Recently, tax professionals have been the target of criminals for identity (ID) theft.

Among other reasons, tax professionals work with a large amount of sensitive data; stolen data can be used to file fraudulent returns rather inexpensively, and the return to criminals is very high. What’s more, smaller firms make an attractive target because in general, they have fewer security controls and it is easier to execute an attack.

Did you know that phishing scams are the number one attack method?  These scams entice the user to click on an email attachment, which contains malicious software that tracks keystrokes and may identify password information. You can minimize exposure to phishing scams by not opening messages from unknown senders. Make sure your staff members are trained on the dangers of phishing scams in the form of e-mails, texts, and calls.

Whether you have a large or small practice, there are measures to reduce the likelihood of a successful attack. Employ appropriate security controls for your environment based on the size, complexity, nature and scope of your activities. Security controls are necessary to protect the confidentiality, integrity and availability of your clients’ sensitive information.

Other ways to protect your business from cyber criminals: range from locking doors to restricting access to paper or electronic files to installing antivirus software with automatic updates to recognize viruses and malware on all computers on your business network. Frequently back up and secure data on a flash drive or external hard drive and store in a fireproof safe.  Use strong passwords and don’t share them including your MyFTB password. These are only a few examples of ways to reduce ID theft from your office.

For more information on how you can protect client information and your business, see IRS Publication 4557,Checklist for Safeguarding Taxpayer Data. It contains a series of check-lists for creating a comprehensive security plan that addresses functions such as administrative activities and security measures for facilities, personnel, information and computer systems, and electronic media, as well as how to certify information systems for use by your business.

Take some time to review IRS Publication 4557 and if you do not have the knowledge or skills to complete the checklist tasks, you can use the tasks as a guide to hire someone who can. Remember confidential information is only confidential as long as it is protected.