Everyone knows that there are two things that are certain in life: death and taxes. However, in recent years as taxes have moved online, a third certainty has been added to the list: hackers want to steal your personal information–in this case, to secure refunds and compromise tax preparation on organizations’ networks.
According to Verizon’s 2018 Data Breach Investigations Report, 76 percent of cyberattacks are financially motivated, making tax season a ripe time for cybercriminals. During the 2017 tax season alone, adversaries claimed 16.7 million U.S. victims, cheating them out of over $16.8 billion. Needless to say, this now makes tax season more nerve wracking than ever for individuals and companies alike.
With a few days left before the tax deadline on April 15, there’s still time for tax preparation organizations to protect their clients’ information. Here are some key steps to consider:
1. Caution employees to be wary of opening attachments.
Many times when clients come into tax preparation offices, they can forget important documents such as W2s, forms of identification and more at home. Some offices will allow their clients to scan them and send them over via email. However, caution your employees to take note of who they are opening attachments from as hackers can pose as a customer and attach malware to a fake document. If a customer absolutely needs to email something over, encourage your employees to make a note in their file so they do not download something suspicious by accident.
2. Scan continuously for bugs and problems.
Especially throughout the busy tax season, it is important for organizations to have their IT teams continuously test for problems. After all, many data breaches could have been prevented if teams were staying on top of anomalies on their networks or in their applications. Regularly going back and reviewing old issues can help prevent them from occurring again. Enterprises should continuously be monitoring the threat landscape as well as updating any software or hardware they might be using.
3. Advise customers to be smart.
Around one in every hundred email messages sent is a malicious hacking attempt. During tax season, hackers try to fool individuals by sending them emails requesting their login, while posing as legitimate tax preparation organizations. Once the adversary has access to one person’s login credentials, they could break their way into an entity’s network. When customers ask questions or relay concerns about their refund process, be sure to fully explain the company communication policy so they know what to look out for.
4. Use encrypted email.
All businesses should be using encrypted email for their email platform, but especially tax preparation companies. When encrypted, hackers can’t gain access to the messages or alter their contents.
5. Empower developers to take security into account throughout the software life cycle.
Tax organizations can go one step further and safeguard data at the source by empowering their web and app developers to adopt security best practices throughout the entire software life cycle (SLC). Developers should have security in mind as they write their code, to prevent catastrophic damages from a breach after the application has launched. In addition, encourage developers to advance their knowledge of new vulnerabilities with ongoing training and certifications so they can stay ahead of the growing cyberthreat landscape.
All businesses, but specifically tax preparation companies, need to take cybersecurity seriously year round, as failing to can cause serious consequences. Because these online platforms hold sensitive W2 information, it is important to have the strictest security tests to detect and fix website, application, API and data vulnerabilities in order to prevent a data breach.
Accounting, payroll and other employee benefit websites containing PII – names, addresses, phone numbers, social security numbers – should be on high alert and make security a top priority always, not just during January through April. After all, WhiteHat research also indicates that many business websites remain always vulnerable every day of the year and account for 34 percent of all data breaches.
For more information about protecting your website and applications, click here.