The Australian Cyber Security Centre’s (ACSC) Essential Eight contains baseline mitigation strategies to protect the systems of tax professionals from common cyber threats.
The ATO said it is vital that tax professionals also be aware of physical threats, because if a practice experiences a break-in, it may result in criminals stealing sensitive information to attempt tax-related fraud.
There are eight simple steps the ATO suggests that every practice takes to ensure they are cyber safe.
- Review physical security and consider installing alarms, surveillance cameras or additional locks for your premises.
- Confirm previous employees’ access to systems and premises is removed as soon as they leave your employment.
- Secure portable devices that contain client information, like laptops and tablets.
- Check all computers and other devices have up-to-date security controls and software, and install any system updates straight away.
- Lock computer screens and make sure no paperwork is left behind when you meet clients in public places.
- Ensure records are destroyed using a secure record destruction service.
- Minimise paper records and keep them in secure, locked cabinets or secure offsite storage.
- Encourage clients to report any suspicious activity or communication in relation to their tax and super affairs as soon as practical.
If a practice does experience a break-in, the ATO encourages it to report it to the police and contact its office as soon as possible on 1800 467 033 between 8.00am and 6.00pm AEDT, Monday to Friday.
Depending on the risk associated with the incident if there is a loss of client data, the ATO may need to withdraw access to its systems while the breach is remediated.
Practices should also advise the Tax Practitioners Board when a breach has occurred, so they can advise them in relation to their obligations under the Code of Professional Conduct.