Tax Tips Logo ImageISSUE

Cybersecurity should be a priority for your institution.  The Department of Education has specific requirements under the Gramm-Leach-Bliley Act.  The IRS is in the process of releasing a five-part report on cyber protection when working remotely.


Marathon Bible College (MBC) is a private college exempt under Internal Revenue Code section 501(c)(3) and 170(b)(1)(A)(ii).  They are required to file Form 990 annually.

As we work with them on their June 30, 2020 audit, cybersecurity risks dominated part of our assessment.  MBC has appointed a “Cybersecurity Point Person”, they have received training, and the college completed a risk assessment that addresses:

a) Employee training and management;

b) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and

c) Detecting, preventing and responding to attacks, intrusions, or other systems failures.

In addition, in accordance with Department of Education guidelines, MBC has documented a safeguard for each risk that was identified.

We communicated to them that the IRS – along with the “Security Summit” (representatives from the software industry, tax preparation firms, payroll and tax financial product processors and state tax administrators) – has issued Part 1 of a five-part series of tips for working remotely.  The IRS states that the following are the basic ” Security Six” protections that everyone… should use.

Although designed for tax professionals, there is great wisdom in the tips in Part 1 that was released last week.  More information may be found at:



From IR-2020-167, July 21, 2020:

During this period, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) have urged organizations to maintain a heightened state of alert as cybercriminals seek to exploit Covid-19 concerns.

To assist tax professionals with the security basics, the IRS, state tax agencies and nation’s tax industry are launching a five-part series called Working Virtually: Protecting Tax Data at Home and at Work. The special series is designed to help practitioners assess their home and office data security. The first recommendation today covers the ” Security Six” – basic steps that should be taken for every work location. The series will continue each Tuesday through Aug. 18. ” The Security Summit partners urge tax professionals to take time this summer to give their data safeguards a thorough review and ensure that these protections are in place whether they work from home or the office,” said IRS Commissioner Chuck Rettig.

Although the Security Summit – a partnership between the IRS, states and the private-sector tax community – is making major progress against tax-related identity theft, cybercriminals continue to evolve. They are aware that tax practitioners and their systems may be more vulnerable this year during COVID-19, especially if they are working remotely.

The following are the basic “Security Six” protections that everyone, especially tax professionals handling sensitive data, should use:

  1. Anti-virus software
  2. Firewalls
  3. Two-factor authentication
  4. Backup software/services
  5. Drive encryption
  6. Virtual Private Network



  • Every institution should have a trained “Cybersecurity Point Person.”
  • ED has specific requirements under GLBA for those schools receiving Federal Aid.
  • Have you done a cybersecurity risk assessment and documented safeguards for all identified risks?
  • The IRS’ “Security Summit” tips can be useful as you protect your school’s and student’s data.

Specific questions? Email Dave Moja

The information provided herein presents general information and should not be relied on as accounting, tax, or legal advice when analyzing and resolving a specific tax issue. If you have specific questions regarding a particular fact situation, please consult with competent accounting, tax, and/or legal counsel about the facts and laws that apply.

© 2020 Moja & Company, LLC