In 2020, many businesses transitioned from solely brick-and-mortar businesses to hybrid companies. Many employees worked from home due to COVID restrictions and health concerns. But that shift meant more opportunities for hackers. Cyber attacks increased by 358% compared to the previous year. In 2021, cyber crime doubled its foothold in the digital landscape.
Tax preparers make popular targets because they have databases full of clients’ financial information. A single tax return allows a hacker to steal your client’s identity, reroute their tax return, open credit cards, apply for loans, create false passports, submit fraudulent insurance claims, and more.
The stakes can be even higher if your client is a business. Small businesses rely on tax returns to stay afloat and may lose their business. Companies of all sizes may have client information on their computers that become vulnerable to further attack. Companies can lose their reputation due to fraudulent activity on company accounts. It opens them up to lawsuits, fines, and possible loss of business licenses and could force business owners to dissolve the business, with any employees losing their jobs.
But how do you know if your information is compromised? What do you do after you’ve been hacked? And how do you protect your business from cybercrime?
How Do You Know Hackers Breached Your Security?
The number one way tax preparers learn about a security breach is by comparing their records to the number of returns the IRS has received. The IRS recommends you regularly check your EFIN to safeguard your clients. Quickly stopping an attack may save you further grief as well.
Accessing your records will be easy if you use IRS-approved tax software for tax preparers. Follow these steps:
-
- Login To Your E-services Account
- Select Your Organization
- Click “View/Edit”
- Click EFIN Status
- Review The Stats At The Bottom Of The Page
Compare your records to the IRS records. Call the IRS e-help desk at 866-255-0654 if you find any discrepancies.
What To Do If You’ve Been Hacked
After alerting the IRS to stop further fraud, the next step is alerting all your clients to the breach. You may have unhappy clients, but they’d be even angrier if you knew about the breach and didn’t help them protect themselves.
Follow any instructions from the IRS. They will issue you a new number and investigate the fraud. Change all passwords, including those on your income tax return filing software. Your tax software programs may let you do that manually, or you can contact their service department. Finally, protect your business from future attacks.
Should I Take Hacker Risks Seriously?
Your business is only as safe as your weakest password. Hackers get better and better at figuring them out, creating more complicated programs to mine your employees for information. A hacked Facebook page, for example, gives your employees’ relative names, dates of birth, previous addresses, pets, children, favorite movies and sports, and most importantly, their current Facebook password.
People are creatures of habit and will often use familiar names, dates, and events as passwords. Not wanting to forget the password, they may use the same password across multiple platforms, including login credentials on your business software. Or, employees may use a personal and much less protected device to access business calendars or files when they’re at home.
Common encryption algorithms are hackable. The hacker runs the data through a program that tries different known algorithms, and when it finds the right one, they have access to all the information in your files.
How To Protect Your Business From Hackers
The best way to protect your business is to install good malware protection and educate your employees on password safety and how hackers operate. You may also save them from financial problems in their personal lives. Here are steps to safeguard your business:
- Install software that requires a password change every three days for maximum protection. The password can’t be one they’ve used before, a familiar name, date, address, social security number, or telephone number.
- Limit access to or require better security for personal devices accessing business files.
- Multi-step authentication processes, while inconvenient, are effective at blocking a hacker from accessing your system.
- Use security software that installs updates automatically so you always have the most current version. Quality security companies update their programs to block the latest attack as they discover new scams and malware.
- Clean or wipe any old hardware entirely before disposing of it. Deleting information isn’t enough. Some programs can reverse the process. Doing a factory reset is a good option.
- Avoid phishing scams and suspicious files. Don’t open any attachments. Don’t enter your login credentials or personal information into anything you get by email. Don’t click on links. If the email looks real and asks you to do something, go directly to the company’s main site and log in there.
- Ask employees to alert you if their personal accounts get hacked.
A regular checkup will give you peace of mind, but an active protection plan will prevent future problems. Ensure you’re routinely monitoring your EFIN regardless of your protection plan to shut down any suspicious activity quickly.