Get All Access for $5/mo

Don't Despair, ID Theft Is Not Inevitable Can one person protect their data when governments and large corporations routinely report cyberthefts? Actually, you can.

By Tom Pageler Edited by Dan Bova

Opinions expressed by Entrepreneur contributors are their own.

Shutterstock

It used to be that the only certainties in life were death and taxes. Now, with malware spam, identity theft and fraud becoming so pervasive, it seems inevitable that we will each experience some form of cyber attack in our lifetime. While death and taxes remain unavoidable realities, the good news is that you can protect yourself, your data and your ID.

Sure, bad guys always have motive, means and opportunity, but at tax time you should be on even higher alert to safeguard your personal data and ID. Cyber threats are pervasive, sophisticated and more organized than ever before.

More than 17 million U.S. residents age 16 or older — or about 7 percent — were victims of ID theft in 2014, according to the Bureau of Justice Statistics. And nearly half of small businesses have experienced cyber attacks, according to the BJS.

Cyber thieves can piece together your personal information from accessible public records, social media accounts and more. With that in mind, here is a three-step guide for consumers and small businesses to maintain privacy, security and trust during tax season.

1. Who wants to know.

Determine whether you actually need to provide sensitive information such as your Social Security number to someone. If they're doing your taxes, of course you do. Tax authorities and some other government agencies including state Departments of Motor Vehicles, can require it. Others might request it, but that does not mean you must provide it.

The federal Privacy Act says you can't be denied a local government service if you refuse to provide your SSN, but there are restrictions. The Privacy Rights Clearinghouse has a good FAQ on the topic.

Similarly, there aren't as many private businesses entitled to your SSN as you might think. You must provide it in the case of a transaction that involves an IRS notification, or for a financial transaction that's subject to federal customer ID program rules (like for a home or auto loan, credit check, etc.) but that's it.

The federal Affordable Care Act requires SSNs as part of IRS notification rules in the healthcare industry. But cyber-attacks are growing into a major issue here, as well, to the point that companies including Aetna are advocating a reduction in the use of SSNs. (Aetna has some helpful guidelines for providing private information securely.)

The bottom line is you must provide an SSN when: 1) dealing with the IRS 2) completing a credit application 3) dealing with some government agencies including Medicare, state DMVs and public schools and universities. Otherwise, private entities are free to ask you for an SSN, but that doesn't mean you have to provide it. Instead, ask why it's needed, and don't give out your SSN unless it is required or to your benefit.

Related: 3 Simple Precautions for Protecting Your Personal Data in the Cloud

2. Who can you trust.

Organizations should earn your trust in order for you to share your sensitive personal information with them.

Take a few minutes to check on:

  • Web site security. Banks, major e-commerce sites and most social network sites use encryption. You can easily see if the site you're on is encrypted. Is there a small image of a padlock in your browser when you are on the site and does the web address begin with "https"? Both are indications that the site you are on encrypts your information in order to protect it. Some sites may appear similar to trusted sites by using similar names in their links, sometimes changing the .com for another domain, so make sure to verify the correct URL before entering passwords or sensitive data.
  • Suspicious emails. Don't click on links in emails from untrusted email senders. And be wary of emails that look like those that come from a trusted source but in fact are "phishing" attempts to get at your personal information. Big red flags include misspellings in the body or subject header of the email, or an attempt to pressure you into responding "immediately."
  • If you are going to be transacting with a website, you'll want to make sure it is a trusted steward of your data. Take a few minutes to research how the entity you're engaging with will protect your data. the best websites, and especially those who deal with your private information, data and documents,, have sections devoted to privacy, security and/or trust

3. Passwords and authentication.

Be an active manager of your login and credentials for the sites where you transact business:

  • Enable multifactor authentication when it's available. Major financial institutions and web services including Google and Microsoft offer two-factor authentication before permitting a log-in. It's not as complicated as it sounds. Essentially, the site will send a text code to your mobile device which you use to authorize and complete your log in.
  • Use different passwords for each website, online service and platform. Come up with several strong, differing passwords that you can adjust across the sites you frequent. You can write these down to keep track of them, but keep the list away from your computer and store it somewhere safe in your home or office (e.g. in a safe).
  • Consider a password-management app. If keeping up with multiple passwords feels like too much work, use one of the popular password management apps available for your browser or mobile device.

Related: 5 Apps That Never Forget Your Passwords and Require You to Remember Just One

Taxes are one of life's certainties. ID theft doesn't have to be. With a few simple steps to safeguard your own sensitive data, documents and passwords – and ensure that others do too.

Tom Pageler

Chief Risk Officer at DocuSign

Tom Pageler is Chief Risk Officer at DocuSign, the global standard for Digital Transaction Management. He previously served as a Special Agent with the U.S. Secret Service where he established the San Francisco Electronic Crimes Task Force and was responsible for identifying, apprehending and extraditing leaders of a large organized crime ring in the Eastern Bloc.

During he Secret Service career, Pageler provided physical security for the President of the United States, the Vice President, their families and foreign heads of state.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Starting a Business

From Side Gig to 6-Figure Success — How I Built a Thriving Home-Based Business as a Busy Family Man

I've made over $17,000,000 for clients worldwide and brought in multiple six figures for myself, all while barely leaving my kitchen.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Side Hustle

After Being Laid Off, He Started a Side Hustle With Facebook. It Made Almost $3 Million Last Year: 'I Bought My Mom a $50,000 SUV.'

Carlos Ugalde, founder of House of Chingasos, didn't know anything about digital marketing — but he dove in anyway.

Franchise

Expanding Your Franchise Overseas Can Make You Millions — Or Tank Your Profits If You Don't Consider These Risks.

Deciding to expand your franchise concept internationally is a challenging one. Doing so can provide growth opportunities far beyond those in your current home market. But doing so before you're ready can create undue stress on your system. International expansion requires a full investment of time and resources to do it right; it is a serious commitment that reburies hard work, supported by a well-thought-out and well-executed game plan.

Growing a Business

How to Choose The Right Insurance Broker to Grow Your Lower to Mid-Market Company in 2025 and Beyond

Private, client-focused insurance firms matter more than ever in 2025 — here's why.