Data security for tax and accounting firmsProtect your clients and your practice
Taking action to help you keep your clients safe
Cybercriminals are specifically targeting tax and accounting firms at increasing rates — and it's not just the big firms being targeted, but firms of all sizes.
In May of 2015, criminals used information obtained from social media and stole around 724,000 taxpayers' return data from the IRS's Get Transcript system. This is just one case — as cybercriminals become more advanced in their methods (from phishing scams to illegally accessing firm software and filing fraudulent tax forms), all tax and accounting firms must stay vigilant against threats and take action to keep their businesses and clients safe.
At Thomson Reuters, the security of your data and your clients' data is a top priority — and we're continuing to take steps to strengthen data security, help you protect your practice and comply with IRS security requirements. Working together, we can put safeguards in place to help you protect your clients and your firm.
Check out our fact sheet for important information about data security, and keep reading for actions you can take to help you stay safe against security threats.Data Security Risks fact sheet PDF - 89kb
New for 2017 — License PIN update required
As part of our ongoing efforts to improve security for your data and your clients' data, every firm is issued a License PIN (Personal Identification Number), which you must enter when downloading your software licenses. By default, your License PIN is your firm's ZIP code.
For 2017, you are now required to update your License PIN so it does not match your ZIP code before you can download your software licenses. This helps prevent anyone who might have knowledge of the PIN (for example, a former employee, or any unauthorized person who knows your ZIP code) from downloading your software licenses without permission. Entering an invalid PIN — including your firm's ZIP code — will result in an error message that prevents you from downloading your licenses.
As the licensee for your CS Professional Suite programs, you can change your PIN from your My Account page. To do so, complete the following steps.
- Open the My Account page of your CS Professional Suite web account.
- Log in to your account (the login link is under the Welcome heading).
- Click the My Firm link on the left side of your screen.
- Click the Manage License PIN link under the My Firm heading on the left.
- Enter a new five-digit numeric code (no letters or special characters) in the New Firm License PIN field, and click the Change Firm License PIN button to change your PIN.
Your new License PIN takes effect immediately. You will now use this new PIN when you're ready to download your software licenses. Share your new License PIN only with staff members or IT professionals who need access to download your software licenses via CS Connect.
For full details, see Managing your license PIN in our Help & How-To Center.
Video: Upgrading your firm's CS Professional Suite security via CS Web accounts
CS Web account users can take action to strengthen the security of client and firm data. (Note: This process does not apply to users of NetFirm CS™ or Onvio™.)Watch the video
IRS requirements for tax software
Beginning with tax year 2016, the IRS — working in partnership with tax software vendors and practitioners in the profession — put security requirements in place for all tax-related software for professionals. At Thomson Reuters, we believe that all data is important, so these changes were applied to all our software.
Here is a summary of the 2016 IRS requirements:
- Login requirements: Tax-related software for professionals needs to be protected by a login with certain password requirements.
- Password strength: As defined by the IRS, a strong password contains a minimum of eight characters with at least one uppercase letter, one lowercase letter, one number and one special character. The IRS also requires that preparers reset their passwords every 90 days.
- Timeout period: Applications must time out after 30 minutes of user inactivity and requires users to log back in using their credentials. However, while your access is suspended, the operation of the software is not, so the processes within the software will continue during the timeout.
For full details, see the CS Professional Suite application security overview topic in the Help & How-To Center.
As a leader in data security, Thomson Reuters can offer even more advanced security options for any firm that wants multi-factor authentication (additional identity verification for extra security) for CS Professional Suite (desktop), Virtual Office CS® and Software as a Service (SaaS).
We're pleased to introduce Thomson Reuters Authenticator™, our new multi-factor mobile app, which provides industry standard authentication factors. We strongly advise that you enable multi-factor authentication to strengthen the security of both your firm and your clients' data. For details about implementing multi-factor authentication for your firm, see the Multi-factor authentication overview in our Help & How-To Center.
Stay safe and informed
Thomson Reuters is here to support you. In addition, you should consult with your advisors for guidance on data security practices and legal standards applicable to your practice. It is also important to check the IRS website regularly for security news and alerts.