<aside> 💻 We recommend all VITA volunteers review this security checklist to help keep your and your client's data safe.

</aside>

GetYourRefund Security Checklist

• Do not share any sensitive client personally identifiable information (PII) via email or text message.
  • For example, do not put social security numbers, tax information, or account numbers in a message to a client.
  • All sensitive information should be received through the document request feature in the Hub.
  • All sensitive information sent to the client should be done through the client envelope feature in the Hub, not by attaching files to an email.
• When calling a client, have them verify the last 4 digits of their social security number before proceeding with the conversation.
• Don't download tax documents. Instead, view any needed forms directly in your browser.
  • You will need to download files from TaxSlayer (like the final return) in order to upload them.
  • To make changes to the Form 13614-C, you'll need to download it.
• Don't share your account on the Hub. Every volunteer must have their own account; do not share your password with anyone else.
• At the end of your session, delete any documents downloaded to your computer.
• Don't download free software from a source that you cannot verify.
• Stay on guard and trust your instincts if something doesn’t seem right.
• Follow the IRS Quality Site Guidelines.

General Online Security Checklist

• Use a strong password, and do not share it across accounts.
  • Strong passwords are 10+ characters long.
  • The best way to manage your passwords is to install a password manager.
• Don't open emails from unfamiliar sources.
  • Do not open any attachments (PDF, ZIP) you weren't expecting.
  • Don't click on strange links. To double check links before clicking, you can hover over the link to see the destination URL which will appear near the bottom left corner of your screen (on Chrome). If you don't recognize the destination website, don't click.
• If you receive an email from a company that doesn't look quite right, don't click on any links in that email but go directly to the company's website to investigate further.
  • For example, a scammer might send an email pretending to be from Apple saying your account was hacked. The fake email will try to get you to visit a fake Apple website, which will steal any information you enter, including your password.
• Use a secure wifi connection ****from a trusted source.
  • Wifi networks that are password protected and not shared with strangers are safer, like your home or office wifi.
  • Often, folks ask about using a VPN. There are many different use cases for a VPN, but in this case, a VPN is downloadable software for your computer (or mobile device) that helps hide your internet activity from other people sharing the same wifi network and from your internet provider.
    • For example, if you are using public wifi at a library, there's potential that other people on the wifi network could see some information about what websites you're visiting and what data you're sending or uploading to that website.
    • If you're doing something like online banking, you might want to wait until you're on a more secure wifi network, or use a VPN.
    • If you're using a trusted wifi network (home or office), you likely do not need a VPN.
    • If you're working from a library or public place, you may want to consider getting a VPN. If you need a VPN, you should pay for it, as opposed to using a "free VPN."
      • Here's a source for VPN products — most should be a few dollars per month, and can be shared with multiple users.
    • For more information about VPNs, see the IRS's press release on VPNs.
• Keep your browser updated.
  • We recommend using Google Chrome. Chrome will typically upgrade itself automatically when it's closed, if not, you'll see an upgrade button in the top right corner of your browser (update guide).
  • We recommend against Internet Explorer.