Critical Steps:

 * Assure that taxpayer data, including data left on hardware and media, is never left unsecured

  * Securely dispose of taxpayer information

  * Require strong passwords (numbers, symbols, upper & lowercase) on all computers and tax software programs

 *  Require periodic password changes every 60 – 90 days

 *  Store taxpayer data in secure systems and encrypt information when transmitting across networks

 *  Ensure that e-mail being sent or received, that contains taxpayer data, is encrypted and secure

 *  Make sure paper documents, computer disks, flash drives and other media are kept in a secure location and restrict access to authorized users only

 *  Use caution when allowing or granting remote access to internal networks containing sensitive data

 *  Terminate access to taxpayer information for anyone who is no longer employed by your business

 *  Create security requirements for your entire staff regarding computer information systems, paper records and use of taxpayer data

 *  Provide periodic training to update staff members on any changes and ensure compliance

 *  Protect your facilities from unauthorized access and potential dangers

 * Create a plan on required steps to notify taxpayers should you be the victim of any data breach or theft

In addition to these steps, the IRS also recommended completing a risk assessment to identify risk and potential impacts of unauthorized access, writing (and following) an information security plan, and considering performing background checks and screen individuals before granting access to taxpayer information. 

The IRS said that putting safeguards in place to protect taxpayer data helps prevent fraud and identity theft and enhances customer confidence and trust. Steps that can be taken include: 

* Preserve the confidentiality and privacy of taxpayer data by restricting access and disclosure 

* Protect the integrity of taxpayer data by preventing improper or unauthorized modification or destruction; and

* Maintain the availability of taxpayer data by providing timely and reliable access and data recovery.