On July 28, 2020 the Internal Revenue Service (IRS), in partnership with the Security Summit, issued the second part of their five-part series providing tips for tax professionals to thwart off cyber-security attacks during COVID-19. The second tip is for tax professionals to use multi-factor authentication to protect client accounts. The notice also provides a reminder that beginning in 2021, all tax software providers will be required to offer multi-factor authentication options on their products that “meet higher standards.”
Multi-factor authentication, sometimes referred to as two-factor authentication, allows for additional authentication factors than just entering in a password to verify a user’s identity. Two-factor authentication requires the user to provide their password and an additional step to access their account. Sometimes, a user will receive a text message with a one-time password, or perhaps the user is asked a knowledge-based question that they previously set up, such as “what is your mother’s maiden name.” However, given the sophistication of cyber-criminals ability to exploit known weaknesses in passwords, the two-factor authentication is not always full-proof. An example of a stronger multi-factor authentication process would be where the user has to input their password and then has to provide biometric sign-in solution, such as scanning their fingerprint, voice recognition, or facial recognition. In this second example, the multi-factor authentication creates a more robust defense against unauthorized access due to the uniqueness of the biometric authentication.
Part two in this series also references easy ways for tax professionals to download authentication apps offered through Google Play and the Apple Store. Use a search engine for “Authentication apps” to learn more. The guidance reminds tax professionals to incorporate multi-factor authentication with all accounts, including cloud storage providers, as well as social media outlets.
Lastly, tax professionals should take advantage of the additional resources the IRS provides related to security recommendations and questions in Publication 4557 Safeguarding Taxpayer Data (PDF), as well as the National Institute of Standards and Technology (NIST’s) Small Business Information Security: The Fundamentals (PDF).
VW Contributor: Skylar Young
© 2020 Vandenack Weaver LLC
For more information, Contact Us