{"id":71707,"date":"2020-02-11t11:30:07","date_gmt":"2020-02-11t16:30:07","guid":{"rendered":"https:\/\/48e130086c.nxcli.net\/?p=71707"},"modified":"2023-10-05t09:19:47","modified_gmt":"2023-10-05t13:19:47","slug":"tax-season-is-hacker-season","status":"publish","type":"post","link":"\/\/www.g005e.com\/2020\/02\/11\/tax-season-is-hacker-season\/","title":{"rendered":"tax season is hacker season"},"content":{"rendered":"

\"\"<\/a>checklist: five things to do today to protect your firm and your clients.<\/strong><\/p>\n

the 卡塔尔世界杯常规比赛时间 busy season barometer:
\nnew year, new strategies<\/strong><\/span>
\njoin the survey. get the results.<\/a><\/span><\/p>\n

by jess coburn<\/em>
\napplied innovations<\/em><\/a><\/p>\n

businesses of all sizes are targets from what has become the most vicious, innovative, and lucrative criminal endeavors we\u2019ve ever witnessed. and tax practitioners are particularly easy targets.<\/p>\n

more on busy season 2020:<\/strong> irs urged to form tax preparer strategy<\/a> |\u00a0 5 small leaks that can sink a tax season<\/a> |\u00a0 data points down as tax season opens<\/a> |\u00a0 the fight for new tax clients<\/a> |\u00a0 5 tax review keys<\/a> |\u00a0 tax pros forecast a better 2020<\/a> |\u00a0\u00a0see all tax season 2020 coverage here<\/a><\/p>\n

\"goprocpa.com\"exclusively for pro members.\u00a0<\/span><\/strong>log in here<\/a>\u00a0or\u00a02022世界杯足球排名 today<\/a>.<\/span><\/p><\/blockquote>\n

the financial services industry is perhaps the most targeted because of the value of data it possesses. and the most frequently targeted are cpas and those who prepare tax returns.<\/p>\n

<\/p>\n

\"\"
coburn<\/figcaption><\/figure>\n

the criminals are likely sitting behind a desk, glued to computer monitors, chugging energy drinks and developing the most effective ways to steal today\u2019s version of gold. as you know, this bounty is data and the crime epidemic is known as cyber-crime.<\/p>\n

why? because these organizations possess high-valued information such as bank account numbers, social security numbers, employee identification numbers, and so much more that can be used in \u201cphishing\u201d expeditions, subsequent ransomware activities, and filing fraudulent returns, to name a few.<\/p>\n

because of the value of this data, tax preparers are legally obligated to provide protections as outlined in the financial services act of 1999. keeping up with the strategies of these cybercriminals is a difficult task as they employ new and efficient strategies. one thing is certain. as tax season begins, financial professionals can expect these activities to increase because of the high level of online activity that frequently leaves data unprotected despite best efforts.<\/p>\n

hacker activity ramps up during busy times. for example, hacks of retail stores start with a vengeance on black friday and extend through the christmas season. likewise during long holiday weekends.<\/p>\n

as accounting, financial and tax professionals you\u2019re well into your busiest part of the year and this is the time that cybercriminals hit.\u00a0 why? because they know that you\u2019re extremely busy, under high stress and most likely to miss small details like an email from your customer coming from an email address they normally don\u2019t use.<\/p>\n

the first line of protection for cpas and tax preparers is acknowledging that you have valuable information and taking the proper steps to protect clients from ransomware attacks, data breaches cyber-crimes. it\u2019s something we wish we didn\u2019t have to do but it\u2019s something that\u2019s so widespread and costly that we have to.<\/p>\n

regardless of the size of your practice, you are a target. most small- and medium-sized businesses don\u2019t believe they\u2019re targets. in fact, they think it\u2019s only a big business or government problem but that\u2019s not the case since two-thirds of all small- and medium-sized businesses are attacked in a 12-month period.<\/p>\n

cpa firms that don\u2019t invest in it security have the most to lose. one data breach can destroy a practice. the investment in it security is generally low on the list because the belief is \u201cwell, it\u2019ll never happen to me\u201d.<\/p>\n

the greatest risk comes from ransomware attacks that hold your data hostage and demand their ransom. up until recently, the solution was backup and disaster recovery. when the attacks happen the ransom request is denied and data is restored from the back-up system.<\/p>\n

hackers have changed their tactics. what many businesses don\u2019t realize is that by the time a ransomware attack is carried out the hackers have had control of your network for several months and have already exfiltrated much of your data and confidential client information.<\/p>\n

so these criminals have begun to pivot and when the attacked company doesn\u2019t agree to pay they go after the actual clients whose data they possess. they threaten to release that information if they don\u2019t pay.\u00a0 this has significant legal and credibility consequences for the accounting practice.<\/p>\n

now that we\u2019ve framed the problem, here are five things to discuss with your it consultants about protecting your practice as the \u201cseason\u201d begins:<\/p>\n

    \n
  1. enable multifactor authentication on your email and critical systems.<\/strong> this includes your email service, your file sharing service, and any financial systems you may access. you can visit www.twofactorauth.org for instructions on how to enable this on your different services and systems.<\/li>\n
  2. beef up your email security.<\/strong> many businesses today leverage services like office 365 or google\u2019s g suite and while these have good spam protection and virus protection there are better systems. consider office 365 atp that automatically alerts users when an email is suspected of phishing. it scans any links in the emails at the time you click the link and attachments are actually opened and executed on secure computers to monitor their activity before they are provided to you.<\/li>\n
  3. avoid password\/user name reuse<\/strong> and monitor the \u201cdark web\u201d for leaked credentials. today most users have the same password everywhere and hackers know this. it\u2019s only a matter of time before hackers try these credentials on other services like your bank, your mail server, your dropbox account or your facebook page. password managers are great tools to make it easy to maintain strong passwords.<\/li>\n
  4. monitor your network<\/strong> for remote connectivity, abnormal user activity and other red flags like large amounts of data transfer or changes. this may sound like a daunting task but artificial intelligence is very effective. while it is common during tax season for an accountant to log in and work at 3 a.m. it is probably not normal that he\u2019s logging in from uzbekistan, especially after typing in the wrong password 300 times.\u00a0 conditional access in office 365 and cloud app security are effective protections. they are affordable or already included in your existing subscription and not in use.<\/li>\n
  5. backup. backup. backup.<\/strong> despite hackers growing sophistication, backup systems remain the most important protection against total data loss. follow the \u201c3,2,1 rule of backup\u201d<\/li>\n
  6. \n
      \n
    1. \n