IRS headquarters in Washington, D.C.
IRS headquarters in Washington, D.C.

Threat array

A dizzying array of cyber-threats confront tax professionals: malware, viruses, ransomware, Trojan horses, bots – not to mention the confusing terminology. One surety about your computers: Crooks can use them to get to you and your clients.

The Internal Revenue Service and the Security Summit partners have outlined the “Security Six,” the must-have steps to secure taxpayer data on computers and email.

1. Use anti-virus software

Generally anti-virus software scans files or a computer’s memory for certain patterns that may indicate the presence of malicious software (i.e., malware). When selecting an anti-virus package, learn about its features so you know what to expect. Once you install an anti-virus package, scan your entire computer periodically.

Keep security software set to automatically receive the latest updates so that it is always current. Never click links within pop-up windows, download “free” software from a pop-up or follow email links that offer anti-spyware software.

2. Build firewalls

These shield your computer or network from malicious or unnecessary network traffic and prevent malware from accessing the network. Firewalls may be broadly categorized as hardware or software.

Hardware, a.k.a. network firewalls, are external devices positioned between a computer and the internet. Many vendors and some ISPs offer integrated small office/home office routers that also include firewall features. Hardware-based firewalls are particularly useful for protecting multiple computers.

Most operating systems include a built-in firewall feature that should be enabled. Firewall software can also be obtained from a local computer store, software vendor or ISP. If downloading firewall software from the internet, make sure it’s from a reputable source and offered via a secure site.

Firewalls primarily help protect against malicious traffic and not against malware, and may not protect the device if you accidentally install malware.
Touch ID on an Apple iPhone multi factor authentication
A customer tries out the new Apple Touch ID, fingerprint scanner, 0n the iPhone 5S at a Verizon store where the new iPhone 5's and 5C went on sale on September 20, 2013 in West Valley City, Utah. (Bloomberg News/George Frey

3. Use two-factor authentication

With this protection method, the returning user must enter credentials (username and password) plus another piece of information such as a security code texted to a mobile phone. Two- and even three-factor authentication is on the rise.
Backup Computer Key

4. Use backup software/services

Copies of your files are made and stored either online as part of a cloud storage service or similar product, or on an external disk. Tax pros should ensure that taxpayer data that is backed up is also encrypted.

5. Encrypt your drives

Consider drive encryption software for full-disk encryption. Drive encryption, or disk encryption, transforms data on the computer into unreadable files (at least to the unauthorized person accessing the computer). Drive encryption may come as a stand-alone security software and may include encryption for removable media, such as a thumb drive.
Data Security - Closeup of the Book Title. Closeup View. Data Security Concept. Book Title. Data Security Concept on Book Title. Toned Image with Selective focus. 3D Rendering.

6. Have a data security plan

All professional tax return preparers must have a written data security plan as required by the U.S. Federal Trade Commission’s safeguards rule.

Tax pros can also see IRS Publication 4557, “Safeguarding Taxpayer Data,” and “Small Business Information Security: the Fundamentals” from the National Institute of Standards and Technology for more information.