Cybersecurity is important year-round, but becomes especially critical in tax season. Throughout this time, business owners are frequently sharing sensitive information with outside professionals and key employees via the internet. Many small organizations do not have the same cybersecurity resources as larger corporations, making them a prime target for hackers.
Leading up to tax season, as a small business owner, you should begin gathering all tax documents and ensure you are taking the following basic security precautions:
- When sharing sensitive or identifying information with a CPA, outside tax professional, or other employees via email, use encryption to safeguard data. You can also use a secure email sender that will automatically delete the message after a set number of days. Double checking email addresses to verify the intended end-recipient will also help prevent information from falling into the wrong hands.
- Phishing attacks are another way organizations are targeted during tax season. Cybercriminals pose as company employees or tax professionals using false email addresses to request confidential information. Staff members should never reply directly with the information requested or click on any links in the email. Instead, they should first confirm the request with the sender by phone. If the request is legitimate, sending a new encrypted message to the email address on file will ensure the data is secure.
- Another way to avoid cybersecurity breaches is by using complicated passwords for online accounting services. The most common passwords in the world are “123456” and “password.” Steer away from using family names and birthdates in passwords as they can be easily hacked. Only a mix of capital and lower case letters, numbers and symbols should be used to better protect your information.
Talk with your tax professional about the security solutions they utilize to guard the data you share with them. If you will be communicating via email, ask what types of email encryption options they have. If you use an online service, look on their website to see what security features they provide. Password-protection safeguards and email encryption services are vital in preventing attacks.
Meet with all your employees to make sure they are aware of potential risks to their online data and provide them with strategies to protect themselves from threats. Quite often, security breach issues created by staff members are due to unintentional mistakes. Remind your employees to verify that all received emails came from a reputable sender by carefully checking the email address for accuracy. Staff members should never click on any links contained in emails unless they are from a reputable sender. If a request for information or the content of an email seems odd, or contains grammatical errors, they should contact the sender by phone to confirm the message. Finally, review the importance of only using familiar WiFi networks to avoid sharing accidents and establish strong password guidelines.