Tax Season: 7 Ways to Protect Your Business from Hackers
Hackers love tax season. For them, it’s that magical time of year when taxpayers transfer a lot of sensitive information. They send it back and forth to their tax preparation service and then on to the Department of Revenue at both the state and federal levels. All hackers need is just one tiny misstep or vulnerability to expose itself so they can sneak in and steal, compromise, or otherwise harm an organization’s data.
Are you prepared to protect your organization from hackers this tax season? Learn how hackers trick companies, especially during tax season, and how to keep your organization safe. And because hackers love to impersonate Internal Revenue Service (IRS) agents, learn how the IRS communicates with taxpayers to avoid being duped.
How the IRS contacts taxpayers
A key reason taxpayers fall for scams, particularly from the IRS, is they don’t know how the IRS initiates contact. The IRS starts by sending a letter through the US Postal Service.
After the initial contact by mail, depending on the situation, IRS agents or tax compliance officers might use these approaches:
- Call a taxpayer by phone or visit them in person, sometimes preceded by a letter.
- Call to confirm an appointment or discuss items for an upcoming scheduled audit.
- Send email or request information through the official irs.gov site.
- Make unannounced visits to their home or place of business to discuss back, delayed, or delinquent taxes.
When contacted by an IRS representative, follow these safety practices:
- Get their name, address, and agent number. You can email requests for verification to the IRS at [email protected].
- For in-person visits, always ask for two forms of credentials:
- A pocket commission for proof of authority
- A personal identity verification credential
- Make tax payments only to the US Treasury.
Hackers are good at falsifying documents and IDs. By being aware of these contact protocols, you can be better prepared for when the IRS contacts you and protect yourself from imposters. If you’re in doubt, check with the IRS or the person in your organization who’s asking for the information.
How hackers trick companies
Despite understanding IRS protocols for initiating contact, taxpayers still fall for hackers’ clever tricks and carefully calculated wording. Hackers commonly use the following methods:
- Sending fake documents or messages by mail, text message, or social media (phishing)
- Creating phony websites that mirror legitimate ones (spoofing)
- Threatening phone calls, emails, text messages, or letters to have you arrested, collect your assets, or freeze bank accounts if you don’t cooperate
- Requesting copies of tax statements, such as a W-2
These methods all have one goal: trick taxpayers into providing sensitive personally identifiable information (PII). That means trying to get your employer identification number (EIN), social security numbers in your data, and other sensitive information in your financial or tax records.
How to protect your business from hackers during tax season
Whether you’re deep into tax season or preparing for it, apply these methods to keep your information and business safe from hackers.
Cybersecurity training for employees
Cybersecurity awareness training should be a regular practice year-round for every organization. Keeping your organization safe during the tax season starts with your employees. Before the season begins, conduct tax-season-specific training on how employees can protect themselves and your organization from falling prey to hackers. Address the common methods, tactics, and phrases they use during this season to lure their targets. And remind them about safe password protocols.
Tax-based phishing simulations
Hackers love phishing. They especially love it when a vulnerable target clicks one of their links, enters their credentials or other PII, and gives them an open door to an organization’s data. By providing regular phishing simulations, you give employees hands-on practice and increase awareness to identify phishing attempts that could compromise your organization. Customize spear phishing attacks to show your employees’ vulnerabilities and provide follow-up training based on simulation findings.
Encrypted document delivery
Delivering sensitive documents requires secure transfer. The most secure way is to deliver them in person to your employees or to your tax preparers. But in this digital age, more companies are delivering sensitive documents electronically. If you must send files this way, encrypt them before you send them. Or use a digital document transfer service that offers layered security and a secure portal that encrypts documents.
Secure tax preparation service
If you need to outsource to a tax preparation service, choose one that makes IT security and cybersecurity a priority in how they run their business. Make sure you understand:
- How they exchange files and sensitive information
- How they store and back up that information
- Who has access to it
- What type of network security they have in place
By working with a tax preparation service that has security measures in place, you not only keep your tax information secure but also protect your own business.
Enhanced email and password security
With so many passwords to remember between work and home, it’s no secret that employees prefer to use the same password everywhere. To tighten up access to your applications and information, use a password manager to maintain strong, yet complex, passwords. Also, enable multifactor authentication for tighter, layered access to verify authorization. And, specifically to email, make sure you have solid spam and virus protection that can scan messages for phishing.
Risk assessment
To keep your organization safe during the tax season, hire a cybersecurity team to do a risk assessment. These assessments help identify internal and third-party cybersecurity risks and their potential impact on your business. The assessment team develops plans and processes to manage, mitigate, and prevent them. They also create a remediation roadmap that outlines vulnerabilities, risk, and corresponding mitigation steps.
Vulnerability management
Secure a team of cybersecurity experts to check for and manage vulnerabilities in your IT infrastructure. They’ll dig deep into your systems and networks to uncover weaknesses and perform ongoing scans to keep you ahead of looming threats. Through a customized, easy-to-follow report, they can provide details about the vulnerabilities that were detected and outline remediation guidance.
Keep your organization safe
As you prepare your important papers and forms for this year’s taxes, follow this guidance carefully. Take measures to secure your data, internal network, and the entire process from your employees to your tax preparation service.
Take the fun out of tax season for hackers. Turn to a third-party service provider to take an objective look at the vulnerabilities and risks that could expose your company to a cyber attack or data breach.
Marcum Technology provides a full cybersecurity service offering. If you need any help, from beginning a review of your security posture to investigating a cybersecurity incident, or even if you just want to ask for advice on a situation you are facing, please contact us at [email protected]. #AskMarcumTechnology