Monica Hamilton, Director of SMB Product and Solutions Marketing at McAfee, contributed this article to BusinessNewsDaily's Expert Voices: Op-Ed & Insights.
Tax season is in full swing and the majority of Americans are hoping for a refund once they file their paperwork. However, some people may be putting themselves at risk to have their identity and financial data stolen instead.
During the tax filing process, many tend to overlook the crucial step of checking the security of their personal and business information. This step becomes even more important as more and more people opt for the convenience of filing taxes online — roughly 80 percent in 2012.
The future of filing your taxes is evolving into a 30-minute process from computers, smartphones and tablets. While the online filing option is easily accessible, it also puts users at a greater risk of having fraudsters gain access to their personal information. A new wave of hackers and cyberscammers has developed sophisticated methods to gain access to all sorts of businesses, and unfortunately, SMB owners are prime targets.
SMB owners are tasked with filling deadlines and issuing important tax documents to employees, along with other important documents. They have more paperwork relating to federal and state tax regulations than ever before making them prime targets to cybercriminals. Specifically, many SMBs lack the time, budget and expertise to coordinate an effective security solution. As a result, the number of daily targeted attacks specifically aimed at small and midsize businesses more than doubled in the first six months of 2012.
SMB owners or managers are often so busy running the business that they frequently lack the necessary time required to fine-tune their security programs, install the latest updates or even to confirm that they have enough security protection for the scope of their operations. Many small businesses believe they are fully protected while in fact they are much more exposed to attacks than larger enterprises that have dedicated security management.
For instance, with the significant increase in BYOD (bring your own device), SMBs need to evaluate how their employees' smartphones and tablets are being used within the network infrastructure and what data they can access with those devices to ensure that business, customer and financial information is secure. Any unprotected device leaves a backdoor open to cybercriminals, placing the company and customer information at risk. Mobile devices, in particular, are becoming increasingly attractive to this new wave of hackers. While cybercrime continues to evolve every day and become more sophisticated, SMBs find themselves more vulnerable by leaving themselves unaware and unprotected.
So what are SMBs to do? First, they need to take a look at their technology footprint and make sure that all new devices, services or user scenarios are covered by a comprehensive edge-to-edge security strategy. If not, they need to expand their security solutions accordingly. Next, they need to ask the following questions:
- Are employees using personal tablet computers to access business data and internal websites?
- Are both business and financial data being stored in the cloud? What are my cloud service provider's security strategy and policies?
- When was the last time I updated our computer software: OS and apps?
- What level of encryption is used to protect the perimeter of my cloud?
- Are employees emailing sensitive files in the clear or do they use email encryption?
- Who has access to my data center?
For SMBs, filing taxes doesn't have to be risky. There is good news — real progress is being made to reduce the threats from fraudsters. Security technology is moving from reactive defenses toward proactive, multi-layered protections that block cybercriminals before they enter the network. The first step starts with SMB owners taking the time to review their security posture. And keep in mind, tax season, just like any other hectic holiday, draws the attention of cybercriminals looking for a quick and easy payout.
A few pointers that everyone should be aware of this tax season:
- Use tax software from a reputable company: be cautious with inexpensive, lesser-known packages as they may not be capable of defending against threats from all approaches
- Apply browser, operating system and application updates to patch gaps in software that attackers can possibly exploit
- Be wary of any email asking for personal or financial information, tax time is phishing season for cyber criminals who target individuals with fake emails that look official
- Implement a multi-faceted security policy covering: employee awareness training, network access restrictions and data security policies at a minimum
- Deploy a layered defense using security software that provides protection for device, web and email points of vulnerability
The views expressed are those of the author and do not necessarily reflect the views of the publisher.