Text for APA News
https://www.americanpayroll.org/news-resources/apa-news/news-detail/2020/01/22/irs-security-summit-to-offer-cybersecurity-guidance
Custom URL No Widget:
By PayrollOrg Staff on Jan 22, 2020 1:30:25 PM

IRS Security Summit to Offer Cybersecurity Guidance

The IRS’s Security Summit is preparing cybersecurity scenarios for the payroll and tax software industries that include guidance on data protection and personally identifiable information, authentication, identity proofing, social engineering and phishing, insider threats, third-party services and vendor management, and general tips for protecting businesses. The Security Summit is a coalition consisting of the IRS and stakeholder community. APA members contribute by sharing payroll security risks and working to develop solutions to protect payroll departments from criminal activity.

Personally Identifiable Information

Personally identifiable information (PII) is any combination of data that is unique to an individual, such as name, date of birth, address, and social security number. When this information is obtained by someone other than the employer, it can cause paycheck delivery to the wrong person, insurance fraud, tax fraud, and more. If payroll professionals discover a leak or exposure, they should notify their local IRS Stakeholder Liaison, who will notify the IRS’s Criminal Investigation Division. In addition, victims should be informed of the breach.

Login Systems and Authentication

Payroll departments can also receive attacks through employer login systems resulting in leaks of Forms W-2, PII, and return transcripts or, worse, access to other system users when the account belongs to a payroll administrator. The best solution is to use multi-factor authentication for employer login systems (e.g., having a one-time passcode sent to a phone, using an authenticator application, using hardware that plugs into a USB port and enters a passcode automatically). Passwords should be at least 12 characters with a mix of letters and numbers and avoid common words. If you are affected, contact your IT security immediately.

Available Resources

The IRS provides additional guidance:

Not a member of APA? Check out the many benefits you get when you join!   

Alice P. Jacobsohn, Esq., is Senior Manager of Government Relations for the APA.