Skip to content
Tax Practice Development

Tax season is on its way and so is cybercrime: Cybersecurity considerations for tax firms

Nadya Britton  Enterprise Content Manager for Tax and Accounting at Thomson Reuters Institute

· 5 minute read

Nadya Britton  Enterprise Content Manager for Tax and Accounting at Thomson Reuters Institute

· 5 minute read

Cybercrimes and digital fraud continue to increase, and as tax season approaches, tax firms need to be on guard to protect themselves and clients’ information

During the 2022 tax season, roughly 94% of all taxes filed were done digitally — no doubt taxes, like most of our lives’ transactions, now take place in the digital world. As individuals and businesses have increased their online presences, it is expected that by 2025 there will be more than 41.6 billion should devices. And with this increased presence, cyber threats have also been on the rise, with around 800,000 reported cyber incidents that resulted in financial losses of between $7 billion to $10 billion in 2022, according to

Cybersecurity in tax & accounting firms isn’t just a technical issue — it’s a critical business priority. With the increasing sophistication of cyber threats, the importance of robust cybersecurity measures within firms has never been more paramount.

Understanding the threats

It can be said, the complete business of tax & accounting firms is based on handling confidential information, making them attractive targets for cybercriminals. As tax firms embark upon the coming tax season, it is imperative that all employees are hypervigilant in their treatment of clients’ information. A joint study between Stanford University Professor Jeff Hancock and the security firm Tessian found that most cyber incidents begin with employees. Not by malicious activities or being done on purpose, but rather through poor data security hygiene. The way in which criminals attempt to access firms including their clients’ information is through phishing attacks, which are fraudulent emails and other communications — such as text messages, phone calls, and voicemails — sent to employees that are designed to get them to reveal sensitive information. Over the years phishing has become and continues to be more sophisticated. The object of phishing is simple — create a data breach or other unauthorized access to clients’ sensitive information, which can include their PIN.

If the phishing attack is successful, ransomware may take place. Ransomware is a malicious software that is loaded into the firm’s computer systems and ultimately blocks the firm from accessing any information. It can also threaten to make sensitive client information public unless a ransom is paid to the hackers.

The cost of a ransomware attack can be pricey and, in some cases, devastating. The national average cost of cyberattack is almost $1 million, and this cost can include the ransom payment and data recovery efforts. Situations in which a cyberattack could be devastating is when the attack results in hackers selling clients’ information on the dark web or elsewhere. For the tax firm that falls victim to this, this damage goes far beyond simple reputation loss, because clients no longer have confidence in the firm’s ability to keep client information safe. In addition, tax firms are required to immediately report any data breaches to the IRS.

Tax & accounting firm leaders have a responsibility to their clients and employees to have a robust cybersecurity strategy, which should be a key part of every firm’s business strategy. Indeed, cybersecurity should be treated with the same thorough and thoughtful ways that the business is thinking about growth, tech investment, or any other significant strategy of the firm. Whether firm leaders assign one person or pull together a team to lead the firm’s cyber initiatives, it has to be done, including such steps as assessing the firm’s current vulnerabilities, thinking through if or whether additional technologies may be necessary, and most importantly, cultivating a culture that’s based on security awareness.

Tax firm cybersecurity best practices

      1. Any cybersecurity plan has to start with the employees, and more importantly, with a focus on employee training and awareness. All employees must be made aware of the potential threats out there — how to spot them and what to do should they encounter a threat. This can be achieved through regular training, but its most important to foster a culture in which employees are encouraged to be hypervigilant and speak up if they are suspicious or if an incident does occur.
      2. Instituting strong authentication protocols, which requires several steps to prove that someone who is seeking to access information has the right to access it, also is critical. This could mean having multi-factor authentication, an electronic authentication method in which a user is granted access only after successfully presenting two or more pieces of evidence as to their identity.
      3. Updating software regularly is not only important in order to enhance existing features but is needed to patch security flaws and add new security features.
      4. Encryption of data — which can protect data from being stolen, changed, or compromised — and works by scrambling data into a secret code that can only be unlocked with a unique digital key. Encrypting sensitive data provides a strong defense against unauthorized access.
      5. It cannot be overstated but having an incident response plan (IRP) is just as critical as the precautions mentioned above. An IRP is a written document, formally approved by the senior leadership team, that helps an organization before, during, and after a confirmed or suspected security incident. Because even with all the precautions, a cyber incident can still take place, and having a plan in place for that eventuality can go a long way to minimizing damage.
      6. Leveraging technology to enhance security such as the use of artificial intelligence and machine learning can be pivotal in detecting and responding to cyber threats. These technologies can identify patterns that are indicative of malicious activity more quickly and accurately than can human analysts.

It is critical for tax & accounting firms to be cautious about cybersecurity, not only during tax season but all year-round. Such vigilance is ongoing and evolving, and firms must be in tuned into how to navigate this constantly changing landscape. By staying informed, investing in the right technologies and practices, and fostering a culture of security, tax & accounting firms can better protect themselves and their clients.

More insights