Cybersecurity is important year-round, but especially so during tax season, a time when business owners are frequently sharing sensitive information with professionals, often over the Internet. Hackers who would love to get their hands on your personal and business's sensitive information know that small businesses may not have the same cybersecurity resources as larger corporations, making them easy targets. So Business News Daily spoke with David Wagner, CEO of email encryption company ZixCorp, about the steps entrepreneurs should take to ensure their sensitive data isn't up for grabs.
Business News Daily: What preparation should small businesses take leading up to tax season?
David Wagner: As small businesses begin to pull together their tax documents, they'll want to make sure they're taking important basic security precautions.
Any sensitive or identifying information should be encrypted if shared outside the company over email, and you should always ensure that the end recipient is the intended person. With the rise of W-2 fraud hitting companies this year, you cannot be too cautious.
Additionally, we suggest ensuring that any CPA or outside tax professional you work with is using encryption when sharing your business information with them. If a tax professional is asking you to share information online or in email, it's imperative that the information be exchanged securely. If you use email encryption for your business, your information will be protected.
BND: What are the most common errors or oversights small businesses commit when it comes to taxes?
Wagner: We see many small business owners share their personal information with their accountant or tax professional over email, without using an encryption service. Criminals are well aware that tax day is coming, and they are targeting unsuspecting business owners by posing as tax professionals through the use of phishing attacks. Never click on links you don't trust or send private information over unencrypted email. Instead, give your tax representative a call to discuss any questions he or she may have.
Another common misstep comes when small business owners select their passwords for online accounting services. The two most common passwords in the world are "123456" and "password," according to SplashData. Avoid easily hackable passwords by steering clear of children's names or birthdates. Make sure to use a mix of capital and lowercase letters, numbers and symbols.
BND: When it comes to security, how can small businesses ensure that professionals are securing their most sensitive tax information?
Wagner: Small and medium-size businesses need to talk to their tax professional to make sure that they're taking the necessary precautions to protect the business owner's data. If you are communicating via email, ask what types of email encryption options they have. For those that use online accounting services, look on the company's website to see what security features they offer.
You'll want to look for password-protected safeguards and encryption services for sharing any files online.
BND: Are there any additional steps that small businesses can take to secure their sensitive information and communications?
Wagner: Small business owners should have a chat with employees to make sure they are aware of potential risks to their data online and strategies to protect personal information against threats. A recent survey of IT and IT-security professionals by Raytheon found that 70 percent of respondents said they see more incidents caused by unintentional mistakes than by intentional or malicious attacks.
All employees need to have strong passwords protecting their devices — smartphones and laptops included. Also, encourage employees to only use Wi-Fi networks they are familiar with to avoid an information sharing mishap. Consider signing up for a security webinar or training session so that all employees can get up-to-speed on simple ways to protect themselves from a data breach.
Set up defenses, such as Data Loss Prevention technology, to protect employees from themselves. You can install software that will scan outbound email for possible red flags. If there's a cause for concern, the software will quarantine the message and check in with the administrator to confirm that this information should be delivered. That way, employers and employees can rest easy knowing sensitive information — like Social Security numbers, credit card information, etc. — is safe.
BND: Is there anything else entrepreneurs should be aware of?
Wagner: While tax season is a particularly vulnerable time for small businesses, security risks exist year-round. In order to prevent private information getting into the wrong hands, choose security options that are easy to use and mobile-friendly. Best case scenario, security works automatically and in the background with no extra steps for your employees and outside business partners. The next best option is a solution that works in two steps or less. Anything else is a distraction and interference to your employees and your business.