The IRS and its Security Summit partners recently concluded their annual five-week campaign, Protect Your Clients; Protect Yourself. While the event was designed primarily for tax professionals, the lessons apply broadly to employers and employees alike: scams and cyber threats do not take a vacation.
Key Takeaways for Employers and Employees
- Scams are evolving.
Fraudsters continue to develop new ways to steal personal and financial information. Common tactics include phone calls, text messages, fake correspondence, and schemes that misuse tax credits promoted on social media. These scams can lead to inaccurate filings, denied refunds, and penalties. - Phishing is still the top threat.
Email attacks remain the easiest way for criminals to break through defenses. Variants such as spear phishing and clone phishing are on the rise. Everyone should be alert to unexpected links, attachments, or urgent requests for information. - Written security plans matter.
Tax professionals are required to maintain Written Information Security Plans (WISPs). While this is a regulatory requirement in that field, the concept applies in any workplace. HR leaders can reinforce the need for policies that define how sensitive data is accessed, protected, and stored. - Use stronger authentication.
The IRS recommends multi-factor authentication (MFA) for all accounts handling sensitive information. MFA is not just a best practice, it is becoming a standard expectation across industries. Employers should ensure systems that store employee or client data require MFA. - Stay informed and prepared.
Scams are continuous and often seasonal. Knowing the warning signs, preventing data compromise, and having a response plan in case of a breach are all essential. Resources such as IRS “Identity Theft Central” and official e-News services are trustworthy sources of updates.
Why It Matters for HR
Even though the Summit was tax-focused, the lessons apply to any organization handling personal data. HR teams manage sensitive employee records, payroll details, and benefits information all of which are prime targets for attackers. Building awareness and reinforcing secure practices across your workforce is the best defense.
Benefit Allocation Systems (BAS) provides best-in-class, online solutions for: Employee Benefits Enrollment; COBRA; Flexible Spending Accounts (FSAs); Health Reimbursement Accounts (HRAs); Leave of Absence Premium Billing (LOA); Affordable Care Act Record Keeping, Compliance & IRS Reporting (ACA); Group Insurance Premium Billing; Property & Casualty Premium Billing; and Payroll Integration.
MyEnroll360 can Integrate with any insurance carrier for enrollment eligibility management (e.g., Blue Cross, Blue Shield, Aetna, United Health Care, Kaiser, CIGNA and many others), and integrate with any payroll system for enrollment deduction management (e.g., Workday, ADP, Paylocity, PayCor, UKG, and many others).
This article is for informational purposes only and is not intended as legal, tax, or benefits advice. Readers should not rely on this information for taking (or not taking) any action relating to employment, compliance, or benefits. Always consult with a qualified professional before making decisions based on this content.
