Wednesday Wisdom From Wouch Maloney - CPA Firm

Cybersecurity Awareness Month: Steps to Maintain Online Security

October is Cybersecurity Awareness Month. The Department of Homeland Security plays a significant role in cyber resilience, investigating cyber activity and advancing cybersecurity. While you may think cybersecurity is for businesses, as an individual, it is important to update and maintain online security protocols.

Now that we are in the last quarter of 2022, many of us will have an increase in holiday spending, charitable requests, and year-end gifting. The increase in spending and online transactions provide more opportunities for cyber criminals. As cybercrime increases, it is important to review existing processes in place. For your convenience, we have compiled the below list to help you update and maintain a secure, online presence. While we can’t stop all cybercrime, we can make it more difficult and become a less desirable target.

Software Updates to Improve Cybersecurity

Take time to make certain your computers, phones and other electronic devices have the most current software and operating system updates. Most updates include new security improvements to help keep your personal information safe while using their products.

Two-factor Authentication (2FA)

Use Two-factor Authentication on any accounts and services that provide it. This includes email, banking and other financial accounts, cloud storage, and password managers. Enabling 2FA should be a requirement and no longer be considered a preference. By using two-factor authentication, you have an extra layer of protection to help keep your online accounts secure.


In addition to enabling 2FA, many online cybersecurity awareness experts recommend changing your passwords every three months. It is also critical to change default passwords on new equipment immediately.

Other recommendations include using a password manager. Many password managers identify weak or old passwords to help keep your accounts protected with a strong password or phrase.

Strong passwords usually contain 12 characters that include a combination of upper and lowercase letters, numbers, and special characters.

Email Attachments and Web Links

Do not open attachments, click on website links, download software or files if you they are not from a trusted source. Pay attention to the sender’s email address to make certain a familiar email address was not spoofed. Spoofing is the practice of impersonating a familiar email address with a fake address in an attempt for the reader to click on a link or attachment which may contain a virus or have other malicious intentions. If you have any concerns, it’s recommended that you contact the sender via a phone number not listed in the email to confirm its validity before opening.

Virtual Private Networks (VPNs)

With the increase of individuals working from home, the IRS and Security Summit partners highly recommend the use of VPNs to securely conduct business. It is also recommended to only perform online business/commerce and banking on a secure browser connection. Refrain from using free Wi-Fi from restaurants, coffee shops, homes, or businesses.

Use Separate Computers, Mobile Devices and Email Accounts for Personal and Business

If you share hardware with other family members, especially children, it is important to separate your personal and business computers, mobiles devices and email accounts. Remember to keep your devices in a secure location when at home or traveling and lock any unattended devices when they’re not in use. Often younger children are not aware of online safety protocols. You will want to keep business accounts separate from personal accounts.

Cybersecurity Awareness Month
Younger children are not aware of online safety protocols. Keep your devices in a secure location and lock unattended devices when not in use.


Identity thieves are creative. They find ways to lure victims by posing as someone familiar or with a believable story or email. Protecting your personal and business data is crucial. If the person asking for specific information, such as bank account numbers, social security numbers or other personally identifiable information is legitimate, they will not mind if you take extra time to verify their business or identity.

Taxpayer Identity Theft

The convenience of filing taxes electronically has also increased opportunities for tax-related identity theft and fraudulent tax returns and refunds. The IRS created a taxpayer guide to identity theft that includes a list of scenarios for you to be aware of if you suspect a possible tax-related identity theft:

  • You get a letter from the IRS inquiring about a suspicious tax return that you did not file.
  • You can’t e-file your tax return because of a duplicate Social Security number.
  • You get a tax transcript in the mail that you did not request.
  • You get an IRS notice that an online account has been created in your name.
  • You get an IRS notice that your existing online account has been accessed or disabled when you took no action.
  • You get an IRS notice that you owe additional tax or refund offset, or that you have had collection actions taken against you for a year you did not file a tax return.
  • IRS records indicate you received wages or other income from an employer you didn’t work for.
  • You’ve been assigned an Employer Identification Number, but you did not request an EIN.


As always, should you have questions about cybersecurity or any other topics related to your personal or business situation, please contact us at any time.

DISCLAIMER: The WM Daily Update, WM Wednesday Wisdom, Newsletters, COVID-19 Business Resources, COVID-19 Client News Alerts and other related communications are intended to provide general information on legislative COVID-19 relief measures as of the date of this communication and may reference information from reputable sources. Although our firm has made every reasonable effort to ensure that the information provided is accurate, we make no warranties, expressed or implied, on the information provided. As legislative efforts are still ongoing, we expect that there may be additional guidance and clarification from regulators that may modify some of the provisions in this communication. Some of those modifications may be significant. As such, be aware that this is not a comprehensive analysis of the subject matter covered and is not intended to provide specific recommendations to you or your business with respect to the matters addressed.

Additional resources:

Department of Homeland Security Kicks Off Cybersecurity Awareness Month