Data theft is a very real threat to accountants, bookkeepers, and other tax professionals. Tax, financial, and personal information is very valuable to hackers and criminals—Social Security Numbers, banking details, EINs, and more can be used for identity theft and to breach and steal from sensitive accounts.
If you or your tax business has been impacted by data or information theft, it’s vital to deal with the problem thoroughly and efficiently and get the right cybersecurity in place to stop it from happening again.
Establish How Your Accounting Firm or Tax Preparation Business Has Been Impacted by DataTheft
The first thing to do is to understand whether you’ve actually had tax, accounting, or client data stolen. Once you find out about possible theft, you must investigate and analyze the following areas.
How Did the Attackers Gain Access to Your Accounting or Tax Preparation Business?
There are a few different ways a hacker could gain access, including:
- Social engineering — This is a criminal pretends to be someone that a tax employee trusts and convinces the employee into handing over their login and password information. An attacker may be posing as IT support, a colleague, or someone else.
- Brute force attack — Hackers run all sorts of combinations of logins and passwords against your internal systems and break in due to weak login and password combinations.
- Vulnerability exploit — Some software has inherent security flaws and vulnerabilities, that if left unpatched allows an attacker to take advantage and get into the system.
What Tax, Accounting, Client, or Business Information Was Stolen?
Establish exactly what has been stolen from your accounting business. Did the attackers get client tax records, SSNs, banking details, internal business information, or something else? Once you know the breadth and depth of the accounting data breach, you can handle it more effectively.
When Did the Breach Happen?
The attackers may have been in your systems for some time. You should find out when your security was compromised and how long they had access to your data.
Other areas you can look at are who the attackers were, where did the attack originated, and any weaknesses you still have in your cybersecurity. If you don’t have the in-house expertise to get details on the breach, you can hire data breach and security specialists who can investigate on your behalf and help you protect yourself in the future.
Contact the Relevant Parties, including the Internal Revenue Service, State Agencies, and Clients
You must notify the correct parties as soon as possible, Notify them once you find out about the data breach and follow up when you have more details. The parties you will need to inform include:
Official Tax Agencies and Related Organizations
- The Internal Revenue Service via local stakeholder liaisons. They will notify IRS Criminal Investigations on your behalf.
- The local offices of the FBI and the Secret Service.
- Your local police.
- The local state agency responsible for tax filings and payment, together with the State Attorneys General.
Other Official Organizations
- Your insurance company to check if your policy covers you for data breaches.
- The Federal Trade Commission to provide guidance on how to proceed.
- Credit and identity theft protection agencies that you offer credit monitoring and identity theft protection to victims of data and identity theft. Certain states require these.
- Credit scoring bureaus – let them know there is a compromise and clients may seek their services.
Your Tax and Accounting Clients
Finally, you will need to contact your clients and let them know. You should be honest and transparent. Explain the data that was stolen, the impact it might have, what you are doing about the breach, and what your clients need to do. Recommend that they put a freeze on various accounts, change their passwords, and offer them a credit and ID monitoring service.
Take Steps to Prevent the Future Theft of Tax Information
Once you’ve dealt with the breach and notified the relevant parties, work with cybersecurity specialists to reduce the possibility of this happening again. Get security tools in place, train your staff, patch any vulnerabilities, and carry out penetration testing and vulnerability scanning on your systems.
Looking for an identity theft protection solution to protect your clients from a tax data breach? Our experts at TaxSlayer Pro are proud to offer SecurelyID, the leading identity theft protection solution. Call us today at 1-888-420-1040 to learn more!