On September 2 (2016), the Internal Revenue Service (IRS) took the opportunity of their annual Security Summit to warn tax professionals of attacks being waged against them and their computer systems by creative hackers looking to steal taxpayer information. The warning comes on the heels of several well-publicized attacks that have led to millions of dollars be lost to fraud. While the government warning was specifically aimed at tax professionals, it is a no-brainer for online payroll services because they work with the same kinds of taxpayer information.

At the heart of the computer attacks is the goal of obtaining the personal information needed to file fraudulent tax returns. Hackers acquire names, social security numbers, income information and more, then file tax returns and have the refund money funneled into their own accounts. The most skilled among them can reap huge windfalls without leaving any trail that connects back to them.


The IRS has warned that “identity thieves continue to evolve and look for new areas to exploit”, and that tax professionals should take all necessary means to protect their software and computer systems. Online payroll services should take the same kinds of steps. The IRS recommends:


  • Strengthening passwords for both software and network access
  • Routine deep scanning of all software and computer systems
  • Increased awareness of phishing scams and other means of fraud
  • Increased education among employees
  • Review of systems and software that give employees or clients remote access.


Protecting Client Information Not an Option


Online payroll services and tax professionals owe it to their clients to protect their information from any and all attacks. This is not an option. Where online payroll services are concerned, their obligation may be more profound given the nature of the data they store and how frequently it is accessed by multiple parties. Payroll data can be accessed by payroll company employees, the employers who use their services, and workers themselves. That means there is a lot of potential hands in the pot.


A fundamental rule of computer security is that greater access opens the door to greater risks. In other words, giving more people legitimate access to computer network information also increases the likelihood that one of the accounts used to access information will be compromised. Where the office of a tax professional may limit access to just a small handful of people, online payroll services provide access to many, many more.


The IRS warning comes at a time when things are settling down in the payroll and tax arenas. The spring filing season is well past, the summer extension season has come and gone, and everyone is getting back to the normal routine of fall. This is the time when hackers are also gearing up for their next wave of attacks, so now is the time for companies in the tax preparation and online payroll services sectors to start working on their defenses as well.


Clients Have a Role Too


Cyber security is absolutely a no-brainer for tax preparers and payroll companies. But clients have a role to play, too. They have a responsibility to routinely review their accounts and the personal information just to make sure that nothing is amiss. If anything does seem out of order, even if it is just something slight, pursuing a resolution should never be a question.


As long as we have computer systems, there will be hackers trying to hack them. For tax professionals and online payroll services, recognizing the ongoing threat and taking whatever steps are necessary to combat it is part of doing business.


Comments are closed.