Skip links

Last Minute Security Reminders For Year-End Season

With year-end season upon us, businesses everywhere can expect an uptick of security tests to their systems. This is the time of year where every employee should refresh themselves on some basic practices for protecting personal and client information. 

Tax filing months can be stressful enough on their own, and with the added complexities of managing a consistent experience for remote and hybrid workers, handling security threats can be overwhelming for even the most competent organization. The good news is that securing tax and employee information is possible as long as steps are taken to proactively ensure protection. 

It comes down to staying diligent, practicing good security procedures and keeping tools current and optimized. Knowing your client and having a grasp on what is reasonable and expected can make all the difference this year-end season.

Be Aware

Security threats have only increased with shifts to remote work and digital environments, making 2021 a record year for data breaches according to the Identity Theft Resource Center. Protecting I-9 management systems, tax documents and other employee information is critical to your organization’s wellbeing, longevity and productivity in this extra threatening year-end season. During these times, additional awareness can help you anticipate outside security breaches and focus on how to combat these risks.

It is an undeniably dangerous reality, as the Manager of InfoSecurity at CIC Plus emphasizes: “It is as bad as they say and they are out to get you.” Be aware, trust your tools and processes and most importantly, expect external threats.

Know Your Client

At the core of preventing security risks is ensuring all employees are familiar with their clients. That’s why many employers adhere to the guidelines referred to as “Know Your Client” (KYC), which is common practice for many financial institutions. The KYC standards used by financial institutions can be applied to employers looking to keep scammers out of employee information and tax documents, as well as stopping breaches in regular correspondence. After all, if you’ve built up a relationship with your clients for quite some time, you should know how they communicate, their styles and what they typically need from you. 

Most simply, knowing your client means doing your due diligence to verify the identity of any individual you’re corresponding with and qualify the legitimacy of any request made. .  Sensitive data taken for harm can be easily extorted if the customary interactions aren’t properly noted and taken into consideration. 

Be aware of unusual or suspicious messages from clients and employees alike. Phishing scams are one of the most common types of cyber attack according to the FBI, and incidents have doubled in frequency in the last two years. Most of these will come through emails, although websites, calls and texting have been known to occur as well. 

Trust the rapport you have with your clients. Know what’s reasonable, expected and customary in terms of emails and other forms of communication. There are numerous ways for information to be extorted, including new direct deposit requests, a password reset, wire transfer, W-2 requests and more.

Be Aware of What’s Unreasonable 

When all employees are briefed on knowing each client or team member, and are aware of unreasonable and unrealistic requests, it becomes that much easier to react to the abnormal ones. Best practices can be formed with this foundation of information, and client and employee data can be better protected. 

For example, the president of your company is never going to call, email or text and ask for your W-2 information, no matter how exceptional you are as an employee. Out of the ordinary messages are cause for concern, especially if they come from places of authority and are tagged with signals of how urgent they are and include dangerous links. When workflows are automated, flows of information are handled and updated without the need for overwhelming email exchanges – scams become all the more obvious when they appear in your inbox.

When an email arrives from a trusted user requesting a password reset or data for tax purposes, you should be on high alert. 

Respond, not to the email or by clicking the link that’s likely attached, but by using your resources to directly contact the supposed sender. Reach out through the number you have on file, so that the issue can be swiftly dealt with without any information lost.

Avoid business email compromise year round, but particularly in the influx of activity that year-end brings. Businesses face increasing threats as others take advantage of the additional activity as scammers bank on employee carelessness and error. Verify the identities and authenticity of requests as they arrive. Resist the temptation to just scratch a to-do item off of your list, it can result in even longer and messier tasks to recover lost information and reset account data. 

Report it

When unusual emails arrive, don’t downplay them. Report all fraud or suspicious activity, and get your security team involved. Notify the appropriate authorities, and inform your team that valuable data is being threatened. When it comes to protecting information, full transparency is the key to keeping your files and documents safe.

If you do become a victim of identity theft, the Federal Trade Commission can help. Report the occurrence and receive information to resolve financial issues and other problems that can come from identity theft. The IRS offers a similar, tax-related service complete with employer recommendations on how to best avoid tax frauds.

CIC Plus provides systems to help businesses avoid security threats in a remote world with secure and automated processes. Connect with our team to learn about streamlining the year-end payroll process, increase consistency with less gaps for breaches within your tax withholding experience and equip yourself with the tools needed to protect your information. 

Contact CIC Plus today to learn more.