OAKVILLE, ON, March 1, 2016 - In recognition of Fraud Prevention Month and as a member of the Fraud Prevention Forum, Shred-it is examining the information security risks associated with tax-season to help business leaders mitigate the risk of fraud.
Tax-related fraud is an increasingly widespread problem for both individuals and businesses1. Identity thieves often use tax-season as an opportunity to undermine the information security of an organization by using sophisticated scams to gain access to confidential information. As businesses compile and evaluate highly confidential tax documents, their sensitive business and customer data can be exposed to an increased risk of fraud.
"Leaving documents and hard drives unprotected increases the risk of fraud and identity theft, especially around tax season when fraudsters are on high alert for sensitive material," says Bruce Andrew, SVP, Shred-it. "As such, business leaders need to be especially vigilant with sensitive business materials to minimize their chances of falling victim to tax related fraud."
The effects of fraud can be wide-reaching and can include financial loss, loss of customer data and damage to reputation in addition to occupying significant time and resources to correct the situation. The impact can be more significant on small businesses that lack the resources to manage the fallout of a serious breach. In some cases, a data breach could mean going out of business.
Shred-it has identified five solutions for common risks that business leaders should consider this tax-season to help reduce the risk of fraud:
Document Retention:
Risk: Businesses often question the amount of time they are required to retain confidential financial, employee and company data. These concerns are typically heightened when reviewing and storing materials during tax season.
Solution: Having a sound document retention policy ensures physical and digital documents are not held onto for too long. All documents should be kept in a secure, locked location or stored digitally in a password protected file before they're slated for destruction. When it's time to dispose of sensitive material, documents should be securely shredded.
Phishing Scams:
Risk: Identity thieves and fraudsters often capitalize on tax-season by impersonating government agencies, such as the Canadian Revenue Agency (CRA), or banks to request private account information or credentials. These fraudulent communications are designed to look legitimate and may insist that this information is needed for the organization to receive a refund or to avoid serious penalties. They may also urge the employee to visit a fake site where they are then asked to verify their identity by entering confidential information2.
Solution: Legitimate organizations like a bank or a government authority will not expect you to send personal information by an email or online3. Businesses should be vigilant when they received a fraudulent communication that claims to be from the CRA or any financial institution requesting private information. Account or credential information should never be entered into a link from an email, even if the site appears like a credible source's website. It is always a best practice to navigate to a secure site from your bookmarks or by typing in the website directly.
Unsecure Documents
Risk: As employees prepare the necessary information to complete a tax filing, confidential documents are often pulled from various location and digital copies are frequently printed to be used as backup material. This can result in loose paperwork being stored on desktops or left at printing stations leaving the sensitive data vulnerable to snooping and data theft, and available to outside staff such as cleaners and building maintenance.
Solution: Instituting a clear desk policy and having lockable storage units for employees can help protect confidential information not only during tax season, but throughout the year. Requiring employees to use a security code to complete a print job also ensures that confidential documents are not forgotten at printing stations.
Mobile Working
Risk: Preparing for tax season can result in employees having to work well into the evening or over the weekend. While the introduction of laptops, tablets, smart phones and external hard drives allow employees to work off-site during this busy period, it also means an immense amount of confidential information is leaving the office with them. A single lost or stolen laptop has the potential to seriously damage any business.
Solution: Employees must understand and take appropriate precautions when removing any data from their workplace. They must not leave hardware or materials in vehicles, and should encrypt phones and hard drives, and activate passwords on electronic devices. Once out of use, devices should be securely destroyed.
Cyber Security:
Risk: With the move towards digital storage, financial and tax related information is now stored on laptop hard drives, USBs, external hard drives or shared on cloud networks that can be accessed by multiple employees. Even if password protected, each of these technologies put organizations at higher risk due to the fact that they can easily be lost or accessed by hackers. Additionally, using a common password that multiple people know increases vulnerability to fraud.
Solution: All devices should be encrypted to protect the confidential information stored on them. Create long and strong passwords, with a mix of numbers, symbols, uppercase and lowercase letters that are routinely changed and kept private. It is also important to keep track of where all storage devices are at any given time. Robust policies and procedures can help protect an organization from a harmful data breach.
For more information on how to mitigate the risks associated with tax-season visit the Shred-it Resource Centre or download our online Infographic.
About Shred-it
Shred-it is a world-leading information security company providing information destruction services that ensure the security and integrity of our clients' private information. A wholly, owned subsidiary of Stericycle, Shred-it operates in 170 markets throughout 18 countries worldwide, servicing more than 400,000 global, national and local businesses. For more information, please visit www.shredit.com.
1 PWC the Risk of Tax Related Business Identity Theft
2 Canada Revenue Agency – Protect yourself against fraud
3 Competition Bureau "Little Black Book of Scams: Page 14