IRS Tax Tip 2019-22, March 12, 2019
To protect their offices and clients, many tax preparers hire a cybersecurity professional. Every tax business is unique, so preparers should discuss their specific concerns with someone they hire. This will help safeguard both the preparer’s business and their clients’ data.
Here are some things preparers should do when selecting a cybersecurity professional:
Ask for recommendations.
Preparers can talk to other business owners or professionals for recommendations and references.
Be selective.
Ultimately a preparer or business owner will need to select the person they trust most. They should choose someone with whom they feel comfortable discussing the safety and security of their business and clients.
Do interviews.
Preparers should ask questions of the candidates to learn just how much experience they have in data protection. Here are some preliminary examples of questions preparers can ask to get the ball rolling:
- How does ransomware work and what can we do to protect our systems?
- What are the best options to securely back-up data and why are those options the best?
- Do you have suggestions regarding data encryption, malware, firewalls, disaster recovery, and remote access tools?
- Have you ever created a security plan for a similar business?
- Can you do an assessment of my systems and processes to find vulnerabilities or weaknesses? If so, will you then provide recommendations to strengthen my security
- Will you provide ongoing monitoring of my systems as security threats evolve? If so, how often do you recommend changes?
Depending on the preparer’s situation, there may be additional questions to ask. Preparers can tailor more specific questions to their facts and circumstances.
Make it official.
When hiring a cybersecurity professional, the preparer should secure an agreement or engagement letter so both parties understand the terms of the agreement.