Identity theft: 7 Steps to protect Client Data


tco_logo1 (2)

Identity theft is an increasing problem for tax preparers.  Tax preparation offices are great places to hack. Here are some best practices  we need to do to protect us and our clients. 

1. Create logins and passwords to your system that are hard to hack.

  • Use the maximum characters allowed.
  • If you want to use for example:
    • “I was born in Houston Texas in  January 5,1992” You could use iwbihtj592 and then add symbols and numbers to complete the maximum characters allowed.
    • “My mother’s maiden name is smith and she married John Doe in Los Angeles ” could translate to mmmnisasmjdila.
    • Song lyrics work to. ” Rudolf the red nose reindeer had a very shiny nose and if you ever saw him” could translate to rtrnrhavsnaiyesh

These are things that make no sense to someone else but are easy for you to remember.

Using a password generator will do this for you and you only have to remember one PW

2. Change passwords on a regular basis. If you haven’t done so recently take the time to revamp your passwords. Passwords should be changed at a minimum of once per year. Every 90 days is even better. Chances are we are not going to change our passwords every 90 days. So, make your passwords strong as possible

3. Always encrypt and password protect any data sent to clients. Emails are easy to hack using encryption will help safeguard the data. If your software offers a secure file exchange portal be sure and check it out. Those portals are designed to exchange information more securely.

4. Always Encrypt any hard drives that contain client data. Encrypting the hard drives adds another level of security.

5. Update your firewall,anti-spyware and anti-virus software. Regularly check for the latest update and security patches for your software.

6. If you are also and ERO, you should regularly check your e- services account on a regular basis. IRS updates our e-services accounts on a regular basis. We should be checking our account to look for abnormal activity. If it appears that your EFIN may have been compromised notify the IRS immediately.

  1. Never click on links in emails. Always go directly to the website.

Tax preparers  are subject to the Gramm-Leach Bliley Act and the FTC Financial Privacy and Safeguards rules. We are required to monitor, evaluate and adjust our security practices to protect client data. Penalties may apply for failure to do so. IRC imposes criminal and monetary penalties for knowingly or recklessly making unauthorized disclosures.

Leave a Reply

Your email address will not be published.