5 Tax Security Strategies for Small Business

When tax time rolls around, it isn’t just CPAs who spring into action. It’s a big time for hackers as well, who bank on sensitive information getting transmitted over the Internet via online filings. And if the hackers are working OT, you know what that means: more work for IT too.

Like everyone else, your company has two options: File taxes yourself or go through a third party. Each choice comes with its own risks, which you can minimize with some foresight and common sense.

Tax Security Tip No. 1: Secure your connection.
If your boss is the do-it-yourself sort, you as the IT brain face the same headaches as the average Joe taxpayer. Is the PC you’re using secure? Are you sending the information over a wireless network? If so, are you using a WPA2 connection or a less secure one?

Jeff Lanza, president of The Lanza Group and an expert on computer security matters, recommends using a wired connection if possible and making sure the PC your company uses to file those taxes has updated security software. “You’re giving up Social Security numbers, birth dates and all sorts of information that can lead to identity theft,” says Lanza.

Tax Security Tip No. 2: Check out the CPA.
Outsourcing your company’s taxes to a third party may seem like a safer option, but Lanza suggests that you play detective first. “If you’re using a CPA, you want to ask how they protect the information and what they do keep your info secure,” says Lanza. Don’t just leave it to management to select a tax preparer. Explain that you need to ask critical IT security questions.

What kinds of questions? Ask what type of software the tax preparer is using and whether he or she has installed the latest security patches. Examine the firm’s security and privacy policies and find out if the preparer uses SSL encryption. Lanza says emailing data can also be risky, so either go with a secure email service or hand-deliver the information.

Beyond that, Robert Siciliano, a security analyst and consultant, suggests doing a simple background check. “Whenever you’re doing business with anyone, you should know who you’re doing business with,” says Siciliano. “It wouldn’t be a bad idea just to do a quick Google search on them.”

Tax Security Tip No. 3: Go directly to IRS.gov.
No matter who’s filing, the ultimate destination is IRS.gov. Subsequent links from that page should be in the secure “https” format. Caution tax filers about clicking on pages that aren’t secure.

Tax Security Tip No. 4: Warn your unsuspecting end users.
Now is a good time to educate your end users about phishing scams. Tell them about common scams around tax time, like hackers posing as representatives from TurboTax or H&R Block in an effort to get consumers and businesses to give up sensitive information. Another common scam is a warning email purportedly from the IRS. Remind end users that the government will never solicit their sensitive information via email.

By preparing end users, you’re not just protecting their info. If end users click on a malicious link using a company computer, you’ll have the hassle of dealing with the threat to your company’s data.

Tax Security Tip No. 5: Store tax records securely.
After the taxes are completed, the best way to protect your company’s sensitive tax-related information is to take it off the hard drive and put it on an external drive instead. And finally, a few months down the road, take the final, most crucial precaution to make sure you’ve safeguarded data: “Check your credit report,” says Lanza. “You should be doing that on a regular basis anyway.”

Like this article? Connect with us @ITinsiderOnline

The Rising Threat of USB Drives

You can find them in pockets, purses and on key chains. They're on lanyards and in pens, built into some jewelry and even found alongside scissors and nail files in Swiss army knives. Teeny USB thumb drives are ubiquitous: In fact, Gartner estimates more than 222 million were sold in 2009 alone. Could such a tiny gadget bring big risks to your organization?

Your Data at Risk

Thanks to their small size, low cost, and capability of instant backup and file transportation between multiple computers, USB drives actually pose significant security threats for businesses.

For example, disgruntled employees can easily make off with sensitive company information on a USB drive. "The threat is not new, but the problem is exacerbated by tiny and cheap USB drives," says Leslie Fiering, research vice president at Gartner in San Jose, Calif. "The moment we had removable storage media -- going back to floppy disk drives -- there have been stories of janitors going onto computers after hours and downloading major amounts of information." Employees who plan on quitting a company -- or perhaps those expecting a pink slip -- can also easily copy over customer or client databases, emails, calendar appointments and contact lists in a matter of seconds, and then take this digital info with them to a competitor.

Increasingly, USB drives can also carry harmful malware, say security experts. USB keys can be used to install viruses or to serve as boot drives to erase data -- even unintentionally. An employee who uses a USB drive on a personal computer at home could carry malware back to a work computer without his or her knowledge.

USB Security: What You Can Do
You should take several precautions to minimize the risk of data theft or malware attacks via USB drives. Consider the following:

  • Implement strong security software. All company computers should have the right security software to detect and remove potential threats. "Without question, you need serious protection today that not only protects from online threats but also is capable of scanning external devices too, such as USB drives," warns Fiering.
  • Limit USB access. In extreme cases, organizations have cut off access to USB ports. Others have limited USB access to specific employees. Using encrypted USB drives is another option, as is disabling AutoRun on computers so that programs on a USB drive don’t immediately run when a drive is inserted.
  • Monitor use. Keeping track of USB access will help you note who is using the drive, on which computer and at what time of day." IT departments need to make sure their machines are secure and sensitive information protected," adds Michael Gartenberg, research director at Gartner in Stamford, Conn.
  • Focus on education. “Banning can result in users trying to bypass the ban,” cautions Santorelli. A usage policy augmented by an awareness campaign to educate end users will help mitigate the risks.

Fiering and Santorelli note that these risks are not limited to USB drives. Santorelli calls it an “erosion of the traditional network perimeter” because of the prevalence of mobile devices and the convergence of personal and work technology. “This is a problem that's not going away any time soon," says Fiering. With the right security measures, however, companies can ensure the security of their data, despite today’s increased risks.

Like this article? Connect with us @ITinsiderOnline