While cloud-based software has gradually become the norm for many companies, there are dangers lurking in its use, IRS warns.
At its annual Security Summit, the agency laid out some of the pitfalls of using cloud software to store sensitive personnel, tax and financial info – and what Finance and IT can do to protect your company from data breaches that can cost thousands of dollars to correct.
How criminals strike
The biggest pitfall to watch for is lax security with your cloud system. Nowadays, most cloud-based systems are inherently secure. However, without advanced protections such as multifactor authentication, thieves can easily access a user’s credentials, log into their account and steal data.
Because criminals understand how smart your Finance team is, they’re using sneakier tactics to fool tax and Finance pros. With spear-phishing emails, hackers will target them using carefully crafted “lure” messages designed to earn their trust.
Over multiple emails, the criminals try to eventually trick the target into clicking on a link or downloading an attachment under the assumption that there’s a valid business-related reason to do so. Once the person does this, however, it downloads malicious software onto their computer that can steal their login credentials for cloud-based software programs.
Often, criminals will install remote access trojans to take over a Finance pros computer and wreak havoc, filing false tax returns using stolen info. They can also use this access to lock down the person’s computer or the system entirely – then hold the system and its data for ransom.
Even if an employer doesn’t pay a ransom to the hacker, it can still be costly and time-consuming to regain access to systems and data. It could require overtime from Finance and IT – or even assistance from an outside security firm.
Keeping cloud systems safe
Prevention is the best protection to keep your Finance pros from falling prey to a spear-phishing scheme that could cripple your company’s operations. Per IRS, it’s key to make sure you’re:
- using at least two-factor authentication with login accounts for cloud-based systems. (Most vendors include this feature.)
- regularly keeping your antivirus software updated to keep malicious software such as random access trojans from accessing company hardware, and
- checking with IT to make sure your drives are encrypted and important files are regularly backed up to alternate servers in case the worst happens.
