Tax time is a busy and lucrative time for cyber hackers. In 2014, over 100 million tax returns were filed electronically, and considering 1 in 5 computers are not properly protected against cyber attacks, that leaves 20 million targets vulnerable.
In addition, there were almost 800 data breaches in 2014 in which confidential customer data was stolen from businesses across the U.S. by means of malware, phishing scams and even lost or stolen flash drives and other storage devices.
> See also: How to avoid tax phishing scams
Because of these startling facts, it’s important for businesses to be aware of potential dangers that could affect their customer base and employees at all times – but especially once pertinent financial documents have been compiled and sent to the accountant.
Regularly update security software
Hackers are always exploring computer security measures to find weaknesses and develop ways in. In reaction, security software manufacturers are constantly developing patches and software updates to eliminate threats as they are discovered.
If your IT department doesn’t stay diligent regarding software and operating system updates, these known weaknesses remain like open doors inviting criminals into your business.
Identify what firewalls, anti-spam, antivirus, antimalware and antispyware software the IT department may have installed company-wide and always insure updates are being installed as they are made available.
Additionally, don’t ever attempt to download any software (security or otherwise) without visiting trusted review sites and researching its legitimacy. Otherwise, you may accidentally download software designed for the purpose of stealing information or damaging computers within your network.
Use strong passwords
Weak passwords are an easy way for someone to access your company’s data. However, all employees must be held to the same standard and comply with these rules for it to create a safety net against cyber attacks.
Strong passwords should be at least 7-10 characters long and include a mix of upper and lower case letters, without using single dictionary words or character substitution for dictionary words (like p@$$worD). One idea is using a string of three words 'smushed' together that are meaningful to you so that you can easily remember your password without having ti write it down and refer to it.
It’s vital to use different passwords for each account and change them every few months. Otherwise, a hacker only needs to crack one to have access to everything on a computer. A good password manager program can keep this from being overwhelming.
Don’t trust emails and phone calls from the IRS
Inform all employees to never provide any company information to anyone claiming to be the IRS unless they have initiated the contact. As stated on the IRS website, 'The IRS doesn't initiate contact with taxpayers by email, text messages or social media channels to request financial information.'
Be sure to report any unsolicited email or phone calls claiming to be from the IRS to firstname.lastname@example.org.
For enterprises, it often takes a team of accountants to prepare business taxes; however, it’s important to research each tax preparer’s credentials before entrusting them with financial information.
Ask potential tax preparers how they protect your company’s information. Questions you should be asking include : how will it be stored? Will it be encrypted? What computer security softwre is used? Who has access? And is background screening used for employees?
Finally, never send financial information over public Wi-Fi networks—only use secure networks. Once your business’ return has been filed, have all files burned to two CDs (in case something happens to one of them) and remove the financial information from all company hard drives. The CDs should then be stored in a secure location such as a safe.
Michael Hall, Information Security Officer (CISO) and Director of eDiscovery and Digital Forensics, DriveSavers