The IRS Security Breach - How to Protect Yourself
"The IRS announced today it will be notifying taxpayers after third parties gained unauthorized access to information on about 100,000 accounts through the “Get Transcript” online application.
The IRS determined late last week that unusual activity had taken place on the application, which indicates that unauthorized third parties had access to some accounts on the transcript application. Following an initial review, it appears that access was gained to more than 100,000 accounts through the Get Transcript application." - https://www.irs.gov/uac/Newsroom/IRS-Statement-on-the-Get-Transcript-Application<
Soon, some will receive notification from the IRS that their personal information was compromised. This follows announcements from multiple retailers that they too mishandled private data <that should never have been made public. With ubiquitous weak points in security, and intelligent criminals with a financial incentive, what can ones do to protect themselves, and what can small businesses do to protect their clients?
Unfortunately, there are no easy solutions, but there are different intelligent options that businesses and individuals can take that we would enjoy discussing with you<. In the meantime, here are two suggestions that you can put into practice:
Individuals: Be Skeptical, Plan for Privacy, Don’t Lose Sleep<
There are swindlers aplenty trolling thousands via email, telephone, and through personal contact. Having a balanced skepticism will serve you well. Never give out personal information unless you are confident of the person you are disclosing it to, and ideally you reached out to them. Our office regularly hears from ones who have been contacted by fake IRS or DOR agents, telling them that they need to pay now—over the phone—or be arrested.
Plan for privacy by being discreet in your business dealings, and limiting outgoing information. Follow document retention guidelines, and then if there is no reason to extend those deadlines, shred the information. Support businesses that confirm you are who you say you are, even when it is inconvenient. If you do feel like they are not doing enough to protect your privacy, tell them. If they do not improve, deal with someone else when possible.
Finally remember, these breaches are happening at large organizations outside of your control. If your information is lost or misused, work to correct it;take steps to protect yourself; and sleep well knowing you have done what you can.
Businesses: Speak to your Staff about Security, Do it Again, Then Reread This Line<
The vast majority of breaches occur from an overly forthcoming insider, an Internet link that should not have been followed, or an easily guessable password. All members of your organization need to understand what the internal and external consequences are be when policy is not followed. Executive staff often have access to the most sensitive data, and thus need the most reminders.
Train, Encrypt, Shred.