It may not seem like it, but reporting your taxes online is one of the most challenging cybersecurity operations of the year.
The IRS has been slow to roll out full online tax reporting capabilities for exactly this reason.
If the movie-villain criminal masterminds of yesteryear wanted to break into the gold vaults of Fort Knox, today’s cybercriminal masterminds are right to consider the IRS tax record database even more valuable.
While the institution doesn’t talk about its own cybersecurity defenses, it does recommend best practices for individuals and corporations filing online.
Much of this information is familiar to people who understand cybersecurity threats, but there are a few issues that will come as a surprise even to individuals experienced in network security.
Cybersecurity Tips to Protect Your Tax Data
Tax forms are filled with personally identifiable information and financial data – they have to be. A handful of profiteering cybercriminals are aware of this, and are doing everything they can to obtain that data.
In particular, cybercriminals have focused their attention on employee W-2 forms. The most common scam is a phishing attempt to gather as many W-2s as possible, typically by a hacker posing as a company executive or accounting supervisor.
With this information, a hacker could impersonate any one of those individuals, opening accounts and taking out loans in their name, then disappearing with the cash before the authorities notice.
To protect your employees’ data against this type of attack, you have to provide a means of confirming requests for tax documents and identify the people in your company who are authorized to ask for those documents.
If your accountants actually need these documents from employees, they should be prepared to verify their identities by phone when asking.
The IRS Does Not Send Emails
Another common cybercriminal tactic is phishing for tax forms by impersonating the IRS itself.
Alternately, cybercriminals can send emails purported to be from the IRS and use them to download malware onto their victim’s computers. Some of these emails ask for taxpayer information, whereas others promise tax returns or other incentives.
The important thing to remember is that the IRS never sends emails to taxpayers.
It initiates communication exclusively via the U.S. Postal Service, moving on to the telephone only in advanced cases.
If you or your fellow employees receive emails that claim to be from the IRS, delete them immediately.
Furthermore, if you do have to send tax information through email, make sure the email is encrypted or that the attachment is otherwise protected. Using a secure messaging service for tax documentation can save you from financial ruin later on.
How to Keep Tax Data Safe
With phishing attacks and criminals impersonating the IRS, it can seem like it’s only a matter of time before an employee slips and accidentally sends data through an unsecured channel.
A recent Raytheon survey found that 70 percent of security professionals see more incidents caused by employee error than by intentionally malicious cyberattacks.
The only way to effectively defend against these incidents is by talking with your employees and making cybersecurity a part of your workplace culture. Individual employees need to understand the importance of the data they work with, and to know how to take steps to avoid exposing data on their own.
In the small business environment, this can be done in a simple sit-down meeting between managers and their teams. Supervisors should be looking for employee pain points and be ready to discuss ways to maintain a healthy standard of cybersecurity without requiring complex processes for every single task.
Larger enterprises generally have more threat vectors to account for, so having a network security professional intervene can be valuable. In this case, it is vital that password security and constant vigilance against phishing attempts both become part of everyday workplace culture. Employees from the mailroom to the boardroom need to have clear policies for dealing with cybersecurity threats.
David Wagner, CEO of email encryption company ZixCorp, recommends that any routine cybersecurity process with more than two steps to it is too involved for the average employee. Ideally, cybersecurity should run in the background without involving much employee effort beyond looking out for suspicious behavior.
This level of cybersecurity is only possible with a managed network vendor who can address security issues in your network infrastructure as part of an ongoing service. Otherwise, maintaining up-to-date compliance with the latest cybersecurity recommendations is your IT team’s responsibility.
Concerned about whether your cybersecurity policy adequately protects your sensitive tax data? Have one of our experts look over your network infrastructure.