During the pandemic, the Internal Revenue Service has expanded its telework program to allow employees to work in their homes. According to a recent report from the Treasury Inspector General for Tax Administration (TIGTA), in March of 2020 there were approximately 26,000 employees working remotely. By September of 2020, nearly 60,700 employees were teleworking. Due to the IRS’ large remote workforce, there is now an increase in risk of possible cyberattacks.
In the TIGTA report, it was confirmed that the IRS has not acquired new remote connections software to support telework but has purchased more licenses due to the high number of remote employees. The IRS has also purchased $37 million in equipment and licenses for their teleworkers.
Employees are required to use a virtual private network (VPN) to gain remote access to their work and the IRS also has a policy that requires two-factor authentication to safeguard security. Although there are these policies in place, it was confirmed by the report that the remote work for the IRS has now increased the potential for data breaches and unauthorized disclosures.
The TIGTA explains in the report that the US has recently been a target of multiple high-profile cyberattacks as well as cybersecurity threats against the federal government. One of the top concerns of the IRS should be devoting resources to protecting the confidentiality of taxpayer information.
The IRS currently has put in place an IT asset management program to help avoid the spread of personal identifiable information. This new program has allowed the IRS to track inventory data of virtual workstations, laptop computers, and Personal Digital Assistants.
In terms of policies for employees, the IRS has waived the requirement for employees to complete a telework agreement at this time. New employees are also encouraged but not required to go through telework training. The IRS has also waived all telework policies until March 23, 2022, but they plan to reassess this periodically as they may lift the waiver earlier than expected.
Although the IRS has an increased risk of cyberattacks, it is important for the public to note that they have continuously been monitoring and using network scanning technology to identify any security vulnerabilities. The IRS conducts vulnerability scanning six days a week to ensure there are no possible threats. They also have many network management programs which consist of audit log management, incident monitoring, and more, to reduce the risk of cyberthreats. The IRS is putting many safeguards in place to keep our information safe as they continue to work remotely.