For tax agents looking to safeguard their practice – and their customers – from cyber attacks, ongoing awareness training is just as critical as investing in the right technology.
Tax professionals are high on cybercriminals’ hit list as October lodgement deadlines loom, with the flurry of activity at tax time providing the perfect opportunity for scammers to steal personal and financial information.
“The big thing we’re seeing for tax agents is ransomware,” says Garrett O’Hara, chief field technologist at Mimecast.
“The two-pronged approach sees attackers not just encrypting the data, but also threatening to expose it in public. Given the sort of information that would be exchanged around tax time, that’s a huge concern.”
A new wave of brand exploitation
One of the most common in the “tsunami” of threats, O’Hara says, is link manipulation – criminals register domains similar to existing brands, tricking customers into providing information through fraudulent sites.
Website and email spoofing also see attackers clone legitimate websites and email domains, directing unsuspected clients to links that, when clicked, install malware or harvest personal details that can then be sold.
One particular email scam, payment redirection, accounted for A$128 million in lost funds in 2020 alone, according to the Australian Competition and Consumer Commission’s latest Targeting Scams report.
Mitigating cyber risk
Any business can fall victim to a cyber attack, but the risk can be reduced by investing in the right technology, starting with an email security system.
This is one of many layers of defence in place at Mimecast client Grant Thornton Australia, reveals Andrew Pritchett, Grant Thornton Australia’s chief information officer.
“The majority of mail we get is filtered out for spam, viruses and risky emails based on a score,” he says, explaining that the firm also uses targeted threat protection to verify links within incoming emails, as well as an email archiving solution that allows them to pinpoint the source of attacks and remain operational in the aftermath.
While such technology solutions are critical, awareness training is equally important. Humans are the “weak links” in cybersecurity, accounting for more than 90 per cent of incidents, so having regular training with effective cut-through messaging can be the difference between risk mitigation and disaster.
“If an organisation is educating staff on what they should be looking out for and being cynical around processes trying to be bypassed, it has a huge impact in terms of resilience,” O’Hara explains.
He adds that tax agents are also well placed to share best practice strategies with clients, along with relevant scam alerts, to bolster their resilience and create mutual trust.
O’Hara also comments that it is becoming increasingly important for organisations to put the right brand protection measures in place to prevent their brand from being exploited online and, ultimately, protect their customers and partners from falling victim to cyberattacks, with training playing a critical role.
Pritchett agrees that ongoing training not only reminds employees to keep cybersecurity front of mind, but also creates good long-term habits.
“Users are like our individual mini firewalls. If one person makes a mistake, it can do a lot of damage.”
For more information, visit www.mimecast.com/stop-human-error