According to the Australian Cyber Security Centre, over 6 million Australian adults were impacted by cybercrime last year, with the ATO reporting that over 81,000 scams were reported in 2017–18.
As part of Stay Smart Online Week 2018, the Tax Office has provided some simple steps that tax professionals can take to improve the safety of their firm.
In August this year, the Office of the Australian Information Commissioner (OAIC) published its first full quarterly statistical information about notifications received under the Notifiable Data Breaches (NDB) scheme, since it commenced on 22 February 2018.
The accounting and financial industries accounted for a combined 56 out of 242 notifications of data breaches, just below the health service sector, with a vast majority due to malicious or criminal attack, as well as human error.
Speaking to Accountants Daily, Smithink director, David Smith said the statistics prove that accountants are increasingly targeted, highlighting the need to implement safety measures.
“The crooks out there have realised that accountants are a treasure trove of fantastic information to steal identities and the crooks out there are visibly attacking accounting firms,” said Mr Smith.
“The vast majority of firms have never had a problem and there’s an ominous saying ‘she'll be right, mate’ where they haven’t had a problem so they think that they will continue to be fine.
“To a certain extent too, many firms probably think they are a small accounting firm, I’m a bit of a small target, no one would want to come after me but the evidence is that the hackers around the world are targeting the accounting profession, not just in Australia but elsewhere because of the treasure trove of data that they've got and they seem to be a bit of a weak link.”
To combat the trend, Mr Smith suggests firms start with the basics, while ramping up education for staff members to drill home the importance of cybersecurity.
“I think a lot of firms are still tripping up with the basics, things like ensuring that they’ve got strong passwords, that the passwords are changed regularly, that they’ve enabled two-factor authentication, that they’ve got all their malicious software scans happening on both their computers and mobile devices, and that they have encrypted all of their drives on their laptops and mobile devices,” he said.
“There needs to be a very concerted campaign to train their people and I’m not seeing many accounting firms do that.”