How to keep cyber threats at bay

Any business can fall victim to a cyber attack, but the risk can be reduced by investing in the right technology, starting with an email security system.

For tax agents looking to safeguard their practice – and their customers – from cyber attacks, ongoing awareness training is just as critical as investing in the right technology.

Tax professionals are high on cybercriminals’ hit list as October lodgement deadlines loom, with the flurry of activity at tax time providing the perfect opportunity for scammers to steal personal and financial information.

“The big thing we’re seeing for tax agents is ransomware,” says Garrett O’Hara, chief field technologist at Mimecast. 

“The two-pronged approach sees attackers not just encrypting the data, but also threatening to expose it in public. Given the sort of information that would be exchanged around tax time, that’s a huge concern.”

A new wave of brand exploitation

One of the most common in the “tsunami” of threats, O’Hara says, is link manipulation – criminals register domains similar to existing brands, tricking customers into providing information through fraudulent sites. 

Website and email spoofing also see attackers clone legitimate websites and email domains, directing unsuspected clients to links that, when clicked, install malware or harvest personal details that can then be sold. 

One particular email scam, payment redirection, accounted for A$128 million in lost funds in 2020 alone, according to the Australian Competition and Consumer Commission’s latest Targeting Scams report

Mitigating cyber risk

Any business can fall victim to a cyber attack, but the risk can be reduced by investing in the right technology, starting with an email security system. 

This is one of many layers of defence in place at Mimecast client Grant Thornton Australia, reveals Andrew Pritchett, Grant Thornton Australia’s chief information officer. 

“The majority of mail we get is filtered out for spam, viruses and risky emails based on a score,” he says, explaining that the firm also uses targeted threat protection to verify links within incoming emails, as well as an email archiving solution that allows them to pinpoint the source of attacks and remain operational in the aftermath.

While such technology solutions are critical, awareness training is equally important. Humans are the “weak links” in cybersecurity, accounting for more than 90 per cent of incidents, so having regular training with effective cut-through messaging can be the difference between risk mitigation and disaster. 

“If an organisation is educating staff on what they should be looking out for and being cynical around processes trying to be bypassed, it has a huge impact in terms of resilience,” O’Hara explains. 

He adds that tax agents are also well placed to share best practice strategies with clients, along with relevant scam alerts, to bolster their resilience and create mutual trust.

O’Hara also comments that it is becoming increasingly important for organisations to put the right brand protection measures in place to prevent their brand from being exploited online and, ultimately, protect their customers and partners from falling victim to cyberattacks, with training playing a critical role.

Pritchett agrees that ongoing training not only reminds employees to keep cybersecurity front of mind, but also creates good long-term habits. 

“Users are like our individual mini firewalls. If one person makes a mistake, it can do a lot of damage.”

For more information, visit

December/January 2022
Like what you're reading? Enter your email to receive the INTHEBLACK e-newsletter.

Recommended for You

Cybersecurity has evolved from being an IT issue to a material business risk that is of critical importance to accountants and finance professionals.

Cybersecurity evolves in response to digital transformation

Digital Guardian, a data loss prevention tool.

Secure your data: 6 cybersecurity solutions in the COVID-19 era

With a once-in-a-century pandemic sweeping the world, Australians were understandably given very little time to adapt to the new way of working.

Safe from harm: online security when working remotely

December/January 2022
December/January 2022

Read the December/January issue of INTHEBLACK in digital magazine format.

Our digital magazine brings you quality content every month, in an interactive and sustainable format you can enjoy on a PC, tablet or mobile.