People in administrative roles have become the target of choice for data thieves. If you have received an email from an executive at your company requesting W2 or payroll information that turned out to be fake, you already have firsthand experience. In February of this year, the IRS released an urgent warning that W2 scams were on the rise. Unfortunately, the alert either did not reach enough people or was not taken seriously as we continue to counsel victims. Part of the problem is a general lack of internal controls to prevent an individual from making this costly mistake. In this case sending your coworkers W2 information to a cyber-criminal.
What can you do to defend against W2 scam attacks? Implement one internal control mandating that any request for W2 or payroll data be made in person. It really is that simple. Not all of the risks you face will be this easy to resolve, but being aware that you are a target is a good first step.
Contributed by Josh Gembala, Enhanced Security Services Manager of ASK.
View the on-demand webinar “Cyber Security Threats in HR & Accounting” with Josh.