Ways to Combat Business Identity Theft

Aug 9, 2017Business

The IRS and state tax authorities have made significant strides in curbing individual identity theft over the last two years. But cyber attacks against businesses are on the upswing. Here are some simple ways business taxpayers can help protect their data from hackers.

Trends in ID Theft

The IRS recently announced the number of individualsreporting identity theft in the first half of 2017 has declined dramatically compared to 2015 and 2016. For the first five months of 2017, about 107,000 individual taxpayers reported stolen IDs. In comparison, 297,000 victims filed reports during the same time period in 2015 and 204,000 in 2016. Put simply, individual ID theft dropped 47% over the last year. The IRS attributes the decrease to safeguards put in place during the 2016 Security Summit. Unfortunately, the IRS has also noted an increase in ID theft involving business tax returns. While the number of businesses affected was relatively low, the potential dollar amounts were significant:

YearEstimated business ID theft cases through June 1Estimated losses
2015350 tax returns$122 million
20164,000 tax returns$268 million
201710,000 tax returns$137 million

The victims of business ID theft include corporations, estates and trusts, and partnerships. These days, hackers are bolder and increasingly tax savvy in their scams. For example, they may use stolen data to file bogus business tax returns and then collect refunds. Or they might post the stolen data for resale on the so-called “Dark Net” so other criminals can file fraudulent tax returns. Smith Schafer has been helping clients take appropriate security measures to prevent business ID theft, but problems persist. “We need help from the tax community to combat cybercriminals and raise security awareness,” IRS Commissioner John Koskinen noted.

Ways to Combat Business ID Theft

Because business ID theft can be so costly, prevention and early detection measures are critical. Here are some simple, but effective, security measures you should consider:

  • Make cybersecurity a top priority. Similar to an annual business plan, your company needs a formal cybersecurity plan that identifies a step-by-step approach for detecting ID theft. When breaches happen, your plan should trigger a prompt, thorough response.
  • Safeguard intellectual property. Companies should store all employee and customer data, along with other proprietary records, such as financial statements and prior years’ tax returns, in a safe location. Shred nonessential documents before throwing them out, and limit access to your employer ID number to parties with whom you initiated the contact. Share sensitive information via the Internet or email only if the recipient is trusted (such as your lender or tax preparer) and the site is secure.
  • Use the latest cybersecurity technologyThis includes firewalls, antivirus and antimalware software, and spam filters. Also exercise common sense: Don’t download files, click on links, or open pop-ups or attachments sent from unknown sources. Stored files should be encrypted for your protection and for the benefit of customers.
  • Educate employeesConduct periodic training sessions to remind employees about the latest scams, such as phishing emails where hackers pose as familiar businesses or colleagues to steal sensitive information. They should also be aware of your cybersecurity plan and each person’s role if a breach occurs.
  • Use prepaid credit cards for purchases. Prepaid employee credit cards limit your potential for losses when employees make purchases from suppliers and vendors. If a card is breached, the company can lose only what’s prepaid and you can immediately deactivate the card.
  • Monitor business credit reports. It does not take much effort to monitor your company’s profiles from the three major business credit bureaus: Equifax, Experian, and TransUnion. Subscribe to their monitoring services for round-the-clock access. What’s more, you can choose to receive real-time email notifications about suspicious activities affecting your company’s credit rating.
  • Guard your master list. Some companies track all their accounts and passwords in a master list, which can be convenient, but dangerous. A dishonest employee or hacker who manages to gain access to that list has the key to all your company’s information in one fell swoop, so you’ll need to be extra cautious with security measures.
  • Finally, contact your Smith Schafer professional promptly if you believe you have been victimized. We can help you get in touch with the appropriate law enforcement authorities, business credit bureaus and financial institutions.

No Guarantees

No preventive measure is 100% fail safe. The IRS and tax preparers are expanding their efforts to educate businesses and prevent breaches. You can also help lower your risk by crafting a formal cybersecurity plan, educating employees and implementing various other proactive security measures. If you have questions or concerns about your situation, ask your Smith Schafer professional for help.

Related Industry Posts

Steps to Organize for Tax Preparation

Steps to Organize for Tax Preparation

As we approach the end of the year, Smith Schafer would like to help you reduce the stress related to filing taxes. It is important to organize your receipts, forms, and other documents well before tax time.

read more
Year-End Payroll & Reporting Guide

Year-End Payroll & Reporting Guide

Year-end is the time to finish out one year while planning for the next. As the end of 2021 approaches, we want to remind you of various payroll and Form 1099 related changes, as well as other items to consider when processing your year-end forms.

read more

Subscribe to our blog

SEND US A MESSAGE

We appreciate your interest in Smith Schafer and would love to hear from you. So please complete this form or feel free to email us directly at: [email protected]