Without much fuss or public notice, millions of Americans are now taking part in one of the most challenging cybersecurity operations in the world: submitting tax returns online. How this almost unimaginable wealth of personal and business financial information is kept secure is its own story, and one that the Internal Revenue Service (IRS) stays very quiet about.
But the IRS is talking to taxpayers, both individuals and businesses, about safeguarding their financial data online by providing security tips in an ongoing series. These tips offer a concise picture of today’s leading threats to financial data and the measures that people should be taking to protect it.
The World’s Leading Custodian of Sensitive Financial Data
The IRS is in a position to know something about financial data security. If old Bond movie villains wanted to break into Fort Knox, today’s cyberthieves could dream of nothing sweeter than hacking into the IRS and stealing every American’s tax records, which are filled with detailed financial information.
While the agency did not discuss its data safeguarding measures in the release, it did talk about how people and firms should protect their own data.
Of seven security tips in the initial release, the first two are about security software: Have it, use it correctly and allow it to update automatically. In fact, automatic updating is so important that it gets its own tip. Security professionals might add automatic updating of the operating system since these updates include critical security patches. Protective software is a primary defense against attack.
The third tip is to look for HTTPS in a URL. HTTPS pages apply encryption that HTTP sites do not, and users should be wary about submitting information through unsecured avenues.
Next, the IRS advised taxpayers to use strong passwords. Suggestions are provided for stronger passwords, though many websites now let users know how strong a password is, with guidance on making it stronger.
Ensure that a business or home wireless network is secure. This is classic endpoint protection and remains the first step in keeping intruders at bay. Similarly, the IRS warned about the use of public wireless connections. While this is mainly applicable to individuals, enterprises must be aware of employees or partners who could be using public Wi-Fi and putting corporate data at risk.
The seventh and final tip is to be wary of phishing attempts. Start by educating employees as to what phishing is and how to recognize it. This tip noted that the IRS is among the organizations that phishing attempts may impersonate — we tend not to ignore notices from the IRS. Users should double-check all communications from state and federal agencies to ensure they are legitimate.
Security Tips for the Times
Those familiar with cybersecurity issues won’t find any surprises in these initial IRS online financial security tips. They addressed the major contemporary threat vectors: software vulnerabilities, wireless connections and social engineering campaigns that exploit the human factor. They outlined the basic precautions of protecting a system and its endpoints, including passwords, and advised the basic wariness needed to elude social engineering attacks.
None of this is revolutionary, but it’s important to note that the IRS takes tax refund fraud and identity theft seriously. Tax season may be a pain, but it is good to know that when it comes to data security, the tax man has our backs.