Hacking Threats Aren't Just for Big Business Anymore
If you thought your personal data was safe with Uncle Sam, think again. Like many other large corporations facing data breaches this year, the IRS has fallen prey to internet hackers. The unknown thief (or thieves) breached IRS firewalls through a portal called, “Get Transcript” where taxpayers can access previous year’s tax return information. Approximately 100,000 individual taxpayers are said to be impacted by the breach.
Data stolen from the breach between February and mid-May has been used to file fraudulent tax returns early in the tax season, often before the real taxpayers could gather their data and file returns. Once the return was submitted, the refund was placed on an untraceable pre-paid debit cards or hard to trace bank accounts totaling as much as $5.8 billion says a report on ABCnews.com. Federal investigators are still reviewing the crime and no individual or organization has been identified as the perpetrator. The IRS will be notifying those individuals whose tax return data has been accessed.
Cyberattacks aren’t just impacting large businesses either. According to research released by Symantec/NCSA, “cyberattacks cost small and medium-size businesses close to $200,000 on average each year.” Of those businesses attacked, nearly two-thirds are “forced out of business within just six months of the crime.”
While you can’t control these data breaches, you can take steps to help protect yourself and your business.
Install and use firewalls to help protect your systems from hackers.
Use data encryption including multi-factor authentication. Usually at least a two-step process, where you turn on the authentication, email or text an initial password and then receive a second password to complete the sign in process. Use this for sensitive financial accounts where personal data is being used or stored.
Change your password – again. Yes, it may seem like more work, but criminals are using highly sophisticated software that literally searches every possible word and word combination in the dictionary for matching passwords. Be sure to use a password that isn’t a word and contains letters, numbers and characters – the two most common passwords still used are ‘password’ and ‘123456’. The best length for passwords is between 8 and 12 characters. If you don’t want to try to come up with a password on your own there is software available that can auto-generate long multi-key passwords and store them for you. Last Pass or Password Safe are two such password storage software programs. Last Pass offers three levels of protection, basic (free) which will cover an individual for a majority of his or her needs; Go Premium, which offers additional multi-factor authentication and tech support, and Enterprise which offers multiple individual usage, reporting and configurable security for small business.
Security questions aren’t secure at all. In a recent report by the Ponemon Institute, “43 percent of companies have experienced a data breach in the past year.” The report goes on to cite an escalation in retail breaches in the last quarter of 2013 and continuing to the present. It’s fairly easy to do some quick research on a person’s Facebook account to figure out Mother’s Maiden Name, City of Birth or even favorite food (19.7% answer pizza). Google’s security team reported that the major flaw of security questions is that they are neither secure nor reliable because ‘they suffer from the fundamental flaw: their answers are either secure or easy to remember – but rarely both.” Basically, answers that are easy to remember are easy to guess – by you and cyber thieves.
Take advantage of fraud protection services when your identity has been compromised. The recent Anthem breach provided each of its impacted members with a year of fraud protection services at no cost. The service automatically enrolled the members and provided additional credit recovery services if fraud is detected. Don’t wait for your personal information to be stolen before you check your credit history. Free credit reports are available once a year from each of the major credit service agencies such as Experian or TransUnion. You also have the ability to request a credit freeze. The agency will mail you a one-time use Personal Identification Number (PIN) to unfreeze the account later. If you need to access your credit, you can temporarily thaw the freeze and then pay to have your accounts re-frozen.
Train your employees. In the majority of breaches, it’s not that hackers broke in, but employees allowed hackers to access the company’s computer systems either by clicking on an email link or if an employee’s laptop, tablet or smart phone is stolen. By providing training, rules and awareness, employees will not only know what not to do, but how to handle a theft or possible breach should it occur.
PASBA member accountants bring the collective resources of a nationwide network of Certified Public Accountants, Public Accountants, Enrolled Agents and other practitioners available to answer your tax and financial questions and streamline your business accounting, bookkeeping, and payroll operations.
To find a trusted accountant in your area, visit www.SmallBizAccountants.com.
Please be advised that, based on current IRS rules and standards, any advice contained herein is not intended to be used, nor can it be used, for the avoidance of any tax penalty that the IRS may assess related to this matter. Any information contained in this article, whether viewed or subsequently printed, cannot be relied upon as qualified tax and accounting advice. Any information contained in this article does not fall under the guidelines of IRS Circular 230.