Each year, the Internal Revenue Service (IRS) is responsible for collecting trillions of dollars in federal taxes and processing about 140 million tax returns. Because the agency’s computers house a vast amount of personally identifiable information, the potential for financial gain via hacking is huge.
This fact is not lost on cyber criminals, of course, which makes the findings of two government audits of the IRS released this spring even more alarming. Both the Government Accountability Office (GAO) and the Treasury Inspector General for Tax Administration found jaw-dropping security gaps at the IRS. According to The Fiscal Times, problems unearthed at the agency included:
- Failure to encrypt data as it was transmitted between IRS offices in various states.
- No documentation to demonstrate that 77 percent of new IRS employees had background checks prior to being hired.
- Employees in non-accounting roles and without proper clearance gaining access to accounting systems.
Nextgov highlighted other problems at the IRS:
- Security patches for UNIX (the OS used by IRS computers) from as far back as 2009 were never installed.
- Failure to adequately verify digital safeguards were functioning correctly.
- Contractors received no training on agency security issues within the first two weeks of work.
- Weak protocols allowing non-complex passwords and passwords to be repeated across differing IRS networks.
- Network devices kept in unsecured cabinets.
These shortcomings by the IRS read like a textbook case of what not to do in IT security. Unfortunately, many small businesses have similar dysfunction when it comes to digital security.
Simple techniques to increase your company’s digital security
But there are cheap and simple ways for a company to make its cyber security more robust. For example, in our article How Secure Are Your Company’s Passwords? we discussed the need to make passwords complex, multifaceted, and unpredictable. Enacting a rigorous password policy is a quick first step to make a cyber crook’s job more difficult.
In our articles 4 Ways Small Businesses Can Thwart Cyber Crime and 4 More Ways Small Businesses Can Thwart Cyber Crime, we outlined other easy steps to shore up security, including training employees, encrypting data, and keeping the OS current with the latest patches and updates.
If the IRS would implement some of these basic safety measures, it would mean the sensitive information we must submit to the agency would be somewhat more protected from a breach.
You need Internet insurance
But experts agree that virtually no government entity or business is completely immune from cyber attacks. It’s clear that in order to protect your firm, you need to obtain Internet insurance, also known as cyber insurance. Internet insurance can reduce your cyber liability in the event of a cyber theft.
Many business executives are unfamiliar with the potential liabilities their firms incur by operating in the digital world, and the protection Internet insurance can offer. And, navigating the complexities of coverage can be daunting. Our Cyber Insurance Basics web page is a good place to start the learning process.