IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

4 Steps to Protect Data During Tax Season

In one expert's opinion, strong year-round security standards will also protect fragile data at tax time.

State, city and county government agencies may be the first line of defense against criminals trying to compromise the personal or financial data of citizens who file their taxes at the last minute. 

Last fall, a massive security breach of the South Carolina Department of Revenue’s network compromised more than 3.5 million citizens' social security numbers. State officials took 10 days to deny the hacker access and another six to inform the public about the breach.

And another criminal could take similar action now -- on the busiest time of year for people sending private information to their government electronically.

Paul Christman, vice president of public-sector sales and marketing for Quest Software, a division of Dell, offered strategies that local government administrations can take to protect their citizens. And he noted that if enterprises implement strong security protocols all the time, it won’t matter if hackers strike during tax season or any other part of the year. 

“It could be tax information, it could be personal information of any kind, it could be Social Security information [or] it could be health-care information," he said. "We look at this sort of holistically."

Christman recommends that enterprises take the following four steps to ensure that only the proper government personnel have access to fragile data:

1. Implement strong perimeter protection. “You need to have good, strong perimeter protection — next generation firewalls that do more than just look at viruses but do deep packet inspections, " he said. "That’s imperative.”

2. Vigilant account management and activity logging. Access control decision-makers must exercise tight control over who has access to what on the network. “These systems administrators need to have very, very tight controls," Christman said. "That’s how you protect against some rogue administrator carting off all of the tax data.”

3. Robust user authentication. In addition to the standard username and password combo, users should have something additional to access the network, like a keycard, biometric device or some other piece of hardware or software.

4. Engage security experts as consultants. Be open to hiring outside security professionals and researchers to buttress your own enterprise expertise and technology. “This risk assessment consulting is really, really important.”

Christman thinks these steps are appropriate for the most private data, but stresses they're not for everything. For example, data that’s transmitted via an online system to reserve non-essential goods and services isn't as important as the financial data millions of Americans will be sending to their government online this month.

“Do I put this level of intensity around a reservation for parks and recs in a local county government to reserve the basketball court? Absolutely not,” he said. “Credit card data, financial data, health-care data, some tax information — those sorts of things justify the additional layers of security.”

Image courtesy of iStockPhoto