Don’t forget to protect your data during the holiday season (or ever)

Thanksgiving traditions are not one size fits all. Whether roasting turkey or preparing something completely different, families put their unique spin on the holiday. The Security Summit celebrates by kicking its annual National Tax Security Awareness Week on Cyber Monday, and this year marks the seventh anniversary of the event. (Their secret ingredient is practical tips for keeping taxpayer data safe.)

A collaboration between the Internal Revenue Service, state departments of revenue, and private members of the tax industry, the Security Summit has focused on helping tax professionals and taxpayers safeguard personally identifiable information (PII) since its formation in 2015. From November 28 – December 2, the Summit will share daily data security advice.

The Security Summit chooses to host its annual data security awareness event during the week of Cyber Monday, in part, to highlight the risks that tax professionals and taxpayers face during the busiest shopping season of the year. After all, identity thieves will deploy a flood of phishing scams to capitalize on the consumerism feeding frenzy. Knowing the telltale signs of scams and how to develop good cybersecurity hygiene can help protect you and your clients from identity theft.   

What will the Security Summit cover during National Tax Security Awareness Week 2022?

This year, the Security Summit is sharing tips for shopping online, donating to charity, reviewing written data security plans, acquiring an Identity Protection PIN, and protecting small businesses. Here is the detailed daily itinerary shared by the IRS in a recent news release:

  • Day 1 – Cyber Monday: Protect personal and financial information online
    • Use security software for computers and mobile phones – and keep it updated.
    • Make sure anti-virus software for computers has a feature to stop malware, and that there is a firewall enabled that can prevent intrusions.
    • Use strong and unique passwords for all accounts.
    • Use multi-factor authentication whenever possible.
    • Shop only secure websites; look for the “https” in web addresses and the padlock icon; avoid shopping on unsecured and public Wi-Fi in places like coffee shops, malls or restaurants.

  • Day 2 – Giving Tuesday: Beware of scammers using fake charities
    • Individuals should never let any caller pressure them into giving a donation without allowing time for them to do some research.
    • Confirm the charity is real by asking for its exact name, website and mailing address.
    • Before making a donation, use the IRS Tax-Exempt Organization Search tool (TEOS) to verify it’s an IRS-recognized charity.
    • Be careful about how a donation is made. After researching the charity, pay by credit card or check and not by gift card or wiring money.

  • Day 3 – Tax professionals should review their security protocols
    • Deploy basic security measures.
    • Use multi-factor authentication to protect tax software accounts.
    • Create a Virtual Private Network if working remotely.
    • Create a written data security plan as required by federal law.
    • Know about phishing and phone scams.
    • Create data security and data theft recovery plans.

  • Day 4 – Get an Identity Protection PIN
    • The Identity Protection PIN or IP PIN is a six-digit code known only to the individual and the IRS. It provides another layer of protection for taxpayers’ Social Security numbers on tax returns.
    • Use the Get an Identity Protection PIN (IP PIN) tool at to immediately get an IP PIN.
    • Never share the IP PIN with anyone but a trusted tax provider.

  • Day 5 – Businesses should watch out for tax-related scams and implement safeguards
    • Learn about best security practices for small businesses.
    • IRS continues protective masking of sensitive information on business transcripts.
    • A Business Identity Theft Affidavit, Form 14039-B, is available for businesses to report theft to the IRS.
    • Beware of various scams, especially the W-2 scam that attempts to steal employee income information.
    • Check out the “Business” section on IRS’s Identity Theft Central.

The IRS also recommends tax professionals read Publication 4557, Safeguarding Taxpayer Data and Small Business Information Security: The Fundamentals. Those who are interested in sprucing up (or creating) their written information security plan (WISP) can review the sample published this year by the Security Summit.  

Source: IR-2022-202 

Article provided by Taxing Subjects.