The Internal Revenue Service (IRS) Security Summit occurred again this year, providing updates, tips, and regulatory reminders to tax professionals and other attendees.
First held in 2015, the IRS Security Summit is a working event where IRS, tax, and finance industry professionals meet to discuss trends and share information with the goal of deterring or preventing tax fraud and other federal tax crimes.
A point of emphasis this year was the requirement for tax professionals to have an up-to-date Written Information Security Plan (WISP). As hackers and bad actors are increasingly targeting the tax pros that serve taxpayers and businesses, the IRS is hoping to raise awareness of the requirement for a WISP and the dangers associated with operating without an appropriate defensive strategy and updated tech.
Here are some points provided by the Security Summit:
- Criminal tax fraud is on the upswing, as are attempts to obtain tax information for the purposes of identity and refund-check theft. For tax professionals who handle multiple clients, good security is critical. A WISP focuses on three areas of data management, training, and system use by employees, appropriately securing information platforms and operational awareness of system incursions or attempted hacks.
- Under the Gramm-Leach-Bliley Act (GLBA), all financial entities are required to secure client data. For purposes of GLBA, tax professionals are considered financial institutions and required to implement a security plan (WISP) for client information.
- There are several required components of a WISP plan. These include designating specific employees to coordinate the plan, ongoing risk evaluation of the plan, and overall data security (such as penetration testing) , and vetting and coordination with platforms and service providers that can deliver and maintain data security on an ongoing basis.
Even with a responsible data security plan, breaches happen. The IRS encourages tax entities and professionals to create a response plan in the event of data exfiltration. This plan should include the appropriate IRS stakeholder liaison. The IRS provides a roster of regional contacts, by state, for outreach in the event of a data breach. If a breach occurs, it should be reported to the appropriate stakeholder liaison.
Beyond the WISP, attendees were encouraged to incorporate security measures on their data platforms, including firewalls, multi-factor authentication (MFA), a virtual private network (VPN), and strong drive encryption. It should go without saying that data backups and robust antivirus software are part of the picture.
Data breaches are commonplace; more a question of when, not whether. With a WISP and a response plan, at least you can be ready.
Looking for experienced legal advice on tax litigation or an IRS audit? We can help
At Robert J. Fedor, Esq., L.L.C., we provide strong legal representation regarding tax controversies, IRS audits, or other IRS concerns you may have. Contact our legal team today at 440-250-9709. We serve clients across the U.S. and internationally from our offices in Cleveland and Chicago.
If you are facing an audit and are looking for more information, download our free book, The Ultimate Guide to Survive a Tax Audit, geared towards business owners. The guide can offer you survival strategies and better understanding of the data you might need to supply.
