It’s W-2 season, and at least four businesses so far have been scammed into providing all of their W-2 forms to “unknown recipients,” leading to large data breaches. The cleanup from such a data breach can be very expensive.
An accounting manager at Scotty’s Brewhouse in Indianapolis, for example, received an email purporting to be from Scotty’s CEO. The sender asked for the W-2 forms for all 4,000 employees. The accounting manager complied, sending the information by return email. The real CEO had not asked for the information and the email was not his.
To avoid a data breach, companies may wish to consider the following steps:
- Educate employees, particularly in accounting positions.
- Have a plan in place for sharing sensitive information with company managers so that attempted scams will be recognized.
- Have a data loss protection plan, including a relationship with a vendor who provides data breach assistance.
- Maintain (and scrupulously follow) your own record retention plan.