Keeping Sensitive Data Safe from Cybercriminals
As you know, tax preparation these days is all about the data. There’s your data – e-Services logins, tax software and business data; and there’s client data – the bits and pieces we put together to make a successful income tax return. And here’s the sad truth: all those bits and pieces – no matter whose data it is – are extremely valuable to criminals just waiting for their chance to grab it.
We’ve used the analogy of a castle under siege before and it still applies here. Imagine your office, whether a large concern or a one-man band, as a castle. The hackers and identity thieves are like the barbarians of ancient times, looking to break into your castle and take whatever they can grab.
Your data is their gold. It resides in the innermost area of your operation – the castle keep. To keep it all safe, we need to keep the barbarians outside the gates. Medieval castles had multiple gates and defenses so that if attackers cleared one defense, they ran into another.
That defensive strategy works in your office as well.
And one of the best defenses you can mount that can keep the barbarians outside the drawbridge is the use of strong passwords on all your logins. Passwords are your keys to access your computer, email and all your information – as well as the processes outside your office, such as e-Services. The best way to keep the attackers at arm’s length is through strong (as in “complex”) passwords.
Design Your Castle
It was often true in medieval times that is if the invader showed up with enough catapults and rocks, he could gain access through any castle walls. Even with enough ammunition, though, frequently the attackers decided that starving the castle occupants was faster.
The argument can be made that any password can be cracked given adequate resources and enough time, but stronger passwords can convince an attacker that it will take them too long to get in – and to consider going elsewhere.
Longer passwords are safer and more difficult for the average barbarian to guess. Strong passwords are at least eight characters long, but longer is better. The password should include a combination of letters, numbers and symbols or special characters. The best choice will include at least one upper case letter, one lower case letter, one number and one symbol or special character.
It’s best not to make guessing a password too easy on your opponent. Don’t include personal information in your passwords. Things like the names of your brothers or sisters, your children or pets are all available on social media, and that makes them all too easy to be used against you.
As tempting as it may be, avoid using the same password for all your information systems, accounts or devices. That’s like having just one key to every gate in the castle. If that one key is captured, it’s a short walk for the barbarian from the battlements right into the castle keep.
Substitute numbers and symbols for letters in words or phrases in your password to make it harder to guess. And as obvious as this may sound, never share your passwords with anyone.
Lastly, beware of attempts to trick you into revealing your passwords. These “phishing” attempts may be in the form of official-looking emails that ask you to “verify” your login credentials. Never click on any links in unsolicited emails. Be suspicious of such communications – and skeptical.
With all these calls for separate, involved passwords, you may be feeling a bit like King Arthur’s dungeon-keeper about now. But be of good cheer. The Department of Homeland Security has offered “Creating a Password Tip Card,” that can help you build passwords that can keep the barbarians at bay.
And for more information on keeping your castle safe, visit the IRS’ Protect Your Clients; Protect Yourself web page for the latest alerts and tips for increasing your cyber-security.