DataTheft-IRS.pdf | essaytalents

Slide 1

Tax Professional Data Theft and Protection

Communications & Liaison

STAKEHOLDER LIAISON

___________________________________

Slide 2

Webinar Topics

Taxes-Security-Together Checklist Steps

A. Implement the “Security Six” basic protections

B. Create a written data security plan

C. Educate yourself on phishing scams

D. Recognize the signs of client data theft

E. Create a data theft recovery plan

Communications & Liaison STAKEHOLDER LIAISON

___________________________________

Slide 3 Taxes-Security-Together Checklist – Item A:

Implement the “Security Six” Basic Protections

1. Anti-virus software

2. Firewalls

3. Two-factor authentication

4. Backup software/services

5. Drive encryption

6. Virtual Private Network (VPN)

Communications & Liaison STAKEHOLDER LIAISON

___________________________________

Slide 4

“Security Six” Basic Protection # 1 – Anti-virus

Software

• Scans computer files for malicious software

• Automatic scans

• Manual scans of email attachments, web downloads,

and portable media

• Protection against spyware and phishing

Communications & Liaison STAKEHOLDER LIAISON

___________________________________

Slide 5

“Security Six” Basic Protection # 2 – Firewalls

• Provide protection against outside attackers

• Shield computer or network

• Firewalls are categorized as:

• Hardware – external devices

• Software – built-in or purchase

Communications & Liaison STAKEHOLDER LIAISON

___________________________________

Slide 6

“Security Six” Basic Protection # 3 – Two-

factor authentication

• Adds an extra layer of protection beyond a password

• User must enter credentials

• username and password plus another step (such as a

security code sent via text to a mobile phone)

Communications & Liaison STAKEHOLDER LIAISON

___________________________________

Slide 7 Communications & Liaison STAKEHOLDER LIAISON

___________________________________

Slide 8 Communications & Liaison STAKEHOLDER LIAISON

___________________________________

Slide 9 Communications & Liaison STAKEHOLDER LIAISON

___________________________________

Slide 10 Communications & Liaison STAKEHOLDER LIAISON

___________________________________

Slide 11

“Security Six” Basic Protection # 4 – Backup

Software/Services

• Critical files on computers should routinely be backed up to external sources

• Backup files may be stored either using an online service or on an external disk

• Encrypt the back-up data for the safety of the information

Communications & Liaison STAKEHOLDER LIAISON

___________________________________

Slide 12

“Security Six” Basic Protection # 5 – Drive

Encryption

• Use drive or disk encryption software for full-disk encryption

• Transforms data on the computer into unreadable files for an unauthorized person

Communications & Liaison STAKEHOLDER LIAISON

___________________________________

Slide 13

“Security Six” Basic Protection # 6 – Virtual

Private Network (VPN)

A VPN provides a secure, encrypted tunnel to transmit data between a remote user via the internet and the company network

Search for “Best VPNs” to find a legitimate vendor

Communications & Liaison STAKEHOLDER LIAISON

___________________________________

Slide 14

How to get started with the “Security Six”

Protections

• Review professional insurance policy

• Some offer coverage for data thefts

• Review IRS Publication 4557, Safeguarding Taxpayer

Data

• Small Business Information Security:

The Fundamentals by National Institute of Standards

and Technology (NIST) – www.nist.gov

Communications & Liaison STAKEHOLDER LIAISON

___________________________________

Slide 15

Five key pillars of the successful and holistic cybersecurity program

NIST Cybersecurity Framework

Source: www.nist.gov/cyberframework

National Institute of Standards & Technology – Cybersecurity Framework

___________________________________

Slide 16

• Identify physical and software assets

• Identify cybersecurity policy

NIST Cybersecurity Framework

Source: www.nist.gov/cyberframework

The Identify Function

___________________________________

Slide 17

Source: www.nist.gov/cyberframework

The Identify Function – Risk Management

NIST Cybersecurity Framework

___________________________________

Slide 18

• Establish a Data security protection plan – Confidentiality, Integrity, Availability (CIA)

• Manage Protective Technology

• Equipment

Source: www.nist.gov/cyberframework

The Protect Function

NIST Cybersecurity Framework

___________________________________

Slide 19

• Confidentiality – protecting information from unauthorized access and disclosure.

• Integrity – protecting information from unauthorized modification.

• Availability – preventing disruption in how you access information.

Source: www.nist.gov/cyberframework

NIST Cybersecurity Framework

The Protect Function – Confidentiality, Integrity, Availability (CIA)

___________________________________

Slide 20

• Physical Security

• Personnel Security

• Contingency Planning and Disaster Recovery

• Operational Security

• Privacy

Source: www.nist.gov/cyberframework

NIST Cybersecurity Framework

The Protect Function – Protect Devices and Information

___________________________________

Slide 21

• Install anti-malware/anti-virus security software

• Use strong passwords, protect wireless devices

• Encrypt all sensitive files/emails

• Back up sensitive data to a safe (external source)

• Wipe clean or destroy old equipment

• Limit access to taxpayer data (need to know)

Source: www.nist.gov/cyberframework

The Protect Function – Review Internal Controls

NIST Cybersecurity Framework

___________________________________

Slide 22

• Implementing security continuous monitoring capabilities to monitor cybersecurity events

• Ensuring anomalies and events are detected, and their potential impact is understood

• Verifying the effectiveness of protective measures

Source: www.nist.gov/cyberframework

The Detect Function

NIST Cybersecurity Framework

___________________________________

Slide 23

• Electronic Return Rejected (Paper Return)

• Verification Letters (5071C or 4883C)

• https://www.irs.gov/individuals/irs-notice-or-letter-for-individual-filers External

• Transcripts

• Receipt of US Treasury Refund Check

• Receipt of Reloadable Prepaid Card

• Receipt of Refund Transfer Company Check

Detect Function – Signs of a Breach- The Victim Experience

Source: www.nist.gov/cyberframework

NIST Cybersecurity Framework

___________________________________

Slide 24

Detect Function – Recognize a Phishing Scam

Source: www.nist.gov/cyberframework

NIST Cybersecurity Framework

___________________________________

Slide 25

• Usually comes in the form of Phishing email and has attachments or links.

• Ransomware is a type of malware that restricts access to infected computers and requires victims to pay a ransom to regain access to their data

• Typical ransoms are in the range of $100 – $300, and are often demanded in the form of digital currency, such as Bitcoin

Detect Function – Ransomware

Source: www.nist.gov/cyberframework

NIST Cybersecurity Framework

___________________________________

Slide 26

Detect Function – Ransomware

Source: www.nist.gov/cyberframework

NIST Cybersecurity Framework

___________________________________

Slide 27

• Cybercriminals are able to identify chief operating officers, school executives or others in position of authority (Social Engineering).

• Fraudsters mask themselves as executives or people in authoritative positions and send emails to payroll or human resources requesting copies of Forms W-2. (Grooming

Detect Function – Business Email Compromise

Source: www.nist.gov/cyberframework

NIST Cybersecurity Framework

___________________________________

Slide 28

• Form W-2 contains the following (Exchange of Information)

• Employment Identification Numbers (EIN)

• Social Security Numbers

• Income / Withholdings (Federal, State, Local)

• Address

• Retirement Plan

• Health Benefits Plan

Detect Function – Business Email Compromise

Source: www.nist.gov/cyberframework

NIST Cybersecurity Framework

___________________________________

Slide 29

—–Original Message—–

From: Mickey Mouse <[email protected]>

Sent: Tuesday, January 22, 2019 1:03 PM

To: Minnie Mouse <[email protected]>

Subject: Request

Hi Minnie,

I need you to email me 2018 W2s of all employees. How soon can you get me those?

Regards

Mickey Mouse

Detect Function – Business Email Compromise

Source: www.nist.gov/cyberframework

NIST Cybersecurity Framework

___________________________________

Slide 30

Detect Function – Example: Warning Labels

Source: www.nist.gov/cyberframework

NIST Cybersecurity Framework

___________________________________

Slide 31

• Ensuring Response Planning processes are executed during and after an incident

• Managing Communications during and after an event

• Analyzing effectiveness of response activities

Respond Function – Signs of a Breach- The Victim Experience

Source: www.nist.gov/cyberframework

NIST Cybersecurity Framework

___________________________________

Slide 32

• Contact IRS Stakeholder Liaison When Compromise Detected

• Stakeholder Liaison will refer Information within IRS (i.e. Criminal Investigations, Return Integrity & Compliance Services)

• Follow State Reporting Requirements (i.e. State Attorney General, State Consumer Protection Bureaus, State Police)

• Report Compromise to FBI, US Secret Service, Federal Trade Commission

Respond

Source: www.nist.gov/cyberframework

NIST Cybersecurity Framework

___________________________________

Slide 33

• Contact experts:

• Security expert – to determine the cause and scope of the breach, to stop the breach and to prevent further breaches from occurring.

• Insurance company – to report the breach and to check if your insurance policy covers data breach mitigation expenses.

Respond

Source: www.nist.gov/cyberframework

NIST Cybersecurity Framework

___________________________________

Slide 34

• Contact experts:

• Security expert – to determine the cause and scope of the breach, to stop the breach and to prevent further breaches from occurring.

• Insurance company – to report the breach and to check if your insurance policy covers data breach mitigation expenses.

Respond

Source: www.nist.gov/cyberframework

NIST Cybersecurity Framework

___________________________________

Slide 35

• Ensuring the organization implements Recovery Planning processes and procedures

• Implementing improvements based on lessons learned

• Coordinating communications during recovery activities

Recover

Source: www.nist.gov/cyberframework

NIST Cybersecurity Framework

___________________________________

Slide 36

• Update your IRS Stakeholder Liaison with developments;

• Review FTC’s Data Breach Response: A Guide for Business

• Determine how the intrusion or theft occurred Develop a continuity plan.

• Make full backups of all business data and files. If you weren’t doing it before the data loss, start as soon as your systems are clean.

Recover

Source: www.nist.gov/cyberframework

NIST Cybersecurity Framework

___________________________________

Slide 37

• A routine backup means a data loss or ransomware attack (as well as a hurricane or flood) will not destroy all files.

• Encrypt backed up files.

• Consider a monthly backup schedule, or more often during the filing season.

• Backup files after completing a routine system scan.

• Use an external hard drive or cloud storage; encrypt files prior to uploading to the cloud.

Recover

Source: www.nist.gov/cyberframework

NIST Cybersecurity Framework

___________________________________

Slide 38

Five key pillars of the successful and holistic cybersecurity program

NIST Cybersecurity Framework

Source: www.nist.gov/cyberframework

___________________________________

Slide 39 Taxes-Security-Together Checklist – Item B:

Create a Data Security Plan

• Required under federal law

• Gramm-Leach-Bliley (GLB) Act, the “Safeguards Rule” , administered

by the FTC, requires you to ensure the security and confidentiality of

customer records and information

• GLB Act “Financial Privacy Rule” deals with privacy notices,

information collection and sharing

• IRC imposes criminal and monetary penalties for knowingly or

recklessly making unauthorized disclosures

• IRS Revenue Procedure 2007-40 for Authorized IRS e-file Provider

Communications & Liaison STAKEHOLDER LIAISON

___________________________________

Slide 40

Taxes-Security-Together Checklist – Step C:

Educate Yourself on Phishing Scams

• Many data thefts start with a phishing email

• Click on a link to a fake website

• Open an attachment with embedded malware

• Spear phishing email to pose as a trusted source

• Account Takeover

• Ransomware

Communications & Liaison STAKEHOLDER LIAISON

___________________________________

Slide 41

Steps to Help Protect Data

• Use separate personal and business emails

• Protect with strong passwords

• Two-factor authentication

• Install anti-phishing tools

• Use security software

Communications & Liaison STAKEHOLDER LIAISON

___________________________________

Slide 42

Steps to Help Protect Data – continued

• Never open or download attachments from unknown senders

• Password-protect and encrypt documents

• Do not respond to suspicious or unknown emails; if IRS related, forward to [email protected]

Communications & Liaison STAKEHOLDER LIAISON

___________________________________

Slide 43

Taxes-Security-Together Checklist – Step D:

Recognize the Signs of Client Data Theft

• Tax professionals should learn the signs of a possible data theft

• Data theft may result in fraudulent tax returns being filed in their clients’ names

• Cybercriminals are tax savvy in their attempts to gain sensitive tax data

Communications & Liaison STAKEHOLDER LIAISON

___________________________________

Slide 44

Signs of Client Data Theft

• Client e-filed returns begin to reject

• Clients who haven’t filed tax returns begin to receive authentication letters (5071C, 4883C, 5747C) from the IRS

• Clients who haven’t filed tax returns receive refunds

Communications & Liaison STAKEHOLDER LIAISON

___________________________________

Slide 45

Signs of Client Data Theft – continued

• Clients/Practitioners receive tax transcripts that they did not request

• Clients who created an IRS Online Services account are notified that their account was accessed or disabled

• Another variation: Clients receive notice that an account was created in their names

Communications & Liaison STAKEHOLDER LIAISON

___________________________________

Slide 46

Signs of Client Data Theft – continued

• The number of returns filed with tax practitioner’s Electronic Filing Identification Number (EFIN) or their Practitioner Tax Identification Number (PTIN) exceeds number of clients assisted.

Communications & Liaison STAKEHOLDER LIAISON

___________________________________

Slide 47

Taxes-Security-Together Checklist – Step E:

Create a Data Theft Recovery Plan

• An action plan can save valuable time and protect your clients and yourself

• Make calling the IRS an immediate action item

Communications & Liaison STAKEHOLDER LIAISON

___________________________________

Slide 48

Data Compromise Action Items

Contact IRS and law enforcement

• Tax professionals contact IRS Stakeholder Liaisons

immediately

• Search “stakeholder liaisons” on IRS.gov

Communications & Liaison STAKEHOLDER LIAISON

___________________________________

Slide 49

Data Compromise Action Items – continued

Contact State Agencies:

• State revenue agencies – email Federation of Tax

Administrators for state agency contacts at

[email protected]

• State Attorneys General

Contact experts:

• Security expert

• Insurance company

Communications & Liaison STAKEHOLDER LIAISON

___________________________________

Slide 50

Data Compromise Action Items – continued

Contact Clients and Other Services

• FTC for guidance for businesses

• Email: [email protected]

• Credit Bureaus

• Clients

Review guidance at IRS.gov/identitytheft

Communications & Liaison STAKEHOLDER LIAISON

___________________________________

Slide 51 Use the Checklists in IRS Pub 4557

Source: IRS Pub 4557

___________________________________

Slide 52

Publications

• Publication 4557, Safeguarding Taxpayer Data

• Publication 4524, Security Awareness for Taxpayers

• Publication 5293, Data Security Resource Guide for Tax Professionals

Related IRS.gov Resources

• Videos, alerts, fact sheets, news releases

Sources

___________________________________

Slide 53

Federal Trade Commission “Start With Security”

https://www.ftc.gov/tips-advice/business-center/guidance/start-security-guide-business

Department of Commerce’s National Institute of Standards and Technology (NIST)

Small Business Information Security: The Fundamentals

https://www.nist.gov/cyberframework

Center for Internet Security (CIS)

https://www.cisecurity.org/critical-controls.cfm

Sources

___________________________________

Slide 54

Resources – continued

IRS.gov websites:

• www.IRS.gov/securitysummit

• www.IRS.gov/ProtectYourClients

• www.IRS.gov/IdentityTheft

Communications & Liaison STAKEHOLDER LIAISON

___________________________________

Slide 55

Monitor Your EFIN, PTIN and CAF Numbers

___________________________________

Slide 56 • Thieves impersonate tax pros to:

• File fraudulent returns

• Submit Power of Attorney forms

• Call Practitioner Priority Service line

• Attempt to access client accounts

• Attempt to access e-Services

• IRS responses include:

• 2-factor authentication for e-Services accounts

• Authorization requirements for PPS callers

• Redacted tax transcripts

Stolen EFINs, PTINs and CAFs

___________________________________

Slide 57

• Only the IRS can issue EFINs

• Review periodically for accuracy and updates

• Update change in business operations within 30 days

• Changes in address, phone numbers or personnel

• Add or remove authorized users (responsible officials, principal consent, delegated users, etc.)

• Know when a new EFIN is needed

• New ownership of a firm (EFIN not transferable)

• New location that transmits e-File returns

Maintain Your EFIN Application

___________________________________

Slide 58

For EFIN weekly totals:

• Go to e-Services

• Access e-File Application

• Search by name

• Select “EFIN Status”

___________________________________

Slide 59 Report Suspected EFIN Abuse

• Too many returns filed with your EFIN?

Contact e-Help Desk (866) 255-0654

___________________________________

Slide 60 • Monitor “Returns Filed per PTIN”

• Information available via online PTIN system for tax preparers who meet both of the following criteria:

• Have a professional credential or are an Annual Filing Season Program participant, and

• Have at least 50 Form 1040 series tax returns processed in the current year

Monitor Your PTIN

___________________________________

Slide 61 • A CAF number is assigned the first time you file a

third-party authorization with IRS.

• Review your Power of Attorney submissions annually

• Withdraw your POA for clients you no longer represent by mailing or faxing the existing POA to the IRS using the “Where to File” chart. Write “Withdraw” at the top.

Maintain Your POA Files

___________________________________

Slide 62 • To access “Returns Filed Per PTIN” information,

follow these steps:

1. Log into your PTIN account

2. From the Main Menu, find “Additional Activities”

3. Under Additional Activities, select “Summary of Returns Filed.”

How to Access PTIN Information

___________________________________

Slide 63 Summary of Returns Filed Chart

___________________________________

Slide 64 Report Misuse of your PTIN

___________________________________

Slide 65 • A CAF number is assigned the first time you file a

third-party authorization with IRS.

• Review your Power of Attorney submissions annually

• Withdraw your POA for clients you no longer represent by mailing or faxing the existing POA to the IRS using the “Where to File” chart. Write “Withdraw” at the top.

Maintain Your POA Files

___________________________________

Slide 66 • Using stolen CAF numbers to try to obtain tax

transcripts is the latest ID theft trend.

• Receiving unexpected tax transcripts is a sign of identity theft.

• Contact the IRS if there is suspected abuse of your CAF number.

• Review Publication 4557, Safeguarding Taxpayer Data, for additional security steps

Monitor Your CAF Number

___________________________________