March 8, 2016 By Rick M Robinson 2 min read

Without much fuss or public notice, millions of Americans are now taking part in one of the most challenging cybersecurity operations in the world: submitting tax returns online. How this almost unimaginable wealth of personal and business financial information is kept secure is its own story, and one that the Internal Revenue Service (IRS) stays very quiet about.

But the IRS is talking to taxpayers, both individuals and businesses, about safeguarding their financial data online by providing security tips in an ongoing series. These tips offer a concise picture of today’s leading threats to financial data and the measures that people should be taking to protect it.

The World’s Leading Custodian of Sensitive Financial Data

The IRS is in a position to know something about financial data security. If old Bond movie villains wanted to break into Fort Knox, today’s cyberthieves could dream of nothing sweeter than hacking into the IRS and stealing every American’s tax records, which are filled with detailed financial information.

While the agency did not discuss its data safeguarding measures in the release, it did talk about how people and firms should protect their own data.

Of seven security tips in the initial release, the first two are about security software: Have it, use it correctly and allow it to update automatically. In fact, automatic updating is so important that it gets its own tip. Security professionals might add automatic updating of the operating system since these updates include critical security patches. Protective software is a primary defense against attack.

The third tip is to look for HTTPS in a URL. HTTPS pages apply encryption that HTTP sites do not, and users should be wary about submitting information through unsecured avenues.

Next, the IRS advised taxpayers to use strong passwords. Suggestions are provided for stronger passwords, though many websites now let users know how strong a password is, with guidance on making it stronger.

Ensure that a business or home wireless network is secure. This is classic endpoint protection and remains the first step in keeping intruders at bay. Similarly, the IRS warned about the use of public wireless connections. While this is mainly applicable to individuals, enterprises must be aware of employees or partners who could be using public Wi-Fi and putting corporate data at risk.

The seventh and final tip is to be wary of phishing attempts. Start by educating employees as to what phishing is and how to recognize it. This tip noted that the IRS is among the organizations that phishing attempts may impersonate — we tend not to ignore notices from the IRS. Users should double-check all communications from state and federal agencies to ensure they are legitimate.

Security Tips for the Times

Those familiar with cybersecurity issues won’t find any surprises in these initial IRS online financial security tips. They addressed the major contemporary threat vectors: software vulnerabilities, wireless connections and social engineering campaigns that exploit the human factor. They outlined the basic precautions of protecting a system and its endpoints, including passwords, and advised the basic wariness needed to elude social engineering attacks.

None of this is revolutionary, but it’s important to note that the IRS takes tax refund fraud and identity theft seriously. Tax season may be a pain, but it is good to know that when it comes to data security, the tax man has our backs.

More from Government

Updated SBOM guidance: A new era for software transparency?

3 min read - The cost of cyberattacks on software supply chains is a growing problem, with the average data breach costing $4.45 million in 2023. Since President Biden’s 2021 executive order, software bills of materials (SBOMs) have become a cornerstone in protecting supply chains.In December 2023, the National Security Agency (NSA) published new guidance to help organizations incorporate SBOMs and combat the threat of supply chain attacks.Let’s look at how things have developed since Biden’s 2021 order and what these updates mean for…

Roundup: Federal action that shaped cybersecurity in 2023

3 min read - As 2023 draws to a close, it’s time to look back on our top five federal cyber stories of the year: a compilation of pivotal moments and key developments that have significantly shaped the landscape of cybersecurity at the federal level.These stories highlight the challenges federal agencies faced in securing digital infrastructure in the past year and explore the evolving nature of cyber threats, as well as the innovative responses required to address them.New White House cybersecurity strategyThe White House’s…

ITG05 operations leverage Israel-Hamas conflict lures to deliver Headlace malware

12 min read - As of December 2023, IBM X-Force has uncovered multiple lure documents that predominately feature the ongoing Israel-Hamas war to facilitate the delivery of the ITG05 exclusive Headlace backdoor. The newly discovered campaign is directed against targets based in at least 13 nations worldwide and leverages authentic documents created by academic, finance and diplomatic centers. ITG05’s infrastructure ensures only targets from a single specific country can receive the malware, indicating the highly targeted nature of the campaign. X-Force tracks ITG05 as…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today