Department of Taxation and Finance

Protect yourself from data security breaches

RS and Security Summit invite tax professionals to review client data protections

Part 1 of Security Summit tips for tax professionals: Tax pros can help clients battle identity theft risk

Part 2 of Security Summit tips for tax professionals: Security Summit warns tax pros to be wary of pandemic-related email schemes

Part 3 of Security Summit tips for tax professionals: Boost Security Immunity: Fight Against Identity Theft

Here are some tips and best practices that can help you protect your clients’ data and your own business.

IRS recommendations for tax professionals

Track your Online Services account activity regularly. This can help you quickly detect any abnormalities.

Track your daily e-file acknowledgements. If there are more acknowledgements than returns you know you filed, dig deeper.

Track your weekly Electronic Filing Identification Number (EFIN) usage. The IRS posts the number of returns filed with your EFIN weekly.
1. Access your IRS e-Services account and your EFIN application.
2. Select “EFIN Status” from the application.
3. Contact the IRS e-help Desk if your return totals exceed your number of returns filed.
4. Update your EFIN application with all phone, address, or personnel changes.

Track your weekly Preparer Tax Identification Number (PTIN) usage. If you are an attorney, CPA, enrolled agent, or Annual Filing Season Program participant and file 50 or more returns, you can check your PTIN account for a weekly report.
1. Access your online PTIN account.
2. Select “View Returns Filed Per PTIN.”
3. Complete federal form 14157 to report excessive use or misuse of your PTIN.

If you have a Centralized Authorization File (CAF) Number, keep your authorizations up to date. Remove authorizations for taxpayers who are no longer your clients. For more information, see IRS Publication 947.

Create your online accounts using Secure Access to help prevent account takeovers. Learn how to register for Secure Access.

Other tips and best practices

Protect your computer. When accessing your financial accounts online, look for https (with an s after the http) in the website address to verify that it’s a secure address.

Use strong passwords. Use long phrases, or a combination of uppercase and lowercase letters, as well as numbers and symbols when creating a new password. Don’t use your name, birthdate, or common words. Use a different password for each of your accounts. If possible, use two-factor authentication.

Use secure wireless networks. Always encrypt your wireless network with a strong password. Never access your personal accounts on a public Wi-Fi network.

Never share sensitive data over email. Most email services use some form of encryption; however, you’re still trusting a third party with your sensitive data. Encrypted file-sharing systems create secure connections directly between your computer and the server used to store the files.

Use multifactor authentication. A secure system should use multiple levels of authentication. Typical methods of authentication are passwords with a unique code delivered to your mobile phone that allows you to log into an account.

If you believe your data has been compromised, notify us immediately through our Report fraud, scams and identity theft webpage.

Updated: May 23, 2023