Security Tips for Small Businesses

The IRS and its Security Summit partners urge businesses to remain vigilant against potential cyberattacks in which hackers try to steal customer and other business data. Criminals target business’ credit card or payment information, business identity information, or employee identity information.

Best practices for businesses include

• Use multi-factor authentication.
• Set security software to update automatically.
• Back up important files.
• Require strong passwords for all devices.
• Encrypt devices.

The IRS now has a form that allows companies to report possible identity theft to the IRS, even if that threat is not confirmed. Form 14039-B, Business Identity Theft Affidavit, which may be accessed by clicking here, may be filed if a business receives a

• Rejection notice for an electronically filed return because a return is already on file for that same period.
• Notice about a tax return that the entity didn't file.
• Notice about Forms W-2 filed with the Social Security Administration that the entity didn't file.
• Notice of a balance due that is not owed.

This form will allow the IRS to respond to the business and work to resolve issues created by a fraudulent tax return.

If an employer experiences a W-2 scam, a special reporting procedure is available. See the Identity Theft Central’s business section on IRS.gov.