The ATO is urging tax professionals to be more vigilant when it comes to protecting client information, both on and offline.
Research by tech firm Tenable indicates that cybersecurity incidents increased during 2021. According to their findings, over 40 billion records were exposed from 1,825 data breach incidents. More than double the 730 incidents identified in 2020. Of the incidents in 2021, 236 occurred within APAC, resulting in the exposure of some 3.5 billion records. This makes up 8.6% of the global findings. Problems with ransomware and unsecured cloud databases were found to be the major contributors to this problem, accounting for about 41% of APAC breaches.
It has been found that there are both cyber and physical threats that could make such information vulnerable. The Australian Tax Office (ATO) is recommending adhering to the Australian Cyber Security Centre’s (ACSC) Essential 8 guidelines. These mitigation strategies are designed to help organisations make it harder for adversaries to compromise systems.
To limit the risk of cyber threats, the ACSC commends only allowing the use of the latest release of operating systems and ensuring patching for vulnerabilities be carried out quickly. For internet-facing infrastructure, they advise patches to be done within 48 hours where an exploit exists. The use of a vulnerability scanner is also on the checklist. This will help to identify missing patches in operating systems and applications, though the frequency of scans will depend on the maturity level of the organisation.
The ATO has said that physical threats like break-ins can also cause sensitive data to be exposed to criminals who could then use it to attempt tax-related frauds. The ACSC checklist recommends such measures as installing extra locks, surveillance cameras, and alarms as ways to mitigate such risks. It also advises that previous employee’s access to systems be removed by the end of their employment and that portable devices like laptops and mobiles that are connected to systems that contain client information be properly secured.
Other prescribed measures include enabling locking of computer screens when not in use, minimising of paper records and using a secure record destruction service when destroying sensitive documents. Tax professionals are also being advised to ensure they do not leave behind any paperwork when meeting clients at public venues.
If there is any incident that involves the possible loss of client data, the ATO has asked that it be informed urgently. This may result in withdrawal of access to ATO systems until the breach is remedied. Tax professionals are also being urged to inform and encourage their clients to notify them in the event they detect any suspicious activity or communication regarding their tax or super affairs.
How to reduce the impact when a cyber attack occurs
Although they can be very good at preventing a cyber attack in most cases, antivirus software, firewall and IT Support are not 100% effective against cyber criminals.
Standard business insurance often does not cover you in the event of a cyber attack and antivirus software will not help to recover your firm’s expenses.
Cyber Shield is a comprehensive cyber insurance solution designed to protect your accounting firm against the detrimental effects following a cyber attack.
The benefits of Cyber Shield:
- Designed specifically for accounting firms, the cover is relevant to the needs of the profession.
- Competitive premiums are a certainty.
- Cover is comprehensive, ranging from data recovery to privacy regulatory defence costs, plus much more.
Without Cyber Shield, your accounting firm could incur significant operating downtime and substantial expenses to recover lost data and restore your client’s confidence.
Want an obligation-free quote?
Arrange for the Accountancy Insurance team to contact you to find out more or to receive your obligation free quote.
Alternatively, you can complete a Cyber Shield Application Form. Once you have completed each question and submitted the form, a member of the Professional Risks team will be in touch with you.
Karen McDonald | Associate Director – Professional Risks, Accountancy Insurance
- Tax organisations urged to better safeguard client information - 7 February 2022
- Ransomware –Are you the Next Target? - 7 September 2021
- New year, same grim reality for cybercrime in Australia - 18 January 2018