Scam Alert: Tax Season Is Identity Theft Season

Should you be concerned about taxpayer identity theft? Here’s a hint. Tax Identity Theft Awareness Week starts February 3, 2020. As a general rule, anything worthy of having its own dedicated Awareness Week deserves your full attention.

Tax-related identity theft occurs when someone uses stolen personal information to file a tax return claiming a fraudulent refund. The problem has become so serious that the Internal Revenue Service has issued numerous publications about safeguarding taxpayer data and preventing identity theft. According to the IRS, you should be alert to possible tax-related identity theft if:

  • you get a letter from the IRS inquiring about a suspicious tax return that you did not file;
  • you can’t e-file your tax return because of a duplicate Social Security number;
  • you get a tax transcript in the mail that you did not request;
  • you get an IRS notice that an online account has been created in your name or that your existing account has been accessed or disabled when you took no action;
  • you get an IRS notice that you owe additional tax or refund offset, or that you have had collection actions taken against you for a year you did not file a tax return; or
  • IRS records indicate you received wages or other income from an employer you didn’t work for.

To protect against taxpayer identity theft, the IRS recommends that taxpayers:

  • Use current security software (firewalls, virus/malware protection, file encryption). Make sure it updates automatically.
  • Treat personal information like cash. Don’t leave it lying around.
  • Use strong, unique passwords and 2-Factor Authentication.
  • Avoid phishing scams and malware that often come in emails that appear to come from a trusted source and emails with urgent messages.

Finally, the IRS wants everyone to know that they will never:

  • initiate contact by email, text or social media to request personal or financial information;
  • call taxpayers with threats of lawsuits or arrests; or
  • call, email or text to request taxpayers’ Identity Protection PINs.

When preventative measures fail, insurance is available to help victims through the often expensive and time-consuming process of recovery. Please contact us if you would like more information about insurance specifically designed to protect against identity theft.

Cybersecurity Tips for Small Businesses

When it comes to data security breaches, things aren’t getting any better. According to Risk Based Security’s 2019 MidYear QuickView Data Breach Report, more than 3,800 data security breaches were reported in the first six months of 2019. More than 4.1 billion records were compromised. When compared to midyear 2018, the number of reported breaches is up 54%. The number of exposed records is up 52%.

Breaches involving big businesses make the headlines, but small businesses are at risk too. According to the Federal Communications Commission, every small business needs a cybersecurity strategy to protect their business, their customers and their data from constantly growing and evolving cybersecurity threats. The FCC has the following tips for small businesses.

Train Employees. Educate employees about data security. Establish basic security practices, policies and Internet use guidelines that include specific penalties for violations.

Protect Data, Devices and Networks. Using the latest security software, web browsers and operating systems can help defend against viruses, malware and other threats. Set antivirus software to run a scan after each update. Install other key software updates as soon as they are available.

Protect Mobile Devices. Mobile devices, particularly those with sensitive data or network access, can create significant security risks. Require employees to password-protect devices, encrypt data and install security apps to protect data on public networks. Implement and enforce reporting procedures for lost or stolen equipment.

Backup Sensitive Data. Require regular backups of critical data, including documents, spreadsheets, databases, financial files, human resources files and accounting files. Backup data automatically if possible, or at least weekly. Store backups offsite or in the cloud.

Secure Wi-Fi Networks. Make sure networks are secure, encrypted and hidden. Network names should not be broadcast. Routers should be password protected.

Limit Access and Authority. Employees should only have access to data needed to do their jobs. Employees should not be able to install any software without permission.

Passwords and Authentication. Require employees to use unique passwords and change passwords every three months. Consider implementing multi-factor authentication that requires additional information beyond a password to gain access.

Data security threats have become a constant concern for small businesses. Implementing, maintaining and updating security policies and procedures is important, but it’s not always enough. Small and medium-sized businesses should have Cyber Perils Insurance Coverage to protect against various cyber threats and liability exposures, including the cost of complying with data breach notice laws.

Please contact us if you would like more information about insurance specifically designed to protect against cyber threats and data security breaches.

Did You Know…Data Breaches Exposed More Than 18 Million Records PER DAY?

It looks like 2018 is going to be a record year for data breaches…in a bad way. Gemalto, a global digital security provider, released its Breach Level Index for the first half of 2018. It revealed a mix of good, bad and ugly. When compared to the first half of 2017, the number of data breaches worldwide actually went down. Unfortunately, the number of lost, stolen or compromised data records went up. Now for the ugly. This number went up 72 percent!

During the first six months of 2018, there were 944 data breaches worldwide, nearly 60 percent occurred in North America. As a result of these breaches, more than 3.3 billion data records were compromised or exposed. That works out to 18.5 million records per day. Nearly three quarters of a million records per hour!

According to the Breach Level Index:

  • More than 76 percent of the records breached involved social media, including breaches at Facebook (2.1 billion records) and Twitter (336 million records).
  • Malicious outsiders caused 56 percent of the data breaches.
  • Attacks by malicious insiders fell by 60 percent.
  • 879 million data records were lost by accident.
  • Identity theft remains the leading type of data breach.
  • The number of records stolen through identity theft breaches increased by 757 percent.
  • Financial access incidents decreased in frequency but increased in severity.
  • The healthcare industry experienced the most data breaches of any industry (27 percent).
  • 20 percent of all breaches had an unknown number of compromised data records.
  • Only one percent of the compromised data records were encrypted.

Data security has become a universal concern. Every business is at risk. None are immune. This explains the growing popularity of cyber liability insurance policies. Businesses can purchase Cyber Perils coverage to protect against various cyber threats and liability exposures, including the cost of complying with data breach notice laws.

Please contact us if you would like more information about insurance specifically designed to protect against cyber threats and data security breaches.