The Tax Office said the new year brings an important time for tax professionals to address protection measures they have in place within their office – both in an online and real-world environment. This, it said, will help ensure business and client information doesn’t fall victim to both cyber and physical threats.
“The Australian Cyber Security Centre’s (ACSC) Essential Eight contains baseline mitigation strategies to protect your systems from common cyber threats,” the ATO said.
“You should also be aware of physical threats, because if your practice experiences a break-in, it may result in criminals stealing sensitive information to attempt tax-related fraud.”
To help ensure they have appropriate security standards in place, the ATO encouraged professionals to look to the ACSC’s checklist.
The checklist calls on professionals to review your physical security and consider installing alarms, surveillance cameras or additional locks for your premises; confirm previous employees’ access to your systems and premises is removed as soon as they leave your employment; and secure portable devices that contain client information, like laptops and tablets.
Further, the checklist calls on professionals to check all computers and other devices have up-to-date security controls and software, and install any system updates straight away; lock computer screens and make sure no paperwork is left behind when you meet clients in public places; ensure records are destroyed using a secure record destruction service; and minimise paper records and keep them in secure, locked cabinets or secure offsite storage.
“Encourage your clients to report any suspicious activity or communication in relation to their tax and super affairs to you and us as soon as practical,” the ATO continued.
“If you experience a break-in, report it to the police and contact us as soon as possible on 1800 467 033 between 8.00am and 6.00pm AEDT, Monday to Friday. Early contact enables us to help you apply measures to protect your business, staff and clients.
“Depending on the risk associated with the incident if there is a loss of client data, we may need to withdraw your access to our systems while the breach is remediated.
“You should also advise the Tax Practitioners Board when a breach has occurred, so they can advise you in relation to your obligations under the Code of Professional Conduct.”
And who phone up and say “I’m from the ATO and want to discuss so and so client”. What proof that they are from the ATO? Yet we have to give our tax agent number, client tfn or abn before they’ll speak to us.
Rich from the ATO who have, in the past, asked practitioners to not send password protected documents and still regularly rely on faxes, snail mail and carrier pigeon…