While National Tax Security Awareness Week may have come to a close, the IRS and its Security Summit partners are continuing to emphasize the importance of data security for tax professionals. With identity thieves increasingly targeting tax professionals due to the large volumes of sensitive taxpayer information you handle, it's crucial now more than ever to reassess your data security practices. In 2024 alone, the IRS reported over 250 data breach incidents affecting approximately 200,000 clients, highlighting the ongoing risks.

Why You Need to Prioritize Data Security
As a tax professional, you’re on the front lines when it comes to protecting your clients' private data. Identity thieves don't just target taxpayers—they go after tax professionals to steal personal information and file fraudulent returns. The IRS requires all tax professionals to have a Written Information Security Plan (WISP), which outlines how to protect client data and respond to potential security breaches. If you haven't reviewed or updated your WISP recently, now is the time to do so.
What Is a WISP and How Does It Help You?
A WISP is a legally required plan that tax professionals must have in place to address data security risks. The IRS has released an updated version of this plan in IRS Publication 5708, offering clear guidance and a sample template that you can adapt to your practice’s needs. Whether you’re a solo practitioner or part of a larger firm, this updated WISP helps you:
Identify and manage security risks
Implement safeguards to protect data
Outline steps to take in the event of a security breach
This updated version of the WISP includes best practices for implementing multi-factor authentication (MFA), an essential layer of security that helps protect client data from unauthorized access.
Embrace Multi-Factor Authentication (MFA)
In addition to having a WISP, the IRS reminds tax professionals that federal law requires the use of multi-factor authentication (MFA) to further protect sensitive client information. MFA adds an extra layer of security by ensuring that only authorized individuals can access sensitive accounts or systems. By integrating MFA into your practice, you’ll significantly reduce the risk of data breaches and unauthorized access to taxpayer information.
Secure Tools for Protecting Client Data
To assist you in safeguarding your practice, the IRS offers online tools such as the Tax Pro Account. This secure, mobile-friendly platform allows tax professionals to manage client data, submit Power of Attorney and Tax Information Authorization requests, and view client information safely and efficiently. By using the Tax Pro Account, you can streamline processes, avoid long waits, and keep your clients’ sensitive information secure.
Responding to a Data Breach
Despite your best efforts, data breaches can still occur. It’s essential to have an action plan ready in the event of a breach. The IRS recommends that tax professionals report a data breach affecting 500 or more people to the Federal Trade Commission (FTC) within 30 days of discovery. Additionally, breaches should be reported to the IRS, law enforcement, and the affected clients.
The IRS offers resources through its Stakeholder Liaison team to help you quickly report breaches and take steps to protect your clients, including blocking fraudulent tax returns.
Take Action Now
Although National Tax Security Awareness Week may be over, the risk of data breaches and identity theft is an ongoing concern. By updating your WISP, implementing MFA, and using secure tools like the Tax Pro Account, you can better protect both your practice and your clients from the ever-evolving threats in the digital landscape.
Helpful Resources:
IRS Publication 5708 – Creating a Written Information Security Plan for Your Tax & Accounting Practice
IRS Publication 5709 – How to Create a Written Information Security Plan for Data Safety
Security Summit Resources
IRS Tax Professional Page
Now is the time to take proactive steps to protect your practice and your clients from identity theft and data breaches. Stay vigilant, update your security practices, and continue to build a strong foundation for safeguarding sensitive information.
Comments