At Accountability Services, keeping your sensitive information safe is a responsibility we take very seriously. Investing in cybersecurity and data protection isn’t cheap, but we’re happy to do whatever it takes to follow the IRS’s strict data security guidelines.
Believe it or not, not all CPA firms are willing to pay what it takes to stay compliant – but when you partner with us, you can sleep soundly at night knowing your financial data is under lock and key.
In this post, we’ll cover the most important aspects of the IRS guidelines to give you an overview of how our data security protocol works.
Develop a formal information security plan
Just like any other aspect of running a successful business, taking time to plan, and then to monitor, review and adjust that plan is paramount to achieving the desired results. We have allocated resources to identifying risks to client data and then designing/implementing the right safeguards to mitigate those risks.
Use Multi-Factor Authentication (MFA)
MFA is the gold standard in identity verification before providing access to any data system.
Secure data transmission and storage
- All email transmissions and client portals must be encrypted to protect information exchanges
- Encryption for all data stored on servers, computers or in the cloud
- Implement backup systems to store encrypted copies of vital documents and information
- Use IRS-approved software for e-filing
- Maintain Electronic Filing Identification Number (EFIN) security
Restrict access to sensitive data
Organizations must adhere to strict role-based access, ensuring that client data is only accessible internally to the team members who require access and have been specifically granted access by leadership.
Additionally, access logs must be generated to track which employees accessed which client data and when.
Protect against cyber and physical threats
Prevent unauthorized access, malware, and phishing attacks by:
- Installing and regularly updating firewalls, antivirus software and anti-malware tools
- Training staff to be aware of cyber threats and what to do if they recognize a scam or attack
- Protecting all physical devices with strict lock protocols
Dispose of old or unneeded taxpayer data
Destroying outdated data is a vital step in the data security process. Paper documents must be shredded and digital files must be erased securely using a software application.
Where to find IRS data security requirements
For a full list of requirements and recommendations, visit:
- Publication 4557: Safeguarding Taxpayer Data
- Federal Trade Commission (FTC) Safeguards Rule which applies under the Gramm-Leach-Bliley Act (GLBA)
