Why Employees Are Taxing Your Cyber Security Team’s Patience

Written by

While tax season in the United States is winding down, businesses and households across the UK are starting to prepare their tax returns.

During this time, people worry about securing the proper documents, payments and information; but in the digital era they also need worry about securing their information. This February, Tax Slayer, a popular online tax preparation software, revealed that hackers might have accessed 8,800 customers’ tax return information. Names, birthdays, addresses and bank account numbers are all tempting information for hackers, and organizations are at risk of being targeted as a means to secure this coveted data.

Although tax scams and cyber-attacks have been around for years, users are still falling victim. While pop-ups, strange downloads and emails requesting large sums of money immediately raise red flags for users, employees are being caught up in what might not seem like dangerous behavior.

Who’s at risk and why?

Employees are often not prepared for ever-evolving cyber threats, and as a result, many fall victim to data breaches resulting from phishing scams, malware and other nefarious methods. Over the past year, the IRS has seen a 400% uptick in phishing and malware scams, many of which take advantage of social engineering to trick users into giving away valuable personal information.

How much could it cost?

Shadow data and cyber-attacks are creating significant financial risks for organizations. For the second half of 2015, Elastica, a Blue Coat company, calculated that the potential financial impact on the average organization from the leakage of its sensitive cloud data was $1.9 million.

According to research conducted by IBM and the Ponemon Institute, the average total cost of a data breach in 2015 was around $3.79 million. On an individual level, hackers stand to profit and average $30 per dossier of personal information. If that information contains health care data plus counterfeit documents related to it, hackers stand to make more than $1,000 according to BankRate.

What can you do?

Most organizations task the IT or security team with protecting employees. But, tax season shouldn’t put an undue burden on the IT team. Instead, you should implement best practices for embracing the consumerization of IT and social media in a way that supports employees’ technology choices while simultaneously mitigating security risks.

To start, two-factor authentication can eliminate the risk of hijacked credentials with multifactor authentication (MFA). This is becoming best practice for cloud apps like O365, SFDC, ServiceNow, etc. Insider threat detection and response programs can also help alert the security team to new attacks on the network. Tapping advanced user behavior analytics, security professionals can continuously monitor account activity that can be leveraged to alert on or block threatening activity.

Don’t Tax Your Team

Security shouldn’t fall completely on the security team, and organizations as a whole need to be mindful of the risks posed by Shadow IT. Enterprises can monitor and classify all sensitive content being uploaded, downloaded or shared via solutions like Dropbox with the right solutions. Line of business leaders should also play a role in responsible computing to ensure that they’re leveraging security solutions to proactively meet their needs. Finally, education is a key part of making sure that employees aren’t ensnared by phishing or another malicious cyber-attack.


In today’s world, it’s an unfortunate fact that people in a corporate environment are routinely exploited. It’s important to remember that these people not only expose the corporate environment to threats, but they are themselves often victims of cyber-attacks. The risk employees pose can be reduced significantly through education and the right technology. 

What’s hot on Infosecurity Magazine?