Cyber security continues to be a major consideration for businesses that are more and more relying on online activity. It is important you keep all your business and client information secure. If your data is lost or compromised, it can be very difficult or very costly to recover it.
The Australian Tax Office (ATO) has put together a list of tips in consultation with the Cyber Security Working Group (CSWG). This is a group of tax practitioner-industry groups and other industry partners, such as software developer associations. CSWG are working with the ATO to combat the growing threat of identity theft and cybercrime.
Cyber Security Working Group
The Cyber Security Working Group comprises the ATO, tax practitioner-industry groups, and other industry partners including:
- The Tax Institute
- Tax Practitioners Board
- CPA Australia
- Institute of Public Accountants
- Australian Business Software Industry Association
- Chartered Accountants Australia and New Zealand
- Institute of Certified Bookkeepers
You can read all the tips on the ATO website but here is a summary of some of them:
7 cyber security tips
Ensure your passwords are strong and secure.
Use multi-factor authentication where possible. Regularly change passwords, and do not share them. Multi-factor authentication requires users to provide multiple pieces of information to authenticate themselves. For example, a text message sent to your phone when logging in to a website. As a business owner, remember that multi-factor authentication puts an additional layer of security on your accounts. This makes it harder for others to access your account. Strong passwords with a mix of upper and lower case letters, numbers, and symbols are harder to hack.
Remove system access from people who no longer need it.
Immediately remove access for people who no longer work for your business or have changed positions and no longer require access. Unauthorised access to systems by past employees is a common cause of identity security or fraud issues for businesses.
Ensure all devices have the latest available security updates.
Run weekly anti-virus and malware scans and have up-to-date security software. Instances of malicious software (malware) are increasing. It can be easy to inadvertently click on an email or website link which can infect your computer. In some instances, your device may be impacted by ransomware.
Ransomware can lock your computer until you pay a fee to criminals.
Do not use USBs or external hard drives from an unfamiliar source.
USBs and external hard drives may contain malware, which can infect your business computers without you noticing. This can cost your business a lot of money to repair the damage. Stolen information could be used to commit crimes, often in your business’s name.
Use a spam filter on your email account.
Do not open any unsolicited messages. Be wary of downloading attachments or opening email links you receive. They can infect your computer with malware and lead to your business or client information being used to commit fraud. Spam emails can be embedded with malware and can be used to trick you into providing information, paying fraudulent invoices or buying non-legitimate goods.
Secure your wireless network and be careful when using public wireless networks.
Avoid making online transactions while using public or complimentary wi-fi. Not all wi-fi access points are secure. By making online transactions (eg. online banking) on an unsecured network, you can put your information and money at risk.
Be vigilant about what you share on social media.
Keep your personal information private and be aware of who you are interacting with. Many businesses now have a social media presence. Much like your personal profile, you should consider what information you share. Scammers are able to take the information you publicly display and impersonate you or your business. Impersonators may send emails to trick your staff into providing valuable information or releasing funds.