Cybersecurity for Small Business Owners
Cybersecurity targets small businesses, and the threats are only intensifying.
Cybersecurity for Small Business during Tax Season
Small business identity theft is a year-round concern, but with income tax filing season, specific risks are more likely to occur.
The IRS reports that there has been an increase in identity thefts. In particular, scammers are increasingly trying to gain access to a company’s W-2 information. The scammers generally go after employees in HR and Payroll, but any staff member or manager may be targeted.
One common method of illegally obtaining a company’s W-2 information involves the scammer sending an email while posing as a company executive, requesting a list of employees and their W-2s from an email address that looks legitimate at a quick glance. Taxpayers may also receive emails that look like they’re from the IRS, but are actually phishing attempts aimed at implanting harmful software into your computer or server. These phishing attempts are also directed at accountants and tax professionals.
Always remember that the IRS sends letters by U.S. mail and does not initiate contact with taxpayers by email, text messages or social media.
For information on how to protect yourself, your business, and your clients from identity theft during tax season, the IRS offers up-to-date resources on data theft and scam alerts. The IRS also encourages companies to report the W-2 scam emails by filling out Form W-2/SSN Data Theft: Information for Businesses and Payroll Service Providers.
Protect Your Business from the Dark Web
These are some tips:
- Install cybersecurity software on all computers and mobile devices
- Install a remote computer backup – in the event of a cyber-attack, your remote system backup will allow you to recover quickly
- Regularly test your data security systems and procedures
- Encrypt sensitive data, enable two-factor authentication, and train staff to spot “phishy” emails and other common scam tactics
- Develop a data breach response plan, including how you will notify staff and clients
Why do these tips matter? As a small business owner, you’re certainly familiar with identity theft, but you may not be familiar with the Dark Web, an online market where identity theft professionals buy and sell your stolen information.
Places on the Internet not identified by traditional search engines are the perfect place for cybercriminals to barter your stolen account information, credentials, documents and other personal information. A synthetic identity, in which both real and fictitious information is merged to create a new identity, may also be found in this marketplace. Some Dark Web businesses even offer customer service functions, including card support and refunds.
While the range of purposes that your private information can be used for is only limited by the criminal imagination, it generally includes obtaining lines of credit, mortgages, loans, and tax refunds.
For example, a stolen user name and password from one credit card can be used to open several accounts, including banking and e-commerce.
If you use the same user name and passwords for multiple business services, a cybercriminal will be able to break into several accounts that you hold across various financial and business-related horizons. If this happens, you may have to deal with multiple compromises of both your personal and business-related data and private information.
Although the media focus on data breaches where large companies experience millions of compromised accounts may cause you to assume that your business is too small to attract thieves, small business owners should know that identity thieves target the most vulnerable – not necessarily the biggest – companies.
This increased cyber-threat means that you need to take strategic steps to reduce the risk for your small business.