IRS Hack Emphasizes the Need for Data Security

thumbnail-12Gone are the days of criminals being forced to dig through a person’s or company’s trash in order to steal confidential information. Now they have gone digital and everyone is being affected — even the Internal Revenue Service.

Although our government uses technology designed to prevent virtual break-ins, the recent hack into the IRS proves two things: 1) No entity is safe from sophisticated criminals and 2) Security and protection of sensitive personal and business information is more important than ever.

The IRS has confirmed that the hacks were most likely conducted by organized crime syndicates and their goal was simple — the fraudulent filing of refunds, the money from which was funneled into the criminals’ own accounts. This year, approximately 104,000 taxpayer accounts were hacked out of at least 200,000 attempts, resulting in as many as 15,000 possibly fraudulent refunds from those who had not yet filed their taxes for the year.

How much money was stolen? It is likely that the amount topped $39 million.

These data breaches are becoming more prevalent and highlighting the need for businesses to protect their customers’ data. Unfortunately, these hacks are becoming more sophisticated as well, with hackers growing technologically advanced right along with better security. What this all comes down to is that security breaches are often very difficult to prevent.

So as a business, what can you do? Your job is to not lose sight of the data security that you CAN control – off network and end-of-life data destruction, for instance. You need to put strong tracking and data destruction processes in place and use a reputable vendor that will help you facilitate those processes.

You must remember that just because data is off the network — like a decommissioned server or data storage system — doesn’t mean you are off the hook for data security. Until you can certify that the data has been destroyed, either by certified data erasure or physical destruction of the media, your data is at risk. While this may sound simple, many companies don’t pay enough attention to  the whole process from the time they disconnect or decommission their equipment until it’s been removed by an ITAD partner.

Your company may not have tax returns in your data, but you probably do have employee personal and health information, proprietary corporate information, or customer data. You need to be SURE that any sensitive information you hold is protected all the way through the lifecycle of the systems where it resides. Contact us to talk to an ITAD professional about how to improve your off network and end-of-life data security processes.