IRS Security Standards: Safeguarding your client information

To help firms protect their clients from the increasing threat of identify theft and fraud, the IRS recently enacted new security standards for protecting client data. As a result, IRS publication 4557, Safeguarding Taxpayer Data presents a comprehensive view of best practices for firms to follow.

To begin with, the IRS recommends a number of safeguards for firms to put in place. These include setting policies related to administrative activities in addition to facilities security and personnel security. They also include information systems and computer systems security policies that may affect the the software you use.

Information systems security protects the data in your system. However, a large portion of data breaches happen not because the system was vulnerable to hacking but because software users were careless with passwords. So that’s where computer systems security comes in. As a result of these new IRS security standards, your software needs to make additional effort to validate your users’ identities.

How do the new IRS security standards affect your software? Here’s an overview:

  • Unique Username. First, each user must have their own unique username. Staff should not share IDs.
  • Strong Password. In addition to a unique username, each user should have a strong password that contains a combination of upper-case letters, lower-case letters, numbers and special characters. Passwords should be at least 8 characters long.
  • Password Expiration. While strong passwords are a good start, users should also change their passwords regularly. The IRS recommends changing passwords every 60-90 days.
  • Inactivity Time Out. To ensure that only authorized users are accessing the system, users who are inactive for more than 30 minutes should be logged out of the system.
  • 24-hour Re-authentication. If the system is active for more than 24 hours (due to a batch process, lengthy export process, etc), users should re-enter their passwords at least once every 24 hours.
  • Bot Detection. Lastly, systems should recognize and prevent unauthorized access by web bots and/or hackers.

Additional Information about IRS Security Standards

In conclusion, for more information, the following links are some excellent resources from the IRS describing this situation and steps to take.


Wolters Kluwer Tax and Accounting

Wolters Kluwer Tax and Accounting is a leading provider of software solutions and local expertise that helps tax, accounting, and audit professionals research and navigate complex regulations, comply with legislation, manage their businesses and advise clients with speed, accuracy and efficiency. Wolters Kluwer Tax and Accounting is part of Wolters Kluwer N.V. (AEX: WKL), a global leader in information services and solutions for professionals in the health, tax and accounting, risk and compliance, finance and legal sectors. We help our customers make critical decisions every day by providing expert solutions that combine deep domain knowledge with specialized technology and services. Wolters Kluwer reported 2016 annual revenues of €4.3 billion. The company, headquartered in Alphen aan den Rijn, the Netherlands, serves customers in over 180 countries, maintains operations in over 40 countries and employs 19,000 people worldwide. Wolters Kluwer shares are listed on Euronext Amsterdam (WKL) and are included in the AEX and Euronext 100 indices. Wolters Kluwer has a sponsored Level 1 American Depositary Receipt program. The ADRs are traded on the over-the-counter market in the U.S. (WTKWY).

All stories by: Wolters Kluwer Tax and Accounting

Leave a Reply

Your email address will not be published.