5 Ways To Protect Business Data From Hackers & Scams During Tax Season
During tax season, documents with social security numbers and other private information on them are exchanged at a much higher rate than any other time of year. In addition, employers and employees are highly engaged in tax-related tasks, making this an especially busy time for finance people and business leaders alike.
This combination of factors creates ideal conditions for hackers and scammers to take action.
During tax season, companies and individuals fall prey to scams frequently but we don’t hear about them because they aren’t public employees. And, typically, the hackers get away with it.
Throughout my 10-year career in IT, I’ve seen it happen.
In this article, I’ll explain some common tax scams and outline 5 actions you can take to protect your data.
What Are Some Of The Most Common Tax Scams?
Hacks that happen during tax season often aren’t “brute force” attacks in which hackers gain access purely through technological means. They almost always trick individuals into giving up data. This is even easier during tax season when people are accustomed to sharing data with accountants, financial planners, and the IRS.
These attacks typically occur via phishing or voice phishing (also known as “vishing”) scams. Here are examples of how both work:
1. Phishing
In phishing attacks, hackers gain access to an email account at your company and observe the schedule and writing style, then send a carefully crafted and believable email message asking for tax information at the right time of year.
There are many ways to pull off phishing attacks, so the one crucial rule to remember during tax season is not to email any sensitive information to anyone. Your accountant or comptroller should have a secure system for transferring documents online.
Related article: What Is Phishing? (& Tips To Avoid It)
2. Vishing
Scammers carry out vishing attacks via telephone. Both mobile and landline phones are susceptible to these attacks, even if you have caller id. (The perpetrators can manipulate the caller id display to make it look like they are calling from a legitimate organization that matches their scam.)
Typically an caller informs you that you need to take some sort of immediate corrective action.
They may request your bank PIN to verify some suspicious activity with your business account or pretend to be from the Internal Revenue Service (IRS) or another government agency.
They may claim to represent your business credit card company or pretend to be from a collections agency.
How Can Companies Protect Against Hackers & Scams During Tax Season?
Here are a few key practices that are a good idea year round, but especially prudent during tax season.
1. Provide Employee Security Training
Regular employee training is an important part of any comprehensive cybersecurity strategy.
Why not take an opportunity during the late winter or spring to do a tax-themed training session? Doing so will strengthen the biggest weakness in your cyber defenses (your employees) at your most vulnerable time of year.
Related article: Why Is It Important To Provide Security Awareness Training For Employees?
2. Update Patches
Making sure your patches are up-to-date before preparing taxes helps ensure that anyone who has gained access to your system and may be watching your activity gets booted from your system before you start poring over sensitive data.
Related article: 6 Easy, Cost-Effective Cybersecurity Solutions
3. Use SPAM filters
SPAM filters can detect unsolicited and infected emails, preventing them from getting to an employee’s inbox. There are many options available, some of which are free.
Some platforms, like Microsoft 365 (formerly Office 365), provides additional filters you can activate for added employee email security. These extra filters can stop things that may make it through the SPAM filter.
OpenDNS is another useful tool that checks all websites accessed via the company network to make sure they are real and have not been compromised before you access them.
4. Add Encryption To Email
Adding email encryption to your company’s email platform is an effective way to ensure that hackers can’t gain access to sensitive data through email. If it sounds difficult to use, it’s not—users would never know it’s there and it can be set up relatively easily by your internal IT staff or an external IT provider.
5. Ask Questions Before Acting
I know this is a particularly busy time, but take the time to stop and think before taking action.
Would the IRS really call you? The IRS only communicates via U.S. Mail—never by phone or email. Similarly, it can’t hurt to double check in person or by phone with someone in your organization asking for W-2 forms or other info via email or phone.
It’s easy for a hacker to pretend to be someone else via phone or email.
Make sure you verify identity and perhaps even tell the person on the other end of the phone or that you’re in the middle of something and will call them back, then verify the telephone number or email address before responding.
Taking a few extra minutes could avoid costly cybersecurity mistakes.
What’s The Bottom Line?
In this article, we’ve explored two common scams that people can use to gain access to your network and data, especially during the busy tax season.
After reading this article, you understand how hackers and scammers use phishing and vishing to exploit people within your organization. We’ve also explored how easily it can be to fall victim to these scams when preparing your organization's taxes.
You know five actions you can take to protect your organization from these types of attacks: provide employee security training, update patches, use SPAM filters, add encryption to emails, and ask questions before acting.
Each of these steps provides an extra layer of defense for your network, making it more difficult for hackers to access your data.
At this point, you may have the internal IT staff you need to take action. If not, you may want to explore options for external IT support to ensure that your data is safe.
If you decided to explore external IT support options, we encourage you to check out several providers to get one that is the right fit for you.
At Kelser, we are committed to providing the information that business leaders like you need to find the right provider for them.
Rather than convincing you to work with us, we encourage you to check us out among the other providers you are considering, but realistically, we know that our managed IT solution (while comprehensive) isn’t necessarily the right solution for every organization.
The truth is, it doesn’t do you or us any good to work together if we aren’t the right fit.
While we’ve helped companies across Connecticut and the surrounding region defend themselves from social engineering attacks during tax season (and year round), we might not be right for you and that’s okay.
We’re more interested in providing honest, easy-to-understand information so that you can be aware of the potential threats and take the necessary precautions to protect your organization and data.
At this point, you may want to learn more about social engineering and how to avoid it.
Or, you may be wondering if your organization has everything it needs to be secure.
Unsure whether your business is ready to face the latest cyberthreats? Click the button below for a free eBook that will outline 10 actions every organization needs to take to protect from the latest threats. Learn the importance of:
✔️Updating applications and operating systems
✔️Maintaining current backups
✔️Implementing multi-factor authentication (MFA)
✔️Password protecting mobile devices
✔️Restricting access
Prefer to self-assess? Click the button below for a checklist you can use to identify gaps in your cybersecurity and learn 5 cybersecurity best practices you can implement today.Use this checklist to:
✔️Understand where your organization's cybersecurity policy needs improving
✔️Learn actions you can take to keep your organization's data secure
✔️Help ensure your organization follows the latest cybersecurity best practices