Small businesses, unfortunately, don’t fly under cyber-criminals’ radar, as shown by recent SBA loan attacks. Fortunately, there are proactive steps you can take now to protect your data this tax season. Use these 5 tips to reduce your risk of being hacked. 1. Embrace Basic Computer Security Start with the basics as lax computer security increases your risk of identity theft and makes you easy prey for hackers. Checklists from the IRS, CyberManiacs, and Comparitech include common recommendations. Keep Software Up-to-Date Don’t ignore those “update now” messages. Software updates plug security holes that make your software vulnerable to attacks. Be sure to update all software, including your operating system, your browsers, and your tax software. Use Strong Passwords Avoid using high-risk passwords. Password cracking software can crack weak passwords like “LoveRain” in the blink of an eye. Hackers also use the information you share on social media—like your top 3 favorite bands—to guess your password. Use a password manager (rather than a sticky note on your computer monitor) to store your passwords. This requires you to only remember 1 password rather than 100 unique passwords. And you are using unique passwords for each account, right? If you aren’t, then take steps now to fix that. If you use the same password for your email and bank account logins, then you risk both accounts being compromised if that shared password is stolen. Enable Multi-Factor Authentication Turn on multi-factor authentication (MFA) everywhere you can. In a nutshell, MFA means at least 2 pieces of information are required to authenticate. That might be a password plus a 6-digit code sent to your email, or it could be your thumbprint plus a push-notification to your phone. While it’s annoying to take that extra step to log in, it can save you from spending hours recovering from identity theft. Avoid Using Public Wi-Fi Resist the temptation to use public Wi-Fi, which sends your data over an unencrypted channel. That “just this once” email you send with a sensitive document attached may come back to haunt you when it’s intercepted by a man-in-the-middle attack. If you must use public Wi-Fi, use a virtual private network (VPN) to reduce your risk. Secure Electronic Documents You lock important physical papers in a file cabinet, so treat your electronic documents with the same care. This security is especially critical during tax season when you download tax documents from various sources. How often do you save a file to your hard drive with the intention of securing it later? But then you get busy and forget that the document with your SSN resides in the unsecured “Downloads” folder. Therefore, it’s best to always put electronic documents where they belong—into folders restricted by security permissions. 2. File Early Procrastinators—this piece of advice will hurt a bit. The National Initiative For Cybersecurity Careers and Studies recommends filing your taxes as early as possible. The IRS only accepts one tax filing per SSN or EIN, so filing early may prevent scammers from attempting to file as you. 3. Use a Professional Tax Preparer Hire a professional tax preparer, as the Federal Trade Commission (FTC) doesn’t allow professional tax preparers or accountants to “wing it” when it comes to protecting your data. The FTC requires them to have a written information security plan outlining the steps taken to safeguard your information. How you deliver your data to your tax preparer is also important. Hand-delivery is the most secure method, but your tax preparer should provide a secure portal where you upload your documents. Avoid using shared sites like Dropbox or Google Drive to transfer documents. And don’t risk sending an email with a password-protected attachment—those can easily be decrypted. Using an online bookkeeping service like Lendio's software can help reduce the chaos at tax time. Most of your documents will be in one electronic spot, reducing the likelihood that you’ll have hard copies lying around for prying eyes to see. 4. Stay Alert to Avoid Phishing Schemes You're not paranoid. “They” are out to get you. Hacking has become a sophisticated business —gone are the days of the obvious fraudulent emails full of misspelled words. Phishing schemes, where hackers attempt to trick you into handing over your login information, can be very realistic. Be vigilant and perform due diligence before entering your information into a website or answering questions from a random caller. Consider typing in a website address yourself (e.g., irs.gov) rather than using the “click here” link in an email. If the IRS calls you and asks for personal information, it’s a hoax. Hang up and instead initiate a call to the IRS for clarification. News programs and government websites report the “scams of the season” as they occur. Pay attention to these to avoid repeating other taxpayers’ mistakes. 5. Steps to Take After You File Protecting your tax data includes post-filing steps like shredding irrelevant physical papers. Treat your electronic documentation with the same care by deleting what you don’t need and moving sensitive documents off your computer onto an alternative secured storage device like a CD or flash drive. While it’s impossible to be 100% secure, you can follow these tips to protect your data during tax season and beyond. The information provided in this post does not, and is not intended to, constitute tax advice; instead, all information, content, and materials available in this post are for general informational purposes only. Readers of this post should contact their tax professional to obtain advice with respect to any particular tax matter.