ATO and TPB
The Australian Taxation Office (ATO) and Tax Practitioners Board (TPB) members shared their current areas of focus in relation to cyber security for tax professionals.
The ATO continues work in relation to scams and particularly, the risk to identity theft and compromised identities. Messaging around these topics will be pushed through communications channels increasingly in the lead up to and throughout tax time.
The ATO has updated its website content on top cyber security tips for businesses advice, including tax professionals based on information from the Australian Cyber Security Centre.
The TPB recently held webinars for tax practitioners where the linkage between cyber security practices and obligations to protect client privacy were noted.
Both the ATO and the TPB are revisiting their organisational cyber security strategies to ensure alignment with the overarching Australian Government Cyber Security Strategy.
Member comments
It was noted that, while tax professionals do face challenges in relation to cyber security, they are generally at the same level of awareness and education with other industries in this respect.
External members of the group shared views on relevant emerging issues, behaviours, threats or concerns regarding cyber security in the tax profession.
A discussion about how the working group can better gauge the level of awareness and understanding of the tax profession was undertaken so the ATO can target activities better.
Members highlighted the sophistication and evolution of cyber attackers, and the importance of sharing newer trends in scams with tax professionals
Social engineering deep-dive
Key areas of focus have been identified and prioritised by the group in previous meetings and are to be considered in a series of deep-dive discussions. This deep-dive discussion was on the topic of social engineering.
A very common example of social engineering impacting tax professionals is phishing via emails, calls and texts. This is often accompanied by a sense of urgency to encourage quick engagement.
Social engineering is an issue that focuses on the individual level, so it is important all members of tax practices are aware of the risks.
Some prevention tips were discussed and shared between members; think before you click and check URLs, setting up multi-factor authentication and anti-phishing codes, and using digital identity. Scams and phishing attempts should be reported to ScamWatch, Report a scamExternal Link.
The group are considering what additional communication, and education can be undertaken outside standard channels to ensure messaging around cyber security reaches a broad range of the tax professional population.