IRS headquarters in Washington, D.C.
Threat array
A dizzying array of cyber-threats confront tax professionals: malware, viruses, ransomware, Trojan horses, bots – not to mention the confusing terminology. One surety about your computers: Crooks can use them to get to you and your clients.

The Internal Revenue Service and the Security Summit partners have outlined the “Security Six,” the must-have steps to secure taxpayer data on computers and email.
1. Use anti-virus software
Generally anti-virus software scans files or a computer’s memory for certain patterns that may indicate the presence of malicious software (i.e., malware). When selecting an anti-virus package, learn about its features so you know what to expect. Once you install an anti-virus package, scan your entire computer periodically.

Keep security software set to automatically receive the latest updates so that it is always current. Never click links within pop-up windows, download “free” software from a pop-up or follow email links that offer anti-spyware software.
2. Build firewalls
These shield your computer or network from malicious or unnecessary network traffic and prevent malware from accessing the network. Firewalls may be broadly categorized as hardware or software.

Hardware, a.k.a. network firewalls, are external devices positioned between a computer and the internet. Many vendors and some ISPs offer integrated small office/home office routers that also include firewall features. Hardware-based firewalls are particularly useful for protecting multiple computers.

Most operating systems include a built-in firewall feature that should be enabled. Firewall software can also be obtained from a local computer store, software vendor or ISP. If downloading firewall software from the internet, make sure it’s from a reputable source and offered via a secure site.

Firewalls primarily help protect against malicious traffic and not against malware, and may not protect the device if you accidentally install malware.
Touch ID on an Apple iPhone multi factor authentication
3. Use two-factor authentication
With this protection method, the returning user must enter credentials (username and password) plus another piece of information such as a security code texted to a mobile phone. Two- and even three-factor authentication is on the rise.
Backup Computer Key
4. Use backup software/services
Copies of your files are made and stored either online as part of a cloud storage service or similar product, or on an external disk. Tax pros should ensure that taxpayer data that is backed up is also encrypted.
5. Encrypt your drives
Consider drive encryption software for full-disk encryption. Drive encryption, or disk encryption, transforms data on the computer into unreadable files (at least to the unauthorized person accessing the computer). Drive encryption may come as a stand-alone security software and may include encryption for removable media, such as a thumb drive.
6. Have a data security plan
All professional tax return preparers must have a written data security plan as required by the U.S. Federal Trade Commission’s safeguards rule.

Tax pros can also see IRS Publication 4557, “Safeguarding Taxpayer Data,” and “Small Business Information Security: the Fundamentals” from the National Institute of Standards and Technology for more information.