Is Tax Day ‘Pay Day’ For Cyber Hackers? What CFOs Need to Know
As the tax deadline for many corporations and small businesses approaches, hackers are on alert. These bad actors know many finance teams are scrambling to meet deadlines, ensuring everyone has the data they need to properly and efficiently complete compliance-related tasks.
With this in mind, hackers actively strategize ways to go after employees this time of year. Usually, they target employees who possess this data from multiple angles. Employees, mostly unwillingly, can put their company’s integrity and operations at risk with the click of a mouse.
From training employees to be aware of scammers, to working with cybersecurity professionals to ensure data security, finance leaders who wish to protect their company long-term must consider prioritizing cybersecurity. This is especially true if they feel their organization lags behind competitors or peers in data protection.
Nathan Jenniges, vice president of products in cybersecurity at the former cell phone manufacturer turned cybersecurity company, BlackBerry, believes that the certainty of taxes and data breaches are very similar.
“In this digital world, nothing is certain except death and taxes — and cyberattacks,” said Jenniges, a former VP of product management at McAfee Enterprise. “It’s not a matter of ‘if’ but ‘when’ an organization will be targeted; it’s tax season, and cybercriminals are even busier this time of year. All it takes is one employee clicking a suspicious link, and an entire company’s data could be compromised.”
How Hackers Target Employees
Allocating resources to cybersecurity tech products as if they are insurance policies is not enough. Companies need to make their employees aware and train them with a level of legitimacy equal to the data they possess. According to Jenniges, an uninformed employee can be a hacker’s best tool.
“Employees need to know that weak passwords and human error – including trusting emails about an order or call from a bank — will let hackers in,” Jenniges said. “During events like the holidays, the World Cup, or tax season, we see increased phishing attacks and targeted attacks trying to disrupt the event, such as preventing the timely processing and submission of taxes.
“Data is worth more than ever on the dark web — bank details, passwords, even tax histories,” Jenniges said. “It’s getting harder to recognize targeted attacks, meaning anyone working from home or outside the office must be vigilant and work with their employers to spot and report suspicious activity.”
Jenniges spoke about phishing, or using fake emails or text messages, as the key method hackers have used to target employees who deal with valuable information regularly.
“Phishing attacks have become increasingly sophisticated and can be difficult to recognize, making this an effective form of cybercrime,” said Jenniges. “Cybercriminals create cleverly designed emails that appear from legitimate sources and contain believable messages. They exploit human psychology by creating a sense of urgency and fear to convince [the employee] to click on a malicious link or open an attachment that contains malware.”
Start With ‘Cyber Hygiene’
Unlike inflation, talent issues, budget cuts, supply chain snarls, or other challenges that executives face, hackers are the only threat to the business that continually try to sabotage it directly. The steps needed to prioritize data protection are more than just embracing cybersecurity from the top down but incorporating it as a fundamental part of the business. In what BlackBerry’s cyber security leader calls “cyber hygiene,” CFOs and their teams must embrace data protection as a core value.
“Cyberattacks are preventable, and the truth is that every organization needs better cyber hygiene,” said Jenniges. “Anyone can fall prey to simple phishing emails responsible for many cyberattacks. Humans are generally prone to error; it just happens.”
“You can educate people, but when they’re in a moment of inattention, they’re bound to make mistakes. It’s up to businesses to implement robust security strategies and ensure it is not putting employees in a position where there’s an option to make compromising mistakes,” he continued. “Cyber criminals are waiting for organizations and the public to drop their guard.”
Jenniges believes weak points are often created to enable some business need, like a user with administrative privileges and no multi-factor authentication or an executive’s device with specific controls turned off to improve the [user’s] personal experience.
“Review the business reason for giving employees access to data, Jenniges said. “Ask ‘why’ seven times, and if it truly is needed, then ensure you have the elevated visibility and rapid investigation to any anomalous events on those critical assets.”
- ROI in Cybersecurity: Forrester Consulting TEI Analysis Reveals Endpoint Security Solution CylancePROTECT Delivered Net Savings of $1.2M
- The Landscape of Deepfake Attacks
- Employee-Targeted Social Engineering Continues to Infiltrate Corporate Corporate Systems: ZTNA Can Help
- Prompt Bombing: Harnessing the Power of Irritation