844-iGuy-Help Contact iGuy

844-iGuy-Help

Are You Adequately Protecting Employee Data? Take A Look at the “Security Six”

September 13, 2019

Are-You-Adequately-Protecting-Employee-Data-Take-A-Look-at-the-Security-Six-image.png
Share via email send

The IRS and its Security Summit partners – a coalition of federal agencies and private industry – have a new checklist for professionals who use, manage and store sensitive taxpayer information. 

With all the progress that’s been made in the past few years to reduce tax refund scams and identity theft, the criminals continue to find ways to steal information.

It makes sense for payroll and HR leaders to review security steps, since you constantly handle sensitive data – not only Social Security numbers and confidential salary information, but other personal data about your employees. 

Here are the “Security Six” steps:

  1. Use anti-virus software to scan computer files or memory for certain patterns that may indicate the presence of malicious software, or “malware.” Anti-virus software is “updated daily,” according to the IRS, because criminals try to stay one step ahead. It is crucial to install and run the latest updates of your software. 
  2. Make sure you have a firewall for protection against outside attackers. A firewall will shield your computers and networks from malicious or unnecessary web traffic to help prevent malicious software from accessing the user’s system.
  3. Use two-factor authentication to add a layer of protection. Return users to a login system and enter credentials like a username and password; the next step is to enter a security code.
  4. Routinely employ backup software or services to back up critical files on computers and hard drives to external sources.
  5. Consider drive encryption, also known as disk encryption, to transform data into unreadable files, so only authorized users can access the data.
  6. Use a virtual private network, especially if you or members of your team work from home or other sites. A VPN provides a secure, connection to transmit data between a remote user and the company’s network.

If you are not directly responsible for some of these items, please consider passing this information along to your IT team, security consultant or other stakeholders. 

Additional resources:

IRS Security Summit homepagePublication 4557, Safeguarding Taxpayer Data: A Guide For Your Business• Small Business Information Security: The Fundamentals by the National Institute of Standards and Technology• Publication 5293, Data Security Resource Guide for Tax Professionals• Identity Protection: Prevention, Detection and Victim AssistanceTax Scams/Consumer Alerts