Back to Blog Listings

It’s time for taxes, not a data breach.

It’s no surprise, the 2018 tax season is here, and with it – a heightened concern for the security of employee data. Let’s take a moment to analyze the current trends, what you can do to take matters into your own hands, and how you can protect your employees’ information from being jeopardized in a cyber breach.

Combine the post-Equifax landscape with the W-2 scams even the IRS warns us about, and it seems clear that people are worried about their data for good reasons. If you have a heartbeat (and perhaps even if you don’t), there’s an actual probability that someone has already accessed your social security number or other identifiable personal information. If it hasn’t been used yet, it may just be a matter of time. While the IRS tries its hardest to combat the occurrences of fraudulent tax returns, and they are doing a better job than ever before, most estimates have them paying out millions for data stolen from calls, emails, or phishing scams from W-2 data.

As an employer, what can you do to help protect your employees?

First, lock down the data. The fewer eyes on personal employee data, the better. Keep your circle of employees who handle sensitive information as small as possible. If a request for data or copies is made from outside that circle, your company should have a reporting procedure in place to double check and verify every request, with no exceptions. Also, remind your employees that the earlier they file their taxes, the less chance scammers have to file in their name.

Second, talk to your HR and Payroll employees. Remind them that anyone within the organization who has access to records should always have an eye out for data security. Malware can live in email attachments, downloads, websites, and even Facebook posts. If employees understand the risks and costs associated with clicking on questionable links, attachments, or social media posts, they might think twice. Education is key and employees should always feel comfortable calling IT if they have any questions about a link or attachment they accidentally opened.

Third, remind your employees that the IRS will never try to obtain personal information of any kind via email, text, social media, or an automated call. If this occurs, it’s a scam and should always be treated as such.

Remember, taking the time to be mindful and aware (and making sure your employees are, too) is always a key step to keeping your company’s data as safe and secure as possible.




International Revenue Service; ADP; CNBC