Tax security is the law, and firms that don’t meet IRS cybersecurity requirements cannot legally operate a large segment of their businesses. But what does it take to comply? Adopting the right technology is only part of what your firm needs to do. You also need a compliant data security plan.
Three years ago, the IRS added security measures to its requirements for obtaining or renewing a Tax Preparer Tax Identification Number (PTIN), which all tax preparers must have in order to legally deal with tax returns. Two years ago, the agency followed up with specific steps that tax preparers must follow to qualify for or renew a PTIN.
The simplest part of a strategy for data security that meets IRS requirements is technology adoption. Most firms have likely already implemented the basic “Security Six” technologies the IRS requires:
However, firms should go beyond merely adopting the IRS Security Six if they want to prevent phishing attacks and implement true protection against cyberattacks. And in order to qualify for a PTIN, they’ll have to go beyond implementing cybersecurity technology.
The other elements of PTIN qualification involve coming up with a written strategy for data security that passes IRS tests. This is not optional for firms; tax preparers who work without a PTIN can face severe penalties, including imprisonment for up to five years, steep fines (up to $100,000 for each violation, with officers and directors potentially being fined up to $10,000 for each violation) or both.
So, what does the IRS require in a PTIN data security plan? Here’s what the agency itself says:
This is not a simple set of tasks. They’re very likely to require outside expertise, particularly for small accounting firms. Fortunately, templates exist to assist you with creating a written plan; the IRS even offers one.
But even if some of the written work is done for you already, tasks such as picking an employee to coordinate a program, selecting a service provider to maintain safety measures, and monitoring and testing the program will fall to your firm.
Outside of finding an employee to be a coordinator, you shouldn’t try to complete any of those tasks by yourself. It’s highly unlikely that you have the internal expertise or employee resources to successfully develop a PTIN cybersecurity strategy. Most accounting firms don’t. Most small businesses don’t.
What’s more, the IRS template includes a requirement for training employees on how to avoid cyberthreats as well as for developing a plan in case of data theft. Those are also major tasks firms shouldn’t try to take on alone.
The fact is that your business is accounting—not training employees on security, meeting security requirements or even managing cybersecurity technology. The IRS cybersecurity requirements specifically say that firms need service providers to implement and maintain proper security measures. This isn’t an internal project. It is, however, the law.
Fortunately, there are service providers that can take pressure off of firms to meet PTIN requirements. Smart Security Management (SSM), a concept pioneered by Right Networks, checks the boxes for firms looking to stay PTIN compliant.
Smart Security Management represents a new model for handling security—one where firms take a holistic approach to security both inside and outside of the cloud. And who better to help you achieve this than Right Networks—a leading provider of cloud and security services with more than two decades of experience?
Right Networks security tools allow firms to not only maintain a PTIN and meet IRS cybersecurity requirements but also to achieve a higher level of security overall. Firms can adopt Smart Security Management by moving to the right set of Right Networks products, including:
Right Networks perfectly fits the profile of the security provider the IRS requires—and much more. With Right Networks, you can concentrate on serving clients and building your firm while somebody else handles the IRS cybersecurity requirements and compliance for you.
Are you ready to take your firm’s security strategy beyond where it is today? Contact Right Networks.
Join our mailing list and get all of the latest news delivered straight to your inbox.