[BreachExchange] Why businesses face high risk of cyberattacks during tax season

[Audrey McNeil]

http://www.bizjournals.com/boston/news/2017/04/02/why-
businesses-face-high-risk-of-cyberattacks.html

>From data breaches to phishing attacks and ransomware to identity theft,
businesses are at a higher risk from cyberattack than ever before. Lurking
behind every mouse click is the potential for a technological tragedy.

A seemingly benign decision, such as opening an attachment from what is
believed to be a trusted sender, can result in a nearly infinite number of
ruinous outcomes – malware can be deployed, a backdoor to your server could
be established, or your data may be compromised. By the time a user has
realized that a mistake has been made, it may be too late to stop the
potentially catastrophic damage.

A prevalent risk that everyone should be aware of during tax season is
identity theft, which involves the fraudulent procurement and use of a
victim’s private information, typically for financial gain. To say that
identity theft attempts are commonplace is a tremendous understatement. In
2015, the IRS detected and stopped more than 4.8 million suspicious tax
returns. While many efforts continue to be made in order to protect and
prevent this epidemic, it continues to be an immense issue for both
businesses and individuals.

Identity theft cannot be totally avoided, but there are some measures you
can take to avoid becoming the next victim of a cybercriminal. The
following steps lessen the likelihood of thieves obtaining and using
personal information for fraudulent purposes. For individuals, this means
taking the following actions:

Protecting Social Security numbers. For example, a Social Security card
should not be carried around (other than to complete Form I-9 when hired
for a job), and should rarely, if ever, be entered on a website.
Limiting disclosure of personal information, such as a birthday, on social
media.
Using smart password policies for financial accounts, mobile devices, and
other sensitive data and devices. This means different passwords for every
site, complex passwords that can’t be easily guessed, and changing
passwords every 60 to 90 days.
If you suspect that you are the victim of identity theft, the IRS has
provided guidance on what steps to take: irs.gov/uac/taxpayer-guide-to-
identity-theft.

For businesses, vulnerability to identity theft can come from within (an
employee or former employee) or from outside (hackers). These best
practices can greatly reduce the ability for cybercriminals to gain access
to a company’s sensitive information:

Provide cybersecurity education to every user, at least once a year, so
that they know how to handle sensitive information, and can identify
attempted phishing attacks, so that they become a virtual human firewall.
Maintain a clean desk policy throughout the company, especially in areas
that tax returns are handled, so that electronic or hardcopy documents
containing sensitive information are secured when users are away from their
work area.
Practice the principle of least privilege, meaning that users should be
allowed to access only those applications and network folders that are
essential to their job function. Whether intentional or accidental, data
compromised by employees is one of the leading causes of breaches, so
efforts should be made to minimize the information that users can access.

While identity theft is becoming more prevalent, due to cybercriminals
constantly devising new and more sinister tactics, practicing sound
security strategies can significantly reduce the risk of you becoming the
next identity theft victim. Everyone must remain vigilant, as the price for
not taking this threat seriously could cost us our very identity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170403/d67b790e/attachment.html>