3 Tips for Businesses To Stay Vigilant About Cyberattacks

Businesses of all sizes face a variety of identity theft-related schemes which try to obtain information that can be used to file fake business tax returns or use customer data for identity theft. It is important to protect yourself from criminals targeting your business’s credit card or payment information, business identity information, or employee identity information.

cyberattacksHere are some cybersecurity basics to help business owners protect their businesses and reduce the risk of a cyberattack.

1. Follow cybersecurity best practices

Businesses are encouraged to follow best practices from the Federal Trade Commission, including:

  • Use multi-factor authentication.
  • Set security software to update automatically.
  • Back up important files.
  • Require strong passwords for all devices.
  • Encrypt devices.

More information is available at FTC’s Cybersecurity for Small Businesses.

2. Look out for Form W-2 theft schemes

In addition to phishing and other scams, all employers should remain alert to Form W-2 theft schemes. For example, a thief may pose as a company executive who emails payroll employees and asks for a list of employees and their W-2s. Businesses often don’t know they’ve been scammed until an employee reports that a fraudulent tax return has been filed.

There’s a special reporting procedure for employers who experience the W-2 scam, which is available in the Identity Theft Central’s business section.

3. Keep your EIN application information current

Businesses should report changes of address or responsible party information using Form 8822-B. Changes in the responsible party must be reported to the IRS within 60 days. Current information can help the IRS find a point of contact to resolve identity theft and other issues.

What if I suspect a fraudulent tax return has been filed?

The IRS has Form 14039-B, Business Identity Theft Affidavit, which allows companies to proactively report possible identity theft to the IRS when, for example, an e-filed tax return is rejected.

Businesses should file the Form 14039-B if it receives a:

  • Rejection notice for an electronically filed return because a return is already on file for that same period.
  • Notice regarding a tax return that the entity didn’t file.
  • Notice about Forms W-2 filed with the Social Security Administration that the entity didn’t file.
  • Notice of a balance due that is not owed.

This form will enable the IRS to respond to the business and work to resolve issues created by a fraudulent tax return. Businesses should not use the form if they experience a data breach but see no tax-related impact. For more information, see Identity Theft Central’s business section.

We can help with your cybersecurity needs

Buchbinder’s team of professionals are fully equipped, experienced, and committed to assisting clients with their cybersecurity needs. Buchbinder Information Technology Solutions helps clients assess inherent and residual cybersecurity risks to their organizations and improve the effectiveness of internal controls over sensitive data. Contact us today to discuss your specific situation.


Join Our Newsletter

Sign up to receive exclusive newsletters with the latest information affecting you and your organization.

Posted in