Why Alex is Locking Down Cybersecurity This Tax Season
Alex’s non-profit, which helps veterans secure housing and medical care, relies on funding from donors, grants, and government programs. That means handling sensitive financial data is part of daily operations, especially during tax season.
Last year, the organization's accountant received what seemed like a routine e-mail from a “vendor” requesting payment for an outstanding invoice. It looked legitimate, but it was a scam. Luckily, they caught it in time, but it was a wake-up call.
Now, with tax season in full swing, Alex is making cybersecurity a priority so hackers don’t get the upper hand. Let’s break down why cybercriminals love tax season and the five steps Alex is taking to keep the organization safe … steps you should consider, too.
Why Tax Season is Prime Time for Cybercriminals
Tax season creates the perfect storm for hackers because businesses and non-profits are dealing with:
🔹 A High Volume of Sensitive Data Transfers – Financial information is being exchanged between staff, accountants, and third-party vendors, creating multiple opportunities for interception.
🔹 Time Pressure & Tight Deadlines – When people are rushed, they’re more likely to click on malicious links, fall for scams, or skip security precautions.
🔹 An Influx of E-mails & Requests – Cybercriminals blend in with the noise, sending fake IRS notices, fraudulent invoices, and phishing attempts that seem legitimate.
🔹 Tax-Related Scams on the Rise – Hackers frequently impersonate government agencies, payroll providers, or accountants to trick businesses into handing over sensitive data.
Without the right protections in place, even the most cautious organization could become a victim.
Common Cyber Threats During Tax Season
Alex made sure the team knew the biggest threats to watch for during this time of year:
🔹 Phishing E-mails – Scammers send fake e-mails that look like they’re from the IRS, accountants, or vendors, tricking employees into clicking malicious links or sharing confidential data.
🔹 Fake Payment Requests – Fraudsters pose as vendors or executives, asking for urgent wire transfers or payments.
🔹 Ransomware Attacks – Hackers encrypt financial records and demand a ransom to restore access, delaying tax filings and causing chaos.
🔹 Social Engineering Scams – Attackers call or e-mail, pretending to be trusted contacts, to extract sensitive information.
To stay ahead of hackers, Alex took action and put five key protections in place.
Protection #1: Training Staff to Spot Cyber Threats
One of the simplest yet most powerful defenses against cybercrime is employee awareness. Alex held a quick training session to remind the team of best practices:
✅ Verify E-mail Senders – Before opening attachments or clicking links, double-check the sender’s e-mail address.
✅ Be Cautious of Urgent Payment Requests – Scammers often create a sense of urgency to bypass security checks.
✅ Report Suspicious E-mails Immediately – Employees were encouraged to flag anything unusual to IT.
Hackers rely on human error, so educating staff is one of the most effective defenses.
Protection #2: Securing Communication & Data Transfers
To prevent financial and tax documents from being intercepted, Alex implemented:
✔ Encrypted E-mail & File Sharing – Sensitive documents were sent via secure portals instead of e-mail.
✔ Access Controls – Only essential personnel could view financial records, reducing insider threats.
✔ Network Monitoring – Any unusual data transfers were flagged immediately.
This added an extra layer of protection against eavesdropping and cyber theft.
Protection #3: Enforcing Multifactor Authentication (MFA)
Alex made sure that all employees, especially those handling financial information, enabled MFA on their:
🔹 E-mail accounts
🔹 Financial systems
🔹 Cloud storage
🔹 Any tax-related platforms
Even if a hacker steals a password, they still won’t be able to access critical systems without the second authentication step.
💡 Pro Tip: MFA is available on most major platforms. If you haven’t activated it yet, now is the time!
Protection #4: Conducting a Pre-Tax Season Cybersecurity Audit
Before things got too busy, Alex worked with the IT provider to identify vulnerabilities and ensure everything was up to date. They focused on:
✔ Updating software & applying security patches
✔ Securing all endpoints (laptops, mobile devices, remote access points, etc.)
✔ Verifying backup integrity to prevent ransomware-related data loss
This proactive approach meant no surprises during tax season.
Protection #5: Verifying Every Financial Request
Hackers love business e-mail compromise (BEC) scams, where they impersonate a vendor, executive, or accountant to request a payment.
To prevent this, Alex implemented a simple but effective rule:
✅ Verify Every Payment Request via a Second Method – If an e-mail requests a payment or account update, staff must confirm it by calling the sender directly.
This one extra step dramatically reduces the risk of falling for fraudulent invoices or wire transfer scams.
Tax Season Doesn’t Have to Be Open Season for Hackers
Because Alex took these preventative steps, the non-profit could focus on filing taxes and securing funding without worrying about cyber threats.
Here’s a recap of the cybersecurity checklist:
✅ Trained staff to recognize scams
✅ Secured communication channels for tax-related documents
✅ Enabled Multifactor Authentication (MFA) on critical accounts
✅ Conducted a cybersecurity audit before tax season ramped up
✅ Implemented a verification process for all financial transactions
Want to make sure your organization is protected too? Start with a FREE Network Assessment to identify potential vulnerabilities before cybercriminals do.
👉 Click here to schedule your FREE Network Assessment today! https://www.10dtech.com/security/
Coming Up in Week 3: How Oregon Business Owners & Non-Profit Leaders Can Eliminate Costly Tech Problems Immediately
Next week, we’ll follow Alex as the organization tackles the hidden tech issues draining the non-profit's time, money, and resources and discuss how you can eliminate them in your own organization.
