Were the US Government to present at a business plan competition it would have a difficult time explaining why it has failed to properly invest in its sales department (read: revenue-generating agency), the Internal Revenue Service (IRS). I ask you, who else still communicates by fax? Well, in a few short months that trend will begin to change. The IRS will require taxpayers to provide images of their faces in order to access their data on the agency’s website.
The most recent annual audit of the IRS, from December 14th of last year, begins its discussion of Agency Modernization with this opening sentence:
“The reliance on legacy systems and aged hardware and software, and its use of outdated programming languages, pose significant risks to the IRS’s ability to deliver its mission.”
Like previous audits, this last report cited long-standing problems in how the agency handles the privacy of taxpayer data and access to its systems. Change is needed. This move to a biometric security system is an initial step.
Like any new software/IT system implementation, the proposed transition has not been seamless. Initially, the IRS announced that it would use a third party service, ID.me, for it facial recognition checks. It has since announced that it will develop and bring online its own authentification system. Among the reasons for this change of strategy are the many privacy concerns raised about ID.me and other providers of similar services.
The IRS is not alone in its IT challenges. Many small businesses are unprepared for computer related crime; their systems, while unlikely to include fax machines, are outdated and easily compromised. Consider this example: I often access client workstations and servers remotely. I did so again today, using my client’s login. Her user name was her first name. The password was that same first name with 123 appended to it.
Not a great challenge for even the most novice of hackers.
Companies pay a high price for data breaches. Ransomware attacks, like the Colonial Pipeline attack last May, can disrupt company operations for long periods of time. The misuse of sensitive client and employee data can result in claims that, last year, averaged $188 per compromised record. So, besides improving one’s IT systems and security, small business owners should consider getting Cyber Liability insurance.
A Cyber Liability Insurance policy protects against losses associated with data breaches. The policy pays when the insured is liable for theft or loss of unauthorized access to Personal Information, Breach response and Notification and Regulatory Defense and Penalties. Do not assume that you are protected because you have general liability and/or professional liability insurance. Often, those policies do not cover ransomware or similar lost-data incidents.
One of my WWLC partners, Marc Slafsky, is an insurance expert. He works with small business owners across the country. Marc can help you too. Get in touch. Don’t wait as long to act as the IRS did.