Security pros need be on high alert from now until Tax Day on April 15. Here are seven ways to help keep your company safe.

Security Tips

Security Tips

Tax time has arrived – and that means companies and individuals are vulnerable to IRS phone scams and business email compromises (BECs).

Security pros need to impress upon the staff that high-profile hacks can and do happen during tax season. The most famous one – the Office of Personnel Management (OPM) hack – happened during the 2014 and 2015 tax seasons. Some 21.5 million people had their social security numbers and employment, health, and financial histories exposed.

In preparation for tax season, the IRS has posted its Identity Theft Central page, which serves as an excellent resource for individuals, professional tax professionals and businesses. The site offers step-by-step instructions on what to do if you receive a suspicious IRS-related email or phone call.

Read on for ways to help keep your company and staff secure during tax season.

 Hold a tax-season training session early in the year.
Monique Becenti, product and channel marketing specialist at SiteLock, says companies should schedule a security awareness session just before the start of tax season - right after the holidays in early January. Most tax scams happen during the first part of tax season in late January and around the April 15 deadline day.

Eva Velasquez, CEO of the Identity Theft Resource Center, advises that at those training sessions companies also need to celebrate the people who question an email that appeared suspicious but actually was legitimate. 'We celebrate the people who catch a phishing attempt,' she says. 'But we also need to create a culture where people feel they can report suspicious activity without fear of retribution.'  

Image Source: Adobe Stock: Leowolfert

Hold a tax-season training session early in the year.

Monique Becenti, product and channel marketing specialist at SiteLock, says companies should schedule a security awareness session just before the start of tax season – right after the holidays in early January. Most tax scams happen during the first part of tax season in late January and around the April 15 deadline day.

Eva Velasquez, CEO of the Identity Theft Resource Center, advises that at those training sessions companies also need to celebrate the people who question an email that appeared suspicious but actually was legitimate. “We celebrate the people who catch a phishing attempt,” she says. “But we also need to create a culture where people feel they can report suspicious activity without fear of retribution.”

Teach the staff about Business Email Compromises (BECs).

SiteLock's Becenti says one of the more common business email compromise (BEC) attacks during tax season is one where a lower-level person in the accounting department receives an email message posing as the CFO or CEO  asking for all the W2s for the staff. In another scam, fraudsters send links to employees claiming that they need to update their tax information. Clicking on the link could lead to identity theft or worse - a company-wide ransomware attack. Coveware reports that the median ransomware payment in Q4 2019 was $41,179. 

Employees should know that the IRS only contacts people in writing for tax information, not via email. The IRS outlines on its website that it will never: 

  - Initiate contact with taxpayers by email, text, or social media to request personal or financial information.
  - Call taxpayers with threats of lawsuits or arrests.
  - Call, email, or text to request taxpayer Identity Protection PIN numbers.

Image Source: Adobe Stock: yingyaipumi

Teach the staff about Business Email Compromises (BECs).

SiteLock’s Becenti says one of the more common business email compromise (BEC) attacks during tax season is one where a lower-level person in the accounting department receives an email message posing as the CFO or CEO asking for all the W2s for the staff. In another scam, fraudsters send links to employees claiming that they need to update their tax information. Clicking on the link could lead to identity theft or worse – a company-wide ransomware attack. Coveware reports that the median ransomware payment in Q4 2019 was $41,179.

Read More at DR

About The Author

Related Posts

Leave a Reply

Your email address will not be published.