As we inch closer and closer to tax season, this year could easily be the most important I’ve seen in my lifetime (since 1984). As more people continue to lose jobs, there will be many things to keep an eye on as we fill out the various tax forms. Will Obama be able to keep his campaign promise of no taxes for anyone below $200k/year? How will the proposed $800 billion stimulus package fit into all of this?

One question you might not be asking, but you should be is, ‘Is all of our tax information safe?’

According to the Treasury Inspector General for Tax Administration, and Government Accountability Office there should definitely be cause for concern. After reading the initial report, and the document its based on I’m utterly shocked by the vulnerabilities the IRS has left open with its systems.

Here is a list of the problems that the GAO was able to find within the IRS’ system:

• enforce strong password management for properly identifying and authenticating users;
• authorize user access, including access to personally identifiable information, to permit only the access needed to perform job functions;
• encrypt certain sensitive data;
• effectively monitor changes on its mainframe; and
• physically protect its computer resources.

What I find so puzzling is that most of the problems that the GAO found seem so easy to fix. After glancing through some of the more important parts of the report, the lack of strong password usage was a key issue. It seems like that all it should take is increasing the standards of complexity when creating a password for a user.

The other key issue that I found odd is the lack of monitoring on users when they are inside the system. These are the people that are viewing our data, with all the information about our social security numbers, bank accounts etc… You’d think that every action that they take while in the system is somehow being monitored.

I can be more forgiving on the problems that are found in terms of encryption, and the more technical aspects of security. But to be having problems with password management, and monitoring? It’s inexcusable, and definitely leaves me with a worse feeling than I already had with the IRS.

To be fair, the report also mentioned that the IRS was improving in some of their key areas. 49 of the 115 vulnerabilities that had recently been uncovered, had been addressed by the IRS. Here are some of those problems.

• implemented controls for unauthenticated network access and user IDs on the mainframe,
• encrypted sensitive data going across its network,
• improved the patching of critical vulnerabilities, and
• updated contingency plans to document critical business processes.

As Obama seems to have a heavy focus on technology, hopefully the security issues of the IRS get front stage. As the economy continues to struggle, the last thing we need is having our tax dollars put in jeopardy because of a lacking password structure.

[via: ComputerWorld]

If you enjoyed this post, make sure you subscribe to my RSS feed!