Cybersecurity – Take Action Now!
Securing Your Digital Environment
Recently, some Holmans clients were compromised by a cybersecurity threat, causing them much concern and angst. On both these occasions, the breach/weakness in the security system was on our client’s own personal computers.
While no system is completely safe, there are many simple things that you can do to reduce your chance of being compromised. Some steps you can take, and lessons learnt from the breach, are outlined below:
- Watch these videos (which all our Holmans Team Members are required to). They were setup by Microsoft during COVID, but equally apply today. Spotting the threats and avoiding them is first step.
- Regularly run virus checks on your laptops/computers and upgrade the virus software to the latest version. Even if that means paying more to upgrade the subscription. One of the breaches mentioned above was caused by a virus on a client’s laptop that had been stealing personal information for some time until the “hackers” were able to duplicate the client’s identity and/or obtain their passwords. If the virus software had been updated regularly it would have caught this well-known virus promptly.
- Never ever send Tax File Numbers, Medicare Numbers, Passport Details over email. Email is an insecure method of communication and on the rare occasion it is intercepted it could be used to steal your identity. You will notice that details like the above are deliberately blanked out on all documentation we send via email.
- Implement Two-Factor-Authentication on all key apps or software (for example, Xero, internet banking). This coupled with strong passwords, makes the software harder to breach.
- Use unique passwords, and not the same password across all applications. This helps prevent one breach turning into multiple.
- Never click on a link if you were not expecting it or can’t verify the links details (see free training above). Most banks are now actively removing all links in their communication to reduce the chance of malicious bodies mimicking their communication. One of the breaches above was an intercepted email and the malicious entity mimicked a legitimate entity with false payment details.
- Further to the point above, if a Bank Account or Payment Details change on an invoice (different than a prior invoice you have received or loaded details), always ring (not email) the supplier and confirm the updated details are correct. This is a very common scam technique and you have probably heard horror stories of property settlements being intercepted or fake invoices being paid.
- Check with us if you are unsure about ATO communication. Our accountants are regularly asked to confirm whether an email or text claiming to be the ATO is a scam or not. This is excellent and exactly what you should do if you are unsure. More information on current scams can be found here and also here.
This may also raise the question of what Holmans are doing to protect your information:
- First and foremost, we take the responsibility of looking after you information very seriously. We have robust policies and procedures, as well as industry required standards set by the ATO, CAANZ and the Tax Practitioners Board.
- All our major software programs require 2-Factor-Authentication. This means that all Holmans users must verify themselves using a phone app (unique access code) when they login each and every day. Often multiple times a day. This applies to our tax software, document management system, servers/Microsoft Products, and the Australian Taxation Office itself. More about Two Factor Authentication can be found here
- These same software programs also comply with industry leading standards on security such as ISO 27001 certification. Information stored in our Document Management system is encrypted
- Holmans employ external IT consultants to manage and stay abreast of the latest issues and security threats. This includes regularly updating of our anti-virus scans, monitoring odd usage, geographical lock downs (prevents users logging in at all unless from an approved location… for example, the Sunshine Coast).
- Holmans use robust employee and contractor agreements for any team members or consultants, as well as regular staff training on privacy and confidentiality.
For businesses of any size, the risk posed by poor cybersecurity policies could be costly. These costs can include loss of data, business disruption, revenue losses from system downtime, notification costs, or even damage to a brand’s reputation.
So don’t delay, take the above steps now and ensure your information and systems are as protected they can be.
If you require assistance to minimise the potential harm arising from the compromise and improper usage of your personal identity information, IDCARE is your ultimate destination. Catering to Australia and New Zealand, IDCARE stands as the leading national service providing support for matters related to identity and cyber concerns.
Elevated by its distinctiveness, IDCARE holds the position of being the sole service of its type worldwide. Over the course of time, they have aided numerous individuals and organisations in Australia and New Zealand by adeptly responding to and alleviating the harm arising from compromises and misuses of identity information. Click for further information.
NAB have put together a handy guide to help you learn how to protect your business from cyber threats, click here to view.
If you have any further questions, please do not hesitate to contact us and your IT Security Consultant.