Upgrade Your Passwords and Data Encryption

Cybersecurity experts have a new password recommendation: use word phrases that are easy to remember, rather than random letters, characters and numbers. Word phrases create strong passwords that better protect sensitive data. Strong password and encryption protocols should be standard features of your data security plan. The IRS is sharing this information for week three of its “Tax Security 101” campaign.

Strengthen Passwords

Use strong, unique passwords for accessing devices, tax software products, cloud storage, wireless networks and encryption technology. Best practices include:

  • Use at least eight characters - longer is better.
  • Use a combination of letters, numbers and symbols.
  • Don't use personal information or common passwords.
  • Change default/temporary passwords that come with accounts or devices.
  • Don't reuse or modify passwords. Use unique usernames and passwords for accounts and devices.
  • Don't use email addresses for usernames whenever possible.
  • Store password lists in a secure location, such as a safe or locked file cabinet.
  • Don't share passwords with anyone.
  • Protect password managers with a strong password.


Encrypt Client Data

Take these basic steps to encrypt and protect client data stored on computer systems:

  • Use drive encryption to lock all files on computers and all devices. Drive or disk encryption converts text on files into an unreadable format for unauthorized users.
  • Back up encrypted copies of client data to external hard drives or use cloud storage. Keep external drives in a secure location. Encrypt data before uploading to the cloud.
  • Don't attach USB drives and external drives with client data to public computers.
  • Don't install unnecessary software or applications to the business network. Beware of “free” software and only download software or applications from official sites.
  • Make an inventory of devices where client tax data is stored. Inventory software used to process or send tax data, i.e., operating systems, browsers, applications, tax software, web sites, etc.
  • Limit or disable Internet access for devices that have stored taxpayer data.
  • Delete all information from devices before disposing of them. Some security software includes a “shredder” that electronically destroys stored files.
  • Physically destroy hard drives, tapes, USBs, CDs, tablets or phones by crushing, shredding or burning. Shred or burn all documents containing taxpayer information before throwing them away.