Important Update for e-Services Users

The IRS is committed to protecting taxpayer and tax preparer information and maintaining the security of its systems.  As part of that effort, the IRS is strengthening the identity validating process used to access certain self-help tools on IRS.gov. 

Starting late October – October 24 is the target date – e-services users will be required to re-register using the Secure Access authentication process. Users must validate their identities through this process before they can access their accounts.

All e-services users will be affected by this change. Those who use e-services for TIN Matching only also must re-register. However, because there is no exchange of sensitive data, TIN Matching will use a more streamlined process.  For details, please see: Important Update for Your e-services Account.

Secure Access is a two-factor authentication process that meets government standards and adds greater protections against attacks by cybercriminals.  This is a more rigorous process, and part of a wider effort to protect taxpayers and the tax community. For first-time users, it requires identity proofing, financial verification and an activation code text.  Returning users must submit their username/password credentials AND a security code text. 

Starting October 24, the IRS also will provide additional staff for the e-Help Desk and provide assistance to those users who are having difficulty passing Secure Access. This assistance may include identity authentication by phone and an activation code by mail which will take five to 10 calendar days for delivery. 

The same Secure Access authentication process currently supports Get Transcript Online. E-services users who created a Get Transcript account after June 2016 will have their Secure Access registration automatically migrate to e-services, but they will need to change their passwords on October 24.

It helps to be prepared. Please review Secure Access: How to Register for Certain Online Self-Help Tools to learn what you need to register successfully.

Users should ensure all credentials and certificates are up-to-date prior to October 24. Those with upcoming filing requirements should consider filing early.

  

IRS/ LI Tax Practitioners’ Liaison Committee Meeting Minutes of May 18, 2016

IRS/ Long Island Tax Practitioners’ Liaison Committee Meeting
Wednesday, May 18, 2016
 9:00 am -12:00 Noon
Meeting Minutes

May 18 2016 Liaison Meeting Minutes.pdf


Latest Discussions

NCCPAP IN ACTION

Log in to see this information

NCCPAP Congratulates Sandra G. Johnson CPA Second Year in a Row!

Tax Professionals: Protect Your Clients; Protect Yourself from Identity Theft

FS-2016-23, July 2016 

The Security Summit, the partnership between the IRS, NCCPAP, state tax agencies and the tax community formed to combat identity theft, recently announced it expanded its public awareness campaign on data security to include tax professionals.

The “Protect Your Clients; Protect Yourself” campaign is intended to raise awareness among tax professionals on their responsibilities and the common sense steps they can take to protect their clients from identity theft and to protect their businesses.

Because of the sensitive client data held by tax professionals, cybercriminals increasingly are targeting the tax preparation community, using a variety of tactics from remote computer takeovers to phishing scams.

How are Tax Preparers Impacted?  Identity thieves are a formidable enemy.  Data breaches are increasing in number and scope, increasing the potential for stolen identity information to be used to file tax returns.  As a tax preparer, you play a critical role in protecting taxpayer data. 

What is my role as a preparer?  It is a legal responsibility of businesses and individuals that maintain, share, transmit, or store taxpayer data to have safeguards in place to protect client information.  Taxpayer data is defined as any information obtained or used in the preparation of a tax return. 

What Can I Do?   Data security includes all aspects of your business.  Review your administrative practices, facility protection, computer security, personnel & information systems. 

 

Read the complete IRS Publication 4557, Safeguarding Taxpayer Data, for a more comprehensive view including tips and links to additional information. 

 Critical Steps:

  • Assure that taxpayer data, including data left on hardware and media, is never left unsecured
  • Securely dispose of taxpayer information
  • Require strong passwords (numbers, symbols, upper & lowercase) on all computers and tax software programs
  • Require periodic password changes every 60 – 90 days
  • Store taxpayer data in secure systems and encrypt information when transmitting across networks
  • Ensure that e-mail being sent or received, that contains taxpayer data, is encrypted and secure
  • Make sure paper documents, computer disks, flash drives and other media are kept in a secure location and restrict access to authorized users only
  • Use caution when allowing or granting remote access to internal networks containing sensitive data
  • Terminate access to taxpayer information for anyone who is no longer employed by your business
  • Create security requirements for your entire staff regarding computer information systems, paper records and use of taxpayer data
  • Provide periodic training to update staff members on any changes and ensure compliance
  • Protect your facilities from unauthorized access and potential dangers
  • Create a plan on required steps to notify taxpayers should you be the victim of any data breach or theft

 Additional Considerations:

  • Complete a risk assessment to identify risk and potential impacts of unauthorized access
  • Write and follow an Information Security plan
  • Consider performing background checks and screen individuals before granting access to taxpayer information

 Putting safeguards in place to protect taxpayer data helps prevent fraud and identity theft and enhances customer confidence and trust. These safeguards will help you:

  1. Preserve the confidentiality and privacy of taxpayer data by restricting access and disclosure
  2. Protect the integrity of taxpayer data by preventing improper or unauthorized modification or destruction; and
  3. Maintain the availability of taxpayer data by providing timely and reliable access and data recovery.

NCCPAP-Washington DC Agendas

NCCPAP had a very productive week, not just with our Committees and Board Meetings, but on Capital Hill.

Congressional Agenda & IRS Agenda

Symposium Committee Gears Up for November 2016 Symposium at the IRS

DOWNLOAD THE GO.NCCPAP APP

Download the free
Go.NCCPAP App
from the App Store or
Google Play Store.

Upcoming Events


A Few Security Recommendations

High-profile instances of cyber-crime make headlines every day, and large organizations such as Sony Pictures, Anthem and Home Depot are not the only targets of hackers. Smaller organizations that receive and maintain sensitive personal information, including accounting firms, also are the targets of cyber attacks, and there is no guarantee that any computer network is secure. In the case of Sony Pictures, the FBI stated that the level of sophistication of the attack was so high it would have gotten past 90 percent of private industry and government cyber defenses. However, there are some simple steps you’ll want to take to mitigate your risk, as the financial and reputation consequences of losing sensitive client information can be significant. 

Secure All Hardware 

Sophisticated cyber attacks are not the only way sensitive client information can be compromised. Laptops, hard drives and personal devices such as smart phones often contain sensitive information that can be compromised if those devices are lost or stolen. At a minimum, devices should be password protected, and in the case of smart phones and tablets, configured to be erased remotely. Encryption of the data on such devices can help to prevent the loss of sensitive personal information, even if the devices are lost. The more sophisticated the encryption, the more comfort you will have that the information is secure. An IT professional can help you implement proper encryption protocols. 

Educate All Users 

Threats posed by phishing email attacks and malware can be mitigated if users are trained to recognize them. Being able to identify suspicious email communications and attachments and knowing to hit the delete key without opening them can greatly reduce the risk of malware infecting a device. In addition, passwords are a crucial defense for work and personal email accounts. Systems
should require complex passwords consisting of a combination of upper and lower case letters, numbers and special characters to reduce risk posed by cyber threats.

 Select the Right Security Software 

You should, and probably already do, invest in Internet security, including virus and malware protection and firewalls. However, security software is constantly updated to address existing and new threats as they emerge, so you need to ensure that you have the most current versions. At the outset, be sure the software you choose is regularly and reliably updated. If you need assistance selecting software, you should engage your information technology provider to help you make a sound choice.

 Understand the Cloud 

If you decide to take advantage of the benefits that cloud computing has to o#er, you should ensure that the vendor you engage maintains security over its servers and can provide you with representations that it has undergone a third-party review of controls and safeguards, including encryption for sensitive data. You should know where the information is being stored, how it is protected and who has access to it. Keep in

mind that the cheapest option may not be the best. You want to be sure that you select a reputable vendor that will be in business for years to come. 

Put the Law on Your Side 

Even before you encounter a situation where sensitive client data may have been compromised, you should contact an attorney with expertise in data security incident response to help you proactively formulate a response plan. An attorney can help you recognize your risks and select the key personnel who should be involved if an event occurs. Most important, an attorney will be a reliable guide through the complex series of laws and regulations involved in responding to an incident.

Summary 

As a normal part of business, accountants receive and maintain sensitive client information, including social security numbers and credit card information. While collecting and maintaining this data is necessary, doing so in a computer network or system that is connected to the Internet raises concerns about the possible theft or exposure of that information. Although it is virtually impossible to guarantee security, there are risk management measures that can and should be taken by accountants to mitigate their exposure.

 Bullet Points 

• Require passwords and encrypt your data on all devices.
• Educate your partners and employees about cyber threats.
• Regularly update your security software and firewall configuration.
• Select a reputable cloud provider that has had its security tested.
• Contact an experienced attorney to evaluate your privacy risks and establish an incident response plan.

Thank you to: Thomas R. Manisero, Esq. & Gregory J. Bautista, Esq.
Wilson Elser Moskowitz Edelman & Dicker, LLP
CPA Protector Plan ®

Recent Blogs

FIND US ON

Follow Us on Twitter   Find Us on Facebook   Find Us on Flickr   Join Us on LinkedIn   Find Us on YouTube   Follow Us on Instagram

Most Active Members