Don’t Take the Bait – Remote Access Takeovers

Preventing remote access takeover attacks is the topic for week five of the 10-week IRS series “Don’t Take the Bait”. The series focuses on security updates for tax professionals. This week’s article, published on August 8, discusses the threat of remote takeovers by cybercriminals, the possible repercussions of such an attack, and steps to take in order to avoid falling victim to such a tactic.

“A remote takeover can be devastating to practitioners’ business as well as to the taxpayers they serve. It’s critical for people to take steps to understand and prevent these security threats before it’s too late,” explains IRS Commissioner, John Koskinen. This type of cyberattack can be carried out in a variety of methods, including the exploitation of security setting weaknesses, sending malicious code into the target system via malware, or hacking devices that retain their factory-issued passwords settings.

The IRS recommends a series of steps to tax professionals to enact in order to protect themselves from remote takeovers, including:

• Educate staff members about phishing scams.
• Employ strong security software—and make sure it is set to update and scan automatically.
• Be aware of all wireless devices connected to the network and make sure that factory passwords are replaced with strong passwords.
• Always use strong passwords.
• Be wary of phishing scams—never select links or attachments included in emails from suspicious users.
• Be careful about what remote access software you allow employees to use, and make sure that it is disabled unless in use.

For more details, read the article in full at irs.gov.