1 min read

A Practical Approach to Implementing IRS Publication 4557

A Practical Approach to Implementing IRS Publication 4557

With tax season in full swing, it seems fitting to review the importance of IRS Publication 4557. For those not in the work of tax, it may be foreign. In many cases, CPA firms fall behind the curve regarding core cybersecurity competency. As we address this, let’s break down what IRS Publication 4557 is, how it applies to you and your business, and a practical approach to implementing it.

What is IRS Publication 4557?

The IRS Publication 4557 was created to raise awareness of cyber threats to CPA firms and serve as a guide to tax return preparers to maintain compliance in their operations. The FTC Safeguards Rule requires that tax return preparers create and enact security plans to protect client data. If a CPA firm is non-compliant, they face the potential of an investigation by the FTC and substantial penalties. 

Outside of compliance, there are four essential cybersecurity best practices to follow as a CPA firm, according to IRS Publication 4557. 

Cybersecurity Best Practices for Your CPA Firm (via IRS 4557): 

  1. Periodically have cybersecurity experts evaluate your security plans, controls, and safeguards. 
  2. Use strong passwords + multi-factor authentication on all solutions containing sensitive information.
  3. Have a contingency plan, backup data to a segregated platform from your primary network, and routinely verify backups are occurring.
  4. Encrypt all sensitive information at rest and in transit. 

Most of these recommendations apply to all organizations, regardless of whether you are a CPA firm or not. IRS Publication 4557 attempts to address cybersecurity concerns related directly to CPA firms, mainly due to the nature of sensitive personal data within such firms. 

Helpful Resources

  1. PK Tech Blog on the topic linked here.
  2. PK Tech Knowledge Base article on IRS Publication 4557 linked here
  3. Checklist for Safeguarding Taxpayer Data linked here.
  4. View the full IRS Publication 4557 here

PK Tech originated working first with a CPA firm. We have maintained IT services for CPA firms as a core function of our business model (in addition to growing into servicing countless other industries). If you are a CPA firm, small or large, we can support your managed IT service needs. Get in touch with our team here.

IRS Publication 4557 – Safeguarding Taxpayer Data

IRS Publication 4557 – Safeguarding Taxpayer Data

CPA firms are lucrative targets for hackers. They store, send, and receive Personally Identifiable Information (PII) for a living. Because CPA firms...

Read More
IRS Now Requires Multi-Factor Authentication

IRS Now Requires Multi-Factor Authentication

With the news full of stories of digital security breaches and ransom payments, the IRS is taking action. As the repository of taxpayer information,...

Read More
Intuit Phishing Attacks Target CPAs for 2022 Tax Season

Intuit Phishing Attacks Target CPAs for 2022 Tax Season

The tax software company Intuit recently released two formal warnings regarding phishing emails ahead of the April 15th tax deadline. You can read...

Read More