(Special thanks to author James Shepperd, ESET. Contents have been edited for length. Please enjoy this very interesting and informative read!
Corporate Armor is a proud Premier ESET North American partner. We can recommend ESET Endpoint Protection Standard, and ESET Endpoint Protection Advanced as highly relevant products to this subject matter.)
In our contracted Covid-19 economy, some businesses will hurry to file their taxes and speed returns. Others will seek extensions. Either way, your top priority should be ensuring network and data security. Be sure to check out our best practices for protecting your business below.
From the paperless office to e-taxes
The paperless office that was first proposed in the mid-1970s still hasn’t come to pass. However, the digitization of many government services and civic duties has had an impact. Tax filing—likely the most critical and perhaps the most digitized—is a great example. Electronic filing could be considered a form of FinTech. And in many countries e-filing is nearly universal.
For example, in the United States, roughly 92% of citizens filed taxes electronically for the 2019 tax year. That’s a 10% increase over 2018. In Fiscal 2019, nearly 9.5 million US businesses filed taxes electronically. That’s a rate roughly five times higher than paper-filing businesses. So, as the US approaches tax filing for FY 2020, many eyes will be glued to the new stats. Will the percentage of electronic tax filings stay on par? Or, will it continue to grow?
The questions posed are much more than academic. Major economies are projected to have lost between 2.4% and 3% of the value of their gross domestic product in 2020. And that will have an effect on the number of payers filing and the overall tax take for 2020. Regardless, the growing trend of e-filing is likely to continue. As such, payers will be encountering an increasingly hostile electronic tax-filing environment. Even prior to impacts from the pandemic, there was appreciable growth in attacks, identity and data theft, and widespread fraud connected with tax season.
Tax time dilemma: Convenience vs. security
Financial data is like manna from heaven for cybercriminals. Filing documents contain heaps of personal data including names and addresses along with various tax ID numbers, employees’ financial documentation and other critical data. They can also include salary figures, data on dependents, bank details, investment data and more.
If data handling is not up to par, some documents could potentially contain enough personal information to allow hackers to gain direct access to accounts, execute spearphishing campaigns, steal employee identities or penetrate business networks.
Home, aka your pandemic office
Simply put, home networks and private devices can’t compete with corporate-level protection. At a minimum, it’ll have heightened network security featuring a combination of firewalls, anti-spam and anti-malware technologies, and VPNs. The greater the value of the network, the more comprehensive protection it will have.
However, Covid-19 has pushed execution of many business processes home. And regardless of the size and scope, the reality is an increase in these less secure back-office operations. And that includes, for many, finance. Concern is valid. The fact is, home networks have less protection and less expert scrutiny. When home and corporate networks connect, risk is increased.
It’s on this stage that malicious actors pursue many tactics and techniques to intercept data. For example: employing man-in-the-middle attacks or various types of malware. Not only does their data chase include tax records, but any other data seen as potentially useful or valuable.
Tax time 2020 – Covid & chaos
Reduced tax take? Recession? Covid? Whatever the order, everyone expects tax time to show the harsh reality of 2020. If any indications can be taken from the increases seen in malware campaigning in 2020, we can be sure that hackers will multiply their opportunities this tax season.
With fresh data assembled from 2020 Covid-19 scams and past tax season campaigns, we are likely to see phishing and spearphishing. Expect subject lines like: “Covid-19 SMB Tax Relief.” These can lead you to fraudulent websites mimicking corporate websites or national tax authorities. We saw this happening in Spain in 2020. In that case, the threat actors behind Grandoreiro attempted to impersonate governmental organizations like the Agencia Tributaria; Spain’s IRS.
With this level of effort invested, it’s inevitable that large numbers of users will expose personal data and systems to cybercriminals.
How to protect your business this tax season
Consider both you and your employees’ use of home networks. Also consider that remote work has added burdens and risks to your corporate network. Carefully review how to file taxes and any changes for the 2020 tax year applicable to your situation. 2021 will feature a lot of change. But if you get your security and tax processes right, you’ll be in a great position to face the coming uncertainties. Here’s a list of best practices to follow:
|Check that you are using a reputable and properly scaled solution security solution – and/or that current anti-malware software is up to date|
|Secure all online accounts with unique, robust passwords.|
|Protect network connections with a virtual private network (VPN) and a properly configured firewall|
|Check your Remote Desktop Protocol (RDP) settings|
|Use two-factor authentication and other account security tools like password managers|
|Have a robust and user-friendly encryption solution in place for data on local and cloud storage drives|
|Make secure backup copies of critical data|
|Review spam filter settings in your email clients and mail security solutions|
|Implement cybersecurity awareness training for your employees to help reduce risks related to social engineering, phishing and other threats|