Highlights from the Summer 2022 Tax Security Summit

IRS Tax Tip 2022-132, August 29, 2022

The IRS, state tax agencies and the tax industry – working together as the Security Summit recently concluded its summer series, Protect Your Clients; Protect Yourself. This campaign was a reminder for tax pros to focus on fundamentals of security and watch out for emerging issues when using cloud-based services for their practice.

Here’s a look back at key messages from the latest Security Summit.

Identity Protection PINs provide an important defense against tax-related identity theftThe IP PIN is a critical defense against identity thieves. The IRS and its Security Summit partners need tax pros to let their clients know that IP PINs are now available to anyone who can verify their identity.

Tax pros beware of evolving email and cloud-based schemes to steal taxpayer dataTax pros using cloud-based systems to store and prepare tax returns and information should use multi-factor authentication. Specifically, they should use multi-factor authentication to reduce the risk of identity thieves gaining access to their online accounts. For more information about multi-factor authentication, people should visit the Cybersecurity and Infrastructure Security Agency website.

All tax pros should watch for the tell-tale signs of identity theftIdentity thieves continue to target the tax community. All tax pros should learn the signs of data theft so they can react quickly to protect clients.

Security Summit creates new data security plan to help tax professionalsFederal law requires all professional tax preparers to create and implement a data security planThe IRS and its Security Summit partners recently unveiled a new sample security plan called a Written Information Security Plan or WISPPDF. This essential plan is designed to help tax pros, especially those with smaller practices, protect their data and information.

Ways tax pros can help clients battle identity theft riskTax professionals should be proactive and take the following critical steps to secure their computer systems and protect client data:

  • Use virtual private networks or VPNs to prevent potential eavesdropping in shared environments.
  • Be cautious of requests for personal or financial information via email, telephone, text and social media.
  • Be cautious of downloads, even from trusted sites.
  • Change default passwords, choose strong passwords, and consider using a password manager.

More information: