17086: Protecting Taxpayer Information

Tax professionals must remember that they have a legal requirement under federal law to protect taxpayer information. Below are tools and tips to help protect your clients and yourself.

If you fall victim to any security incident or notice any suspicious activity contact Drake Fraud Management immediately at (866) 369-9308.

Monitor for Fraud 

Watch for returns and acknowledgements for taxpayers who you do not know or who you have not filed for yet. e-Services offers tools to help safeguard you and your clients. 

• Monitor and compare the number of returns being filed with your EFIN.
• Utilize e-Services for ID Theft to get an IP PIN.

User Accounts

• Do not let an anyone set up your account for you…DO IT YOURSELF!
• Owner of the Drake Account/Software should be the Admin and know all passwords and security questions.
• Do not give Admin access to other employees or you could lose control over your account. 
• Make sure Security Questions are answered truthfully with real answers otherwise you could forget them. 

Protect Your Email Accounts

An email account is the gateway into your life which, unfortunately, means it’s also a valuable target for hackers and cyber criminals. The common email inbox can be exploited leaving all of your sensitive data open to compromise. It is not surprising that attacks on email accounts are common. 

• Protect your email accounts by not allowing others access.
• Use strong passwords.
• Change your password on a regular basis.
• Take advantage of multi-factor authentication.
  

Create Secure Passwords

Drake Software complies with IRS requirements for passwords.

Creating your password DO’S…

• Create a separate password for every website, account, system, etc.
• Use a combination of lowercase and uppercase letters, numbers and special characters.
• At least 8 characters (longer is better)
• Use passphrases instead of passwords

Creating your password DON’TS…

• Start with uppercase letters
• Use keyboard sequence (qwerty)
• Use names of family members or friends, pet names, dates, phone numbers, etc.
• Use dates that are significant to you.

Protecting your password DON’TS...

• Answer “yes” when prompted to save your password, use a password manager if necessary.
• Give your password to anyone
• Write your password down
• Rotate 3 or 4 passwords

Phishing Scams

Phishing is an email scam that attempts to obtain sensitive information, such as usernames, passwords, and credit card details, often for malicious reasons. 

• Don’t click on attachments unless they are expected and come from a known and trusted source.
• Hover your mouse over the links in each email message to display the actual URL.
• Check whether the hover-text link matches what’s in the text, and whether the link looks like a site with which you would normally do business.
• Don’t believe everything you see. Just because an email has convincing brand logos, language, and a seemingly valid email address, does not mean that it is legitimate.
• Be skeptical when it comes to your email messages—if it looks even remotely suspicious, don’t open it.
• Use security software to help defend against malware, viruses, and known phishing sites and set it to update automatically.

VPN/Remote Access

Many popular, highly-rated VPN services will leak your IP address, infect your computer with malware, install hidden tracking on your devices, steal your private information, leave your data exposed to hackers and mass surveillance, and even steal your bandwidth.

• If you must have remote access be sure to close it whenever you are not using your computer. Leaving access open can leave your entire network vulnerable.
• Free versions of remote software typically do not have the security features of a good quality service so choose wisely.