Do you think the IRS is protecting your personal information from cyber thieves? Apparently the Government Accountability Office (GAO) doesn’t think so. In a March 2016 report titled, “IRS Needs to Further Improve Controls Over Financial Taxpayer Data”, the GAO found that 28 vulnerabilities that the IRS claimed to have resolved have still not been fixed.
The GAO report found that, “without proper safeguards, computer systems are vulnerable to individuals and groups with malicious intentions who can intrude and use their access to obtain sensitive information, commit fraud and identity theft, disrupt operations, or launch attacks against other computer systems and networks.”
The Typical Tax Scam
Cybercriminals used the IRS’ Get Transcript program to steal hundreds of thousands of data records. The Get Transcript program allows taxpayers to access their tax history online.
The typical IRS tax scam involves a hacker using a stolen social security number to file a false tax return with the intent of receiving a fraudulent refund. What are the results if you fall victim to this trap? The best case scenario is that you will need to file a paper return for the year, which can become very cumbersome for businesses. The worst case scenario is that your identity will continue to be used by the thief.
How Can You Protect Yourself and Your Business?
On the front end, there’s little you can do to protect yourself from the IRS’ lack of sufficient safeguards for your personal information other than complain to your elected representatives.
On the back end, individuals can and should have a personal identity theft protection and restoration plan. These plans typically monitor your credit records for unusual activity and provide assistance if you have been hacked. These plans are relatively inexpensive and many employers offer them as an employee benefit. Check with your HR representative to see if your employer has a plan you can use.
For businesses, we highly recommend an organizational threat intelligence program like Dark Web ID.
Among its many features, Dark Web ID monitors the hidden part of the internet where cybercriminals sell stolen data in peer-to-peer intranets. Verizon discovered its recent hack when its information was offered for sale on the Dark Web.
A good threat intelligence platform also helps with data breach incidence response planning and monitors an organization’s supply chain for vulnerabilities. To see how you can protect your organization’s sensitive data and proprietary intellectual property, schedule a free demo of Dark Web ID with us.