Connect with us

Accounting

Cybersecurity best practices as 2025 tax season kicks off

Published

on

Every year during tax season, finance professionals handle an influx of sensitive financial and personal information passed along by their clients. Although most CPAs and accountants excel at processing this information, as well as other data related to their field, they’re typically not experts in cybersecurity.

As our technology-driven world grows increasingly complex and evolves more rapidly over time, the more important it becomes for financial institutions to take precautions that safeguard their clients’ sensitive information (and also their own). Bad actors are always working to get a step ahead of protection tech and services, and take advantage of the habits of employees who may not be aware of the latest cyber threats.

The best CPAs and accountants tend to be naturally inquisitive, perhaps to the point of skepticism — and their clients should thank them for it. Because when it comes to finances or cybersecurity, speaking as someone with professional experience in both spaces, those characteristics are superpowers. As cyberattacks become increasingly frequent and sophisticated, financial professionals should be encouraged to maintain a healthy dose of suspicion and lean into hypervigilance. From small accounting operations to large, enterprise-level firms, organizations and their employees must understand and embrace the importance of cybersecurity and its best practices.

Tax season is busy and a potential cybersecurity weakness

It’s critical for financial organizations to observe and maintain cybersecurity best practices, even (and perhaps especially) during tax season. Increased workloads during the busy season may push cybersecurity and network infrastructure down the list of priorities, but bad actors often look for such openings to exploit.

CPAs handle an influx of sensitive financial information and personal information during tax season, which could make them a more attractive target for cybercriminals. Failing to strengthen and maintain cybersecurity technology and protocols could lead to even more chaos and stress during what can already be a nerve-wracking time of year for the industry.

Building client and firm cybersecurity protocols

There is no one-size-fits-all approach to cybersecurity and instituting best-practice protocols, but one of the best methods in the financial services space is to separate cybersecurity into a two-pronged issue: client information and firm information.

Because clients — like CPAs — are rarely cybersecurity experts themselves and, in fact, often operate under the expectation that a financial firm has the proper tools and protocols in place to protect their information, it’s vitally important that nothing be taken for granted on this side.

Key areas of focus for client information

  • Email: Email is inherently insecure for the exchange of sensitive financial documents. Once an email is sent, a firm has little to no control over where it ends up — possibly forwarded, intercepted or left in an insecure inbox. Email is also a primary attack vector for phishing. Clients might accidentally open malicious attachments or click on links in phishing emails disguised as legitimate requests. It can be clunky, too, as some email providers block certain file types that could be necessary for tax preparation, and size limits may prompt clients to use insecure methods, such as unencrypted file-sharing services or breaking files into multiple emails — a significant data security risk.
  • Secure portal: The best antidote to publicly available email is a secure portal. A private, secure portal provides a financial firm with a controlled, encrypted environment for file sharing, minimizing the risk of breaches. Encryption protects data in transit and at rest, and access controls allow a firm to decide who gets access to which files and set permissions (view, download or edit) for further guardrails. Additionally, portals often log activity and provide an audit trail of who has accessed and modified files.
  • Guest Wi-Fi networks: Guest networks are essential for accountants and CPAs in order to protect client data and their own systems. Strong passwords, encryption and network segmentation are crucial components of a secure Wi-Fi network. For extra layers of security, consider hiding your guest network’s SSID (network name), restricting guest network access to internet-only (blocking access printers and file shares) and creating a separate access point, further segregating it from your main network.

Internally, protecting firm information requires a multilayered approach that encompasses technology, policies and ongoing employee training. Strong access controls, encryption and data backups are fundamental security measures, but accounting firms should also partner with cybersecurity experts to create a comprehensive security program that accounts for employee awareness training and builds a strong security culture.

Key areas of focus for firm information

  • Device security: All company devices and storage media, including hard drives and USB drives, should be encrypted to prevent data loss and theft. Install robust endpoint security software (antivirus, anti-malware and intrusion detection) on all company devices that access firm networks and client data. Implement mobile device management solutions to secure company-issued mobile devices and enforce security policies.
  • Data security: Firms should use data loss prevention tools to prevent sensitive data from leaving the network without authorization. Secure file-sharing platforms and encrypted email for internal and external communication protect sensitive data. Meanwhile, a comprehensive data backup and recovery plan helps ensure business continuity in the case of adverse events such as a ransomware attack or even a natural disaster.
  • Employee training and awareness: In addition to new employee training, regular security awareness training for all employees should be conducted to educate a firm’s workforce about cybersecurity threats, company security policies and best practices (including recognizing phishing emails and following strong password habits). Run simulated phishing attacks to test employee awareness and reinforce their training, and develop and regularly practice an incident response plan so that, if all else fails, employees know how to react in case of a security incident. This can significantly mitigate lost time, revenue and reputational impact in the event of a cyber attack.
  • Physical security: Implement physical security measures to protect office space and equipment, including old-school and analog methods. That may include security cameras, visitor logs and physical locks that limit access to control systems. Be sure to shred and securely dispose of sensitive documents to prevent data breaches.

Cyber attacks, no matter the time of year, can have significant financial and reputational costs. Organizations that lack the time or resources to bolster or sustain their cybersecurity and network infrastructures — again, especially during the upcoming busy season — should consider partnering with external cybersecurity specialists to ensure their clients’ personal information and network security stay protected. As always, better safe — and secure — than sorry.

Continue Reading

Accounting

Senate unveils plan to fast-track tax cuts, debt limit hike

Published

on

Senate Republicans unveiled a budget blueprint designed to fast-track a renewal of President Donald Trump’s tax cuts and an increase to the nation’s borrowing limit, ahead of a planned vote on the resolution later this week. 

The Senate plan will allow for a $4 trillion extension of Trump’s tax cuts and an additional $1.5 trillion in further levy reductions. The House plan called for $4.5 trillion in total cuts.

Republicans say they are assuming that the cost of extending the expiring 2017 Trump tax cuts will cost zero dollars.

The draft is a sign that divisions within the Senate GOP over the size and scope of spending cuts to offset tax reductions are closer to being resolved. 

Lawmakers, however, have yet to face some of the most difficult decisions, including which spending to cut and which tax reductions to prioritize. That will be negotiated in the coming weeks after both chambers approve identical budget resolutions unlocking the process.

The Senate budget plan would also increase the debt ceiling by up to $5 trillion, compared with the $4 trillion hike in the House plan. Senate Republicans say they want to ensure that Congress does not need to vote on the debt ceiling again before the 2026 midterm elections. 

“This budget resolution unlocks the process to permanently extend proven, pro-growth tax policy,” Senate Finance Chairman Mike Crapo, an Idaho Republican, said. 

The blueprint is the latest in a multi-step legislative process for Republicans to pass a renewal of Trump’s tax cuts through Congress. The bill will renew the president’s 2017 reductions set to expire at the end of this year, which include lower rates for households and deductions for privately held businesses. 

Republicans are also hoping to include additional tax measures to the bill, including raising the state and local tax deduction cap and some of Trump’s campaign pledges to eliminate taxes on certain categories of income, including tips and overtime pay.

The plan would allow for the debt ceiling hike to be vote on separately from the rest of the tax and spending package. That gives lawmakers flexibility to move more quickly on the debt ceiling piece if a federal default looms before lawmakers can agree on the tax package.

Political realities

Senate Majority Leader John Thune told reporters on Wednesday, after meeting with Trump at the White House to discuss the tax blueprint, that he’s not sure yet if he has the votes to pass the measure.

Thune in a statement said the budget has been blessed by the top Senate ruleskeeper but Democrats said that it is still vulnerable to being challenged later.

The biggest differences in the Senate budget from the competing House plan are in the directives for spending cuts, a reflection of divisions among lawmakers over reductions to benefit programs, including Medicaid and food stamps. 

The Senate plan pares back a House measure that calls for at least $2 trillion in spending reductions over a decade, a massive reduction that would likely mean curbing popular entitlement programs.

The Senate GOP budget grants significantly more flexibility. It instructs key committees that oversee entitlement programs to come up with at least $4 billion in cuts. Republicans say they expect the final tax package to contain much larger curbs on spending.

The Senate budget would also allow $150 billion in new spending for the military and $175 billion for border and immigration enforcement.

If the minimum spending cuts are achieved along with the maximum tax cuts, the plan would add $5.8 trillion in new deficits over 10 years, according to the Committee for a Responsible Federal Budget.

The Senate is planning a vote on the plan in the coming days. Then it goes to the House for a vote as soon as next week. There, it could face opposition from spending hawks like South Carolina’s Ralph Norman, who are signaling they want more aggressive cuts. 

House Speaker Mike Johnson can likely afford just two or three defections on the budget vote given his slim majority and unified Democratic opposition.

Continue Reading

Accounting

How asset location decides bond ladder taxes

Published

on

Financial advisors and clients worried about stock volatility and inflation can climb bond ladders to safety — but they won’t find any, if those steps lead to a place with higher taxes.

The choice of asset location for bond ladders in a client portfolio can prove so important that some wealthy customers holding them in a taxable brokerage account may wind up losing money in an inflationary period due to the payments to Uncle Sam, according to a new academic study. And those taxes, due to what the author described as the “dead loss” from the so-called original issue discount compared to the value, come with an extra sting if advisors and clients thought the bond ladder had prepared for the rise in inflation.

Bond ladders — whether they are based on Treasury inflation-protected securities like the strategy described in the study or another fixed-income security — provide small but steady returns tied to the regular cadence of maturities in the debt-based products. However, advisors and their clients need to consider where any interest payments, coupon income or principal accretion from the bond ladders could wind up as ordinary income, said Cal Spranger, a fixed income and wealth manager with Seattle-based Badgley + Phelps Wealth Managers.

“Thats going to be the No. 1 concern about, where is the optimal place to hold them,” Spranger said in an interview. “One of our primary objectives for a bond portfolio is to smooth out that volatility. … We’re trying to reduce risk with the bond portfolio, not increase risks.”

READ MORE: Why laddered bond portfolios cover all the bases

The ‘peculiarly bad location’ for a bond ladder

Risk-averse planners, then, could likely predict the conclusion of the working academic paper, which was posted in late February by Edward McQuarrie, a professor emeritus in the Leavey School of Business at Santa Clara University: Tax-deferred retirement accounts such as a 401(k) or a traditional individual retirement account are usually the best location for a Treasury inflation-protected securities ladder. The appreciation attributes available through an after-tax Roth IRA work better for equities than a bond ladder designed for decumulation, and the potential payments to Uncle Sam in brokerage accounts make them an even worse asset location.

“Few planners will be surprised to learn that locating a TIPS ladder in a taxable account leads to phantom income and excess payment of tax, with a consequent reduction in after-tax real spending power,” McQuarrie writes. “Some may be surprised to learn just how baleful that mistake in account location can be, up to and including negative payouts in the early years for high tax brackets and very high rates of inflation. In the worst cases, more is due in tax than the ladder payout provides. And many will be surprised to learn how rapidly the penalty for choosing the wrong asset location increases at higher rates of inflation — precisely the motivation for setting up a TIPS ladder in the first place. Perhaps the most surprising result of all was the discovery that excess tax payments in the early years are never made up. [Original issue discount] causes a dead loss.”

The Roth account may look like a healthy alternative, since the clients wouldn’t owe any further taxes on distributions from them in retirement. But the bond ladder would defeat the whole purpose of that vehicle, McQuarrie writes.

“Planners should recognize that a Roth account is a peculiarly bad location for a bond ladder, whether real or nominal,” he writes. “Ladders are decumulation tools designed to provide a stream of distributions, which the Roth account does not otherwise require. Locating a bond ladder in the Roth thus forfeits what some consider to be one of the most valuable features of the Roth account. If the bond ladder is the only asset in the Roth, then the Roth itself will have been liquidated as the ladder reaches its end.”

READ MORE: How to hedge risk with annuity ladders

RMD advantages

That means that the Treasury inflation-protected securities ladder will add the most value to portfolios in a tax-deferred account (TDA), which McQuarrie acknowledges is not a shocking recommendation to anyone familiar with them. On the other hand, some planners with clients who need to begin required minimum distributions from their traditional IRA may reap further benefits than expected from that location.

“More interesting is the demonstration that the after-tax real income received from a TIPS ladder located in a TDA does not vary with the rate of inflation, in contrast to what happens in a taxable account,” McQuarrie writes. “Also of note was the ability of most TIPS ladders to handle the RMDs due, and, at higher rates of inflation, to shelter other assets from the need to take RMDs.”

The present time of high yields from Treasury inflation-protected securities could represent an ample opportunity to tap into that scenario.

“If TIPS yields are attractive when the ladder is set up, distributions from the ladder will typically satisfy RMDs on the ladder balance throughout the 30 years,” McQuarrie writes. “The higher the inflation experienced, the greater the surplus coverage, allowing other assets in the account to be sheltered in part from RMDs by means of the TIPS ladder payout. However, if TIPS yields are borderline unattractive at ladder set up, and if the ladder proved unnecessary because inflation fell to historically low levels, then there may be a shortfall in RMD coverage in the middle years, requiring either that TIPS bonds be sold prematurely, or that other assets in the TDA be tapped to cover the RMD.”

READ MORE: A primer on the IRA ‘bridge’ to bigger Social Security benefits

The key takeaways on bond ladders

Other caveats to the strategies revolve around any possible state taxes on withdrawals or any number of client circumstances ruling out a universal recommendation. The main message of McQuarrie’s study serves as a warning against putting the ladder in a taxable brokerage account.

“Unsurprisingly, the higher the client’s tax rate, the worse the outcomes from locating a TIPS ladder in taxable when inflation rages,” he writes. “High-bracket taxpayers who accurately foresee a surge in future inflation, and take steps to defend against it, but who make the mistake of locating their TIPS ladder in taxable, can end up paying more in tax to the government than is received from the TIPS ladder during the first year or two.”

For municipal or other types of tax-exempt bonds, though, a taxable account is “the optimal place,” Spranger said. Convertible Treasury or corporate bonds show more similarity with the Treasury inflation-protected securities in that their ideal location is in a tax-deferred account, he noted.

Regardless, bonds act as a crucial core to a client’s portfolio, tamping down on the risk of volatility and sensitivity to interest rates. And the right ladder strategies yield more reliable future rates of returns for clients than a bond ETF or mutual fund, Spranger said.

“We’re strong proponents of using individual bonds, No. 1 so that we can create bond ladders, but, most importantly, for the certainty that individual bonds provide,” he said.

Continue Reading

Accounting

Why IRS cuts may spare a unit that facilitates mortgages

Published

on

Loan applicants and mortgage companies often rely on an Internal Revenue Service that’s dramatically downsizing to help facilitate the lending process, but they may be in luck.

That’s because the division responsible for the main form used to allow consumers to authorize the release of income-tax information to lenders is tied to essential IRS operations.

The Income Verification Express Service could be insulated from what NMN affiliate Accounting Today has described of a series of fluctuating IRS cuts because it’s part of the submission processing unit within wage and investment, a division central to the tax bureau’s purpose.

“It’s unlikely that IVES will be impacted due to association within submission processing,” said Curtis Knuth, president and CEO of NCS, a consumer reporting agency. “Processing tax returns and collecting revenue is the core function and purpose of the IRS.”

Knuth is a member of the IVES participant working group, which is comprised of representatives from companies that facilitate processing of 4506-C forms used to request tax transcripts for mortgages. Those involved represent a range of company sizes and business models.

The IRS has planned to slash thousands of jobs and make billions of dollars of cuts that are still in process, some of which have been successfully challenged in court.

While the current cuts might not be a concern for processing the main form of tax transcript requests this time around, there have been past issues with it in other situations like 2019’s lengthy government shutdown.

President Trump recently signed a continuing funding resolution to avert a shutdown. But it will run out later this year, so the issue could re-emerge if there’s an impasse in Congress at that time. Republicans largely dominate Congress but their lead is thinner in the Senate.

The mortgage industry will likely have an additional option it didn’t have in 2019 if another extended deadlock on the budget emerges and impedes processing of the central tax transcript form.

“It absolutely affected closings, because you couldn’t get the transcripts. You couldn’t get anybody on the phone,” said Phil Crescenzo Jr., vice president of National One Mortgage Corp.’s Southeast division.

There is an automated, free way for consumers to release their transcripts that may still operate when there are issues with the 4506-C process, which has a $4 surcharge. However, the alternative to the 4506-C form is less straightforward and objective as it’s done outside of the mortgage process, requiring a separate logon and actions.

Some of the most recent IRS cuts have targeted technology jobs and could have an impact on systems, so it’s also worth noting that another option lenders have sometimes elected to use is to allow loans temporarily move forward when transcript access is interrupted and verified later. 

There is a risk to waiting for verification or not getting it directly from the IRS, however, as government-related agencies hold mortgage lenders responsible for the accuracy of borrower income information. That risk could increase if loan performance issues become more prevalent.

Currently, tax transcripts primarily come into play for government-related loans made to contract workers, said Crescenzo.

“That’s the only receipt that you have for a self-employed client’s income to know it’s valid,” he said.

The home affordability crunch and rise of gig work like Uber driving has increased interest in these types of mortgages, he said. 

Contract workers can alternatively seek financing from the private non-qualified mortgage market where bank statements could be used to verify self-employment income, but Crescenzo said that has disadvantages related to government-related loans.

“Non QM requires higher downpayments and interest rates than traditional financing,” he said.

In the next couple years, regional demand for loans based on self-employment income could rise given the federal job cuts planned broadly at public agencies, depending on the extent to which court challenges to them go through.

Those potential borrowers will find it difficult to get new mortgages until they can establish more of a track record with their new sources of income, in most cases two years from a tax filing perspective. 

Continue Reading

Trending