📺 Stream EntrepreneurTV for Free 📺

Don't Despair, ID Theft Is Not Inevitable Can one person protect their data when governments and large corporations routinely report cyberthefts? Actually, you can.

By Tom Pageler Edited by Dan Bova

entrepreneur daily

Opinions expressed by Entrepreneur contributors are their own.


It used to be that the only certainties in life were death and taxes. Now, with malware spam, identity theft and fraud becoming so pervasive, it seems inevitable that we will each experience some form of cyber attack in our lifetime. While death and taxes remain unavoidable realities, the good news is that you can protect yourself, your data and your ID.

Sure, bad guys always have motive, means and opportunity, but at tax time you should be on even higher alert to safeguard your personal data and ID. Cyber threats are pervasive, sophisticated and more organized than ever before.

More than 17 million U.S. residents age 16 or older — or about 7 percent — were victims of ID theft in 2014, according to the Bureau of Justice Statistics. And nearly half of small businesses have experienced cyber attacks, according to the BJS.

Cyber thieves can piece together your personal information from accessible public records, social media accounts and more. With that in mind, here is a three-step guide for consumers and small businesses to maintain privacy, security and trust during tax season.

1. Who wants to know.

Determine whether you actually need to provide sensitive information such as your Social Security number to someone. If they're doing your taxes, of course you do. Tax authorities and some other government agencies including state Departments of Motor Vehicles, can require it. Others might request it, but that does not mean you must provide it.

The federal Privacy Act says you can't be denied a local government service if you refuse to provide your SSN, but there are restrictions. The Privacy Rights Clearinghouse has a good FAQ on the topic.

Similarly, there aren't as many private businesses entitled to your SSN as you might think. You must provide it in the case of a transaction that involves an IRS notification, or for a financial transaction that's subject to federal customer ID program rules (like for a home or auto loan, credit check, etc.) but that's it.

The federal Affordable Care Act requires SSNs as part of IRS notification rules in the healthcare industry. But cyber-attacks are growing into a major issue here, as well, to the point that companies including Aetna are advocating a reduction in the use of SSNs. (Aetna has some helpful guidelines for providing private information securely.)

The bottom line is you must provide an SSN when: 1) dealing with the IRS 2) completing a credit application 3) dealing with some government agencies including Medicare, state DMVs and public schools and universities. Otherwise, private entities are free to ask you for an SSN, but that doesn't mean you have to provide it. Instead, ask why it's needed, and don't give out your SSN unless it is required or to your benefit.

Related: 3 Simple Precautions for Protecting Your Personal Data in the Cloud

2. Who can you trust.

Organizations should earn your trust in order for you to share your sensitive personal information with them.

Take a few minutes to check on:

  • Web site security. Banks, major e-commerce sites and most social network sites use encryption. You can easily see if the site you're on is encrypted. Is there a small image of a padlock in your browser when you are on the site and does the web address begin with "https"? Both are indications that the site you are on encrypts your information in order to protect it. Some sites may appear similar to trusted sites by using similar names in their links, sometimes changing the .com for another domain, so make sure to verify the correct URL before entering passwords or sensitive data.
  • Suspicious emails. Don't click on links in emails from untrusted email senders. And be wary of emails that look like those that come from a trusted source but in fact are "phishing" attempts to get at your personal information. Big red flags include misspellings in the body or subject header of the email, or an attempt to pressure you into responding "immediately."
  • If you are going to be transacting with a website, you'll want to make sure it is a trusted steward of your data. Take a few minutes to research how the entity you're engaging with will protect your data. the best websites, and especially those who deal with your private information, data and documents,, have sections devoted to privacy, security and/or trust

3. Passwords and authentication.

Be an active manager of your login and credentials for the sites where you transact business:

  • Enable multifactor authentication when it's available. Major financial institutions and web services including Google and Microsoft offer two-factor authentication before permitting a log-in. It's not as complicated as it sounds. Essentially, the site will send a text code to your mobile device which you use to authorize and complete your log in.
  • Use different passwords for each website, online service and platform. Come up with several strong, differing passwords that you can adjust across the sites you frequent. You can write these down to keep track of them, but keep the list away from your computer and store it somewhere safe in your home or office (e.g. in a safe).
  • Consider a password-management app. If keeping up with multiple passwords feels like too much work, use one of the popular password management apps available for your browser or mobile device.

Related: 5 Apps That Never Forget Your Passwords and Require You to Remember Just One

Taxes are one of life's certainties. ID theft doesn't have to be. With a few simple steps to safeguard your own sensitive data, documents and passwords – and ensure that others do too.

Tom Pageler

Chief Risk Officer at DocuSign

Tom Pageler is Chief Risk Officer at DocuSign, the global standard for Digital Transaction Management. He previously served as a Special Agent with the U.S. Secret Service where he established the San Francisco Electronic Crimes Task Force and was responsible for identifying, apprehending and extraditing leaders of a large organized crime ring in the Eastern Bloc.

During he Secret Service career, Pageler provided physical security for the President of the United States, the Vice President, their families and foreign heads of state.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Side Hustle

These Coworkers-Turned-Friends Started a Side Hustle on Amazon — Now It's a 'Full Hustle' Earning Over $20 Million a Year: 'Jump in With Both Feet'

Achal Patel and Russell Gong met at a large consulting firm and "bonded over a shared vision to create a mission-led company."

Business News

These Are the 10 Most Profitable Cities for Airbnb Hosts, According to a New Report

Here's where Airbnb property owners and hosts are making the most money.

Side Hustle

How to Turn Your Hobby Into a Successful Business

A hobby, interest or charity project can turn into a money-making business if you know the right steps to take.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.


Want to Be More Productive? Here's How Google Executives Structure Their Schedules

These five tactics from inside Google will help you focus and protect your time.

Starting a Business

This Couple Turned Their Startup Into a $150 Million Food Delivery Company. Here's What They Did Early On to Make It Happen.

Selling only online to your customers has many perks. But the founders of Little Spoon want you to know four things if you want to see accelerated growth.