With tax season around the corner, hackers and cyber criminals have been pointing their sights at tax professionals and tax businesses at large including accountants, financial advisors, and financial strategist. The IRS recently posted an advisory warning tax businesses that a heightened amount of attacks and phishing attempts would be targeting their businesses in the coming months as the busiest time of the year is upon your businesses.
It is no mystery why cyber criminals would want to target tax agencies. For one, a standard tax return exposes critical data needed to assume someone’s identity or the necessary information to attempt to file a bogus return on behalf of someone else and collect their return. If a hacker is successful they are able to gather clients personal information including social security number, addresses, wage information, bank account information, and more. If you are not being proactive about the security of your devices and network then it is not a matter of “if” but a matter of “when” you will be compromised.
The number one question that clients ask us is “What is needed to stop us from being hacked?” The question is not an easy one to answer, and most security experts conclude that no one solution is hack-proof. Rather it is better to use a multi-layered approach towards security. This includes implementing and managing a set or “stack” of security measures and mechanisms to make it very difficult for cyber criminals to be able to steal you or your clients data. Here are some recommendations to prevent data comprise as recommended by our security experts.
•Learn to recognize phishing emails, especially those pretending to be
from the IRS, e-Services, a tax software provider, a new or existing
client or cloud storage provider. Never open an embedded link or any
attachment from a suspicious email.
• Create a written information security plan using the free eBook:
Safeguarding Taxpayer Data, and Small Business Information Security
• Install anti-malware/anti-virus security software on all devices
(laptops, desktops, routers, tablets and phones) and keep
software set to automatically update.
• Use strong passwords of eight or more characters, use different
passwords for each account, use special and alphanumeric
characters, use phrases, password protect wireless devices and
use a password manager program.
• Encrypt all sensitive files/emails, especially those with the
taxpayer’s personally identifiable information, and use strong
• Back up sensitive data to a safe and secure external source not
connected fulltime to a network.
• Make a final review of return information – especially direct deposit
information – prior to e-filing.
• Wipe clean or destroy old computer hard drives and printers that
contain sensitive data.
• Limit access to taxpayer data to individuals who need to know.
• Check e-File Applications and PTIN accounts weekly for total
returns filed using EFINs and PTINs; deactivate unused EFINs.
• Withdraw from any outstanding authorizations (power of attorney/
tax information) for taxpayers who no longer are clients.
• Report any suspected data theft or data
Protecting taxpayer data is good business. Data security can protect your business as well as your clients. A theft may also mean a loss of reputation, a loss of clients or a loss of money. Consider engaging security professionals for assistance or check with your professional liability carrier about data theft coverage.
Many clients choose to consult and retain a security consultant like Scotchtown Technology to implement the recommendations above and implement even more comprehensive security safeguards to protect their network, devices, and data. Please reach out to us to find out more information on how we can help safeguard your business