Tax Time for Accounting Firms = Hacker Heaven
In January, the IRS issued a warning to taxpayers on tax-related identity theft. The problem is very real. In 2013 alone, the IRS paid an estimated $5.2 billion in tax refunds obtained by hackers, and prevented an additional $24.2 billion in fraudulent transfers. Soon after the IRS’s warning, Intuit’s TurboTax announced it was temporarily suspending the transmission of state e-filed tax returns because customer complaints had risen so dramatically.
The tax threat extends to businesses as well. It’s no secret that hackers target businesses regularly, but the numbers remain shockingly high. According to a survey from CyberEdge Group, in 2014, more than 70 percent of organizations said they suffered a successful cyberattack, with 22 percent of them hit six or more times. Businesses that also collect customer SSN for whatever reason remain prime targets of hackers, as 78.8 million Americans found out in December when hackers broke into Anthem, Inc.
Here are three things accountants and tax firms need to keep in mind during tax season to avoid becoming victims:
1) Accounting Firms and CPAs Are Most at Risk: Naturally, if you’re in the accounting business, tax time is when you need to be most on guard. The American Institute of CPAs (AICPA), has a good primer on securing client data. The proliferation of mobile devices also greatly complicates attempts to secure data. A 2013 survey from AICPA and CPA Canada found that just a third of CPAs are confident that their organizations have properly protected all mobile devices to prevent a data breach. Beyond CPAs, all businesses that have some BYOD policy need to ensure that they have a plan to protect company data. Distressingly, just 45 percent of BYOD organizations expect to implement a security plan this year, according to CyberEdge.
2) Make Clients Aware of IRS Imposters and Phishing Scams: One of the most successful ways hackers steal citizens’ SSNs is through fraudulent emails, usually from the IRS. Indeed, the IRS issued a warning in February about this very tactic. The hackers know we’re all terrified of being identity-theft victims and they exploit this fear well, often by telling someone they’ve been a victim already and that they need their SSN. The elderly and immigrants who are less sure of IRS protocol are particularly prone to this scam. The IRS will never contact consumers via email or phone.
3) Cyber Risk Insurance Is Important, But It Isn’t Enough for CPAs: Many tax firms and CPAs use cyberinsurance to protect financially from data breaches. However, as noted from the Anthem breach, the consequences of having client tax returns, social security numbers and other sensitive information hacked is well beyond the cost that cyber insurance can possibly cover. As a CPA, you are trusted with the most sensitive of personal information, which can potentially ruin someones life if it falls into the wrong hands. If that information is hacked due to lack of security, your business and professional reputation are in serious trouble — not to mention the years of your life it may take to recover.
Above all, we need to reach that mindset as a society we’re in a cyber war. Things are only going to get worse. If tax time is hacker heaven, it’s also a time for consumers and businesses to implement the most robust security measures they can.