Protect yourself from data security breaches
IRS and Security Summit invite tax professionals to review client data protections
- Part 1 of Security Summit tips for tax professionals: Working Virtually: Protect tax data at home and at work with the "Security Six"
- Part 2 of Security Summit tips for tax professionals: Working Virtually: Use multi-factor authentication to protect accounts
- Part 3 of Security Summit tips for tax professionals: Working Virtually: Use a virtual private network to secure remote locations
- Part 4 of Security Summit tips for tax professionals: Working Virtually: Avoid phishing scams
- Part 5 of Security Summit tips for tax professionals: Working Virtually: Make a plan for protecting data and reporting theft
Here are some tips and best practices that can help you protect your clients’ data and your own business.
IRS recommendations for tax professionals
- Track your Online Services account activity regularly. This can help you quickly detect any abnormalities.
- Track your daily e-file acknowledgements. If there are more acknowledgements than returns you know you filed, dig deeper.
- Track your weekly Electronic Filing Identification Number (EFIN) usage. The IRS posts the number of returns filed with your EFIN weekly.
- Track your weekly Preparer Tax Identification Number (PTIN) usage. If you are an attorney, CPA, enrolled agent, or Annual Filing Season Program participant and file 50 or more returns, you can check your PTIN account for a weekly report.
- Access your online PTIN account.
- Select “View Returns Filed Per PTIN.”
- Complete federal form 14157 to report excessive use or misuse of your PTIN.
- If you have a Centralized Authorization File (CAF) Number, keep your authorizations up to date. Remove authorizations for taxpayers who are no longer your clients. For more information, see IRS Publication 947.
- Create your online accounts using Secure Access to help prevent account takeovers. Learn how to register for Secure Access.
Other tips and best practices
- Protect your computer. When accessing your financial accounts online, look for https (with an s after the http) in the website address to verify that it’s a secure address.
- Use strong passwords. Use long phrases, or a combination of uppercase and lowercase letters, as well as numbers and symbols when creating a new password. Don’t use your name, birthdate, or common words. Use a different password for each of your accounts. If possible, use two-factor authentication.
- Use secure wireless networks. Always encrypt your wireless network with a strong password. Never access your personal accounts on a public Wi-Fi network.
- Never share sensitive data over email. Most email services use some form of encryption; however, you’re still trusting a third party with your sensitive data. Encrypted file-sharing systems create secure connections directly between your computer and the server used to store the files.
- Use multifactor authentication. A secure system should use multiple levels of authentication. Typical methods of authentication are passwords with a unique code delivered to your mobile phone that allows you to log into an account.
If you believe your data has been compromised, notify us immediately through our Report fraud, scams and identity theft webpage.