Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:00 AM
Shane Buckley
Shane Buckley
Connect Directly
E-Mail vvv

4 Security Tips as the July 15 Tax-Day Extension Draws Near

We're continuing to see cybercriminals take advantage of COVID-19, and the extension of Tax Day will be the next technique used in their sophisticated method of attacks.

For all Americans, April 15 is a critical date on our calendars — the dreaded Tax Day! Then along came the pandemic — expanding the potential attack surface exponentially as the workforce transitioned out of the office — and the deadline to file taxes was bumped three months to July 15.

Well, news flash: That date is nearly here. Keeping in mind that people are often the biggest security risk to an organization, it's up to security leaders to ensure employees do not fall for a last-minute tax-related scam that puts them or their organizations' network in jeopardy. We're continuing to see cybercriminals take advantage of COVID-19, and the extension of Tax Day will be the next technique used in their sophisticated method of attacks.

The Potential for Expanded Phishing Attacks Is Massive
Employees could be easily tempted to click on links that offer opportunities to lower their taxes due to the pandemic or ways to receive quicker refunds. At the same time, the deadline extension widens the window of time cybercriminals have had to access sensitive information and conduct targeted attacks. More people at home means they are also spending more time in front of their screens, which could lead to an uptick in successful attacks. Not only is the action of filing taxes likely digital this year due to the pandemic, but communication with accountants likely is as well. For its part, the US government advises against falling for additional scams, including unknown text messages and robocalls.

Pro tip: Educate your employees about safe computing, with tips for avoiding phishing-style emails specifically related to filing taxes or obtaining refunds. Encourage them to file their taxes outside of working hours or outside of the office (if some are heading back) to avoid extra network risks.

Home Wi-Fi Often Lacks Adequate Security Measures
Employees need to remember that they do not enjoy the same level of security they're used to in the office while they're working from home. Their Wi-Fi networks and infrastructure are not as secure outside of the physical office. Those who file their tax returns on company-issued laptops need to be diligent when choosing the browsers and Wi-Fi networks they're using in order to avoid damage to their organization's sensitive data. Remember to never use public Wi-Fi networks when sharing sensitive personal or business information.

Pro tip: Encourage employees to use secure web browsers and ask their accountants what security precautions they're taking. Also encourage employees to do tax-consultant meetings over video or the phone instead of written communication. That way, less sensitive information is captured in writing and transferred. These precautions will keep the organization's confidential information and data safer.

Pay Attention to Your Corporate Network
Many organizations still rely on users VPN'ing in to access legacy corporate applications, particularly in healthcare and finance. As mentioned, the potential for host (endpoint) infection is higher with a more remote workforce, which also means greater potential for pwnd (compromised) devices accessing sensitive corporate systems. What about users accessing corporate applications via the Transport Layer Security (TLS) protocol? The same risk applies there, too. If that device has been taken over, the access mechanism doesn't really matter.

What does matter is complete visibility into traffic coming in and out of applications. That means being able to inspect not just VPNs but also encrypted traffic including TLS 1.3. Eliminating blind spots is even more important with a remote workforce, especially when dealing with sensitive personal and financial information when filing taxes.

Pro tip: Inspecting all application traffic can be overwhelming. Instead, look into technologies that allow you to identify, isolate, and extract traffic by applications. [Editor's note: The author's company is one of several providers that offer such technology.] This will allow you to pay closer attention to sensitive applications while easing security tools from the burden of inspecting lower-priority traffic.

Nothing beats being prepared for a crisis. To avoid the major stresses and potential headlines that come with a massive breach — from an insider threat, nonetheless — now is the time to review (and update) your security strategy and crisis plans, and educate your employees about safe digital practices. However, if your organization does fall victim to an attack between now and the Tax Day deadline of July 15, it's critical to be able to stop it before it infiltrates the entire system. Having visibility into east-west traffic is also critical to the containment. The pandemic has caused an increase in security threats, and therefore demand on security teams, and we can all learn and grow from this new threat landscape together to ensure we're better-suited for future attacks.

Related Content:

Shane Buckley is President and Chief Operating Officer of Gigamon with responsibility for expanding the company's business and markets worldwide. He brings more than 20 years of executive management experience to the team and joins Gigamon from Xirrus where he was CEO prior ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-15
A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter.
PUBLISHED: 2021-05-15
DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution.
PUBLISHED: 2021-05-14
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.
PUBLISHED: 2021-05-14
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
PUBLISHED: 2021-05-14
The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue.