The Treasury Inspector General for Tax Administration (TIGTA) today publicly released its most recent review of whether the Internal Revenue Service (IRS) has adequate security controls to prevent and respond to malware attacks.
The report concluded that the IRS has taken steps to protect its computer systems and taxpayer data from the increasing threat of hackers.
Malware, also known as malicious code or malicious software, refers to a computer program that is inserted into a computer system with the intent of compromising the confidentiality, integrity, or availability of an organization's data, applications, or operating systems. Malware is delivered through commonly used applications and devices, such as e-mail, the Internet, and portable media devices.
"We found that overall, the IRS's preventive and response controls to address this threat are generally effective," commented J. Russell George, the Treasury Inspector General for Tax Administration. However, they need to continue to limit practices that enhance the risk and increase employee awareness of their responsibility for preventing malware incidents."
According to the report, IRS employee workstations are scanned by antivirus software on a weekly basis. However, antivirus scans were not consistently scheduled for servers. TIGTA recommended that the IRS take additional steps to limit some practices that increase the risk of malware incidents and increase employee awareness of their responsibilities for preventing malware incidents.
The IRS agreed with TIGTA's recommendations.
The current findings are the latest in TIGTA's ongoing oversight of the IRS's computer systems. By law, TIGTA is required to conduct annual assessments of the IRS's information security programs. TIGTA reported in September that the IRS has made steady progress in complying with the Federal Information Security Management Act.