloud storage providers.
Multi-factor authentication is just one of many security steps tax professionals – and taxpayers – should take to protect sensitive data. The other steps include:
- Use antivirus software and configure it for automatic updates. Antivirus software scans existing files and drives on computers – and cellphones – to protect against malware.
- Use a firewall to protect digital devices from external attacks.
- Use backup software / services to protect data. Making a copy of the files can be crucial, especially if the user is the victim of a ransomware attack.
- Use drive encryption to secure computer locations where sensitive files are stored. Encryption makes file data unreadable to unauthorized users.
- Create and secure virtual private networks. A VPN provides a secure, encrypted tunnel to transmit data between a remote user over the Internet and the corporate network. Search for “Best VPNs” to find a legitimate provider; the major tech sites often provide listings of the best services.
The IRS also reminds tax professionals that federal law, enforced by the Federal Trade Commission, requires all professional tax preparers to create and implement a data security plan. The IRS also recommends that tax professionals create a data theft response plan, which includes contact IRS stakeholder liaison to report a theft.