As the October lodgement deadlines approach, hackers are targeting tax experts, with the rush of activity during tax season offering the ideal chance for cybercriminals to steal personal as well as financial data.
“The big thing we’re seeing for tax agents is ransomware,” Garrett O’Hara, chief field technologist at Mimecast, said.
“The two-pronged approach sees attackers not just encrypting the data, but also threatening to expose it in public. Given the sort of information that would be exchanged around tax time, that’s a huge concern.”
A New Era Of Brand Exploitation
Link manipulation is among the most prevalent dangers in the “tsunami” of threats, according to O’Hara. Malicious actors register domains that look like established companies, fooling users into submitting information through fake sites.
Attackers clone genuine websites and email addresses, sending unsuspecting customers to links that, once clicked, download malware or gather personal information that may subsequently be sold.
Per the Australian Competition and Consumer Commission’s latest Targeting Scams report, transaction redirection was responsible for A$128 million in lost cash in 2020 alone.
Defending Against Cyber Threats
Any company may be hacked, but the danger can be mitigated by investing in the proper technology, beginning with an email security system.
According to Andrew Pritchett, Grant Thornton Australia’s chief information officer, it is one of several levels of protection in effect at Mimecast client Grant Thornton Australia.
“The majority of mail we get is filtered out for spam, viruses and risky emails based on a score,” He goes on to note that the company also employs targeted threat prevention to validate links in incoming emails, as well as an email archiving system that allows them to trace the source of assaults and continue to operate thereafter.
Although technology solutions are vital, awareness training is also necessary. Because humans seem to be the “weak links” in cybersecurity, responsible for more than 90% of events, frequent training combined with strong cut-through messaging may be the line between risk mitigation and tragedy.
“If an organisation is educating staff on what they should be looking out for and being cynical around processes trying to be bypassed, it has a huge impact in terms of resilience,” O’Hara explains.
Tax professionals, he says, are also well-positioned to exchange best-practice techniques with customers, as well as pertinent scam warnings, in order to strengthen their resistance and build mutual trust.
According to O’Hara, it has become increasingly vital for businesses to implement the proper brand security actions to prevent their brand from being abused online and, as a result, protect their consumers and partners from cyberattacks, with training playing a crucial role.
Continuous training, according to Pritchett, not only encourages staff to maintain cybersecurity in consideration, but also establishes excellent long-term practises.
“Users are like our individual mini firewalls. If one person makes a mistake, it can do a lot of damage.”