Cybersecurity is a job Arvo takes seriously, and we have certification to prove it
Data security is important for everyone, but especially for business owners. When you hire a tax service provider, you trust them to protect your, your employees’, and your clients’ identity, financial, and other sensitive information. If you share data with irresponsible handlers, it can result in lost time and money, legal charges, and–perhaps most importantly–a damaged reputation for your business.
That’s why we invest significant resources toward handling our clients’ data according to the strictest standards.
Ask the hard questions
Reflecting the seriousness of data security for tax service providers, the IRS created a unique public-private partnership in 2015 called the Security Summit to protect taxpayers and the tax system against theft and fraud. The Security Summit publishes various guides and resources for tax professionals, including the “Taxes-Security-Together” Checklist, which is a guide for tax professionals to cover the basics of cybersecurity.
When assessing whether or not you can trust your tax service provider, you can use the T-S-T Checklist to guide your conversation. The checklist is summarized below.
According to the IRS, all tax professionals should:
- Deploy the “Security Six” measures
- Activate anti-virus software
- Use a firewall
- Opt for two-factor authentication when it’s offered
- Use backup software/services
- Use drive encryption
- Create and secure Virtual Private Networks
- Create a data security plan
- Federal law requires all “professional tax preparers” to create and maintain an information security plan for client data
- The requirement is flexible enough to fit any size of tax preparation, from small to large
- Tax preparers are asked to focus on key areas such as employee management and training; information systems; and detecting and managing system failures.
- Educate yourself on phishing scams
- Learn about spear phishing emails
- Beware of ransomware
- Recognize the signs of client data theft
- Clients receive IRS letters about suspicious tax returns in their name
- More returns filed with your Electronic Filing Identification Number than you submitted
- Clients receive tax transcripts they did not request
- Create a data theft recovery plan
- Contact local IRS stakeholder liaison immediately
- Assist IRS in protecting clients
- Contract with cybersecurity expert to stop thefts
Arvo is SOC-2 certified
SOC-2 (Service Organization Control 2) compliance is a certification that validates a company’s commitment to data security, availability, processing integrity, confidentiality, and privacy. It is an auditing standard established by the American Institute of CPAs (AICPA) specifically for technology service providers and other organizations that process customer data.
By obtaining and maintaining SOC-2 compliance, Arvo routinely passes inspection by outside auditors who ensure we meet standards including and exceeding the IRS’s T-S-T Checklist. This gives our clients peace of mind, thanks to the knowledge that they can trust us to protect their data and their reputation.
Let’s talk
We invite conversations with current or prospective clients about our cybersecurity practices, because we understand the importance of trust in our client relationships.
If you have any questions about how we keep your data secure, our team of tax and security experts is always available with answers.