During this year's National Small Business Week, running from April 28 to May 3, the Internal Revenue Service (IRS) emphasized the importance of implementing vigorous data security measures to …
This item is available in full to subscribers.
Please log in to continue |
During this year's National Small Business Week, running from April 28 to May 3, the Internal Revenue Service (IRS) emphasized the importance of implementing vigorous data security measures to safeguard financial, personal and employee information from cyber threats.
According to the agency, the IRS has observed a concerning trend where small businesses, among others, fall victim to various financial and identity theft-related schemes orchestrated by cybercriminals. These schemes aim to acquire sensitive information that can be exploited to file fraudulent tax returns, drain business bank accounts and perpetrate identity theft.
Common tactics employed by cybercriminals include phishing and spearphishing scams, which target small businesses, tax professionals and individual taxpayers. Small businesses are particularly vulnerable to Form W-2 scams, where identity thieves deceive company leaders into divulging sensitive data.
“Each year, the IRS sees thousands of attempts trying to attack small business owners and other taxpayers. Those who are victimized by these schemes can see serious financial consequences,” said IRS Commissioner Danny Werfel in a news release. “Cybercriminals are relentless, and anyone can be a target. The best way business owners and individuals can protect themselves is to stay well informed on the latest scams, continuously protect their computers and smart phones and install data security at home and in the business to protect sensitive information.”
Cybercriminals operate around the clock, exploiting vulnerabilities in human behavior and computer systems to pilfer financial and personal information. Small businesses that fail to adequately safeguard their data and educate their staff become easy targets for cyber attacks, potentially resulting in financial losses and reputational damage.
To mitigate the risk of cyber threats, the IRS advises small businesses to deploy comprehensive cybersecurity measures, including encryption of sensitive data, multi-factor authentication and regular staff training on security best practices. Additionally, businesses are encouraged to report IRS-related scams to phishing@irs.gov.
The IRS also highlights the "Dirty Dozen," an annual list of prevalent scams and fraudulent schemes posing threats to small businesses and taxpayers. This year's list includes warnings about aggressive promoters of questionable claims for the Employee Retention Credit (ERC), which could lead to penalties and criminal prosecution for ineligible claimants.
One particularly insidious scam highlighted by the "Dirty Dozen" is the "New Client" spearphishing scam, where cybercriminals masquerade as potential clients to deceive tax professionals and business owners into divulging sensitive information.
Small business owners are urged to remain vigilant against these scams and take proactive measures to protect their businesses and customers. By prioritizing cybersecurity and staying informed about emerging threats, entrepreneurs can safeguard their investments and preserve the trust of their clientele.
The IRS provides resources such as Form 14039-B, Business Identity Theft Affidavit, for businesses to report possible identity theft incidents promptly. Additionally, reporting scams to the IRS helps identify new threats and supports efforts to combat cybercrime effectively.
For more information on cybersecurity best practices and how to report scams, small business owners can visit the IRS website or consult the Federal Trade Commission's resources on cybersecurity for small businesses.
The IRS urges small business owners to familiarize themselves with cybersecurity best practices, even if they outsource day-to-day information technology protection. The IRS recommends implementing the Best Practices outlined by the U.S. Federal Trade Commission (FTC). These practices, though often common-sense, are crucial for safeguarding business data and devices.
To protect business files and devices, owners should:
For safeguarding the business wireless network, owners should:
Adopting smart security practices as part of routine operations involves:
For further guidance on protecting investments, customers, and employees from cyber threats, small business owners can access information provided by the FTC's Cybersecurity for Small Businesses initiative.