Data Security for Tax and Accounting FirmsProtect your clients and your practice

Taking Action to Help You Keep Your Clients Safe

Hackers are specifically targeting tax and accounting firms at increasing rates — and it's not just the big firms being targeted, but firms of all sizes.

In May of 2015, criminals used information obtained from social media and stole around 724,000 taxpayers' return data from the IRS's Get Transcript system. This is just one case — as cybercriminals become more advanced in their methods (from phishing scams to illegally accessing firm software and filing fraudulent tax forms), all tax and accounting firms must stay vigilant against threats and take action to keep their businesses and clients safe.

At Thomson Reuters, the security of your data and your clients' data is a top priority — and we're continuing to take steps to strengthen data security, help you protect your practice and comply with recent IRS security requirements. Working together, we can put safeguards in place to help you protect your clients and your firm.

Check out our fact sheet for important information about data security, and keep reading for actions you can take to help you stay safe against security threats.

Data Security Risks fact sheet PDF - 89kb

Security Requirements

For tax year 2016, the IRS — working in partnership with tax software vendors and practitioners in the profession — now requires that all tax-related software for professionals follow these requirements. At Thomson Reuters, we believe that all data is important, so these changes were applied to all our software.

Here is a summary of the new IRS requirements that are applicable to tax software providers and professionals who use their software.

  1. Login requirements for tax-related professional software — The IRS requires that any tax-related software for professionals needs to be protected by a login with certain password requirements (regardless of whether the software is accessed via desktop or the cloud). This login functionality for CS Professional Suite® software became available in November 2016.
  2. Password strength — As defined by the IRS, a strong password will now contain a minimum of eight characters with at least one uppercase letter, one lowercase letter, one number and one special character. The IRS also requires that preparers reset their passwords every 90 days.
  3. Timeout period — The IRS also requires that applications time out after 30 minutes of user inactivity and requires users to log back in using their credentials. However, while your access is suspended, the operation of the software is not, so the processes within the software will continue during the timeout.

For more specific information about how security changes affect Thomson Reuters software, see the CS Professional Suite application security overview topic in the Help & How-To Center.

Looking to save time when you only need to log in once for all CS Professional Suite applications? Learn more about our single sign-on feature

Strongly Advised Security Measures

License PIN Security Update

As part of our ongoing efforts to increase security for Thomson Reuters customers, every firm is issued a License PIN, which must be input before you download your software licenses. The default PIN (Personal Identification Number) is your firm's ZIP code.

To keep your software licenses — and your account — secure, we strongly urge you to change your License PIN from your ZIP code to a new PIN as soon as possible. This will add an extra layer of security to help prevent anyone who might have knowledge of the PIN (for example, a former employee, or any unauthorized person who knows your ZIP code) from downloading your software license without permission.

To change your PIN from your My Account page, you must be an admin user* on your CS Professional Suite web account.

Here's how to manage your PIN online:

  1. Go to the My Account page of your CS Professional Suite web account.
  2. Log in to your account (the login link is under the Welcome heading).
  3. Select the My Firm link from the left side of your screen.
  4. Select the Manage License PIN link from the choices under the My Firm menu on the left.
  5. Enter a new four- or five-digit numeric-only code (no letters or special characters) in the New Firm License PIN box, and select the Change Firm License PIN button to change your PIN.
  6. Use the new License PIN when you're ready to download your software license.

*If you're the licensee and you're not currently an admin user, email cs.service@tr.com to upgrade to admin status.

Multi-Factor Authentication

As a leader in data security, Thomson Reuters can offer even more advanced security options for any firm that wants multi-factor authentication (additional identity verification for extra security) for CS Professional Suite (desktop), Virtual Office CS®, Software as a Service (SaaS), GoFileRoom®, AdvanceFlow® and GoSystem® Tax RS.

We're pleased to introduce Thomson Reuters Authenticator, our new multi-factor mobile app, which provides industry standard authentication factors. We strongly advise that you enable multi-factor authentication to strengthen the security of both your firm and your clients' data.

Learn more about the Thomson Reuters Authenticator mobile app
NetClient CS=

Use this script to communicate important security information about multi-factor authentication to your clients.

View the script

Stay Safe and Informed

Thomson Reuters is here to support you. In addition, you should consult with your advisors for guidance on data security practices and legal standards applicable to your practice. It is also important to check the IRS website regularly for security news and alerts.