southparkcpa wrote:Everything is suspect.... I would bet the IRS servers are more vulnerable than dropbox for example. But yes, there no such thing as a sure thing.
Yes -- remember, someone once said the Titanic was unsinkable, too. About the only realistic, practical thing you can do is get cyber insurance.
I don't think IRS servers are connected to the open internet, but they might be more vulnerable to "front door" attacks, where someone already has already stolen the credentials. Remember, ordinary taxpayers don't have IRS logins, and the customer count for IRS massively dwarfs the customer count for Dropbox, so it stands to reason it is easier to fake who you are to the IRS.
And then, there are some tax pros who actively fight against increased IRS security summit measures with their little mouse tingler devices to circumvent vendor security features.
cp_acwt wrote:makbo:
What are your recommendations for security/encryption/backup/restore?
I've posted them all before, but in a nutshell:
- For encryption, I use Windows 10 Bitlocker and WinZip Pro.
- For "security", I follow good practices (such as applying updates regularly, not sharing or duplicating passwords, using different email addresses with different accounts, and sometimes I even use MFA). I use Kaspersky Internet Security suite for online protection (have been for many years, before that I used Zone Alarm since the late 20th century before the Israelis took it over and ruined it). I also don't read my email online.
- For backup/restore, I follow a diversity of practices, but none using online storage, since I don't want to be dependent on having a high speed internet connection (and as a side benefit, I don't have to pay extra for it). I have a notebook computer which is a regularly updated "clone" of my desktop (meaning, it can do all of the same things, with current data); I have several external backup drives, located anywhere from five feet to four thousand miles away from my desktop; and I backup my data files locally every 24 hours, or more often manually if I've done a lot of work I don't ever want to have to repeat.
I test a full restore every time I get a new computer (every 2-3 years), and every so often do a random test of whether or not I can successfully view/extract an older version of one of my key data files
If I had employees, some of this would be more complicated and expensive.