Why tax season 2024 will be a minefield for cybersecurity

Tax season can be a nightmare, but a cyberattack would make it a disaster. Find out how to manage cybersecurity in the 2024 tax season.

minute read

Last Updated June 25, 2024

Category Cybersecurity

Middle-aged female with short hair and glasses, relaxed and working on a laptop, seemingly unaware of cybersecurity threats during tax season.


The last thing you want to think about during tax season is…well, anything other than getting through tax season.

The first few months of the year are so all-consuming that they can feel more like a test of survival than a mere “busy” season. But cybersecurity for the 2024 tax season is a topic no accounting professional can ignore.

Unfortunately, the busy season for cybersecurity never stops, and tax season is a prime time for cybercriminals to attack. One big reason is that accounting firms hold the keys to the kingdom for malfeasants looking to commit tax fraud. Cybercriminals who can steal taxpayers’ information have the data they need to commit tax fraud and other crimes. And they commit a lot of it.

The Criminal Investigation unit (CI) of the IRS initiated more than 2,600 investigations that uncovered more than $37 billion in tax and financial crimes in fiscal year 2023. Both numbers are up from 2022, when the CI undertook more than 2,500 criminal investigations and identified about $31 billion in crimes. During tax season 2023, IRS identity theft filters picked out nearly 1.1 million tax returns with refunds totaling approximately $6.3 billion for additional scrutiny. At that point, tax season wasn’t even over yet. Fraud and cybercrime will undoubtedly be part of tax season 2024 as well.

Your accounting firm has the personally identifiable information cybercriminals need

Graphic indicating a statistic that states cyberattackers target smaller businesses with more than half of their attacks, in part because small businesses are often underprepared for cyberthreats.
Accounting firms are major targets for cyberattackers, especially smaller firms.

That’s bad news for your firm. Accounting firms are major targets for cyberattacks because they store virtually every piece of information a criminal would need to steal a taxpayer’s identity. Consider an indictment handed down in March 2023, which detailed how seven people allegedly attempted to collect fraudulent tax refunds using the stolen identities of accountants and taxpayers. The group allegedly filed at least 371 false tax returns in an attempt to defraud the IRS of more than $111 million in refunds.

How did the alleged perpetrators do it? The would-be perpetrators allegedly registered with the IRS using information stolen from taxpayers to pose as those taxpayers’ agents. The alleged perpetrators then changed the victims’ mailing addresses and used the victims’ tax information to electronically file returns and claim fraudulent refunds.

The information accounting firms have on their clients is exactly the fuel fraudsters need to stoke their criminal fires. While you’re working nights and weekends to process returns for clients, cyberattackers are working around the clock to get hold of your data. And if you’re like many small businesses, you’re vulnerable to their attacks.

Cyberattackers target smaller businesses with more than half of their attacks, in part because small businesses are often underprepared for cyberthreats. If you’re running a small accounting firm, you’re very much in the crosshairs for cybercriminals as a small business that holds critical taxpayer data. You need to be prepared for a cyberattack at any time, even during tax season.

Cybersecurity in tax season 2024 will be even harder to manage than it was in 2023

Graphic with envelopes in boxes on the left representing a statistic and stating that 90% of cyberattacks begin with a phishing email.
Most cyberattacks start with a phishing email.

Of course, that’s easier said than done. Internal cybersecurity specialists are expensive to compensate and, perhaps worse, very difficult to find. But if you’re trying to manage cybersecurity on your own, you’re leaving your firm open to attack. Self-managing cybersecurity in an accounting firm is akin to your clients trying to do their own taxes. The result is likely to be a disaster. The demands of tax season make keeping up with cybersecurity management even more difficult.

Another major complication of tax season is that the volume of work employees have to deal with makes them especially vulnerable to even simple cyberattacks. Across industries, 90% of cyberattacks begin with a phishing email. Phishing emails generally involve an attempt to get a busy employee to click on a malicious link that installs malware on your network or to divulge sensitive information to a sender who turns out to be a cybercriminal and not a client or colleague.

When you and your employees are heads down in tax work, you won’t necessarily be as cautious as you should about clicking on email attachments or making sure the people you’re responding to are who they say they are. If you’re using a standard email platform to exchange information with clients, you’ll likely have a flood of emails every day. Just one malicious message seeping through the cracks could sink your firm.

You need experts to help you keep cyberattacks at bay all year, and that’s especially true during tax season. The requirements for keeping your clients’ information safe change constantly. You need to focus on running your firm, not protecting your data—particularly at the busiest time of year. Fortunately, a cloud provider can offer the expertise and protection you need.

Managing cybersecurity in the 2024 tax season will be safer and easier in the cloud

A cloud partner provides cybersecurity, so you don’t have to. When you run critical applications in the cloud, your partner handles all updates and maintenance. Meaning your apps and network are secure with minimal effort on your part. All you have to do is work to keep your clients happy. You and your employees can securely and easily access your most important apps in a single, protected environment.

Diverse group of employees sitting in a room reviewing cybersecurity best practices with a few raising their hands.
Your employees are your best line of defense, and ensuring they are educated on cybersecurity threats is essential for your firm.

Managed security services from a cloud provider extend protection not just to your network but to the actual devices you use to do your work, such as laptops. Accessing applications in the cloud can also help you fend off phishing attacks. You can use a cloud-based environment to communicate and share files with clients, enabling you, in many cases, to bypass email altogether. You can also enjoy the protection of a security service that protects your own from malicious messages, making email safer to use.

Ultimately, your employees are the best line of defense within your organization against cyberattacks. Educated employees are wary employees. Those who have trained in how to avoid cyberthreats will know how to avoid phishing attempts even when they’re ridiculously busy. Your cloud partner can provide regular instruction to employees on how to steer clear of cyberattacks.

All of this is available with a monthly payment plan that’s predictable and easy to budget for. Ultimately, the peace of mind and freeing up of resources will be of more than just financial value to your firm. You’ll be able to get more work done in less time without having to commit energy to managing cybersecurity or worry whether or not you’re adequately protected from an attack.

Boost your cybersecurity for the 2024 tax season with cloud services from Rightworks

Your firm can trust Rightworks to deliver managed security services that protect you from cyberthreats during tax season and the rest of the year as well. For your firm, Rightworks can:

  • Update and secure applications without having any impact on your daily business activity.
  • Deliver a single, protected space for you to work both internally and with clients.
  • Provide a secure email service that protects your inbox from malicious messages.
  • Protect your data in enterprise-class facilities and provide 24/7/365 support.
  • Train your employees to recognize and avoid cyberthreats, even during tax season.

Tax season is never an easy time of year at accounting firms. You can make this tax season a little easier—and a lot safer—with managed security services from Rightworks.

Are you ready to secure your firm for tax season 2024? Get started now.

Subscribe to our blog

Get Rightworks articles delivered straight to your inbox.