IRS data security plan

ILLMAS · December 6, 2019

Can't remember if this has been discussed before, but who is ready or not for the mandatory security plan?

Elrod · December 6, 2019

I think this is it..??? Not sure.. Maybe though.

Tax Security 101: Security Summit reminds professional tax preparers of data security plan requirements.

WASHINGTON — The Internal Revenue Service and Security Summit partners reminded tax professionals that protecting taxpayer information isn’t just good for the clients and good for business – it’s also the law.

https://www.irs.gov/newsroom/tax-security-101-security-summit-reminds-professional-tax-preparers-of-data-security-plan-requirements

Pacun · December 6, 2019

"designate one or more employees to coordinate its information security program;

identify and assess the risks to customer information in each relevant area of the company’s operation and evaluate the effectiveness of the current safeguards for controlling these risks;

design and implement a safeguards program and regularly monitor and test it;

select service providers that can maintain appropriate safeguards, make sure the contract requires them to maintain safeguards and oversee their handling of customer information; and

evaluate and adjust the program in light of relevant circumstances, including changes in the firm’s business or operations, or the results of security testing and monitoring."

I guess I should be OK if I designed myself as the coordinator and I make sure that computer and ATX program can only be accessed with passwords, encrypt my hard drive, have antivirus, use comcast who also has security, and I only transmit returns to ATX server. What do you think?

BLACK BART · December 6, 2019

2 hours ago, Pacun said:

...I guess I should be OK if I designed myself as the coordinator and I make sure that computer and ATX program can only be accessed with passwords, encrypt my hard drive, have antivirus, use comcast who also has security, and I only transmit returns to ATX server. What do you think?

As they say: "Sounds like a plan to me." I'm pretty sure yours is like 90% of other tax preparers in this country (excepting the Big Three/Four/Five/Whatever national CPA firms). HERE'S MINE:

(1) designate one or more employees to coordinate its information security program.

I ALSO NAMED MYSELF AS SECURITY COORDINATOR.

(2) identify and assess the risks to customer information in each relevant area of the company’s operation and evaluate the effectiveness of the current safeguards for controlling these risks.

I KNOW OF TWO OR THREE LOWLIFES AROUND HERE WHO WOULD BURGLARIZE THE PLACE IF THEY COULD, BUT I'VE GOT A LANDSCAPE TIMBER UNDER EVERY DOORKNOB AND THEY CAN'T KEEP THEIR STOLEN TOOLS WITHOUT PAWNING THEM FOR LIQUOR.

(3) design and implement a safeguards program and regularly monitor and test it.

I BUY FILE CABINETS, LOCK THEM, AND PULL ON THE HANDLES EVERY NOW AND THEN TO SEE IF THEY STILL WORK .

(4) select service providers that can maintain appropriate safeguards, make sure the contract requires them to maintain safeguards and oversee their handling of customer information.

I DON'T HAVE ANY SERVICE PROVIDERS EXCEPT ATX AND MALWAREBYTES. ALL MY STUFF'S HERE AND NOT UP IN THE CLOUDS. JUST HOPE THOSE GUYS AT ATX CAN KEEP A TIGHT LIP ON THEIR END/ DON'T TRUST MAL TOO MUCH 'CAUSE THEIR REP'S IN BORA-BORA OR SOMEWHERE AND BARELY SPEAKS ENGLISH.

evaluate and adjust the program in light of relevant circumstances, including changes in the firm’s business or operations, or the results of security testing and monitoring.

WELL, IF THE PLACE BURNS, THE FILES WILL GO WITH IT. IF TORNADO, THEN ME AND THE BATHTUB WILL GO WITH IT, SO I''LL BE OUT OF REACH OF IRS. WE HAVE FAKE ADT STICKERS (FRONT AND BACK) PLUS A BLINKING RED ROOM DEODORIZER THAT LOOKS LIKE A BURGLAR ALARM IN THE BACK WINDOW. OTHER THAN THAT, THE OUTSIDE MOTION LIGHTS ALL HAVE WORKING BULBS, SO CAN'T THINK OF WHAT ELSE TO DO EXCEPT MAYBE CHAIN UP A PIT BULL IN THE BACK YARD.

BB

Roberts · December 6, 2019

4 hours ago, Pacun said:

I guess I should be OK if I designed myself as the coordinator and I make sure that computer and ATX program can only be accessed with passwords, encrypt my hard drive, have antivirus, use comcast who also has security, and I only transmit returns to ATX server. What do you think?

I certainly hope you are ok because other than Comcast, that's my plan. Everything electronic including backups are on encrypted drives. My physical files are all in a locked drawer but this will give me the incentive to start scanning a few folders each day.

95% of my business is on my laptop with 3 copies. One copy in my drawer, one copy in backup laptop in the office and another copy on a laptop at home. I don't have the tax software on those other computers though - just the backups. 100% of my securities business is on my laptop configuration or uploaded to my clearing firm.

Randall · December 9, 2019

I'm thinking the same thing. I received a PPC notice a while back. I just copied it and made a few handwritten notes on it and called it my plan. I'm just a one person office so I hope it suffices.

Roberts · December 13, 2019

I've been thinking more and more about this stuff. Electronic data theft I'm not overly worried about.

What type of liability does a preparer have if their physical files and paperwork are broken into and or stolen? Everything I see online is about electronic data but that's not what worries me. The CPA in the office next to mine has a massive room for of physical files and he doesn't even own a scanner.

Abby Normal · December 13, 2019

Data is data. Doesn't matter if it's on paper or digital. The only reason they mostly mention digital is that's the way most people work these days, especially larger firms.

Randall · December 16, 2019

I noticed my liability insurance plan has a new form about this with the renewal paperwork.

JohnH · December 17, 2019

On 12/13/2019 at 3:58 PM, Abby Normal said:

Data is data. Doesn't matter if it's on paper or digital. The only reason they mostly mention digital is that's the way most people work these days, especially larger firms.

True, data is data. But I've never seen a scratch wipe out 10 years of paper data. On the other hand, the password protection for paper data is seriously deficient.

BLACK BART · December 17, 2019

3 hours ago, JohnH said:

True, data is data. But I've never seen a scratch wipe out 10 years of paper data. On the other hand, the password protection for paper data is seriously deficient.

John, you've got to stop using those silver discs for sanding wheels on your electric drill/screwdriver. By the way, where'd you get the adaptor for the big hole in the center (I have not been able to find one).

About the deficiency of password protection, start using the PC pronouns for openers; you know: xe, xur, sie, hir - stuff like that. A sane hacker who doesn't speak Chinese-flavored Lithuanian would be expecting your birthday, anniversary, dog's name, etc.

JohnH · December 17, 2019

2 hours ago, BLACK BART said:

John, you've got to stop using those silver discs for sanding wheels on your electric drill/screwdriver. By the way, where'd you get the adaptor for the big hole in the center (I have not been able to find one).

About the deficiency of password protection, start using the PC pronouns for openers; you know: xe, xur, sie, hir - stuff like that. A sane hacker who doesn't speak Chinese-flavored Lithuanian would be expecting your birthday, anniversary, dog's name, etc.

Bart, this person thinks you person may have a good password idea there (just being extra careful here).

BLACK BART · December 18, 2019

On ‎12‎/‎13‎/‎2019 at 2:48 PM, Roberts said:

I've been thinking more and more about this stuff. Electronic data theft I'm not overly worried about.

What type of liability does a preparer have if their physical files and paperwork are broken into and or stolen? Everything I see online is about electronic data but that's not what worries me. The CPA in the office next to mine has a massive room for of physical files and he doesn't even own a scanner.

I'm just the opposite. We live in back here and I've got a .25 auto, .32 auto, 2 .38s & 1 .357 mag. revolvers, + a 20 ga. shotgun scattered around, so if they they back a truck through the front door (like in the movies) and snatch all the computers off the desks, we'll hear them and stop it.

Although my computers and ATX are encrypted - the electronic side worries me. A lady on this board a few years ago complained that somebody (don't remember if she used ATX or who) had swiped many of her previous year rollovers, filed first (before clients did), and she was trying to get help. She called EF center; they brushed her off saying "they didn't handle that kind of problem". Then she tried IRS CID and they too gave her the run-around. As you know, local police are useless re computer info theft. Anyhow, to sum up, nobody could/would help and she was on her own. Seems like she limited the damage somewhat through the software company. But anyway, how is it possible to block this?

TAXMAN · December 18, 2019

Dad once told me "Locks only keep a honest man honest" So If I really wanted your stuff I will find a way to get it. Kinda old adage ain't it.

Catherine · December 19, 2019

7 hours ago, TAXMAN said:

So If I really wanted your stuff I will find a way to get it.

THAT is the key; make it too much of a hassle so they go to the next place, hoping for an easier score.

BLACK BART · December 19, 2019

19 hours ago, TAXMAN said:

...If I really wanted your stuff I will find a way to get it...

Could be, but I think you'd find it more than a handful.

JohnH · December 20, 2019

This theft discussion reminds me of the response I give when a client turns "prepper" and asks me whether they should buy gold in preparation for a total economic collapse. My answer is always the same. "In the scenario you're anticipating, the only metal that will make any significant difference is lead."

Catherine · December 20, 2019

7 hours ago, JohnH said:

the only metal that will make any significant difference is lead

If they are expecting werewolves, silver might be advisable.

Gail in Virginia · December 20, 2019

1 hour ago, Catherine said:

If they are expecting werewolves, silver might be advisable.

I think buckshot is no longer made of lead, but instead tungsten or plastic is more common. Not sure, but I think this is to prevent kids who eat paint from growing up to eat buckshot. Or maybe the deer were getting dumber from being shot full of lead.

Randall · December 23, 2019

Grubbing for berries and dodging bullets.

Abby Normal · December 23, 2019

On 12/20/2019 at 4:45 PM, Gail in Virginia said:

I think buckshot is no longer made of lead, but instead tungsten or plastic is more common. Not sure, but I think this is to prevent kids who eat paint from growing up to eat buckshot. Or maybe the deer were getting dumber from being shot full of lead.

I know you're joking around, but less lead in the environment is a very good thing.

Medlin Software, Dennis · December 23, 2019

On 12/20/2019 at 4:25 AM, JohnH said:

This theft discussion reminds me of the response I give when a client turns "prepper" and asks me whether they should buy gold in preparation for a total economic collapse. My answer is always the same. "In the scenario you're anticipating, the only metal that will make any significant difference is lead."

A real "prepper" would show zero clues to anyone outside of their circle, and would not ask for such advice from even their tax person .

Medlin Software, Dennis · January 3, 2020

I very much appreciate this topic. I just finished a conversation with someone who has a PTIN, and was asking why we are no longer allowing our software to work with Windows XP. besides the obvious, I pointed out how they, as having a PTIN, falls under the security plan requirements mentioned here (which started in 1999!). I pointed out there was zero chance they could avoid liability when using a known outdated and insecure OS. (Funny how the suggested plans include things which are not actually secure, but then again, I should not be shocked.)

The reality is, all with sensitive data should be using W10, an edition of W10 on a machine built for seamless bitlocker (or similar if one abhors MS security) use, and use reasonable pass phrases (not passwords!) or other reasonable login methods (face unlock on a surface pro seems reasonable, and works easy enough with a short hibernate setting <sleep is not secure>, and good human action of manual locking when stepping away from the machine).

This has me pondering removing our built in password capability, since it is moot, and provides a false sense of "security".

Pacun · January 9, 2020

If anyone has a plan, can you share it with me? Mine is getting old.

Sign In

IRS data security plan

Recommended Posts

ILLMAS

Elrod

Pacun

BLACK BART

Roberts

Randall

Roberts

Abby Normal

Randall

JohnH

BLACK BART

JohnH

BLACK BART

TAXMAN

Catherine

BLACK BART

JohnH

Catherine

Gail in Virginia

Randall

Abby Normal

Medlin Software, Dennis

Medlin Software, Dennis

Pacun

Join the conversation

Recently Browsing 0 members

Browse

Activity