As stewards of sensitive financial and personal data, tax professionals are increasingly prime targets for cybercriminals seeking to exploit taxpayer information for fraudulent refunds, identity theft, and unauthorized access to e-filing systems.
In a recent advisory, the IRS Return Preparer Office (RPO) issued a critical warning: hackers are actively targeting tax preparers using increasingly sophisticated tactics to gain access to electronic filing credentials and client records.
At Mandelbaum Barrett PC, we echo the IRS’s call to action: Protect your clients; protect yourself.
Data Security Is Not Optional—It’s the Law
Safeguarding taxpayer information isn’t just good practice—it’s a legal requirement. Under the Federal Trade Commission’s (FTC) Safeguards Rule, tax professionals are obligated to implement appropriate measures to protect client data. Failure to do so may result in identity theft, professional liability, and irreparable harm to your reputation.
IRS-Recommended Cybersecurity Best Practices
To help mitigate these growing risks, the IRS recommends the following key cybersecurity measures:
- Use strong, unique passwords and enable multi-factor authentication on all systems and accounts
- Keep all software, operating systems, and antivirus tools up to date to address vulnerabilities
- Encrypt all sensitive data and maintain secure, offsite backups
- Deploy firewalls, antivirus software, and VPNs to prevent unauthorized access
- Provide regular phishing awareness training—always verify suspicious emails or links
- Limit and monitor access to client information with periodic reviews
Cybercriminals are using increasingly sophisticated tactics, including phishing emails, spoofed phone calls, and malware to steal credentials such as e-Services passwords and Electronic Filing Identification Numbers (EFINs). Staying informed and vigilant is essential.
Resources
For more comprehensive guidance, review IRS Publication 4557 (Safeguarding Taxpayer Data) and IRS Publication 5293 (Data Theft Resource Guide for Tax Professionals).
If you have questions about safeguarding client data or complying with FTC and IRS security requirements, Martin D. Hauptman, Partner in our Tax, Trusts, and Estates Practice Groups, is here to help. Contact him at mhauptman@mblawfirm.com or 973-243-7912.