IRS 7 Cybersecurity Tips to Keep Holidays From Ruining Tax Season


DOL Officially Delays Start of Fiduciary Rule

10 Worst States for Depression Among the College Educated

12 Best Small Cities for Successful Aging: 2017

The holidays are the prime season for criminals shopping for credit card numbers, financial account information, Social Security numbers and other sensitive data that could help them file a fraudulent tax return.

The Internal Revenue Service recommended this week that anyone who has an online presence should take seven simple steps that could go a long way to protect their identity and personal information.


Cybercriminals seek to turn stolen data into quick cash, either by draining financial accounts, charging credit cards, creating new credit accounts or using stolen identities to file a fraudulent tax return for a refund.

(Related: SEC Exams to Focus on Cybersecurity, Seniors in 2018)

During the current online holiday shopping season, the IRS, along with state tax agencies and the tax community, partners in the Security Summit, are marking “National Tax Security Awareness Week,” Nov. 27 to Dec.1, with reminders to taxpayers and tax professionals.


In addition to its specific recommendations for online security, the IRS says people can take a couple of additional steps several times a year to make sure they have not become an identity theft victim.

One is to receive a yearly free credit report from each of the three major credit bureaus, and check it for any unfamiliar credit changes.

Another is to create a “My Social Security” account online with the Social Security Administration on which users can see how much income is attributed to their SSN. This can help determine whether someone else is using the SSN for employment purposes.


The IRS suggests that people visit the “Taxes. Security. Together.” awareness campaign or review IRS Publication 4524, Security Awareness for Taxpayers to see what can be done to protect themselves online.

Following are the IRS’s seven steps to help with online safety and protect tax returns and refunds in 2018.

Shop at Familiar Online Retailers


1. Shop at Familiar Online Retailers

The IRS notes that sites using the “s” designation in “https” at the start of the URL are generally secure. Users should look for the “lock” icon in the browser’s URL bar. But the agency also cautions users to be wary: bad actors can obtain a security certificate, so the “s” may not vouch for the site’s legitimacy.

Avoid Unprotected Wi-Fi


2. Avoid Unprotected Wi-Fi

Unprotected public Wi-Fi hotspots may allow thieves to view transactions. The IRS advises users not to engage in online financial transactions if they are using unprotected public Wi-Fi. They should also beware purchases at unfamiliar sites or clicks on links from pop-up ads.

Learn to Recognize and Avoid Phishing Emails


3. Learn to Recognize and Avoid Phishing Emails

These emails pose as a trusted source, such as financial institutions or the IRS, and may suggest that a password is expiring or an account update is needed. The criminal’s goal is to entice users to open a link or attachment.

Keep Computers, Phones and Tablets Clean


4. Keep Computers, Phones and Tablets Clean

The IRS recommends the use of security software to protect against malware that may steal data and viruses that could damage files. The software should be set to update automatically so that it always has the latest security defenses. As well, firewalls and browser defenses should always be active. “Free” security scans or pop-up advertisements for security software are to be avoided.

Use Strong, Long and Unique Passwords


5. Use Strong, Long and Unique Passwords

According to the IRS, experts suggest a minimum of 10-character passwords, but says “longer is better.” It says longer phrases are better than a specific word, and recommends the use of a combination of letters, numbers and special characters. Each account should have its own password. A password manager can help keep track of multiples ones.

It should be noted that the National Institute of Standards and Technology released guidance in June that updated its recommendation for passwords.

Rather than recommend that users create long, complicated passwords with upper- and lowercase letters, numbers and special characters, NIST recommended simple — but still long — passwords that are easy to remember. “Many attacks associated with the use of passwords are not affected by password complexity and length,” NIST said. “Keystroke logging, phishing and social engineering attacks are equally effective on lengthy, complex passwords as simple ones.”


The point is that it doesn’t matter how complex a password is if a user unwittingly hands it over to hackers. See, in particular, nos. 2 and 3 above.

Use Multi-Factor Authentication 

6. Use Multi-Factor Authentication

Some financial institutions, email providers and social media sites allow users to set accounts for multi-factor authentication. This means users may need a security code, which is usually sent as a text to a mobile phone, in addition to usernames and passwords. Some financial institutions will also bolster protection by sending email or text alerts when a withdrawal or change to the account takes place.


According to the IRS, users generally can check account profiles at these locations to see what added protections may be available.

Encrypt and Password-Protect Sensitive Data

7. Encrypt and Password-Protect Sensitive Data

The IRS says anyone keeping financial records, tax returns or any personally identifiable information on a computer should encrypt and protect these data with a strong password. They should also back up important data to an external source, such as an external hard drive. And when it is time to dispose of a computer, a mobile phone or a tablet, it’s important to wipe the hard drive of all information before trashing.


— Related on ThinkAdvisor:

The small but mighty smartphone should be included in your firm’s security protocols.

You are signed up!

ThinkAdvisor and the College for Financial Planning have partnered to bring you a series of helpful educational tools that you can use to take your career to the next level. padding: 0px 81px;width: inherit; Retirement Wire Retirement Wire


Your resource for news, research and analysis to help you deliver more effective outcomes to your clients. padding: 0px;width: inherit; ETF & Smart Beta Research ETF & Smart Beta Research

A survey of advisors nationwide reveals how the use of ETFs is expanding and what factors are likely to further support this trend. width:300px!important;max-height:36px; ThinkAdvisor TechCenter

ThinkAdvisor’s TechCenter is an educational resource designed to give you a competitive edge by keeping you abreast of new tech innovations and need-to-know information that can be applied to your business. Resources Risk Management for All Markets

Investors need to invest differently in bull markets than they do in bear markets. Learn the importance of risk management during both and the best…

Looking at securities through the lens of factors

New advisor survey results spotlight disconnects.

Join this webcast to see how Trisha Qualy, Director of Wealth Management at AdvisorNet Financial, took client assets from $100 million to $1.3 billion in…

Join this complimentary webcast to learn innovative strategies that have proven effective in containing rising health costs.

Join this conversation as a panel of experts provides tips and best practices to optimize your tech resources for business growth.

Leave a Reply

Your email address will not be published. Required fields are marked *