Five tips to be ‘security smart’ this tax season

Every year there are scams to dupe you into filing your taxes with the wrong collector.

0 intro tax

W2 please

Tax season is upon us and, as individuals and companies alike prepare for April 15, it’s important that they take steps to ensure their most valuable information remains secure. In an effort to get Social Security numbers and other sensitive data, hackers may target privileged users such as HR or finance personnel, or even look outside the company to breach the accounts of vendors or other third-party providers. Phishing attacks are also increasingly common during tax season—for example, last year saw a major phishing scheme to trick people into sharing W2 data.

In this environment, companies need to take stock of their security and ensure they are protected against the threat of a breach. With that in mind, Sam Elliott, director of security product management at Bomgar, provides five considerations for bolstering security.

1 long con

Tip #1: Prevent the ‘Long-Con’

A breach during tax season may divulge sensitive company information as well as employees’ Social Security numbers, addresses and financial data. Be aware that many phishing scams are sophisticated and may be planned over a significant period of time. A good rule of thumb is that your company is only as secure as the least secure party in the relationship. Keep this in mind and take measures to secure important information not just during tax season, but throughout the year.

2 two factor

Tip #2: Invest in two-factor authentication and encryption

Tax season often signals an increase in vendor activity as companies must provide W9 forms and other tax-related documents. Back up privileged access policies with effective two-factor authentication that utilizes something a user knows (password) with something they have (device). This reduces the attack surface for a company. Encryption is also another technology that can help protect sensitive records and personal information contained in tax forms.

3 audit

Tip #3: Audit, and keep auditing

Lack of visibility is the biggest barrier to improving IT’s ability to respond to a data breach, according to the most recent Experian Data Breach report. Companies need to take the time to assess the protocols currently in place, including access that may have been set up in the past. Particularly in high-turnover industries, it’s not uncommon for former employees to have access to corporate systems and applications long after they have left the organization. To protect your company during tax season, do an internal audit. Then, go back and do it again. Many companies will audit once and not follow up. By auditing access quarterly and capturing a log of all activity, including third-party sessions, the chances of addressing any suspicious access before it results in a breach are higher.

4 credentials

Tip #4: Protect privileged credentials

Phishing attacks are more frequent than ever and cybersecurity risks and initiatives targeting privileged users are on the rise. Protect your organization during tax season and throughout the year by locking down legitimate credentials. Many of the large, most damaging breaches have resulted from stolen and misused privileged credentials. Companies need to look at who has privileged access to systems, and especially who has over privileged access. Employees and third parties shouldn’t be treated as a single entity—rather, organizations must determine how much access each employee and external partner needs to do their job and grant access solely to those networks and systems.

5 educate

Tip #5: Educate your organization

From fraudulent emails to lack of safeguards, all employees need to be aware and proactive about protecting company and personal information. Encourage managers and employees across departments to be on the lookout for email and social media phishing scams. Given the changing landscape of cyber threats, these attacks are continually evolving and keeping organizations on their toes. Host regular trainings and create a culture of continued learning to keep your organization safe.

RELATED: More than 120,000 affected by W-2 Phishing scams this tax season

Copyright © 2017 IDG Communications, Inc.

Related Slideshows