New IRS Cyber Security Requirements for Tax Accountants

The IRS has new requirements for Tax Professionals that you should be aware of. These requirements cannot be fulfilled without the help of a professional Cyber Security company. We’re here to fill that need with our many years of experience and satisfied clients.

A firewall and an anti-virus are no longer adequate to stop a hacker – it doesn’t even slow them down. Smaller companies think they aren’t a hacker’s target, but often they are using you to get to your client’s information.

The Cyber world is changing constantly and we do our homework – we do research, we work with partners and colleagues to keep up with the latest technology and threats, and we test and use everything we provide our clients.

I’ll break the IRS requirements down for you and where we can help. It’s much more complicated than you think because we analyze your business to make it more efficient as well as more secure.

IRS Tax Tip 2019-119, August 29, 2019
Tax pros must create a written security plan to protect their clients’ data. In fact, the law requires them to make this plan.

Many tax preparers may not realize they are required under federal law to have a data security plan. Each plan should be tailored for each specific office. When creating it, the tax professional should take several factors into consideration. This includes things like the company’s size, the nature of its activities, and the sensitivity of its customer information.

Creating a plan
Tax professionals should make sure to do these things when writing and following their data security plans:

  • Include the name of all information security program managers.
  • Identify all risks to customer information.
  • Evaluate risks and current safety measures.
  • Design a program to protect data.
  • Put the data protection program in place.
  • Regularly monitor and test the program.

This is why we do a full Cyber Security Risk Assessment – to identify and evaluate risks to your customer information. We evaluate all your assets – not just local servers but software (local or cloud), data storage, email, all other devices (phones, routers, switches, laptops, USB drives, etc.), employees and any other assets we might discover in a Risk Assessment.

Then we develop a plan to protect those assets. This plan will include closing the gap on any vulnerabilities along with any software you need, for instance we might suggest products that require you to set up roles and procedures for each person and each asset they access. You may think this will slow you down but it doesn’t – it protects you without having to use a VPN, which is really slow!

In fact, the goal is to adapt and innovate with a hyperconnected, secure business – give everyone the insights and freedom to thrive by connecting your data, processes, and teams with intelligent business applications.

If you’ve already bought licenses for any productivity/efficiency software, you’re most likely paying for things you don’t need or use. We will be able to get you the correct licenses for your business at a discount as part of our services.

Back to your data security – the storage you use (Google Drive, DropBox, etc.) may encrypt your data once it gets there, but is the upload (or download) encrypted and does it remain encrypted if it’s downloaded? This is exactly what hackers look for – increased activity during tax time on your part means scrutiny on theirs.

We implement that plan and also educate and train on any new implementations that your business requires to have increased security and efficiency.

Phishing, or attaching viruses, keyloggers, etc. to emails, is one of the most common ways hackers get you. We train you and your staff on how to identify and check out suspicious emails. Even if you don’t click on a link, just opening it raises a flag to the waiting hacker.

We manage and monitor. We work on a flat-rate basis so that we’re always there for you, monitoring behind the scenes, so we catch and respond quickly and efficiently to every threat.

You may not even know you’ve been compromised – it’s not like the hackers announce themselves. That’s why we provide a Free Dark Web Scan to see if your data (and your client’s data) is already out there for sale.

You have to remember who is legally liable if you get compromised – it’s not your IT, it’s the business and possibly the owner and stakeholders personally. Plus it’s a $2,000 penalty from the SEC per instance of client data, which can add up fast. If you’ve had even as low as 100 clients over the years and are storing their data, that’s a minimum of $200K.

If you get hit with ransomware, you better have about $2M set back to pay out and be down until you get your data back – and sometimes they do NOT return you to normal. Statistics show that about 50% of companies fail within 6 months of being hacked.

We also offer Cyber Security Insurance, so if the plan has been implemented, it will actually pay out!

Please schedule a consultation at and we’ll help you meet these new IRS requirements quickly so you’re ready for tax season while we also help your business run more efficiently.

Schedule a free consultation at