John Sapp has served at Drake Software since 1995 in various roles including education, sales, and marketing. He serves on the board of the Council for Electronic Revenue Communication Advancement (CERCA), was one of the founding leaders of the IRS Security Summit, and a past chair of the IRS’s Electronic Tax Administration Advisory Committee (ETAAC). He has been a CPA since 1987.
Q Why is cybersecurity important for tax professionals?
A Tax offices are changing. The pandemic normalized the tools that facilitate contactless tax preparation, pushing the profession toward an always-online future which increases cybersecurity risks. Criminals have long targeted taxpayers through phishing scams and are now moving toward much more sophisticated schemes, including vishing, smishing, and QRishing. They may sound like silly names, but they can cause significant, life-altering mayhem for you and your clients through data breaches, leading to identity theft and stolen funds. The Gramm-Leach-Bliley Act (GLBA) requires financial institutions (tax and accounting professionals are considered financial institutions) to protect consumer data; the Federal Trade Commission (FTC), which is responsible for enforcing the GLBA, issued the Safeguards Rule to outline safety measures. This Safeguards Rule requires that all paid tax return preparers create and implement a Written Information Security Plan (WISP).
Q What are the six must-do tasks for any tax preparation firm?
A There are six typically inexpensive or cost-free ways to implement
You can find more tips and information about keeping your data safe in Cybersecurity for the Tax Professional on Drake Software’s website.
Q What should I do if the worst happens?
A Your firm is likely to be targeted at some point. Before the 2023 tax season was finished, IRS filters flagged roughly 1.1 million returns with an estimated total value of $6.3 billion for possible identity theft. In IBM’s Cost of a Data Breach Report 2022, it was reported that 83% of organizations studied had experienced more than one data breach. Having a WISP in place better prepares you to fend off cyberattacks. However, if a breach occurs, contact the IRS immediately and provide your full cooperation, as the Service is prepared to help you resolve this type of situation. You will also need to notify state departments of revenue, local law enforcement, the FBI, and your insurance carrier. The FTC’s Data Breach Response: A Guide for Business is an excellent resource to keep on hand for this type of disastrous event.
Remember, as technology advances, crime will also continue to grow. Being prepared for the worst is the best way to ensure that your clients’ data stays safe, saving you time, money, and hassle in the long run.
Drake Software, founded in 1977, provides software solutions to over 70,000 tax and accounting firms that file more than 36 million tax returns every year. Known for award-winning customer service, Drake is also consistently recognized for excellence in quality, value, reliability, and product innovation.
