Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

7/10/2020
10:00 AM
Shane Buckley
Shane Buckley
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

4 Security Tips as the July 15 Tax-Day Extension Draws Near

We're continuing to see cybercriminals take advantage of COVID-19, and the extension of Tax Day will be the next technique used in their sophisticated method of attacks.

For all Americans, April 15 is a critical date on our calendars — the dreaded Tax Day! Then along came the pandemic — expanding the potential attack surface exponentially as the workforce transitioned out of the office — and the deadline to file taxes was bumped three months to July 15.

Well, news flash: That date is nearly here. Keeping in mind that people are often the biggest security risk to an organization, it's up to security leaders to ensure employees do not fall for a last-minute tax-related scam that puts them or their organizations' network in jeopardy. We're continuing to see cybercriminals take advantage of COVID-19, and the extension of Tax Day will be the next technique used in their sophisticated method of attacks.

The Potential for Expanded Phishing Attacks Is Massive
Employees could be easily tempted to click on links that offer opportunities to lower their taxes due to the pandemic or ways to receive quicker refunds. At the same time, the deadline extension widens the window of time cybercriminals have had to access sensitive information and conduct targeted attacks. More people at home means they are also spending more time in front of their screens, which could lead to an uptick in successful attacks. Not only is the action of filing taxes likely digital this year due to the pandemic, but communication with accountants likely is as well. For its part, the US government advises against falling for additional scams, including unknown text messages and robocalls.

Pro tip: Educate your employees about safe computing, with tips for avoiding phishing-style emails specifically related to filing taxes or obtaining refunds. Encourage them to file their taxes outside of working hours or outside of the office (if some are heading back) to avoid extra network risks.

Home Wi-Fi Often Lacks Adequate Security Measures
Employees need to remember that they do not enjoy the same level of security they're used to in the office while they're working from home. Their Wi-Fi networks and infrastructure are not as secure outside of the physical office. Those who file their tax returns on company-issued laptops need to be diligent when choosing the browsers and Wi-Fi networks they're using in order to avoid damage to their organization's sensitive data. Remember to never use public Wi-Fi networks when sharing sensitive personal or business information.

Pro tip: Encourage employees to use secure web browsers and ask their accountants what security precautions they're taking. Also encourage employees to do tax-consultant meetings over video or the phone instead of written communication. That way, less sensitive information is captured in writing and transferred. These precautions will keep the organization's confidential information and data safer.

Pay Attention to Your Corporate Network
Many organizations still rely on users VPN'ing in to access legacy corporate applications, particularly in healthcare and finance. As mentioned, the potential for host (endpoint) infection is higher with a more remote workforce, which also means greater potential for pwnd (compromised) devices accessing sensitive corporate systems. What about users accessing corporate applications via the Transport Layer Security (TLS) protocol? The same risk applies there, too. If that device has been taken over, the access mechanism doesn't really matter.

What does matter is complete visibility into traffic coming in and out of applications. That means being able to inspect not just VPNs but also encrypted traffic including TLS 1.3. Eliminating blind spots is even more important with a remote workforce, especially when dealing with sensitive personal and financial information when filing taxes.

Pro tip: Inspecting all application traffic can be overwhelming. Instead, look into technologies that allow you to identify, isolate, and extract traffic by applications. [Editor's note: The author's company is one of several providers that offer such technology.] This will allow you to pay closer attention to sensitive applications while easing security tools from the burden of inspecting lower-priority traffic.

Nothing beats being prepared for a crisis. To avoid the major stresses and potential headlines that come with a massive breach — from an insider threat, nonetheless — now is the time to review (and update) your security strategy and crisis plans, and educate your employees about safe digital practices. However, if your organization does fall victim to an attack between now and the Tax Day deadline of July 15, it's critical to be able to stop it before it infiltrates the entire system. Having visibility into east-west traffic is also critical to the containment. The pandemic has caused an increase in security threats, and therefore demand on security teams, and we can all learn and grow from this new threat landscape together to ensure we're better-suited for future attacks.

Related Content:

Shane Buckley is President and Chief Operating Officer of Gigamon with responsibility for expanding the company's business and markets worldwide. He brings more than 20 years of executive management experience to the team and joins Gigamon from Xirrus where he was CEO prior ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-16275
PUBLISHED: 2020-08-10
A cross-site scripting (XSS) vulnerability in the Credential Manager component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link.
CVE-2020-16276
PUBLISHED: 2020-08-10
An SQL injection vulnerability in the Assets component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database.
CVE-2020-16277
PUBLISHED: 2020-08-10
An SQL injection vulnerability in the Analytics component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database.
CVE-2020-16278
PUBLISHED: 2020-08-10
A cross-site scripting (XSS) vulnerability in the Permissions component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link.
CVE-2020-15139
PUBLISHED: 2020-08-10
In MyBB before version 1.8.24, the custom MyCode (BBCode) for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. The weakness can be exploited by pointing a victim to a page where the visual editor is active (e.g. as a post or Private Mes...