Blog
Tax Preparer Phishing Attempts to Highlight the Need for Better Cyber Security
In the rapidly changing digital world, cyber security has become a major issue. Even tax preparers working for the IRS are no longer safe. Here is an in-depth look at the lessons that everyone can learn from the latest phishing attempt on tax preparers.
On June 23, 2017, the IRS released information showing that it had been the target of hackers and cyber criminals. The attack was similar to past ones that targeted tax professionals with phishing emails. However, these emails were different since they seemed to have come from tax software that is authentic. The emails would request for preparer information that in the wrong hands could be used for filing fraudulent tax returns.
What the IRS Recommends.
In a Bulletin, the IRS said the real organizations should not ask for passwords, usernames, or other sensitive information via an email. Although hackers were phishing for particular data such as Centralized Authorization File (CAF), Preparer Tax Identification Number (PTIN), and Electronic Filing information Numbers (EFIN), various organizations can apply the lessons from this attack.
Why are Tax Preparers So Valuable?
Cyber criminals target tax preparers for the most basic of reasons. If the accountant is working on 500 sets of data a year, those are 500 opportunities to steal identities. However, whether you are an accountant, a doctor, a lawyer, or anyone in any industry, you will need to take precautions. It is essential if you have house sensitive customer data in your system. Criminals will do anything to get it.
Monitoring solutions that maintain a 24/7 watch on your system are necessary. Besides that, you will need to comply with industry and government standards to stay safe. Simply having off-the-shelf firewalls and a basic anti-virus program will not be enough to keep you safe. In the rapidly evolving world of malware, you will need to do much more. For instance, you need properly deployed backups, multi-layered security, physical safety measures, and dedicated servers if you hope to stay safe.
No matter your industry, here are a few proven strategies on how to stay safe:
1. Never share sensitive information via an email.
It may seem self-explanatory. However, we all know a person who has sent or received their Social Security number or driver’s license via the internet. If the IRS needs your information, they will first send you an email. They do not use phone calls or emails to try to reach out to people. You need to treat anything else such as your bank account number, any username/password combination and other sensitive data delicately.
2. Learn to Identify Attempts to Steal Your Data.
There are major hallmarks of a scam that you can use to tell when you are about to get robbed. For one, it will have misspelled words, strange phrasing, and some awkward grammar. Besides that, you can check the address and the domain name. Besides that, avoid clicking on any unknown links in the email. Although it may seem time-consuming, any time you get an email request for your data, you should be alert and scrutinize it carefully. That way, you can avoid losing your data to hackers.
3. Avoid Using the Same Password for All Your Accounts.
All that cybercriminal need is a single login credential to access sensitive data. If you are using a single password for all your online accounts, you may have made yourself a simple target for the hacker. Thus, you should always create complex variations of your passwords with a mix of letters, special characters, and numbers. There are some great password managers available today that change your password often. Thus, they leave you with only the task of remembering a single master password. If the account you use offers two-factor authentication, you must make use of it. However, no matter what solutions you use, never utilize a simple password such as “password1234. “
4. Be cautious on the Internet.
Anyone who deals with sensitive information needs to have a multi-layered security solution in place. If you use Wi-Fi, ensure that it has password protection and that it is not public. Whenever you access a website, ensure that it has the “https” designation or a lock sign next to its web address. Besides that, avoid clicking on the adverts that are usually too good to be true.
5. Make employees Part of any Security Plans You Have.
In the IT world, the human factor is one of the first lines of defense against any cyber-attack on your system. If employees have the right information, support, and training, they could help to keep your systems secure. Ensure that you have a written set of plans that all employees must follow. Besides that, ensure that the organization works with a trusted IT company to generate thorough policies and procedures to keep the business safe. It takes just one click to one link or a piece of sensitive data in the wrong email to expose the business. Thus, addressing these threats early is an excellent way to mitigate any preventable hacks.
6. Provide Your Data with enough Protection.
No matter the industry in which you work, it is more than likely that you value your clients. Thus, you should ensure that you treat their data with respect. To do this, you will have to come up with strict protocols to which everyone must adhere. Another important way to secure customer data is to have regular backups made on a remote server. Thus, even when a data breach occurs, you will still have a way to continue operations.
Talk to a Security Expert.
If information security is an important topic to you in this rapidly evolving world, you should talk to an IT expert. These people understand that importance of securing data. They also have years of dealing with cyber threats. No matter how big or how small your organization is, hackers do not care. They will make use of any means possible to get access to your data. Only a professional can help you get the high level of security that your organization needs.