Each small business needs to understand the risk of information, systems, and networks that support their business.
As a Trusted Advisor, the Data Security Resource Guide for Tax Professionals helps us identity steps that we take to better protect our clients and our business. It also details the signs of data thefts, explains how to report thefts to IRS and provides links to important data theft resources on IRS.gov.
- Download a copy of the Small Business Information Security – The Fundamentals by the National Institute of Standards and Technology.
- Download a copy of the Data Security Resource Guide by the Internal Revenue Service.
What is Information Security and Cybersecurity?
Information Security is every individual’s responsibility since all businesses use information.
Information Security is formally defined as “The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability” [44USC].
Cybersecurity is part of information security and works in conjunction with a variety of other security measures.
Cybersecurity is formally defined as “Prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation” [CNSSI4009][HSPD23].
The Data Security Resource Guide
Here is a sampling from the Data Security Resource Guide:
- Learn to recognize phishing emails, especially those pretending to be from the IRS, e-Services, a tax software provider or cloud storage provider. Never open a link or any attachment from a suspicious email. Remember: The IRS never initiates initial email contact with tax pros about returns, refunds or requests for sensitive financial or password information.
- Create a data security plan using IRS Publication 4557, Safeguarding Taxpayer Data, and Small Business Information Security – The Fundamentals, by the National Institute of Standards and Technology.
- Review internal controls:
- Install anti-malware/anti-virus security software on all devices (laptops, desktops, routers, tablets and phones) and keep software set to automatically update.
- Use full-disk encryption and encrypt all sensitive files/emails.
- Back up sensitive data to a safe and secure external source not connected fulltime to a network.
- Limit access to taxpayer data to individuals who need to know.
- Check your IRS e-Services account weekly for number of returns filed with EFIN.