Tax Organisations Urged To Better Safeguard Client Information

Recent research by tech firm Tenable indicates that cybersecurity incidents increased during 2021. According to their findings, over 40 billion records were exposed from 1,825 data breach incidents. More than double the 730 incidents identified in 2020. Of the incidents in 2021, 236 occurred within APAC, resulting in the exposure of some 3.5 billion records. This makes up 8.6% of the global findings. Problems with ransomware and unsecured cloud databases were found to be the major contributors to this problem, accounting for about 41% of APAC breaches.

The Australian Tax Office (ATO) is consequently urging tax professionals to be more vigilant when it comes to protecting client information, both on and offline. It has been found that there are both cyber and physical threats that could make such information vulnerable. The ATO is recommending adhering to the Australian Cyber Security Centre’s (ACSC) Essential 8 guidelines. These mitigation strategies are designed to help organisations make it harder for adversaries to compromise systems.

To limit the risk of cyber threats, the ACSC commends only allowing the use of the latest release of operating systems and ensuring patching for vulnerabilities be carried out quickly. For internet-facing infrastructure, they advise patches be done within 48 hours where an exploit exists. The use of a vulnerability scanner is also on the checklist. This will help to identify missing patches in operating systems and applications, though the frequency of scans will depend on the maturity level of the organisation.

The ATO has said that physical threats like break-ins can also cause sensitive data to be exposed to criminals who could then use it to attempt tax-related frauds. The ACSC checklist recommends such measures as installing extra locks, surveillance cameras, and alarms as ways to mitigate such risks. It also advises that previous employees access to systems be removed by the end of their employment and that portable devices like laptops and mobiles that are connected to systems that contain client information be properly secured.

Other prescribed measures include enabling locking of computer screens when not in use, minimising of paper records and using a secure record destruction service when destroying sensitive documents. Tax professionals are also being advised to ensure they do not leave behind any paperwork when meeting clients at public venues.

If there is any incident that involves the possible loss of client data, the ATO has asked that it be informed urgently. This may result in withdrawal of access to ATO systems until the breach is remedied. Tax professionals are also being urged to inform and encourage their clients to notify them in the event they detect any suspicious activity or communication regarding their tax or super affairs.

 


Protect your firm

The fact is, cyber attacks are on the rise and are a constant threat. There is no fool-proof solution against cybercrime, and traditional insurance policies provide limited or no cover for cyber related attacks. That is where Accountancy Insurance’s Cyber Shield comes in. Cyber Shield is designed specifically for accounting firms in order to provide prompt assistance with comprehensive coverage.

 


Want an obligation-free quote?

Complete a Cyber Shield Application Form. Once you have completed each question and submitted the form, a member of the Professional Risks team will be in touch with you.

Share