Keeping Your Tax Information Secure

The IRS announced last week that the 2022 tax filing season starts on January 24th. Most people will not have all their necessary tax documents for 2021 by then, but it’s the first day that the IRS will accept and start processing income tax returns for last year. As you’re gathering those W-2s, 1099s, 1098s, P&Ls, and the rest of the alphanumeric “soup” that comprises your tax information, how are you keeping it secure?

Most taxpayers receive or download their tax documents electronically and save them in a folder on a home computer. While the “work at home” aspect of the pandemic shed light on the need for enhanced cybersecurity at home, tax time reminds us how important it is to protect against identity theft. The IRS collaborates with the tax software and preparer communities to secure the tax filing process. Taxpayers have a role in keeping their tax information secure, too.

Here are three tips from the IRS for taxpayers to protect online personal and financial data from identity thieves:

  1. Keep Your Computer and Mobile Phone Secure 

Use firewall and security software on every device that contains confidential information and set it for automatic updates. Use strong, unique passwords and consider using a password manager to keep it all straight. Implement Multi-Factor Authentication. Only give personal information over encrypted websites, those with a “https” address. Periodically back-up your data onto an external drive as an “insurance policy” against ransomware or a crashed drive.

  1. Avoid Phishing Scams and Malware 

Identity thieves use phishing emails to trick users into giving up passwords and other information. Don’t take the bait. Before opening messages in your inbox, look out for emails that pose as trusted source (e.g., your bank) and for emails with an urgent message (e.g., update your account now!) with a link or attachment. Never download software or apps from pop-up advertising. Talk to your family members who also go online (i.e., everyone) about online security, both with computers and mobile devices. 

  1. Protect Your Tax Return 

Taxpayers who can validate their identities can obtain an Identity Protection PIN. An IP PIN is a six-digit code that prevents an identity thief from filing a fraudulent tax return using your Social Security number. After the IRS issues an IP PIN, that taxpayer’s tax return cannot be filed without entering the IP PIN to “unlock” the taxpayer’s return for that year. Learn more about getting an annual IP PIN at www.irs.gov/ippin

The 2022 tax filing season starts next week, on January 24th. As you receive or download all the tax documents that comprise your tax information, how are you keeping them secure? The IRS has tips for taxpayers to keep their confidential tax and other financial information secure. Read all about it here at https://www.irs.gov/pub/irs-pdf/p4524.pdf.

Low-Cost Cybersecurity Tips

Hacks and ransomware crimes are all over the news headlines. Seems like there’s a new one reported every day. Victims include federal government agencies, insurance companies, energy infrastructure, and computer system vendors. Those are some highly sophisticated players that have invested tons of money in cybersecurity. So, what chance does a small business have defending itself against all those sophisticated cybercriminals? 

Bottom line, the tons of money that organizations invest in cybersecurity can go right out the window if the users – ordinary and fallible people – don’t follow safe system security practices. Systems are only as safe as the security knowledge and practices of the least knowledgeable system user. All it takes to open the door to a cybercriminal is one person clicking on the wrong link from an unknown source, or from a hacker masquerading as a trusted sender.

Believe it or not, periodic reminders of these low-cost cybersecurity tips will help organizations of all sizes and types to follow safe cybersecurity practices:

  1. Keep software systems up to date and use a good anti-virus program.
  1. Examine the email address and URLs in all correspondence to detect a scammer mimicking a legitimate site or email address.
  1. Ignore text messages, emails, or phone calls asking you to update or verify your account information and go to the company’s website to see if something needs your attention.
  1. Never open unexpected attachments until verifying the sender’s email address and use virus scan before opening any document.
  1. Scrutinize all electronic requests for a payment or fund transfers.
  1. Be extra suspicious of any message that urges immediate action.

Human action is a risk that can throw an organization’s cybersecurity investment right out the window. People who click before thinking can allow hackers in to do all sorts of expensive and embarrassing damage. By promoting a few low-cost cybersecurity tips, business or all sizes and types can avoid becoming a victim of sophisticated hackers and other cybercriminals.