This article was originally published on Spiceworks – https://www.spiceworks.com/it-security/data-security/guest-article/safeguarding-data-and-financial-future-this-tax-season/
Claude Mandy, chief evangelist of Symmetry Systems, shares insights and tips for business leaders and individuals on how to stay safe from cyber criminals this tax season.
The 15th of April, commonly referred to as Tax Day in the US, is rapidly approaching. Tax Day brings the hope of refunds and the stress of deadlines for the unprepared. There is also, unfortunately, the cyber risk that taints tax season. It is well known as a prime time for cybercriminals’ to hunt for victims. In this crucial period, sensitive personal and financial data gets exchanged en masse. The IRS processed over 162 million returns and other forms in 2023. This treasure trove attacks a range of attackers, employing sophisticated scams aiming at individuals and tax professionals alike.
The Bullseye on Tax Season
While individuals scramble to compile their financial records and tax consultants crunch numbers and collect evidence, cybercriminals see a golden opportunity. The abundance of personal information and financial data being exchanged is irresistible bait. From phishingPhishing is a cyberattack technique where attackers send dec... scams mimicking legitimate tax correspondence to sophisticated malwareMalware is a general term that encompasses various types of ... designed to compromise credentials, exfiltrate data, or wreck havoc, the arsenal used by these criminals is both varied and dangerous.
Decoding the Threat: The How and Why
Individuals filing tax returns, tax software, and tax preparation firms find themselves under siege. Cybercriminals exploit the hectic nature of tax season, with phishing attacks particularly prevalent throughout the year, claiming 298,878 victims, according to the FBI’s 2023 Internet Crime Report. These methods aim to steal personal information, or gain unauthorized access to networks, and ultimately exfiltrate data or wreck ransomwareRansomware is a from of cyber attack (predominantly describi... havoc More sophisticated scams involving the offer of fraudulent tax preparation services will undoubtedly appear, seeking to swindle unsuspecting victims by promising to aid in their tax filings.
For Individuals: Protecting Your Personal Information
For individuals, a successful cyber attack could lead to identity theft, financial fraud, and a long-lasting impact on victims’ lives. Individuals should focus on the protection of their information and credentials, stay vigilant against phishing, take active steps to keep their computer and networks updated and verify the legitimacy of communication with legitimate tax preparers. The IRS offers some great suggestions themselves.
1. Recognize phishing attempts
Phishing scams, particularly during tax season, can come in many forms. The IRS published an annual overview of the “dirty dozen” tax scams they have witnessed in 2022. Whether it’s a cybercriminal pretending to be from the IRS, tax companies, or other official entities, phishing can be difficult to spot when you’re under stress. You can easily overlook the generic greetings, typos, and suspicious links because it’s from the dreaded IRS. These communications might urge you to click on malicious links or provide personal information, purportedly to check the status of your refund or rectify an issue with your tax filing. Remember, the IRS does not initiate contact with taxpayers by email, text, or social media to request personal or financial information.
2. Secure personal computers and networks
Individuals should protect their computers with up-to-date antivirus software, firewalls, and anti-spyware programs. Regularly updating the software, including your network routers, that you use is crucial as they often include patches for newly discovered security vulnerabilities. It goes without saying that you should use strong, unique passwords for different accounts, consider a reputable password manager to keep track of them, and monitor for potential compromise.
3. Verify the legitimacy of tax preparers
Before entrusting personal and financial information to a tax preparer, Individuals should conduct thorough research on the legitimacy of the preparers. You can verify their credentials (such as a Preparer Tax Identification Number), check reviews, and seek recommendations from trusted sources. Ideally you should ensure they have robust security measures in place to protect your data, including secure portals for document exchange rather than email. This helps verify ongoing communication with them is legitimate, and the data is secured.
For Tax Consultants and Organizations: Data Protection at Scale
For organizations, a successful cyber attack could lead to identity theft, financial fraud, and a long-lasting impact on their customers’ and employees’ lives.
1. Secure access to W-2 Forms and other sensitive documents
Organizations should always limit access to sensitive tax information to only those who need it. The IRS is particularly concerned with the ongoing scams to obtain all the W-2’s of organizations through a business email compromise scam. You can simplify access management by employing role-based access controls, but you still need to regularly audit who has access to what information. Although it is increasingly becoming outdated, physical documents are still printed for tax, and organizations should ensure physical documents are stored and transported securely and disposed of properly, using shredders for documents containing sensitive informationSensitive information is a broad term that encompasses any d....
2. Protect Tax information using securely configured Cloud Data Storage
Use strong encryptionEncryption is the process of converting plaintext data into ... to store and transmit personal information, especially Social Security numbers. For cloud storage solutions, organizations must select and configure providers that offer industry-standard data encryption in transit and at rest. At a minimum, organizations must ensure that multi-factor authenticationAuthentication is the process of verifying and confirming th... (MFAMFA, or Multi-Factor Authentication, is a security mechanism...) is implemented for any users accessing the information. MFA provides an additional but necessary layer of security, drastically reducing the chance of unauthorized access.
The Role of Technology in Protecting Tax Information
The battle against tax-season cyberthreats is not just about vigilance; it’s about leveraging cutting-edge technologies to secure data.
1. Data security and privacy management (DSPM) tools
DSPMA term originally coined by Gartner, data security posture ... solutions, like Symmetry Systems, offer a comprehensive approach to identifying, managing, and securing data across various environments. These tools can help tax professionals and organizations keep track of where sensitive tax information like Social Security Numbers resides, monitor access, and ensure compliance with privacy regulations.
2. Encryption and advanced cybersecurity strategies
Encryption, both for data in transit and at rest, is a critical defense mechanism. Advanced encryption methods, like end-to-end encryption, ensure that data intercepted during transmission remains unreadable. Organizations should also consider employing comprehensive cybersecurityCybersecurity refers to the practice of protecting systems, ... strategies, including regular security assessments, phishing simulation training for employees, and the adoption of secure communication platforms.
The Path Forward
As we navigate the complexities of tax season, the importance of cybersecurity cannot be overstated. By adopting a proactive stance, equipped with the right knowledge and tools, individuals and organizations can protect themselves against the lurking threats of cybercriminals. Protecting sensitive tax information not only safeguards personal and financial well-being but also contributes to the integrityIn the context of data security and privacy, integrity refer... of the tax system at large.