Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

7/10/2020
10:00 AM
Shane Buckley
Shane Buckley
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

4 Security Tips as the July 15 Tax-Day Extension Draws Near

We're continuing to see cybercriminals take advantage of COVID-19, and the extension of Tax Day will be the next technique used in their sophisticated method of attacks.

For all Americans, April 15 is a critical date on our calendars — the dreaded Tax Day! Then along came the pandemic — expanding the potential attack surface exponentially as the workforce transitioned out of the office — and the deadline to file taxes was bumped three months to July 15.

Well, news flash: That date is nearly here. Keeping in mind that people are often the biggest security risk to an organization, it's up to security leaders to ensure employees do not fall for a last-minute tax-related scam that puts them or their organizations' network in jeopardy. We're continuing to see cybercriminals take advantage of COVID-19, and the extension of Tax Day will be the next technique used in their sophisticated method of attacks.

The Potential for Expanded Phishing Attacks Is Massive
Employees could be easily tempted to click on links that offer opportunities to lower their taxes due to the pandemic or ways to receive quicker refunds. At the same time, the deadline extension widens the window of time cybercriminals have had to access sensitive information and conduct targeted attacks. More people at home means they are also spending more time in front of their screens, which could lead to an uptick in successful attacks. Not only is the action of filing taxes likely digital this year due to the pandemic, but communication with accountants likely is as well. For its part, the US government advises against falling for additional scams, including unknown text messages and robocalls.

Pro tip: Educate your employees about safe computing, with tips for avoiding phishing-style emails specifically related to filing taxes or obtaining refunds. Encourage them to file their taxes outside of working hours or outside of the office (if some are heading back) to avoid extra network risks.

Home Wi-Fi Often Lacks Adequate Security Measures
Employees need to remember that they do not enjoy the same level of security they're used to in the office while they're working from home. Their Wi-Fi networks and infrastructure are not as secure outside of the physical office. Those who file their tax returns on company-issued laptops need to be diligent when choosing the browsers and Wi-Fi networks they're using in order to avoid damage to their organization's sensitive data. Remember to never use public Wi-Fi networks when sharing sensitive personal or business information.

Pro tip: Encourage employees to use secure web browsers and ask their accountants what security precautions they're taking. Also encourage employees to do tax-consultant meetings over video or the phone instead of written communication. That way, less sensitive information is captured in writing and transferred. These precautions will keep the organization's confidential information and data safer.

Pay Attention to Your Corporate Network
Many organizations still rely on users VPN'ing in to access legacy corporate applications, particularly in healthcare and finance. As mentioned, the potential for host (endpoint) infection is higher with a more remote workforce, which also means greater potential for pwnd (compromised) devices accessing sensitive corporate systems. What about users accessing corporate applications via the Transport Layer Security (TLS) protocol? The same risk applies there, too. If that device has been taken over, the access mechanism doesn't really matter.

What does matter is complete visibility into traffic coming in and out of applications. That means being able to inspect not just VPNs but also encrypted traffic including TLS 1.3. Eliminating blind spots is even more important with a remote workforce, especially when dealing with sensitive personal and financial information when filing taxes.

Pro tip: Inspecting all application traffic can be overwhelming. Instead, look into technologies that allow you to identify, isolate, and extract traffic by applications. [Editor's note: The author's company is one of several providers that offer such technology.] This will allow you to pay closer attention to sensitive applications while easing security tools from the burden of inspecting lower-priority traffic.

Nothing beats being prepared for a crisis. To avoid the major stresses and potential headlines that come with a massive breach — from an insider threat, nonetheless — now is the time to review (and update) your security strategy and crisis plans, and educate your employees about safe digital practices. However, if your organization does fall victim to an attack between now and the Tax Day deadline of July 15, it's critical to be able to stop it before it infiltrates the entire system. Having visibility into east-west traffic is also critical to the containment. The pandemic has caused an increase in security threats, and therefore demand on security teams, and we can all learn and grow from this new threat landscape together to ensure we're better-suited for future attacks.

Related Content:

Shane Buckley is President and Chief Operating Officer of Gigamon with responsibility for expanding the company's business and markets worldwide. He brings more than 20 years of executive management experience to the team and joins Gigamon from Xirrus where he was CEO prior ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/30/2020
'Act of War' Clause Could Nix Cyber Insurance Payouts
Robert Lemos, Contributing Writer,  10/29/2020
6 Ways Passwords Fail Basic Security Tests
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/28/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How to Measure and Reduce Cybersecurity Risk in Your Organization
In this Tech Digest, we examine the difficult practice of measuring cyber-risk that has long been an elusive target for enterprises. Download it today!
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27652
PUBLISHED: 2020-10-29
Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.
CVE-2020-27653
PUBLISHED: 2020-10-29
Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.
CVE-2020-27654
PUBLISHED: 2020-10-29
Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp.
CVE-2020-27655
PUBLISHED: 2020-10-29
Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic.
CVE-2020-27656
PUBLISHED: 2020-10-29
Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.