Cyber liability during tax season

Five tips to avoid being a tax fraud target

Data breaches perpetrated by identity thieves hurt your company’s bottom line. The average total cost for organizations in the United States is $7.35 million, according to the 2017 Ponemon Cost of Data Breach study. And the average cost for each lost or stolen record is $225, up 12 percent from a year ago.

Identity thieves target companies — and the employees who work for them. Here are five ways you can avoid the harpoon.

1. Trust, but verify

Any unusual requests to send funds or employee information should be confirmed through an alternate communication channel. Criminals can spoof an executive's email address — and even their typical phrasing.

Employees receiving unusual requests from executives, vendors, or business partners should always follow up — at the very least — with a phone call to confirm the request. If it's that important, they will be sure to pick up the phone.

2. Check your website

Corporate websites often include contact information for top executives and customer-facing personnel, but too much contact information can help scammers target weak links.

Conduct a website audit to ensure contact details for lower level employees — especially those in finance — are not available publicly. Thieves target the employees most likely to have wire transfer capabilities.

3. Watch for “out of band” requests for W-2s

Requests for employee tax information from hackers are a growing threat. These attempts are the easiest to prevent. An "out of band" request is a request outside of the typical chain of command. There are very few legitimate circumstances when a CEO, CFO, or other top executive would request employee W-2 information from lower-level employees.

4. Be aware of urgency

Scammers are likely to send requests conveying a great sense of urgency, hoping that an unsuspecting employee will send now, think later. The scammers will make the employee believe they will be reprimanded by leadership if they do not act immediately. Senior leadership should reinforce the importance of taking the necessary precautions to safeguard information.

5. Don't enable social sleuthing

Some scammers will take advantage of executives who publicly post about their vacations or travel plans on social media, and then prey on lower-level employees by sending an email requesting highly sensitive employee information or a wire transfer to a third-party on their behalf. As a best practice, employees of all levels should be careful what they make public on social media.

For more information

Visit our Cyber Liability page and learn more about data breaches, how your business may be exposed to them, and what we can offer. Contact your local agent today for a quote.




Content provided by Beazley,