Tax season is prime time for thieves looking for the sensitive information needed to steal someone’s identity.

As businesses compile and evaluate highly confidential tax documents, their sensitive business and customer data can be exposed to an increased risk of fraud, says document destruction company Shred-it.

Here are five tips to evade the fraudsters.

1. Have a document retention policy

Risk: Businesses may not know how long they’re required to retain confidential financial, employee and company data.

Solution: Having a document retention policy ensures physical and digital documents are not held onto for appropriate periods (CRA suggests six years). All documents should be kept in secure, locked locations or stored digitally in password-protected files before they’re slated for destruction. Documents should be disposed of securely.

Read: IRS scammers target man who cons them back

2. Be skeptical of official emails

Risk: Identity thieves and fraudsters often capitalize on tax season by impersonating government agencies, such as the CRA or banks, to request private account information. These fraudulent communications are designed to look legitimate and may insist that this information is needed for the organization to receive a refund or to avoid serious penalties. They may also urge the employee to visit a fake site where they are then asked to verify their identity by entering confidential information.

Solution: Legitimate organizations will not expect you to send personal information by email or online. Account or credential information should never be entered into a link from an email, even if the site appears to be a credible source’s website. It is always a best practice to navigate to a secure site from your bookmarks or by typing in the website directly.

Read: Tax fraudsters posing as officers, warn Toronto-area police

3. Be conscientious when copying documents

Risk: As employees prepare the necessary information to complete a tax filing, confidential documents are often pulled from various locations and digital copies are frequently printed. Sometimes loose paperwork is stored on desktops or left at printing stations, making it vulnerable to snooping and data theft, and available to outside staff such as cleaners and building maintenance.

Solution: Institute a clear-desk policy and provide lockable storage units for employees. Requiring employees to use a security code to complete a print job also ensures that confidential documents are not forgotten at printing stations.

Read: IIROC’s guide to boosting cyber security

4. Be secure when working from home

Risk: Preparing for tax season can result in employees having to work late. Laptops, tablets, smart phones and external hard drives allow employees to work off-site, meaning an immense amount of confidential information is leaving the office with them.

Solution: Employees take appropriate precautions when removing any data from their workplaces. They must not leave hardware or materials in vehicles, should encrypt phones and hard drives, and activate passwords on electronic devices. Once out of use, devices should be securely destroyed.

Read: 5 cyber security trends affecting businesses

5. Watch out for digital weaknesses

Risk: The move toward digital and cloud-based storage puts organizations at higher risk as they can easily be accessed by hackers or lost. Additionally, using a common password that multiple people know increases vulnerability to fraud.

Solution: All devices should be encrypted. Create long and strong passwords, with a mix of numbers, symbols, uppercase and lowercase letters that are routinely changed and kept private. It is also important to keep track of where all storage devices are at any given time. Robust policies and procedures can help protect an organization from a data breach.