IRS Ramps Up Efforts Against Identity Theft in Accounting and Tax Preparation
In 2021 the FTC received 1.4 million reports of identity theft. While we often think of phishing frauds and online imposters as the source of these crimes, identity thieves also target accounting firms due to the types of data they process. Accounting and tax firms collect the personal details of clients and employees including Social Security numbers, addresses, employment details, banking information and other highly sensitive data.
With identity thieves continuing to target the tax community, the Internal Revenue Service is urging tax professionals to learn the signs of data theft so they can react quickly to protect clients. Don’t let your firm be the next data breach story to hit the headlines!
Data Breach Harms Firms and Clients
Accounting and tax firms have strong incentives to protect firm and client data with the strongest available security. A breach of client data can result in theft of clients’ private information that may then be used for criminal and fraudulent activity. In addition, firms stand to incur legal penalties, steep regulatory fines, reputational damage and business disruption.
It’s critical for tax pros to watch out for these details and to quickly take action when telltale signs emerge. One common concern the IRS hears from tax professionals is that they did not immediately recognize when data theft has happened.
What to Know About Tax Identity Theft and Data Breaches
What is tax identity theft?
Tax identity theft is when an identity thief uses a taxpayer’s stolen identity, such as your Social Security number, to file a fraudulent return and claim the identity theft victim’s tax refund.
How does tax identity theft occur?
Tax identity theft occurs whenever someone uses your compromised personal information to file a tax return on your behalf. They may falsify the numbers, enter an incorrect refund dispersal option like prepaid debit cards, and then make off with your money. How do they get their hands on your data in the first instance? There are many ways to obtain your personal information, including:
- CEO/HR phishing scams
- Corrupt insiders/tax preparation services
- Data breaches
- Imposter scams
- Social Security number that is lost, stolen or compromised
- Stolen mail or W-2s
- Unsecured and public Wi-Fi hotspots
What is a data breach?
There are multiple types of data breaches such as physical, electronic, and skimming. No matter what type of data breach it is they all involve an individual or group stealing private data from an individual or company.
Recognize the Signs of Data Theft
To fight fraud and tax identity theft, the IRS has joined with representatives of the software industry, tax preparation firms, payroll and tax financial product processors and state tax administrators to combat identity theft refund fraud to protect the nation’s taxpayers. The cooperative effort is called the Security Summit.
Security Summit partners are urging tax professionals to watch out for these signs:
- A client’s e-filed return is rejected because the client’s Social Security number was already used on another return.
- More e-file acknowledgments are received than returns the tax pro filed.
- Clients respond to emails the tax pro didn’t send.
- Slow or unexpected computer or network responsiveness such as:
- Software or actions take longer to process than usual.
- Computer cursor moves or changes numbers without the tax pro touching the mouse or keyboard.
- Unexpectedly being locked out of a network or computer.
Avoid Data and Identity Theft with Preventive Action
As the adage goes, an ounce of prevention is worth a pound of cure. There are several actions you can take to strengthen data security at your firm:
Have a Security Plan in Place
A written security plan is required of tax firms by federal law and the IRS. In addition, close security gaps by training and educating staff and clients on the risks and best practices that can protect everyone involved. Read our post: Updating your CPA firm’s data security plan for 2022.
Keep firm records and client data in digital form and encourage clients to share and receive documents in secure digital formats. A secure client portal in OfficeTools encrypts data and safeguards it from unauthorized access.
Learn more about going paperless in this article: Document Management is Best When it’s Paperless.
Clean Your Emails from any Personal InformationKeep Email Clean
Never include personally identifiable information in an email, even in an attachment. Tax documents, final returns and financial reports should be shared strictly over a secure portal or via encrypted sharing tools.
Change Passwords Often
While it’s cumbersome to have different, random and mixed-character passwords for various programs and websites, this is one of the most effective ways to keep those systems safe. Consider implementing two-factor authentication, a specific type of multifactor authentication that strengthens access security by requiring two methods – such as a password and an access code sent via text – to verify users’ identities.
One of the most important steps accountants can take to make their firm more secure is investing in an accounting practice management system that natively includes many cybersecurity features. As a member of the Cloud Security Alliance, CARET and OfficeTools are equipped with the latest in accounting cybersecurity features and compliance controls.
Act today to securely manage your firm with OfficeTools.
Call 858-882-4879 to talk to a practice management expert, or request a demo today.