Last week, we discussed IRS tips for keeping your personally identifiable information (PII) safe, but what happens if—despite your best efforts—you or your business are affected by data theft? That deer-in-the-headlights look is a completely understandable byproduct of learning that cybercriminals just pulled client information from your office database, and after the shock fades, it’s time to address the situation. Luckily, the Internal Revenue Service published steps that data theft victims can follow if they don’t know where to start.
To highlight the risk that data theft poses to everyone, the IRS points out that cybercriminals use stolen PII in a number of financial crimes. Whether they’re using your PII to apply for a bank loan that they have no intention of repaying or filing a tax return for a check from the Department of Treasury, these fraudsters are in it to make money. Unfortunately, that usually means someone else pays the price with a ruined credit score or closed business—not to mention fees paid to data security experts who help navigate these kinds of problems.
what should you do if you’re the victim of data theft? The IRS says the first item on your list should be finding out what the cybercriminals stole. If you know they broke into your email account, that means the criminals probably have everything in your inbox, outbox, drafts, and trash folders, but you should also consider the other online accounts tied to that email address. Remember, any other online accounts that use the same password (hint: you really shouldn’t use the same password for multiple accounts) or login credentials as the compromised account could also be affected.
Next, the IRS recommends signing up for a credit monitoring service. As the agency points out, businesses that handle client and customer PII sometimes provide credit monitoring services for those affected, but if you don’t have free access to one, that may mean shopping around. Credit monitoring services are pretty much what they sound like: Businesses that watch your credit activity to try and spot any signs of identity theft (like, for example, the aforementioned bank loans taken out in your name by identity thieves), and some will even monitor Dark Web auctions and alert you when your information pops up.
Anyone who followed the Equifax data breach probably recognizes this step: Once you’ve determined the scope of the breach and signed up for a credit monitoring service, the IRS says you should consider freezing your credit. This should keep anyone who actually managed to get their hands on your information from accessing your credit reports or even opening accounts requiring that information; keep in mind that you’ll need to un-freeze your credit when you need to take out a loan to buy a car or house, and the IRS reminds that credit freezes can cost money.
Remember when we said you shouldn’t use the same password for every account and that you should monitor other online accounts following a data breach? Well, the IRS says you should also change the password for all online accounts following a data breach. The IRS tip provides a mix of conventional wisdom and more recent recommendations regarding password complexity: a mix of upper- and lower-case letters, numbers, and special characters that is at least 10 characters long or downloading a password manager.
Finally, the IRS says you should start using multi-factor authentication (MFA). Not sure what that is? If you’ve ever had to use a code sent via text message to verify your email login, you’ve used it. Basically, MFA is any additional data point you must enter to gain access to an account. If a password is considered single-factor authentication, a password plus the answer to a security question would be considered multi-factor authentication. Each additional “factor” required to confirm the identity of the user improves the security of the account from cybercriminals, and adding this step can slow down someone who holds your PII from accessing a compromised account.
Those last two suggestions could easily be used to prevent data theft, especially using a password manager and MFA. Even if you haven’t been affected by data theft, you should consider adopting both in your security plan. That said, knowing steps for preventing data breaches isn’t enough. In a world routinely rocked by news of large-scale data breaches, we have to understand how to reduce the impact of these breaches on our financial wellbeing, and the five steps suggested by the IRS are a pretty good start.
Source: IRS Tax Tips