Jump to content
ATX Community

IRS data security plan


ILLMAS

Recommended Posts

I think this is it..???  Not sure.. Maybe though.

Tax Security 101: Security Summit reminds professional tax preparers of data security plan requirements.

WASHINGTON — The Internal Revenue Service and Security Summit partners reminded tax professionals that protecting taxpayer information isn’t just good for the clients and good for business – it’s also the law.

https://www.irs.gov/newsroom/tax-security-101-security-summit-reminds-professional-tax-preparers-of-data-security-plan-requirements

Link to comment
Share on other sites

"designate one or more employees to coordinate its information security program;

identify and assess the risks to customer information in each relevant area of the company’s operation and evaluate the effectiveness of the current safeguards for controlling these risks;

design and implement a safeguards program and regularly monitor and test it;

select service providers that can maintain appropriate safeguards, make sure the contract requires them to maintain safeguards and oversee their handling of customer information; and

evaluate and adjust the program in light of relevant circumstances, including changes in the firm’s business or operations, or the results of security testing and monitoring."

I guess I should be OK if I designed myself as the coordinator and I make sure that computer and ATX program can only be accessed with passwords, encrypt my hard drive, have antivirus, use comcast who also has security, and I only transmit returns to ATX server. What do you think?

Link to comment
Share on other sites

2 hours ago, Pacun said:

...I guess I should be OK if I designed myself as the coordinator and I make sure that computer and ATX program can only be accessed with passwords, encrypt my hard drive, have antivirus, use comcast who also has security, and I only transmit returns to ATX server. What do you think?

As they say: "Sounds like a plan to me."  I'm pretty sure yours is like 90% of other tax preparers in this country (excepting the Big Three/Four/Five/Whatever national CPA firms). HERE'S MINE:

(1) designate one or more employees to coordinate its information security program.

I ALSO NAMED MYSELF AS SECURITY COORDINATOR.

(2) identify and assess the risks to customer information in each relevant area of the company’s operation and evaluate the effectiveness of the current safeguards for controlling these risks.

I KNOW OF TWO OR THREE LOWLIFES AROUND HERE WHO WOULD BURGLARIZE THE PLACE IF THEY COULD, BUT I'VE GOT A LANDSCAPE TIMBER UNDER EVERY DOORKNOB AND THEY CAN'T KEEP THEIR STOLEN TOOLS WITHOUT PAWNING THEM FOR LIQUOR. 

(3) design and implement a safeguards program and regularly monitor and test it.

I BUY FILE CABINETS, LOCK THEM, AND PULL ON THE HANDLES EVERY NOW AND THEN TO SEE IF THEY STILL WORK . 

(4) select service providers that can maintain appropriate safeguards, make sure the contract requires them to maintain safeguards and oversee their handling of customer information.

I DON'T HAVE ANY SERVICE PROVIDERS EXCEPT ATX AND MALWAREBYTES.  ALL MY STUFF'S HERE AND NOT UP IN THE CLOUDS.  JUST HOPE THOSE GUYS AT ATX CAN KEEP A TIGHT LIP ON THEIR END/ DON'T TRUST MAL TOO MUCH 'CAUSE THEIR REP'S IN BORA-BORA OR SOMEWHERE AND BARELY SPEAKS ENGLISH.

evaluate and adjust the program in light of relevant circumstances, including changes in the firm’s business or operations, or the results of security testing and monitoring.

WELL, IF THE PLACE BURNS, THE FILES WILL GO WITH IT.  IF TORNADO, THEN ME AND THE BATHTUB WILL GO WITH IT, SO I''LL BE OUT OF REACH OF IRS.  WE HAVE FAKE ADT STICKERS (FRONT AND BACK) PLUS A BLINKING RED ROOM DEODORIZER THAT LOOKS LIKE A BURGLAR ALARM IN THE BACK WINDOW.  OTHER THAN THAT, THE OUTSIDE MOTION LIGHTS ALL HAVE WORKING BULBS, SO CAN'T THINK OF WHAT ELSE TO DO EXCEPT MAYBE CHAIN UP A PIT BULL IN THE BACK YARD. 

BB :D

 

  • Like 1
  • Haha 3
Link to comment
Share on other sites

4 hours ago, Pacun said:

I guess I should be OK if I designed myself as the coordinator and I make sure that computer and ATX program can only be accessed with passwords, encrypt my hard drive, have antivirus, use comcast who also has security, and I only transmit returns to ATX server. What do you think?

I certainly hope you are ok because other than Comcast, that's my plan. Everything electronic including backups are on encrypted drives. My physical files are all in a locked drawer but this will give me the incentive to start scanning a few folders each day.

 

95% of my business is on my laptop with 3 copies. One copy in my drawer, one copy in backup laptop in the office and another copy on a laptop at home. I don't have the tax software on those other computers though - just the backups. 100% of my securities business is on my laptop configuration or uploaded to my clearing firm.

Link to comment
Share on other sites

I've been thinking more and more about this stuff. Electronic data theft I'm not overly worried about.

What type of liability does a preparer have if their physical files and paperwork are broken into and or stolen? Everything I see online is about electronic data but that's not what worries me. The CPA in the office next to mine has a massive room for of physical files and he doesn't even own a scanner.

Link to comment
Share on other sites

On 12/13/2019 at 3:58 PM, Abby Normal said:

Data is data. Doesn't matter if it's on paper or digital. The only reason they mostly mention digital is that's the way most people work these days, especially larger firms.

True, data is data.  But I've never seen a scratch wipe out 10 years of paper data.  On the other hand, the password protection for paper data is seriously deficient. 

  • Like 2
  • Haha 2
Link to comment
Share on other sites

3 hours ago, JohnH said:

True, data is data.  But I've never seen a scratch wipe out 10 years of paper data.  On the other hand, the password protection for paper data is seriously deficient. 

John, you've got to stop using those silver discs for sanding wheels on your electric drill/screwdriver.  By the way, where'd you get the adaptor for the big hole in the center (I have not been able to find one).

About the deficiency of password protection, start using the PC pronouns for openers; you know: xe, xur, sie, hir - stuff like that.  A sane hacker who doesn't speak Chinese-flavored Lithuanian would be expecting your birthday, anniversary, dog's name, etc.  

  • Like 1
  • Haha 2
Link to comment
Share on other sites

2 hours ago, BLACK BART said:

John, you've got to stop using those silver discs for sanding wheels on your electric drill/screwdriver.  By the way, where'd you get the adaptor for the big hole in the center (I have not been able to find one).

About the deficiency of password protection, start using the PC pronouns for openers; you know: xe, xur, sie, hir - stuff like that.  A sane hacker who doesn't speak Chinese-flavored Lithuanian would be expecting your birthday, anniversary, dog's name, etc.  

Bart, this person thinks you person may have a good password idea there (just being extra careful here).

  • Like 1
  • Haha 2
Link to comment
Share on other sites

On ‎12‎/‎13‎/‎2019 at 2:48 PM, Roberts said:

I've been thinking more and more about this stuff. Electronic data theft I'm not overly worried about.

What type of liability does a preparer have if their physical files and paperwork are broken into and or stolen? Everything I see online is about electronic data but that's not what worries me. The CPA in the office next to mine has a massive room for of physical files and he doesn't even own a scanner.

I'm just the opposite.  We live in back here and I've got a .25 auto, .32 auto, 2 .38s & 1 .357 mag. revolvers, + a 20 ga. shotgun scattered around, so if they they back a truck through the front door (like in the movies) and snatch all the computers off the desks, we'll hear them and stop it.   

Although my computers and ATX are encrypted - the electronic side worries me.   A lady on this board a few years ago complained that somebody (don't remember if she used ATX or who) had swiped many of her previous year rollovers, filed first (before clients did), and she was trying to get help.  She called EF center; they brushed her off saying "they didn't handle that kind of problem".  Then she tried IRS CID and they too gave her the run-around.  As you know, local police are useless re computer info theft.  Anyhow, to sum up, nobody could/would help and she was on her own.  Seems like she limited the damage somewhat through the software company.  But anyway, how is it possible to block this?

  • Like 1
Link to comment
Share on other sites

This theft discussion reminds me of the response I give when a client turns "prepper" and asks me whether they should buy gold in preparation for a total economic collapse.  My answer is always the same.  "In the scenario you're anticipating, the only metal that will make any significant difference is lead."

  • Like 4
  • Haha 3
Link to comment
Share on other sites

1 hour ago, Catherine said:

If they are expecting werewolves, silver might be advisable.

I think buckshot is no longer made of lead, but instead tungsten or plastic is more common.  Not sure, but I think this is to prevent kids who eat paint from growing up to eat buckshot.  Or maybe the deer were getting dumber from being shot full of lead.   

  • Like 2
Link to comment
Share on other sites

On 12/20/2019 at 4:45 PM, Gail in Virginia said:

I think buckshot is no longer made of lead, but instead tungsten or plastic is more common.  Not sure, but I think this is to prevent kids who eat paint from growing up to eat buckshot.  Or maybe the deer were getting dumber from being shot full of lead.   

I know you're joking around, but less lead in the environment is a very good thing.

  • Like 2
Link to comment
Share on other sites

On 12/20/2019 at 4:25 AM, JohnH said:

This theft discussion reminds me of the response I give when a client turns "prepper" and asks me whether they should buy gold in preparation for a total economic collapse.  My answer is always the same.  "In the scenario you're anticipating, the only metal that will make any significant difference is lead."

A real "prepper" would show zero clues to anyone outside of their circle, and would not ask for such advice from even their tax person :).

  • Like 3
Link to comment
Share on other sites

  • 2 weeks later...

I very much appreciate this topic.  I just finished a conversation with someone who has a PTIN, and was asking why we are no longer allowing our software to work with Windows XP.  besides the obvious, I pointed out how they, as having a PTIN, falls under the security plan requirements mentioned here (which started in 1999!).  I pointed out there was zero chance they could avoid liability when using a known outdated and insecure OS.  (Funny how the suggested plans include things which are not actually secure, but then again, I should not be shocked.)

The reality is, all with sensitive data should be using W10, an edition of W10 on a machine built for seamless bitlocker (or similar if one abhors MS security) use, and use reasonable pass phrases (not passwords!) or other reasonable login methods (face unlock on a surface pro seems reasonable, and works easy enough with a short hibernate setting <sleep is not secure>, and good human action of manual locking when stepping away from the machine).

This has me pondering removing our built in password capability, since it is moot, and provides a false sense of "security".

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...