"

Estimated reading time: 3 minutes, 59 seconds

Stopping Identity Theft in Tax Filings

theft artWith more than 127 million personal information records exposed in 2011, identity theft has led to a swell of fraudulent tax filings and tens of thousands of honest taxpayers are now subjected to delays in their legitimate refund claims, according to the Internal Revenue Service. The increasing number of data breaches means that CPAs must handle client data even more carefully.
Data loss happens. While large businesses are mostly responsible for the more than 500 million personal information records that have been breached since 2005, even CPA firms that are good custodians of client data occasionally lose a laptop or USB (thumb) drive with unencrypted confidential data on it. Those losses give rise to a potential data breach. Data security risk is usually generated by everyday behaviors that eventually catch up with users if they are not constantly handling data in a safe manner.

Data breaches can be expensive for firms; the more cost-effective approach is to implement robust data security measures. Furthermore, firms that become proficient at security will be better able to assist clients with their own data security issues.

Here are some basic loss prevention tips

*Ensure that laptops, desktops, USB drives, servers, smart phones and other devices do not contain any confidential data that is unencrypted.
*Consider remote laptop security measures to prevent access to protected files in the event of theft or loss.
*Ensure that email messages and attachments containing confidential data are encrypted with file encryption and digital certificates.
*Use strong passwords, and do not write them down or share them. Passwords should be "salted" with random bits and symbols such as #, $ and &. Change passwords at least every 90 days.
*Physical security should be provided for computers and endpoints as with any other valuable assets, including building security and access codes and locking up all servers, laptops, desktops and mobile devices.
*Do not download personal software onto business computers because of the risk of downloading viruses or worms along with the software
.

Firms should also engage in a continuous data security process that operates in three areas:

1) Risk Assessment.  Utilize software tools for assessing and analyzing the security of most computer systems. Many software companies also provide security updates to protect from threats that have been identified, and most updates can be applied automatically. Have a computer specialist conduct a more thorough assessment and analysis to highlight vulnerabilities and provide risk reduction tips.

2) Comprehensive Written Plan. A written information security plan  outlines the specific ways the firm will protect data; sets forth policies, procedures and staff responsibilities, including what staff members are not allowed to do, and what they are required to do (such as immediately reporting any actual or potential security problems);
covers areas such as the Internet, social media, email usage, and record retention and destruction; and details the reporting and other requirements of the states in question and the state agencies to which breaches are to be reported. Some states require firms to be compliant with the state's privacy laws if the firm has the privacy data of a resident in that state. Some states require a written security plan by law.

3) Regular Staff Training. Teach the written plan to staff to ensure that each employee knows what the firm is doing and what he or she is required to do, including best practices for addressing new and continuing risks, such as  social engineering, phishing and web application attacks. New laws or regulations should be reflected in changes to the plan. Training sessions to update staff on such changes will make the plan a dynamic, living document that staff uses and relies upon.

Better data security measures will help ensure that private information remains confidential and available only to authorized parties. Firms will avoid or reduce the high costs associated with data breaches, and strong data security measures will become selling points that many clients will appreciate.


Randy Warner
Randy Werner J.D., LL.M./Tax, CPA is a loss prevention specialist with CAMICO (www.camico.com). She responds to CAMICO loss prevention hotline inquiries and speaks to CPA groups on various topics. Werner has Big Four public accounting experience in federal and state tax as well as regional accounting firm experience. She has practiced as a sole practitioner in estate planning since 1984.

Werner has been a member of the California State Bar since 1983 and is a member of the Taxation section as well as the Taxation Section's Procedure and Litigation Committee. She earned a Bachelor of Science in Commerce, majoring in finance with an emphasis in marketing, from the Santa Clara University School of Business. She also earned a Juris Doctor from the Santa Clara University School of Law in 1983, a Master of Laws in Taxation from Golden Gate University, and a Master of Science in Accounting from San Jose State University.

Read 6272 times
Rate this item
(0 votes)

Visit other PMG Sites:

Template Settings

Color

For each color, the params below will give default values
Tomato Green Blue Cyan Dark_Red Dark_Blue

Body

Background Color
Text Color

Header

Background Color

Footer

Select menu
Google Font
Body Font-size
Body Font-family
Direction