202012.140

Does Your Business Take Identify Theft Seriously? How To Avoid The Business Of Scamming

Businesses need to take security threats more seriously. The fourth day of the National Tax Security Week focused largely on this issue and offered ways business practices can optimize security of businesses and deter both business and client identity theft.
You may have never thought that a business’ identity can be stolen; and indeed, it may sound odd at first, but a business has identifying information that is unique to itself. Oddly enough, among the reasons businesses should be wary of potential scammers is that scammers will often file a business’ taxes.
Potential scammers look for little snit-bits of identifying information of the business. Scammers do not need every little detail about a business to gain access, they just need some of the information that is unique to the business to commit business identity theft and file a tax return on behalf of the “business”.
Though these riveting breaches are seldom discussed unless the breach happens to larger corporations (Target in 2013 and Marriott in 2018), the most common cyberattacks are aimed at businesses that have fewer than 100 employees.
In order to curb potential threats, the Federal Trade Commission suggests that businesses adhere to the following guidelines:
• Back up important files;
• Require strong passwords for all devices;
• Encrypt devices; and
• Enable multi-factor authentication whenever possible.
The IRS is also taking precautions to better protect business information from falling into the mischievous hands of scammers.
Beginning on December 13, 2020, the IRS will be redacting sensitive information from the business tax transcripts and the summary of corporate tax returns.
Additionally, the IRS is making it easier for businesses that may have had a breach of identity be proactive in these matters by filing Form 14039-B, Business Identify Theft Affidavit (the “Affidavit”). The Affidavit should be filed by the business if any of the following occurs:
• The business receives a rejection notice for an electronically filed return because a return already is on file and the business did not file it;
• Notice about a tax return that the business did not file;
• Notice about Form W-2 filed that the business did not file; and
• Notice of a balance due that the business does not believe is owed.
Although businesses can start being more proactive in ensuring there will not be major security breaches related to taxes, it is important to note that the Affidavit should not be used if the business experienced a data breach that resulted in no tax-related impact. It is also important to remember that the changes the IRS is making does not absolve the business from making the necessary changes to better protect its information.
Fortunately for businesses, there are a number of ways to strengthen the security of a business. Determining the weaknesses posed by your individual business is vital in taking action against scammers. As always, the attorneys at Vandenack Weaver are here to assist you determine potential weakness and implement changes to strengthen your business’ security.