The IRS this week published the first installment of the Security Summit’s annual data security outreach campaign: “Working Virtually: Protect Tax Data at Home and at Work.” Taking place over five weeks, this year’s event—as the title suggests—focuses on how to keeping data safe when working from home. Focusing on remote work is particularly timely given the resumption of more stringent social-distancing policies across the country.
Remember, identity thieves have been trying to crowbar their way into tax professionals’ client databases for years. After all, paid tax return preparers handle sensitive financial information—the larger the office, the riper the target. (If that wasn’t bad enough, criminals use stolen preparer credentials to fraudulently file tax returns.)
What is the Security Summit?
In 2015, the IRS, state departments of revenue, and private members of the tax industry established the Security Summit. Their goal was to develop best practices for teaching tax professionals and taxpayers to avoid identity theft tax refund fraud.
Security Summit outreach campaigns have since helped substantially cut the number of tax-related identity theft scams. The IRS notes in the press release announcing this year’s topics that there has been a 80% drop in reported incidents in the intervening years—even more impressive considering there are more adults with access to the Internet than when the Summit’s work began.
What are the “Security Six” recommendations?
The first week of the “Working Virtually: Protect Tax Data at Home and at Work” campaign is dedicated to spreading awareness of the “Security Six,” a list of six proactive steps anyone can take to protect their data. You will probably recognize a few of the recommendations.
Antivirus software tops the list, and it’s probably the one that is familiar to most people. These programs certainly offer out-of-the-box protection against older malware, but the criminals writing computer viruses aren’t content to rest on their laurels. The IRS says that you need to need to regularly download updates for your antivirus and perform both automatic and manual scans to gain the full benefit of these programs.
Firewalls filter Internet traffic for your computer or network, and they come in two flavors: hardware and software. Hardware firewalls “are particularly useful for protecting multiple computers and control the network activity that attempts to pass them,” and software firewalls perform that function for individual devices. Generally, operating systems include a firewall, but third-party programs are available.
Multi-factor authentication requires users to enter more than one security code to access the protected device. “Often [multi-factor] authentication means the returning user must enter credentials (username and password) plus another step, such as entering a security code sent via text to a mobile phone,” the IRS explains. “The idea is a thief may be able to steal the username and password but it’s highly unlikely they also would have a user’s mobile phone to receive a security code and complete the process.”
Backup software and services store a copy of your computer files in a separate location. This protection lets you restore all of the files that would otherwise be lost on a damaged or malware-compromised hard drive. Considering the rise in ransomware—criminal-created programs that lock access to infected computers—having a regularly updated backup is a very good idea. The IRS also recommends that you encrypt any taxpayer data that you back up.
Drive encryption makes life difficult for criminals by “[transforming] data on the computer into unreadable files for an unauthorized person accessing the computer to obtain data.” Anyone who has seen a documentary about encoded wartime messages is familiar with the basic concept. As with firewalls, the IRS says there are hardware- and software-based solutions.
Virtual Private Networks are the final “Security Six” recommendation, and the IRS says they’re the most important tool for anyone working from home. “A VPN provides a secure, encrypted tunnel to transmit data between a remote user via the Internet and the company network,” the IRS explains. “Search for “Best VPNs” to find a legitimate vendor; major technology sites often provide lists of top services.”