Be cyber aware!
It’s probably no surprise that during tax time, cyber criminals are highly active. Agents of government services like you, have access to personal information on behalf of your clients. This makes you a very attractive target for cyber criminals. If your data is lost or compromised, it can be very difficult and sometimes very costly to recover. To protect your clients and your business, you should:
- use multi-factor authentication
- use strong passwords
- secure your computers and mobile devices
- prepare for, and know how to respond to, cyber security incidents.
Latest cyber attacks
The Australian Cyber Security Centre (ACSC) has advised the Australian Government is currently aware of, and responding to, the targeting of various Australian Government and businesses by a sophisticated state-based actor. The ACSC has advised the actor uses various spearphishing techniques to breach data. These spearphishing techniques are in the form of:
- links to credential websites
- emails with links to malicious files, or with the malicious file directly attached
- links prompting users to grant Office 365 OAuth tokens
- use of email tracking services to identify the email opening and lure click-through events.
It's imperative that you are alert to this threat and take steps to enhance the resilience of your business.
How to reduce the risk of compromise
The ACSC has identified two things you can do now which can greatly reduce the risk of compromise to your business. You should:
- ensure you conduct security patches as soon as possible and where possible, use the latest versions of software and operating systems
- use multi-factor authentication for all your internet accessible remote access services, including web and cloud based email, collaboration platforms, virtual private network connections and remote desktop services.
In addition, the ATO, in consultation with us and several professional and industry associations, have developed a Security tips for business information sheet which provides you with tips to protect your business from cyber attacks.
Online security measures
We want to assure you that we are at a heightened state of alert to malicious activity in relation to our own IT systems during this current threat. You can do your part too by taking precautions and remembering we will never:
- contact you to request your username or password
- request personal identifying information via a return email unless you have agreed to engage with us in this way
- send you unsolicited pre-recorded messages
- request payment via iTunes, Google Play cards or other vouchers, cryptocurrency, cardless cash transfer, offshore wire transfer or into a bank account not held by the Reserve Bank of Australia.
If you believe your account may be compromised, contact us as soon as possible.
- Cyber security for agents of Government services
- Tactics, techniques and procedures used to target multiple Australian networks
Last modified: 30 June 2020