Light Dark
March 8, 2016 By Rick M Robinson 2 min read
Government

Without much fuss or public notice, millions of Americans are now taking part in one of the most challenging cybersecurity operations in the world: submitting tax returns online. How this almost unimaginable wealth of personal and business financial information is kept secure is its own story, and one that the Internal Revenue Service (IRS) stays very quiet about.

But the IRS is talking to taxpayers, both individuals and businesses, about safeguarding their financial data online by providing security tips in an ongoing series. These tips offer a concise picture of today’s leading threats to financial data and the measures that people should be taking to protect it.

The World’s Leading Custodian of Sensitive Financial Data

The IRS is in a position to know something about financial data security. If old Bond movie villains wanted to break into Fort Knox, today’s cyberthieves could dream of nothing sweeter than hacking into the IRS and stealing every American’s tax records, which are filled with detailed financial information.

While the agency did not discuss its data safeguarding measures in the release, it did talk about how people and firms should protect their own data.

Of seven security tips in the initial release, the first two are about security software: Have it, use it correctly and allow it to update automatically. In fact, automatic updating is so important that it gets its own tip. Security professionals might add automatic updating of the operating system since these updates include critical security patches. Protective software is a primary defense against attack.

The third tip is to look for HTTPS in a URL. HTTPS pages apply encryption that HTTP sites do not, and users should be wary about submitting information through unsecured avenues.

Next, the IRS advised taxpayers to use strong passwords. Suggestions are provided for stronger passwords, though many websites now let users know how strong a password is, with guidance on making it stronger.

Ensure that a business or home wireless network is secure. This is classic endpoint protection and remains the first step in keeping intruders at bay. Similarly, the IRS warned about the use of public wireless connections. While this is mainly applicable to individuals, enterprises must be aware of employees or partners who could be using public Wi-Fi and putting corporate data at risk.

The seventh and final tip is to be wary of phishing attempts. Start by educating employees as to what phishing is and how to recognize it. This tip noted that the IRS is among the organizations that phishing attempts may impersonate — we tend not to ignore notices from the IRS. Users should double-check all communications from state and federal agencies to ensure they are legitimate.

Security Tips for the Times

Those familiar with cybersecurity issues won’t find any surprises in these initial IRS online financial security tips. They addressed the major contemporary threat vectors: software vulnerabilities, wireless connections and social engineering campaigns that exploit the human factor. They outlined the basic precautions of protecting a system and its endpoints, including passwords, and advised the basic wariness needed to elude social engineering attacks.

None of this is revolutionary, but it’s important to note that the IRS takes tax refund fraud and identity theft seriously. Tax season may be a pain, but it is good to know that when it comes to data security, the tax man has our backs.

 |  |  |  |  |  | 
Rick M Robinson

More from Government
October 17, 2023

Cyber experts applaud the new White House cybersecurity plan

4 min read - First, there was a strategy. Now, there’s a plan. The Biden Administration recently released its plan for implementing the highly anticipated national cybersecurity strategy published in March. The new National Cybersecurity Strategy Implementation Plan (NCSIP) lays out specific deadlines and responsibilities for the White House’s vision for cybersecurity. The plan is being managed by the White House’s Office of the National Cyber Director (ONCD). Cybersecurity experts have applauded the Administration’s plan as well as the new implementation calendar. For example,…

September 19, 2023

How the FBI Fights Back Against Worldwide Cyberattacks

5 min read - In the worldwide battle against malicious cyberattacks, there is no organization more central to the fight than the Federal Bureau of Investigation (FBI). And recent years have proven that the bureau still has some surprises up its sleeve. In early May, the U.S. Department of Justice announced the conclusion of a U.S. government operation called MEDUSA. The operation disrupted a global peer-to-peer network of computers compromised by malware called Snake. Attributed to a unit of the Russian government Security Service,…

September 18, 2023

How NIST Cybersecurity Framework 2.0 Tackles Risk Management

4 min read - The NIST Cybersecurity Framework 2.0 (CSF) is moving into its final stages before its 2024 implementation. After the public discussion period to inform decisions for the framework closed in May, it’s time to learn more about what to expect from the changes to the guidelines. The updated CSF is being aligned with the Biden Administration’s National Cybersecurity Strategy, according to Cherilyn Pascoe, senior technology policy advisor with NIST, at the 2023 RSA Conference. This sets up the new CSF to…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature