VRC Weekly Newsletter (April 16)

Tax Season Compliance Tips, Browser Extension Risks + TUNe 2025 Recap!

Author

Junie Talisay
April 16, 2025

In partnership with

Tax Season Threats: Keep Your Financial Data Secure

Tax season is here, so are new and bigger cyber threats. Every year, organizations across industries become prime targets for cybercriminals aiming to exploit vulnerabilities during this busy period. According to recent studies, phishing attacks spike dramatically during tax season, with financial services and healthcare sectors often bearing the brunt of these malicious efforts.

Tax Season is a High-Risk Period

During tax season, businesses handle an increased volume of sensitive personal and financial data. Cybercriminals capitalize on the chaos and pressure, employing sophisticated phishing scams, malware attacks, and data breaches designed to exploit human error and overwhelmed systems.

In 2024 alone, phishing attacks surged by nearly 30% during the first quarter, making it one of the most targeted periods for financial cybercrime. According to IBM's Cost of a Data Breach Report, the average financial loss due to a breach reached $4.88 million—underscoring the urgent need for robust cybersecurity measures.

Common Tax Season Threats:

  • Phishing Emails: Fraudulent emails masquerading as tax-related communications, tricking users into revealing sensitive information.

  • Ransomware Attacks: Malicious software that locks data until a ransom is paid, threatening critical financial operations.

  • Identity Theft: Criminals using stolen personal data to file fraudulent tax returns or commit financial fraud.

IRS Reminders:

During tax season, phishing scams and fraudulent messages often pose as official IRS communications. Knowing how the IRS truly reaches out to businesses and individuals is key to staying protected.

🔍 Here’s how the IRS typically contacts you:

  • U.S. Mail: The first contact from the IRS is almost always through regular mail delivered by the U.S. Postal Service. You can verify IRS letters or notices by searching for them at IRS.gov.

  • Email: Only used with your permission, with rare exceptions such as criminal investigations.

  • Text Messages: Sent only with your permission.

  • Phone Calls: The IRS may call to verify information, discuss your case, or schedule a meeting—but not without prior communication.

  • Fax: Occasionally used to verify or request employment information.

  • In-Person Visits: These are rare and typically preceded by an official mailed notice. Learn more about how IRS employees conduct visits here.

Tax Season Best Practices:

  • Employee Training: Regular training sessions to help employees identify and respond to phishing attempts.

  • Multi-factor Authentication (MFA): Adding an additional layer of security to critical systems and data.

  • Regular Security Audits: Conducting assessments to detect and mitigate vulnerabilities before cybercriminals exploit them.

  • Encrypted Communications: Ensuring sensitive financial and personal information is encrypted both at rest and in transit.

  • Data Backup and Recovery Plans: Implementing strong backup solutions to quickly restore operations if an incident occurs.

VanRein Compliance: Your Partner in Financial Cybersecurity

At VanRein Compliance, we understand that your data security needs intensify during tax season. Our specialized training programs, including PCI Compliance, Cybersecurity, and our advanced Phishing Simulator, are designed to empower your teams with the knowledge and tools to prevent and mitigate cyber threats effectively.

  • PCI Compliance Course: Ensures secure handling of financial transactions.

  • Cybersecurity Course: Provides essential insights to safeguard sensitive data.

  • Phishing Simulator: Offers realistic and interactive simulations, teaching your team how to recognize and resist phishing attempts, significantly reducing your organization's vulnerability.

Tax season doesn't have to be synonymous with cybersecurity stress. Equip your organization today and transform your tax season from vulnerable to secure.

Start learning AI in 2025

Everyone talks about AI, but no one has the time to learn it. So, we found the easiest way to learn AI in as little time as possible: The Rundown AI.

It's a free AI newsletter that keeps you up-to-date on the latest AI news, and teaches you how to apply it in just 5 minutes a day.

Plus, complete the quiz after signing up and they’ll recommend the best AI tools, guides, and courses – tailored to your needs.

Browser Extensions: The Helpful Headache

Browser extensions are a very common work tool these days. Extensions boost productivity and streamline workflows, but they come with significant risks. However, the 2025 Enterprise Browser Extension Security Report released on April 15, 2025 reveals alarming insights that businesses need to be aware of to protect their sensitive data.

The Growing Risks of Browser Extensions

1. Extension Ubiquity & Risk Exposure
Nearly all enterprise employees (99%) utilize browser extensions, and over half (52%) have installed more than ten extensions. This widespread usage substantially increases the organization's exposure to potential cybersecurity threats.

2. Access to Sensitive Data
Alarmingly, 53% of installed extensions have permissions to access sensitive data, such as passwords, cookies, browsing history, and even confidential business information. This level of access means that a compromised extension can swiftly escalate to an enterprise-wide breach.

3. Unclear Origins and Publishers
More than half (54%) of extensions are published by unknown entities, often identifiable only via personal email accounts. Furthermore, 79% of these publishers have produced only a single extension, complicating efforts to assess reputability and legitimacy effectively.

4. GenAI Extensions: A Growing Concern
Extensions utilizing generative AI (GenAI) present a rapidly escalating risk. More than 20% of enterprise users currently have at least one GenAI extension installed, with 58% possessing high-risk permissions. Clear organizational policies on the use and data-sharing capabilities of these extensions are urgently needed.

5. Outdated and Sideloaded Extensions
Over half (51%) of installed extensions haven't been updated in over a year, presenting vulnerabilities that could be exploited by attackers. Additionally, 26% of extensions used in enterprises are sideloaded, bypassing security checks typically enforced by browser extension stores.

How Businesses Can Mitigate These Risks:

  • Conduct Regular Audits: Routinely review and audit installed browser extensions to identify and remove unauthorized or unnecessary tools.

  • Implement Extension Policies: Clearly define acceptable extensions and manage permissions through centralized IT administration.

  • Educate Employees: Train employees on the risks associated with browser extensions and the importance of cautious installation practices.

  • Stay Updated: Encourage regular updates or replacements for outdated extensions to patch security vulnerabilities promptly.

VanRein Compliance: Helping You Stay Ahead of Emerging Risks

At VanRein Compliance, we help businesses manage and secure their digital environments through a proactive and policy-driven approach to cybersecurity. Whether you're in a HIPAA-covered entity or operating under SOC 2 requirements, we guide your organization in developing real-world browser policies, training employees, and maintaining a risk-based approach to third-party tools—like browser extensions.

By partnering with VanRein, you gain access to:

  • Expert-driven cybersecurity awareness training

  • Policy and procedure development aligned with HIPAA, SOC 2, and ISO 27001

  • Vendor and application risk management support

Secure your organization's browser environment today—because effective cybersecurity starts with awareness and proactive management.

VRC at TUNe 2025: Connecting, Collaborating, and Sharing Compliance Expertise

We’ve just wrapped up an amazing time at TUNe 2025, held April 13–15 in Virginia Beach, VA, and we’re still buzzing from the energy, conversations, and connections!

Attending the TUNe Annual Conference gave our team the chance to meet passionate professionals in the Telephone Answering Service and Communications industry, hear real-world challenges, and share how compliance can become less of a burden—and more of a business advantage.

At the VanRein booth, we had a blast offering:

  • 🎁 Fun giveaways and swag

  • 🔍 1:1 consultations on HIPAA, SOC 2, ISO, cybersecurity, and vendor risk

  • 💬 Live discussions on simplifying compliance processes

  • 🎉 Special promos just for attendees

Conferences like TUNe aren’t just about being present—they’re about showing up for our community. We’re proud to continue building strong relationships and helping businesses of all sizes stay audit-ready, secure, and confident in their compliance journey.

Missed us at the booth? We’d still love to connect! Whether you’re a current client or exploring solutions, let’s keep the conversation going. Let’s make compliance simple, proactive, and powerful—together.