IRS Security Awareness
It’s time to have a word about your password
What You Need to Know to Protect Your Passwords
That’s why phishing scams, which often seek password information, are so successful. Once a criminal has your password for one account, it’s highly likely you’ve used the same sign-on information for other accounts.
The IRS, state revenue departments and the tax industry have teamed up to combat identity theft in the tax arena. Our theme: Taxes. Security. Together. Working in partnership with you, we can make a difference.
That’s why we have all agreed to new stronger standards that you will see when you access your tax software products.
It’s a good time for you to think about the passwords you use. You should always use strong passwords with a mix of letters, numbers and special characters. Do not use the same password for multiple accounts. The longer, the better. And change your passwords regularly.
We all have a role to play in fighting identity theft. Join with us to fight identity theft.
To learn additional steps you can take to protect your personal and financial data, visit Taxes. Security. Together. Also read Publication 4524, Security Awareness for Taxpayers.
Do you offer your employees some sort of Deferred Compensation Plan: 401(k), 403(b), 408(p), 408(k), etc.?
We have the ability to manage participant’s eligibility requirements, the employee contributions, and the employer contributions using hours worked, birth date, or length of service. Contact your CSR for details.
Learn How to Protect Against the FBI’s Top 3 Cyber Threats
In June 2017, the FBI released its annual Internet Crime Report showing $1.3 billion in annual losses due to Internet crime. The numbers are probably even higher because companies are hesitant to publicize themselves as victims of cybercrime.
Cybercrime continues to plague our Internet society, and the FBI’s Internet Crime Complaint Center (IC3) highlighted three specific crimes in their annual report: Business Email Compromise, Ransomware, and Tech Support Fraud. We’ve expanded on these cyber threats so you can educate yourself and your employees, and hopefully, avoid becoming a victim.
Business Email Compromise
Business Email Compromise scams go by various names. Call it a BEC scam, CEO fraud, or a wire-transfer scam, the goal is always the same – target organizations that routinely execute wire transfers. Why? Because human error can be easily exploited.
How the Scam Works:
The premise of the scam starts with an attacker hacking or spoofing the CEO’s email account, often while he or she is out of the office. Next, the criminal emails specific targets in the organization requesting an urgent wire transfer. Due to the authority, urgency, and consistency of the email, many times organizations fall victim and comply with the wire transfer request.
Common scenarios here target the finance department while the CEO is out of the country on business travel and unavailable to confirm the request. During tax season, attackers will target the HR department requesting personal information, like employee W-2 forms. Hackers even pose as lawyers or law firms to request fraudulent transfers.
BEC Scam Prevention Tips:
- Scrutinize the validity of any email requesting a wire transfer. Ensure it’s consistent with other transfer requests (timing, frequency, amount, recipient, etc.). Examine the sender’s email address for any changes mimicking the legitimate email.
- Confirm the transfer request in person or via phone call. Make sure there are dual approval protocols in place as well as a protocol for requests made by traveling executives.
- Educate your employees, emphasizing the warning signs. Oversharing is a cyber criminal’s dream, so use caution when posting an executive’s travel schedule or other employee information on social media.
Ransomware is the most notorious type of malware these days. Cyber criminals constantly have their lines in the water baiting victims to click on a phishing email or visit a compromised website to deliver ransomware.
The goal is to encrypt your files and deny you access to critical data or systems. Ransom demands in cryptocurrency (i.e. Bitcoin) keeps attackers anonymous and under-the-radar.
Ransomware Prevention Steps:
- Regular Patching: Many vulnerabilities leveraged in ransomware attacks are well-known flaws that have been exposed (i.e. WannaCry and NotPetya). Many attacks can be prevented through regular patching and updates.
- Close RDP; Use VPN: Close remote desktop protocols unless they’re strictly required. If you must use RDP, either whitelist IP’s on a firewall or do not expose it to the Internet. Only allow RDP from local traffic. Setup a VPN to the firewall and enforce strong password policies.
- Segregate you Networks: Separate your network into smaller, independent networks. This limits a ransomware infection from propagating across an entire organization by isolating networks.
- Offline Backups: Regularly backup any files stored on your devices. Ensure your backups are not connected to the rest of your critical network.
- Employee Training: Educate the workforce about ransomware and the associated dangers and threats. Anti-phishing training is one good approach. But overall cyber security awareness is important as ransomware is delivered through other vectors as well.
Tech Support Fraud
Tech support fraud is a type of social engineering where the criminal poses as a legitimate party offering technical support to victims. The intent of the fraudsters is to gain access to a victim’s device. From there, they can leverage their access for financial gain or engage in other malicious activity.
Many fraudulent tech support operations exist. There are several different ways the criminals will try to reel you in:
- Fraudsters are known to cold call and attempt to convince victims to allow remote access into their devices.
- Pop-up or locked screens are leveraged to take advantage of unsuspecting victims who a link on a compromised website.
- Fraudulent tech support companies use search engine optimization to appear at the top of search results for tech support.
- Fraudsters register URL domains similar to legitimate sites to take advantage of typos or errors made by victims who are typing in a web address.
Beware the Overpayment Scam
Cyber criminals are always looking for a new way to victimize you, and the overpayment scam is gaining traction. Posing as good-hearted professionals, criminals offer victims a refund for previous tech support services. Once they gain online access to a bank account, they first transfer money around between the victim’s accounts to make it appear the refund was too much. Before the victim notices anything odd, the criminals will request a wire transfer for the excess funds.
Keys to Mitigate Risk
As cybercrimes continue to increase, your organization needs to be diligent about analyzing its cyber risk. Errors happen, and raising cyber awareness among your workforce is key.
Finally, the FBI urges victims of computer crimes to report the incidents to IC3.gov. The IC3 unit is part of the FBI’s Cyber Operations Section and uses the reports to compile and refer cases for investigation and prosecution.
USCIS Releases New Form I9
On July 16, 2017, the U.S. Citizenship and Immigration Services (USCIS) issued a new Form I-9.
What are the changes to the form?
The subtle changes made to the Form I-9 are outlined in the revised Handbook for Employers: Guidance for Completing Form I-9 (M-274). These minor changes include:
Revisions to the Form I-9 instructions
- Renaming the Office of Special Counsel for Immigration-Related Unfair Employment Practices to its new name Immigrant and Employee Rights Section.
- Changing the instructions on Section 2 to “Employers or their authorized representative must complete and sign Section 2 within 3 business days of the employee’s first day of employment.”
Revisions related to the List of Acceptable Documents
- The Consular Report of Birth Abroad (Form FS-240) was added as a List C document.
- The certifications of report of birth issued by the Department of State (Form FS-545, Form DS-1350, and Form FS-240) have been combined.
- The List C documents have been renumbered.
HR Help by PPI Monthly Newsletter
Our Offices, Banks, and Couriers will be closed Monday, September 4, 2017
Please review your input schedule to ensure that you have allowed enough time for Direct Deposit, Common Account, or other special services. You must input one business day earlier or delay your check date by one business day to ensure correct delivery.
September 2017 Holiday Reporting Dates
We will be closed September 4, 2017 as it is a Federal non-processing day. Consult your Input calendar for your chosen alternate check date if it is a normal check date for you.
|Date Closed||Input On||For a Check Date of||OR||Input on||For a Check Date of|
Please contact Customer Service in advance with any questions and/or to make changes to your input schedule.
Take Control of Your Reports!
Class sizes are limited, so be sure to call 888.380.1869 to register with your Customer Service Representative!
Enjoy free online classes each week to hone your existing skills, and to learn useful tips that can make your workforce management process easier. These 1-hour refresher classes are held weekly: Tuesdays at 1:00 PM (Pacific).
Tuesday Back to Basics
This class is great for experts and beginners to bolster existing knowledge, or learn something new to process Payroll, Employee Management, and 4 basic reports faster and easier.
Class sizes are limited, so be sure to call 888.380.1869 to pre-register with your Customer Service Representative!
AWS Can Help!
We are as strong as we are united: HR, Time and Payroll in One Database
Learn More about you can have your Mischief Managed!