The IRS is warning small businesses once again – cybercriminals are seeking your companies’ financial information any way they can. Often it’s by targeting the “weak link” in your organization who opens an email despite being trained over and over on how not to fall for the obvious bait.
With the bulk of tax documents rolling out to businesses and individuals in January, staffers may need a reminder to be on the lookout for scams and know what to look for.
Reason: Small businesses increasingly “face a variety of identity-theft related schemes that try to obtain information that can be used to file fake business tax returns, for example, phishing schemes,” cautions the IRS.
The IRS and the Security Summit (which consists of tax professionals, software developers and financial institutions) wrapped up National Tax Security Awareness Week by highlighting the risk areas for businesses and best practices to prevent data from falling into the wrong hands.
They’re looking for any avenue in they can find!
The IRS stresses that criminals may come from any angle to get yours and your customers’ financial information. That includes:
- your business’s credit card or payment information
- business identity information, or
- employee identity information.
Most attempts for this information will come via email. Make sure employees know what your procedures are for responding to requests regarding business identity numbers from a party claiming to be from the IRS, for example.
Finance employees are used to handling requests promptly and are busier than usual with year-end duties. Scam artists count on employees to let down their guard and give them the info they’re seeking.
Chances are you’re already following one or more best practices to keep your business data safe. There’s no one practice that works better than others – you’re always better off utilizing multiple protections to stay two steps ahead of the scammers.
The Federal Trade Commission (FTC) recommends businesses follow these five steps:
- Use multi-factor authentication. Best bet is requiring two or more verification factors to gain access to an online account or database.
- Set security software to update automatically.
- Back up important files.
- Require strong passwords for all devices, and
- Encrypt all devices including smartphones, tablets and laptops, particularly devices users take home and on business trips.
For more help, check out the FTC’s Cybersecurity for Small Business guidance.