IRS Publication 5433 – Working Virtually: Part 1 – Security Six – In today’s digital landscape, where remote work has become the norm, safeguarding sensitive information is more critical than ever. IRS Publication 5433, titled “Working Virtually: Part 1 – Security Six,” provides essential guidance for tax professionals and anyone handling taxpayer data. Released in July 2020 and still relevant as of 2026, this publication outlines six fundamental security measures to protect against cyber threats. With increasing incidents of data breaches, following these steps can help prevent identity theft and ensure compliance with IRS requirements.
What is IRS Publication 5433?
IRS Publication 5433 is the first installment in a five-part series from the IRS and its Security Summit partners, focusing on protecting tax data at home and work. It emphasizes the “Security Six” – a set of basic yet powerful protections designed for tax professionals but applicable to anyone working virtually. The publication highlights the importance of these measures in an era where cybercriminals target sensitive financial information.
According to recent IRS guidance, deploying the Security Six is a key component of the Taxes-Security-Together Checklist, updated as recently as October 2025. This checklist helps tax pros cover cybersecurity basics, reducing the risk of data theft.
The Importance of the Security Six in 2026
Remote work surged during the COVID-19 pandemic and remains prevalent, making virtual security a top priority. The IRS reports ongoing threats like phishing and ransomware, which can compromise taxpayer data. By implementing these six steps, professionals can create a robust defense system, complying with federal laws and building client trust.
Breaking Down the Security Six Measures
Here’s a detailed look at each of the Security Six protections, as outlined in Publication 5433. We’ll explain what they are, why they matter, and how to implement them effectively.
1. Activate Anti-Virus Software and Keep It Up to Date
Anti-virus software scans for and removes malware, viruses, and other threats. The IRS recommends enabling automatic updates to ensure protection against the latest vulnerabilities.
- Why it matters: Outdated software leaves systems exposed to new attacks.
- Implementation tips: Choose reputable providers like those with real-time scanning and schedule regular scans.
2. Use a Firewall to Shield Your Computer or Network
A firewall acts as a barrier between your device and potential threats, monitoring incoming and outgoing traffic.
- Why it matters: It prevents unauthorized access, especially on public networks.
- Implementation tips: Enable built-in firewalls on your OS (e.g., Windows Defender Firewall) and consider hardware firewalls for added security.
3. Choose Two-Factor Authentication (2FA)
2FA requires a second form of verification beyond a password, such as a code sent to your phone.
- Why it matters: Even if passwords are compromised, 2FA adds an extra layer, thwarting 99% of automated attacks.
- Implementation tips: Enable it on email, tax software, and cloud services. Opt for app-based authenticators over SMS for better security.
4. Use Backup Software/Services Routinely
Regular backups ensure critical files can be restored in case of data loss from ransomware or hardware failure.
- Why it matters: Tax data is irreplaceable; backups prevent permanent loss.
- Implementation tips: Use cloud services like Google Drive or external drives with automated scheduling. Follow the 3-2-1 rule: three copies, two media types, one offsite.
5. Use Drive Encryption
Encryption scrambles data, making it unreadable without the proper key.
- Why it matters: If a device is stolen, encrypted data remains protected.
- Implementation tips: Use tools like BitLocker (Windows) or FileVault (Mac) for full-disk encryption.
6. Create a Virtual Private Network (VPN)
A VPN encrypts your internet connection, securing data transmission over public Wi-Fi.
- Why it matters: It’s essential for remote work to prevent eavesdropping.
- Implementation tips: Select a trusted VPN provider with no-log policies and use it for all remote sessions.
| Security Measure | Key Benefit | Recommended Tools |
|---|---|---|
| Anti-Virus Software | Detects and removes threats | Avast, Norton |
| Firewall | Blocks unauthorized access | Windows Defender, Hardware routers |
| Two-Factor Authentication | Enhances login security | Google Authenticator, Authy |
| Backups | Data recovery | External HDD, Cloud services |
| Drive Encryption | Protects stored data | BitLocker, FileVault |
| VPN | Secures connections | ExpressVPN, NordVPN |
Beyond the Basics: Integrating Security Six into Your Routine
While Publication 5433 focuses on these fundamentals, the IRS encourages combining them with a Written Information Security Plan (WISP). Tax professionals are required by law to have a WISP, which includes these measures and procedures for handling breaches.
Stay informed by visiting the IRS Security Summit page for updates and additional resources.
Conclusion
IRS Publication 5433’s Security Six remains a cornerstone of virtual work security in 2026. By adopting these practices, tax professionals can protect sensitive data, avoid costly breaches, and maintain compliance. Download the full PDF from the IRS website to get started today.
For more on related topics, check out the subsequent parts of the series, such as Publication 5433-A on multi-factor authentication.