In early July the IRS urged tax return preparers to protect client information. However, this urging should not be limited to preparers; it really applies to all types of businesses.
Here is the list of critical steps the IRS laid out for preparers to follow to ensure data security. You can adapt them for your use regardless of what business you’re in:
- Assure that taxpayer data, including data left on hardware and media, is never left unsecured
- Securely dispose of taxpayer information
- Require strong passwords (numbers, symbols, upper & lowercase) on all computers and tax software programs
- Require periodic password changes every 60 – 90 days
- Store taxpayer data in secure systems and encrypt information when transmitting across networks
- Ensure that e-mail being sent or received, that contains taxpayer data, is encrypted and secure
- Make sure paper documents, computer disks, flash drives and other media are kept in a secure location and restrict access to authorized users only
- Use caution when allowing or granting remote access to internal networks containing sensitive data
- Terminate access to taxpayer information for anyone who is no longer employed by your business
- Create security requirements for your entire staff regarding computer information systems, paper records and use of taxpayer data
- Provide periodic training to update staff members on any changes and ensure compliance
- Protect your facilities from unauthorized access and potential dangers
- Create a plan on required steps to notify taxpayers should you be the victim of any data breach or theft
The IRS also advises preparers to complete a risk assessment to identify risk and potential impacts of unauthorized access. Once this is done, you should write and follow an Information Security plan. The IRS also advises preparers to consider performing background checks and screen individuals before granting access to taxpayer information.
You may want to invest in data encryption to gain added protection for client and customer data. For example, client-side encryption encrypts data on the sender’s side, before it is transmitted to the cloud. Today, various cloud storage solutions offer encryption, such as Microsoft’s Azure and SpiderOak, offer this encryption. As yet, Apple iCloud, Dropbox, and Google Drive do not.
If summertime is a slow time for your business, use this time to review your data security practices. If necessary, bring in IT experts for assistance. The steps you take now to enhance data security may save you money in the long run and help to preserve the trust of your clients and customers.