A Practical Approach to Implementing IRS Publication 4557

With tax season in full swing, it seems fitting to review the importance of IRS Publication 4557. For those not in the work of tax, it may be foreign. In many cases, CPA firms fall behind the curve regarding core cybersecurity competency. As we address this, let’s break down what IRS Publication 4557 is, how it applies to you and your business, and a practical approach to implementing it.

What is IRS Publication 4557?

The IRS Publication 4557 was created to raise awareness of cyber threats to CPA firms and serve as a guide to tax return preparers to maintain compliance in their operations. The FTC Safeguards Rule requires that tax return preparers create and enact security plans to protect client data. If a CPA firm is non-compliant, they face the potential of an investigation by the FTC and substantial penalties. 

Outside of compliance, there are four essential cybersecurity best practices to follow as a CPA firm, according to IRS Publication 4557. 

Cybersecurity Best Practices for Your CPA Firm (via IRS 4557): 

  1. Periodically have cybersecurity experts evaluate your security plans, controls, and safeguards. 
  2. Use strong passwords + multi-factor authentication on all solutions containing sensitive information.
  3. Have a contingency plan, backup data to a segregated platform from your primary network, and routinely verify backups are occurring.
  4. Encrypt all sensitive information at rest and in transit. 

Most of these recommendations apply to all organizations, regardless of whether you are a CPA firm or not. IRS Publication 4557 attempts to address cybersecurity concerns related directly to CPA firms, mainly due to the nature of sensitive personal data within such firms. 

Helpful Resources

  1. PK Tech Blog on the topic linked here.
  2. PK Tech Knowledge Base article on IRS Publication 4557 linked here
  3. Checklist for Safeguarding Taxpayer Data linked here.
  4. View the full IRS Publication 4557 here

PK Tech originated working first with a CPA firm. We have maintained IT services for CPA firms as a core function of our business model (in addition to growing into servicing countless other industries). If you are a CPA firm, small or large, we can support your managed IT service needs. Get in touch with our team here.