During National Tax Security Awareness Week, the Internal Revenue Service (IRS) and the agency’s Security Summit partners offered five ways businesses can protect against cyberattacks during tax season. The IRS warned businesses to be wary of identity theft, phishing schemes, and other cyberattacks during tax season, especially. These cyberattacks can put customers’ personal information and other business data in the wrong hands. Earlier in 2022, the U.S. Department of Justice (DOJ) announced a plan to combat ongoing cyber threats surrounding cryptocurrency markets.

Background of Increased Cyberattacks During Tax Season

Small business employers may often face an onslaught of cyberattacks during tax season. These can include identity-theft-related schemes that try to obtain sensitive personally identifiable information (PII). Scammers use this PII to file fake business tax returns. Specifically, phishing schemes, which trick victims into providing sensitive data like account numbers or passwords, continue to target small business employers and their employees.

According to IRS Acting Commissioner Doug O’Donnell, “Businesses are especially attractive to cyber thieves because there is a potential to steal a lot of data. They may use the information to file a business tax return or use customer data for identity theft.” In the end, cyber thieves may target businesses of all sizes. They can target a business’s credit card numbers, payment information, and employer or employee identity information.

Five Ways to Prevent Cyberattacks During Tax Season

However, following a few cybersecurity basics and training employees in their practice can help employers protect their businesses, workers, and customers from cybersecurity threats. The following are five ways employers can prevent data or financial loss from cyberattacks during tax season.

  1. Use multi-factor authentication to access areas in your network that deal with sensitive information. In other words, require an additional step after the password is entered, such as a temporary code on a smartphone.
  2. Set automatic updates for security software. In detail, this should include updates for apps, web browsers, and operating systems.
  3. Back up important files offline. Use an external hard drive or a cloud service. Additionally, make sure you securely store paper files, as well.
  4. Require strong passwords on every device. A strong password should be at least 12 characters and a mix of numbers, symbols, and capital and lowercase letters. Also, don’t leave devices unattended.
  5. Encrypt all devices and media that contain personal information. These include laptops, tablets, smartphones, thumb drives, and cloud storage.

Employers may report possible identity theft to the IRS using Form 14039-B, Business Identity Theft Affidavit. Employers should file Form 14039-B if they receive a:

  • Rejected e-filed tax return because one is already on file for that period;
  • Notice regarding a tax return or Form W-2 that they did not file; or an
  • Alert about a balance due that is not owed.

Cybersecurity Awareness Training

Presently, many laws require businesses to take reasonable steps to protect personal information collected from customers, employees, or job applicants. Given that, all employees must know the common workplace cybersecurity threats and recognize what protections are available against cyberattacks. To assist employers, Personnel Concepts has developed an online, interactive Cybersecurity Awareness Training Program. Explicitly, businesses of any size and industry can help train employees on keeping personal information safe by using this resource.