« Empowering women to be financial powerhouses | Main | 4 steps to improve nonprofit functional expense reporting »

Tax pros: How are you protecting your clients’ data?


“I don’t need to worry about identity theft because no one wants to be me.”

-Jay London

American comedian Jay London is funny, but identity theft isn’t. Unfortunately, cybercriminals know that targeting tax professionals is more effective than going after individual taxpayers; after all, tax professionals keep records on hundreds, if not thousands of individuals. This means any firm could be a target this tax season.

The IRS receives three to five data theft reports a week from tax practitioners. And, as IRS Commissioner John Koskinen said last year, “These (cybercriminals) are well-funded, knowledgeable and creative. It’s going to take all of us working together to combat these identity thieves. But doing nothing or making a minimal effort is no longer an option. Anyone who handles taxpayer information has a legal responsibility to protect it.”

While this may not be the time of year to do a full assessment of data security and technology integrity, there are steps CPA firms should take now to keep their clients’ data safe:

Cybercriminals understand tax offices and tax software. Over 90 percent of cyberattacks start with spear phishing, where thieves pretend to be financial institutions or companies and send spam or pop-up messages to get you to reveal your personal information. When malware is installed, it typically logs keystrokes and then shares user names and passwords for later unauthorized access. Criminals then go into the tax software and identify returns that are partially completed, but not e-filed. They change the bank account information in the tax file, create a big refund and then e-file the return directly from the tax pro’s office. Sometimes the thieves copy the tax return files for sale or later use. Scary stuff!


It’s no surprise that in her 2017 Annual Report to Congress, IRS National Taxpayer Advocate Nina E. Olson identified identity theft as one of the most serious problems plaguing the tax system. And ID theft is still on the IRS’ “Dirty Dozen” tax scams list. With that in mind, check out the AICPA’s other cyber resources, including:

  • Cybersecurity Resource Center: tools to help assess and improve cybersecurity
  • Webcast: a review of how to keep your clients’ personal information secure while protecting your firm’s reputation

Jay London also said, “A guy gave me a job at an information booth — no questions asked.”  Identity theft is something about which you need to ask a lot of questions. Start with the basics right away and do a full assessment after busy season. You’ll be glad you did, and so will your clients.  

Edward Karl, CPA, CGMA, Vice President- Taxation, Association of International Certified Professional Accountants

Cybersecurity courtesy of Shutterstock



Comments are moderated. Please review our Comment Policy before posting.
comments powered by Disqus


Subscribe in a reader

Enter your Email: