Safeguard Your Data and Financial Future This Tax Season


[By Claude Mandy, Chief Evangelist for Data Security at Symmetry Systems] 

The 15th of April, commonly referred to as Tax Day (15 April) in the US, is rapidly approaching. Tax Day brings with it the hope of refunds and the stress of deadlines for the unprepared. There is also unfortunately the cyber risk that taints tax season. It is well known as a prime time for cybercriminals’ to hunt for victims. In this crucial period, sensitive personal and financial data gets exchanged en masse. According to the IRS, over 213 million returns and other forms were filed electronically in 2022. This treasure trove attacks a range of  attackers, employing sophisticated scams aiming at individuals and tax professionals alike. Claude Mandy, chief evangelist at Symmetry Systems, delves into the heightened risk of tax-related cyberattacks, outlining actionable defenses to ensure a cyber-secure tax season.

The Bullseye on Tax Season

While individuals scramble to compile their financial records, and tax consultants crunch numbers and collect evidence, cybercriminals see a golden opportunity. The abundance of personal information and financial data being exchanged is irresistible bait. From phishing scams mimicking legitimate tax correspondence to sophisticated malware designed to compromise credentials, exfiltrate data or wreck havoc, the arsenal used by these criminals is both varied and dangerous.

Decoding the Threat: The How and Why

Individuals filing tax returns, tax software and tax preparation firms, find themselves under a form of siege. Cybercriminals exploit the hectic nature of tax season, with phishing attacks being particularly prevalent throughout the year, claiming 300 497 victims according to the FBI’s 2022 Internet Crime Report.  These methods aim to steal personal information, or gain unauthorized access to networks, and ultimately exfiltrate data or wreck ransomware havoc More sophisticated scams involving the offer of fraudulent tax preparation services will undoubtedly appear, seeking to swindle unsuspecting victims by promising to aid in their tax filings.

For Individuals: Protecting Your Personal Information

For individuals, a successful cyber attack could lead to identity theft, financial fraud, and a long-lasting impact on victims’ lives. Individuals should focus on protection of their own information and credentials, and in particular stay vigilant against phishing, take active steps to keep their computer and networks updated, and take steps to verify the legitimacy of communication with legitimate tax preparers. The IRS offers some great suggestions themselves.

Recognize Phishing Attempts

Phishing scams, particularly during tax season, can come in many forms. The IRS publishes an annual overview of the “dirty dozen” tax scams they have witnessed. Whether it’s a cybercriminal pretending to be from the IRS, tax companies, or other official entities, phishing can unfortunately be difficult to spot when you’re under stress. You can easily overlook the  generic greetings, typos, and suspicious links because it’s from the dreaded IRS. These communications might urge you to click on malicious links or provide personal information, purportedly to check the status of your refund or rectify an issue with your tax filing. Remember, the IRS does not initiate contact with taxpayers by email, text, or social media to request personal or financial information.

Secure Personal Computers and Networks

Individuals should ensure their computer is protected with up-to-date antivirus software, firewalls, and anti-spyware programs. Regular updating the software, including your network routers, that you use is crucial as they often include patches for newly discovered security vulnerabilities. It goes without saying that you should use strong, unique passwords for different accounts and consider a reputable password manager to keep track of them, and monitor for potential compromise.

Verify the Legitimacy of Tax Preparers

Before entrusting personal and financial information to a tax preparer, Individuals should conduct thorough research on the legitimacy of the preparers. You can verify their credentials (such as a Preparer Tax Identification Number), check reviews, and seek recommendations from trusted sources. Ideally you should ensure they have robust security measures in place to protect your data, including secure portals for document exchange rather than email. This helps verify ongoing communication with them is legitimate, and the data is secured.

For Tax Consultants and Organizations: Data Protection at Scale

For organizations, a successful cyber attack could lead to identity theft, financial fraud, and a long-lasting impact on their customers and employees’ lives.

Secure Access to W-2 Forms and Other Sensitive Documents

Organization’s should always limit access to sensitive tax information to only those who need it. The IRS is particularly concerned with the ongoing scams to obtain all the W-2’s of an organizations through a business email compromise scam.  You can simplify the management of access by employing role-based access controls, but still need to regularly audit who has access to what information. Although it is increasingly becomed outdated, physical documents are still printed for tax, and organizations should ensure physical documents are stored and transported securely and disposed of properly, using shredders for documents containing sensitive information.

Protect Tax information using securely configured Cloud Data Storage

Use strong encryption for storing and transmitting any personal information, especially Social Security numbers. For cloud storage solutions, organizations must select and configure providers that offer industry standard encryption of the data in transit and at rest. At a minimum, organizations must ensure that multi-factor authentication (MFA) is implemented for any users accessing the information. MFA provides an additional, but necessary layer of security, drastically reducing the chance of unauthorized access.

The Role of Technology in Protecting Tax Information

The battle against tax-season cyberthreats is not just about vigilance; it’s about leveraging cutting-edge technologies to secure data.

Data Security and Privacy Management (DSPM) Tools

DSPM solutions, like Symmetry Systems, offer a comprehensive approach to identifying, managing, and securing data across various environments. These tools can help tax professionals and organizations keep track of where sensitive tax information like Social Security Numbers resides, monitor access, and ensure compliance with privacy regulations.

Encryption and Advanced Cybersecurity Strategies

Encryption, both for data in transit and at rest, is a critical defense mechanism. Advanced encryption methods, like end-to-end encryption, ensure that data intercepted during transmission remains unreadable. Organizations should also consider employing comprehensive cybersecurity strategies, including regular security assessments, phishing simulation training for employees, and the adoption of secure communication platforms.

The Path Forward

As we navigate the complexities of tax season, the importance of cybersecurity cannot be overstated. By adopting a proactive stance, equipped with the right knowledge and tools, individuals and organizations can protect themselves against the lurking threats of cybercriminals. Protecting sensitive tax information not only safeguards personal and financial well-being but also contributes to the integrity of the tax system at large.

Bio: Claude Mandy is Chief Evangelist for Data Security at Symmetry Systems, where he focuses on innovation, industry engagement and leads efforts to evolve how modern data security is viewed and used in the industry. Prior to Symmetry, he spent 3 years at Gartner as a senior director, analyst covering a variety of topics across security, risk management and privacy, focusing primarily on what are the building blocks of successful programs, including strategy, governance, staffing/talent management and organizational design and communication. He brings firsthand experience of building information security, risk management and privacy advisory programs with global scope. Prior to joining Gartner, Mr. Mandy was the global Chief Information Security Officer at QBE Insurance – one of the world’s top 20 general insurance and reinsurance companies with operations in all the key insurance markets, where he was responsible for building and transforming QBE’s information security function globally. Prior to QBE, Claude held a number of senior risk and security leadership roles at the Commonwealth Bank of Australia, Australia’s leading provider of integrated financial services which is widely recognized for its technology leadership and banking innovation. He also spent five years at KPMG in Namibia and South Africa.

Ad



Source link