Take time to ensure tax data is secure before filing returns

Take time to ensure tax data is secure before filing returns

It is that time of year to file taxes. Some of you already have filed and are ready to spend your refund. Others are procrastinating, dreading the process of digging into receipts, compiling statements and finding the right forms to fill out. Whether you prepare your own filings or use a professional tax preparer, there are cybersecurity actions that you should consider.

If you use a tax preparer, you might want to ask about the security of their information systems to make sure you are comfortable with the way they protect your sensitive tax information. IRS Publication 4557, “Safeguarding Taxpayer Data: A Guide for Your Business,” provides businesses and organizations guidance on protecting taxpayer data they receive to prevent manipulation and to ensure the data can be accessed or recovered in a timely manner.

This guidance primarily comprises checklists that were developed in 2015 by the IRS during a summit with tax return preparers, software providers, state tax agencies, payroll providers and financial institutions. Implementing the IRS guidance reduces the risk that taxpayer data could be stolen by hackers and used to commit identity theft or for other nefarious purposes. These checklists address the following:

>> Administrative activities — conducting risk assessments, developing an information security plan and vendor management.

>> Facilities security — addressing physical security risks to the taxpayer data stored by the business.

>> Personnel security — ensuring that employees conduct themselves in a manner that supports the protection of taxpayer data.

>> Information systems security — making sure systems operate properly with resiliency.

>> Computer systems security — implementing strong authentication, encrypting taxpayer data and reducing vulnerabilities on computer systems.

>> Media security — properly storing, handling and backing up any storage media that has taxpayer data.

>> Certifying information systems for use — implementing a formal process for validating that the information systems have adequate security and for approving systems for use within the organization.

Although IRS Publication 4557 is intended for businesses, including tax preparers, to use, it also can be your general guide for asking your tax preparer about how they protect your sensitive information.

If you are preparing your taxes yourself using one of the many software packages or websites available, IRS Publication 4557 can help you to assess the security of the software provider and website. You should also take this time to do maintenance on your own computer to make sure there is no malware or vulnerabilities that could allow a hacker to steal your tax data or hold your data for ransom.

Before you start:

>> Update all software on your computer, including the operating system and third-party applications such as Adobe Flash, Java and others. Minimize risk of accidentally downloading malware by visiting only trusted websites and using software from trusted sources.

>> Install and update your anti-malware or anti-virus software and run a virus scan to clean out suspicious software.

>> Turn on encryption on your computer to protect electronic tax files. Leverage the file encryption provided by the tax preparation software, which usually requires you to create a password to open the files.

>> If you are using a web-based service, enable multifactor authentication for your account so that logging in requires another form of authentication, such as a code sent to your mobile phone, in addition to your password.

>> Be vigilant in scrutinizing tax-related emails. Expect phishing emails this time of year from hackers trying to get your tax or other information. Verify directly with the IRS if there is any doubt. Additional IRS guidance on phishing can be found at irs.gov/uac/report-phishing.

Tax time can be stressful. However, by executing these tips, you can reduce your risk of enduring more stress caused by identify theft and financial loss enabled by weak cybersecurity that failed to protect your data..

Michael Miranda, director of information security at Hawaiian Telcom, holds current Global Information Assurance Certification (GIAC) and is a Systems and Network Auditor (GSNA), a Certified Intrusion Analyst (GCIA) and Certified Forensic Analyst (GCFA). Reach him at michael.miranda@hawaiiantel.com.

© Honolulu Star-Advertiser

Visit this article in the Star-Advertiser