ICB is a member of the ATO Cyber Security Working Group. Its aim is to enhance the security aspects of all those dealing with the ATO especially in respect to software.
Every year we see incidents where individuals and businesses become victims of identity fraud. Criminals may lodge fraudulent returns and obtain fraudulent refunds by accessing your own and your clients' information.
To reduce the risk of fraud in your practice:
- Check the proof of identity for all new clients and question discrepancies before you prepare and lodge their returns
- Ensure your computer security systems are up to date and you are protected against cyber attacks
- Talk to your clients and staff about the importance of keeping personal information secure (including user IDs and passwords)
- Use unique Passwords for each staff member
- report the loss or theft of a TFN, ABN, AUSkey or any other client data without delay.
Criminals may also send you or your clients fraudulent communications that claim to be from the ATO. Find out how to verify or report a scam.
If your identity has been compromised or your system has compromised the identity of others refer to resources available at www.idcare.org.
What questions do you have or what guidance do you require in relation to the prevention of cyber fraud?
The ATO is seeking to hold workshops with members of tax professional associations regarding cyber security prevention and response strategies.
At this workshop they hope to gain input from participating tax professionals on the following:
- Level of awareness and concern related to cyber security
- Business impacts of setting cyber security protection expectations
- What expectations would be feasible
- How do we build a culture of early engagement when a data breach occurs
- Methods of responding to data breaches and incident management best practice
From this discussion they will draft a list of minimum cyber security standards for tax professionals and proposed data breach notification and response principles.
Interested members should raise their availability to be involved during June with Matthew@icb.org.au.
Further Information Extracted from the ASIC Cyber Resilience Health Check (Report 429)
If you are game the full report is available at ASIC - Cyber Resilience Heath Check Report.
The National Institute of Standards and Technology (NIST) Cybersecurity Framework Core is a set of activities to achieve specific cyber security outcomes, established through five concurrent and continuous functions: