I always get excited when I find an intersection between MIS and Accounting. However, Bruce Schneier’s article, on what can only be described as the IRS’s incompetence when it comes to cyber security, is frightening. The article starts by sharing the results of the Government Accountability Office’s (GAO) annual report. According to the report, the IRS fails to identify and authenticate network users, encrypt data, provide appropriate audit and monitoring capabilities, patch vulnerabilities, and update software. These security inadequacies are translating into instances in which cybercriminals are hacking tax information and using that stolen information to file tax returns and collect the refunds.
Despite these clear problems, the IRS seems to be doing little to combat issues. In the GAO’s 2015 report, it states that the IRS had only mitigated 14 of the 69 weaknesses that had been identified in 2013. In the 2016 report, it seems the IRS has not improved its situation, as it only addressed 23 of the 70 weaknesses that were identified in 2015. Schneier theorizes that the lack of improvement to the IRS’s security situation is due to their limited budget, which has been cut by 17% since 2010. The article, “It’s Tax Time, But the IRS Still Sucks at Cyber Security,” (http://www.wired.com/2016/04/security-week-tax-day-near-irs-hackable-ever/) seems to echo this claim by noting that the IRS’s top cyber security expert just quit because of the less than competitive digital security salaries that the IRS offers.
This article relates to class because of the privacy and security issues that the IRS is facing. With tax day coming up tomorrow, it’s concerning that millions of Americans are required by law to put their personal information at risk, especially considering the sensitive information that one is sharing when submitting a tax form. Most Americans probably underestimate the amount of risk associated with paying their taxes because they wrongly assume that because the IRS is the revenue service of the United States federal government, proper precautions have been put in place to protect law abiding citizens. I believe that it is clear that the IRS needs to start combatting these security issues and allocate appropriate funds to the department that needs it most.
It is important for us to consider situations like these as we enter into the world as MIS professionals in order to understand that we need to have a certain level of skepticism and caution. This article demonstrates how dangerous cyber security can be, and drastic changes must be made if we are going to protect our personal information and identities. It seems that even an established government service, such as the IRS, is not well prepared to function in a world that is so heavily dependent on the Internet.
Link: http://www.cnn.com/2016/04/13/opinions/is-data-you-send-to-irs-secure-opinion-schneier/index.html
I love when there are intersections between accounting and MIS. Your post about how the IRS isn't properly handling our private and sensitive information is very interesting. I remember how in ACCT 420: Federal Principals of Taxation we were taught about all the information we are supposed to disclosed to the IRS, but not how secure disclosing this information actually is. This article gave great insight to how many weaknesses there are within this particular system. These weaknesses provide criminals with citizen's tax information which allows them to collect others refunds. Another major issue that these weaknesses pose can be found in this article by CNN Money (http://money.cnn.com/2015/05/26/pf/taxes/irs-website-data-hack/). Fraudsters not only can collect others refunds, but they can use the information that is supposed to be protected by the IRS to open bank accounts and new lines of credit. The IRS isn't the only one facing high fraudulent behavior surrounding taxes. TurboTax also had a major wave of fraudulent activity with its preparation software. Our privacy and the security of our personal information is very important and our government agencies should be working in a more efficient manner to ensure its safety. Thank you Heather for pointing out how important this issue is to our country's taxpayers.
ReplyDelete