Skip navigation

NCSS small.png

 

Tips to help protect your company during tax season

 

TIP 1: BE PREPARED FOR PHISHING SCAMS

Hackers and cyber criminals know you’ll be looking for ways to quickly prepare for tax season. Don't be fooled by emails that try to entice you to click on a link or download malicious content. If an offer looks promising, research the company, their competitors and verify their site is legitimate. If doesn't hurt to call them before you engage online.

 

TIP 2: ENCRYPT SENSITIVE DOCUMENTS

Encrypt sensitive documents before you sending them to your accountant. If the accountant doesn’t accept encrypted documents, then don’t send them online. Make copies and deliver them in person. Use only https websites for transmitting sensitive information.

 

TIP 3: TECHNOLOGY CHECKLIST

Since you will be reviewing expenses for the past year, now is a great time to create a list of your technology that should be protected, including copiers, printers, software services, websites, social networks and point of sale devices. Include detailed information about the service, age and security parameters.

 

TIP 4: DATA BACKUP

When is the last time you backed up your critical business data? Review your critical data and take steps to back it up it up with an encrypted service provider.

 

TIP 5: CYBER DAY

Has the CEO taken the time to talk to employees about cybersecurity? Schedule a monthly meeting to have the business owner talk about the importance of protecting the business from scams. Many scams target employees, so have them learn how to protect your company.

 

TIP 6: IDENTITY THEFT

In order to protect your identity and prevent fraudulent returns, learn the signs. Identity thieves often use letters to obtain sensitive information to conduct further attacks. For instance, you or your accountant might attempt to file your business tax return, but it is rejected, or you may receive a tax transcript by mail that you didn’t request. The IRS has several good references to protect against business identity theft. If you believe you've been a victim of tax fraud, contact the IRS via mail – information is available on their website - http://bit.ly/2ejECXg.

 

TIP 7: SHRED

Shred confidential business data. Make sure your employees also learn to shred sensitive information rather than simply throwing it away. 

 

TIP 8: BUDGET FOR SECURITY

As you are reviewing your expenses from last year, assess whether your company is adequately protected. An industry best practice is to spend between 5-8% of your IT budget on IT security. The NCSS assists our members in obtaining quality cybersecurity products and services in order to keep your costs low.

 

TIP 9: ASSESS

Assess the risks to tax information to include your operations, physical environment, computer systems and employees. Make a list of all locations where you keep sensitive business data and implement controls to protect access.

 

 

DID YOU KNOW?

  • In 2015, the IRS identified 233 business tax returns that were filed using known or suspicious EINs of which 97 claimed refunds exceeding $2.5 million.
  • The IRS has found that identity thieves apply for and/or obtain an EIN using the name and social security number of another individual as the responsible party.
  • Are you protecting your business identity from tax fraud?
  • Learn more about business identity theft at our resource page.

 

Click here to download a PDF of this article.

 

Still have questions, need help?

Contact us at our “Ask-an-Expert” service, mailto:web@thencss.org or visit us at the link below.

http://www.nationalcybersecuritysociety.org/

 

© 2018 National Cybersecurity Society, All Rights Reserved

http://www.nationalcybersecuritysociety.org/

 

JOIN THE NCSS

Become a member of The National Cybersecurity Society today and learn more about how to protect your business from a cyber attack.

 

 

About The National Cybersecurity Society

 

The National Cybersecurity Society is a non-profit organization focused on providing cybersecurity education, awareness and advocacy to small businesses.  The NCSS provides cybersecurity education tailored to the needs of the small business owner; helps small businesses assess their cybersecurity risk; distributes threat information to business owners so that they will be more knowledgeable about the threats facing their business; and provides advice on the type of services needed to stay safe online.

 

NCSS small.png

Victim Resources

Do you think your business has been the victim of identity theft? Not sure where to start or what to do? This fact sheet provides some guidance and a list of resources. It is important to note that the procedures for addressing business identity theft are different than consumer identity theft. The FTC only responds to consumer complaints and the credit reporting agencies won’t place a “freeze” on your account like they would for consumers. So, the traditional advice on how to respond to identity theft doesn’t apply to businesses.

 

As with any cyber incident, the first task is to figure out what happened. Interview staff, investigate and take notes – the goal is to document what occurred, how you found out, and collect evidence. Identify what accounts were affected, who has access to those accounts, when was the last time the account was accessed and/or when a transaction occurred. Check if other accounts have been affected. These are all examples of good data to collect. Change passwords to these accounts immediately.

 

Financial Fraud.

If your credit card or line of credit was stolen, the next step is to notify the financial institution and put a freeze on the account.  Once this has been done, you may need to obtain funds from another creditor in order to provide the operating funds until the account freeze is lifted.  The analysis you conducted initially will be helpful when you contact the financial institution. As a business owner, many banks will require you to prove you or your employees were not the cause of the fraudulent charge. Your financialinstitution will guide you through the process, albeit a long one.

 

Credit Reporting Agencies.

Next step is to contact Dun and Bradstreet’s fraud department at 1-866-895-7262, highriskandfraudinsight@dnb.com and report the theft. D&B will investigate the issue, confirm the information in question and correct any inaccuracies in your account. In many cases a “stop distribution” order will be placed on the account until the matter is resolved. The stop distribution or account freeze is shared with the other CRAs (Experian and Equifax, not TransUnion) who will flag your business credit file. This may affect your ability to obtain any additional credit.  (TransUnion only manages credit files for consumers, not businesses.)

 

Tax Fraud.

If you have been notified by the IRS that your business has been involved in a fraudulent tax return activity, they will guide you on the information they may need to conduct the investigation. They will only notify you by mail, not phone. Don’t fall victim to IRS phone scams! If, however, you notice that someone has used your business to submit a fraudulent tax return, notify the IRS at 1-800-829-4933.

 

Law Enforcement.

Local law enforcement is required to respond to the incident. Call the non-emergency number to report the crime – reporting the crime will be helpful for insurance purposes. Ensure you obtain a copy of the incident report. Unfortunately, the crime may never be solved.

 

Internet Crime Complaint Center (IC3).

Businesses can file a complaint at https:///www.ic3.gov/default.aspx. IC3 doesn't investigate crimes, but collects valuable statistics on Internet crime. Of particular, IC3 is interested in crimes related to website/online extortion, identity theft, intellectual property rights, hacking, and theft of trade secrets.

 

State Business Registries.

Many states offer resources for business identity theft. Visit your state’s website for information or resources for victims.

 

Identity Theft Resource Center (ITRC).

The ITRC offers many free resources for victims of identity theft. While the business might have been the target of this crime, owners and employees often feel victimized as well. Visit their site at: http://www.idtheftcenter.org/

 

©2018 National Cybersecurity Society, All Rights Reserved

http://www.nationalcybersecuritysociety.org/

 

Click here to download a PDF of this article.

05.Biz ID - Victim Resources.jpg

 

About The National Cybersecurity Society

 

The National Cybersecurity Society is a non-profit organization focused on providing cybersecurity education, awareness and advocacy to small businesses. The NCSS provides cybersecurity education tailored to the needs of the small business owner; helps small businesses assess their cybersecurity risk; distributes threat information to business owners so that they will be more knowledgeable about the threats facing their business; and provides advice on the type of services needed to stay safe online.

Filter Article

By tag: