We’re well into filing season, and that means cybercriminals will be stepping up their game to steal personally identifiable information (PII), which probably explains the timing of a recent IRS Tax Tip included data security advice for taxpayers. If your clients don’t regularly get email notifications from the IRS, then you can pass along these basic steps.
The IRS covered three major areas that taxpayers need to address when trying to keep their PII out of the hands of criminals: computer security, scam identification and avoidance, and developing good data security habits.
How do I keep my computer secure?
Most of the IRS’ advice for protecting your computer will sound familiar: install security software, send data over encrypted websites, and use good passwords.
For security software, the IRS recommends “a firewall, virus and malware protection, and file encryption for sensitive data.” Most operating systems have a built-in firewall, but some people opt for third-party security suites. The advantage of all-in-one security suites is that they handle all the items on this list, and they’re configurable from a single location. That said, you can always build a custom suite by downloading products from different vendors.
Next, make sure to use an encrypted platform any time you send PII over the Internet. That means web pages designated as “https” sites and avoiding PII transfer over email (we’ll look at email attachments and links again when discussing common scams). If you’re supporting remote tax return preparation, consider using a secure client-facing portal like SecureFilePro.
Finally, remember to use a strong, unique password. Security experts now recommend adopting a passphrase—a long, random series of words—instead of a password, since it’s usually easier to remember than a string of random letters, numbers, and special characters. But if you have a lot of different online accounts, you may want to consider downloading a password manager software.
How do I avoid online identity-theft scams?
Email tends to be the preferred vehicle for online identity theft scams, and it’s easy to see why: Just about everyone has an email address, and people tend to click any links or attachments they receive—especially if they appear to be from someone the recipient knows. So how do you avoid email scams if your first inclination is to click on any and everything?
The IRS says you need to verify the identity of every sender in your inbox before you respond to or consider clicking on any links or attachments. Cybercriminals create email addresses that at first glance appear to be legitimate, and they’re banking on you not noticing minor changes like the letter “l” being changed to the number “1.” If an email doesn’t contain that type of trickery, compare it to other emails you’ve received from that sender. In the case of businesses, you can always check the official email address listed on their site for customer support or sales.
Next, let’s talk about embedded links and attached files. Even if you’ve verified the identity of a sender, you’re probably better off not clicking on any attachments—even if the email is from someone whose reputation is unimpeachable, like Grandma. Remember, the sender’s real email address could have been compromised, and that translates to a cybercriminal taking a joy ride with someone else’s Gmail account to spread malware or steal PII. (Granted, you’ll probably want to see those pictures of your kid playing at Grandma’s house, just remember to at least scan the files with an antivirus program first.)
Another word on attachments: The IRS says its best to make sure your email platform—whether an installed program like Microsoft Outlook or a third-party provider like Gmail—doesn’t download attached files automatically. If you’re not sure how to disable this feature, a basic web search will often turn up the instructions.
What are some other good data security habits?
The final set of data security steps basically cover habits you need to develop regarding all PII. These tips range from social media activity to physical document security.
If you’re a frequent Facebook or Twitter user, you’ll want to pay attention to this one: The IRS says you “should not overshare personal information on social media. This includes information about past addresses, a new car, a new home, and children.” Now you might say, “I would never share that kind of personal information!”
Have you ever posted the results of one of those “Does Your Spouse Really Know You?” quizzes? Have you ever posted a photo of you and your realtor right after closing on a new home? Data from social media posts can be used by identity thieves to bypass security questions for online accounts or added to profiles they use to apply for credit cards or file fraudulent tax returns.
We spend a lot of time discussing ways to secure digital information, but we would remiss if we didn’t also talk about ways you can protect physical documents. Documents containing your Social Security Number? Keep those in a safe location until you absolutely need them. Tax records? Keep them locked up too. And when it’s time to dispose of old financial records, remember to shred everything before shoving them a Hefty bag; remember, criminals aren’t above diving through the dumpster for a quick payday.