06.26.2018

Business Identity Theft–Is Your Data at Risk?

Blog, Small Business Tax, Tax Services

The IRS and state tax authorities have made significant strides in curbing individual identity theft over the last several years. With a decrease in individual identity theft, cyberattacks against businesses are on the upswing now. Here are some simple ways business taxpayers can help protect their data from hackers.

Trends in ID Theft
In February, the IRS released that individual identity theft reports dramatically decreased in 2017 from reported incidents in 2015 and 2016. Their report stated that the IRS received 242,000 reports of individual identity theft from taxpayers, down 40% from the 401,000 reports in 2016. This was a second year of decline for these figures, dropping from 677,000 victim reports in 2015.

In the same three-year period, the number of tax returns with confirmed identity theft declined to 597,000 in 2017, compared to 883,000 in 2016 – a 32 percent decline. The amount of refunds protected from those fraudulent returns was $6 billion in 2017, compared to $6.4 billion in 2016. In 2015, there were 1.4 million confirmed identity theft returns totaling $8.7 billion in refunds protected. Overall during the 2015-2017 period, the number of confirmed identity theft tax returns fell by 57 percent, with more than $20 billion in protected taxpayer refunds. Thanks to safeguards put into place by the Security Summit, these trends should continue for individuals into 2018.

Unfortunately, the IRS has noted an increase in identity theft among business tax returns. While the number of businesses affected was rather low, the potential dollar amounts were substantial:

YearEstimated Business ID Theft Cases
(through June 1)
Estimated Losses
2015350 tax returns$122 million
20164,000 tax returns$268 million
201710,000 tax returns$137 million

The victims of business ID theft include corporations, estates and trusts, and partnerships. These days, hackers are increasingly daring and tax savvy in their schemes. They may use stolen data to file bogus business tax returns and then collect refunds, or they might post the stolen data for resale on the “Dark Net” so other crooks can file the fake tax returns.

While the Security Summit has enacted many safeguards against business ID theft, and tax professionals have been educated to help clients take appropriate security steps to prevent it, problems continue to persist. What are some ways to prevent business identity theft that can help you be more secure?

Ways to Combat Business ID Theft
Because business identity theft can be so costly, prevention and early detection measures are critical. We’ve been featuring ways to protect your business from ID fraud all this month on our LinkedIn page. Here are some other simple, yet effective, security measures you should consider for your business:

Make cybersecurity a priority in your business. When you prepare your annual business plan, create a formal cybersecurity plan for your company that identifies a step-by-step approach for detecting identity theft. When a breach happens, your plan should trigger a prompt and thorough response.

Safeguard intellectual property. All customer and employee data, records such as financial statements and prior years’ tax returns, and any proprietary information should be stored in a safe location. Before you dispose of nonessential documents, make sure you shred them. When sharing information over the Internet, make sure you are using a secure connection, and make sure your recipient is a trusted contact when sharing via email.

Use the latest cybersecurity technology. Make sure that all firewalls, antivirus and antimalware software, and spam filters are up-to-date with their most current versions as they release new updates to combat ongoing and developing threats. Additionally, make sure you’re not downloading any files, clicking links, or opening attachments from unknown or unconfirmed sources. If you are not currently encrypting your files as they are stored, get with your IT professional about securing your digital storage for your protection and the benefit of customers.

Educate employees. As new threats arise and are announced, conduct periodic training sessions to inform your employees about the latest scams. Certain industries are susceptible to scams such as phishing emails where hackers pose as recognized businesses or distant colleagues to steal sensitive information. Your employees should also be aware of your cybersecurity plan and each person’s role if a breach occurs.

Use prepaid credit cards for purchases. Credit card fraud affects business credit cards as well! One way to avoid such fraud is to use prepaid employee credit cards to curb your probability for losses when employees make purchases from suppliers and vendors. This way, if a card is breached, the company can lose only what’s prepaid, and you can immediately deactivate the card as you work to recover your lost funds.

Monitor business credit reports. In today’s world of abundant credit monitoring services, it doesn’t take much effort to monitor your company’s three major business credit bureau profiles. Equifax, Experian, and TransUnion all offer monitoring services for your business, and some third-party services will monitor the profiles in all-in-one reports. With these services, you can choose to receive real-time notifications about suspicious activity affecting your company’s credit rating.

Guard your master list. Some companies track all their accounts and passwords in a master list. This practice is convenient, but dangerous. If a dishonest employee or a hacker gained access to this list, your company’s information would be compromised in one fell swoop. If you choose to use a master list, be sure to use caution and enact any extra security measures necessary to keep this list safe.

Contact your tax professional promptly if you believe you’ve been a victim of identity theft. Your Crippen & Co. tax professional can help you in contacting the appropriate law enforcement authorities, business credit bureaus, and financial institutions to mitigate the impact of your identity fraud.

No Guarantees
None of these measures are 100% fail-safe. While the IRS, our tax professionals, and the public become more educated on ways to prevent identity theft, ID criminals are also evolving their tactics. You can lower your business’s risk through crafting a formal cybersecurity plan, educating your employees, and implementing proactive security measures for prevention.

As IRS Commissioner John Koskinen said, “The IRS, state tax agencies, and the tax community have worked hard to turn the tide against tax-related identity theft. We’re making progress in protecting individuals but we still have more work to do.” You can also do your part by sharing your knowledge – and this article — with others in your sphere of influence to help them safeguard their businesses against identity theft.

Join our email list.

We’ll deliver accounting insights and advice straight to your inbox.