The Tax Office said the new year brings an important time for tax professionals to address protection measures they have in place within their office – both in an online and real-world environment. This, it said, will help ensure business and client information doesn’t fall victim to both cyber and physical threats.
“The Australian Cyber Security Centre’s (ACSC) Essential Eight contains baseline mitigation strategies to protect your systems from common cyber threats,” the ATO said.
“You should also be aware of physical threats, because if your practice experiences a break-in, it may result in criminals stealing sensitive information to attempt tax-related fraud.”
To help ensure they have appropriate security standards in place, the ATO encouraged professionals to look to the ACSC’s checklist.
The checklist calls on professionals to review your physical security and consider installing alarms, surveillance cameras or additional locks for your premises; confirm previous employees’ access to your systems and premises is removed as soon as they leave your employment; and, secure portable devices that contain client information, like laptops and tablets.
Further, the checklist calls on professionals to check all computers and other devices have up-to-date security controls and software, and install any system updates straight away; lock computer screens and make sure no paperwork is left behind when you meet clients in public places; ensure records are destroyed using a secure record destruction service; and, minimise paper records and keep them in secure, locked cabinets or secure offsite storage.
“Encourage your clients to report any suspicious activity or communication in relation to their tax and super affairs to you and us as soon as practical,” the ATO continued.
“If you experience a break-in, report it to the police and contact us as soon as possible on 1800 467 033 between 8.00am and 6.00pm AEDT, Monday to Friday. Early contact enables us to help you apply measures to protect your business, staff and clients.
“Depending on the risk associated with the incident if there is a loss of client data, we may need to withdraw your access to our systems while the breach is remediated.
“You should also advise the Tax Practitioners Board when a breach has occurred, so they can advise you in relation to your obligations under the Code of Professional Conduct.”
Emma Ryan is the deputy head of content at Momentum Media and editor of the company's legal publication, Lawyers Weekly.
Emma has worked for Momentum Media since 2015 and has been responsible for breaking some of the biggest stories in corporate Australia. In addition, she has produced exclusive multimedia and event content related to the company's respective brands and audiences.
A journalist by training, Emma has spent her career connecting with key industry stakeholders across a variety of platforms, including online, podcast and radio. She graduated from Charles Sturt University with a Bachelor of Communications (Journalism).