Cybersecurity Tips for Tax Professionals 

Hand holding a smartphone in front of a laptop

If you own a tax preparation business, you handle sensitive data such as Social Security numbers, financial records, and personal information daily. That’s why it’s crucial to keep your business and customers’ information protected from cybersecurity threats. Keep reading to better understand cybersecurity for tax professionals and strengthen your tax prep business’s integrity. 

What data are hackers looking for? 

Hackers seek various types of data to exploit for personal or financial gain. Their primary target is personal identification information, which can be used to identify specific individuals. This identity data includes: 

  • Names   
  • Addresses   
  • Email addresses  
  • Social Security Numbers (SSNs) 

Other high-risk forms of identity data include:  

  • Employer Identification Numbers (EFINs)  
  • Bank account numbers or logins  
  • Health insurance information  
  • Driver’s license numbers 
  • Passport numbers  
  • Login credentials   
  • Biometrics (fingerprints and facial or voice patterns) 

In many cases, a name, SSN, and birthdate are enough to steal someone’s identity and cause immense financial and credit damage. While stolen credit cards are bad news, stolen identity data found on financial documents is much worse.  

Digital black marketers prefer financial documents to stolen credit cards. Credit cards can be canceled and expire, offering a limited window of value. This is not the case for SSNs, names, or birth dates, which remain the same. The highly sensitive information found on state and federal tax returns makes them attractive for thieves and hackers. Given that your job requires access to a client’s financial records and identity data, you are obligated to protect that information. 

How can tax preparers manage identity data?  

Knowing what cybercriminals are looking for makes it easier to safeguard that valuable information and protect your business. Here are a handful of approaches that will enable your tax prep business to better shield identity data:   

Understand that not all data needs to be saved 

One of the simplest ways to protect your customers is by eliminating nonessential information. After all, it can’t be stolen if you don’t have it. Retain the records that are required by law and the contact info needed to maintain a relationship with a client, and nothing more. This practice applies to both digital and physical records. Be diligent in deleting unnecessary files to minimize risk.  

Generally, the IRS recommends that tax preparers maintain client records for up to three years. Create a regular schedule to delete all client identity data after three years. This should include personal information such as names, addresses, phone numbers, email addresses, and any sensitive identifiers like Social Security numbers or financial details. By removing this data, you help safeguard your clients’ privacy while complying with best practices for data management. 

Silo your data and secure it with encryption and backups 

When it comes to cybersecurity for tax professionals, encrypting your sensitive data is essential because it adds another layer of protection. By doing this, even if a hacker manages to access your cloud or hard drive, they will require additional credentials to unscramble the data.  

For storage, utilize a password-protected cloud service or an encrypted hard drive to further secure your computer and data. In addition to encryption, make a habit of backing up your data regularly. This will help you to minimize loss and help you recover data in the event of a cyberattack. 

Train your staff to be skeptical 

Hackers use phishing and social engineering scams to fool employees into sharing personal or financial information. Email is the primary tool hackers use to deliver scams to unsuspecting recipients. Train your staff to identify suspicious emails and avoid tax fraud.  

As a general rule, be wary of all messages from unknown senders and never share information, click links, or download attachments from anyone you don’t know. This can be difficult for tax preparers who receive attachments from clients, but it is important to remain vigilant and aware of anything suspicious.  

Pro tip: Use a secure document sharing tool like TaxSlayer Pro’s TaxesToGo app or client portal when sharing documents with clients to avoid being tempted to download attachments from emails. 

  • Moving this section higher up the article 

Use SecurelyID for identity protection 

Tax preparers have a responsibility to safeguard clients’ personal information. Cybersecurity is a prevalent threat now more than ever, so investing in effective business practices, training, and tools provides robust protection for your business.  

TaxSlayer Pro partners with SecurelyID to offer a complete identity theft monitoring protection and restoration tool that helps protect your tax preparation business. Features include: 

  • Credit monitoring 
  • Full-service restoration 
  • Internet surveillance 
  • SSN trace 
  • And more 

Get cyber security insurance 

You have insurance for your car, health, and life, so why wouldn’t you invest in insurance to protect your tax preparation business? If your company is affected by a security breach and you’re held liable, you’ll most likely have to pay thousands of dollars in legal fees and recovery expenses, which can financially destroy you. Cyber insurance will help cover costs such as lost revenue, security overhauls and concessions to customers. 

A cyber insurance policy covers your tax prep business in the event of a hack or data breach that results in financial damages – both direct and legal. This type of business insurance covers your intangible assets like digital files, email, and data. Cyber insurance may seem novel to many tax preparers, but it has become a necessary form of coverage. 

Secure Your Hardware 

While it’s imperative to acquire the latest cybersecurity software, protecting your hardware is equally important. Many data breaches can be caused by theft, so leaving your servers, computers and other devices vulnerable is a huge risk. Ensure your equipment is locked up and install cameras and alarms to further improve your security. 

Ensure Your Computer Has a Firewall and Antivirus Protection 

Whether you use a Windows or Mac laptop, it’s important to have antivirus and firewall software on your computer. Antivirus tools catch and isolate malicious software when they strike, while firewall programs prevent a virus from infiltrating your database in the first place. Also, don’t delay running updates. These will help fight against the latest cyber threats. 

Why tax preparers need to keep client data safe  

Any business conducted online or with a connected device carries a particular set of risks. That’s the reality of the tech-enabled world that we work in today. Every tax prep business that hires employees or contractors, processes payments, or stores client records needs to consider the possibility of a tax data breach.  

As a tax preparer, the outcome of any breach falls squarely on your shoulders. Data is one of the most valuable and vulnerable assets that any business manages. Unfortunately, many tax preparers don’t learn this fact until it’s too late, because anytime there is a data breach, lawsuits can be expected to follow. This is one reason the IRS requires every tax preparer to create and submit a Written Information Security Plan (WISP) detailing how your office plans to protect client information and steps you will take in the even of a security breach.  

Scroll to Top