1300 739 335

Exploring best practices for the management of AUSkey data and access

It was just last year that the Australian Taxation Office (ATO), reported that the online ATO portals of countless Australian businesses had been targeted by malicious cybercriminals. The ATO quickly notified all businesses to review AUSkey access control after identity thieves gained unauthorised access in hopes of forging or changing business banking information.

Australian Cyber Attacks

For a little bit of business-tax background, an AUSkey allows businesses to securely access a central hub of government and tax services. In addition to ATO access, AUSkey data allows businesses to access Australian Securities and Investments Commission (ASIC) and Australian Business Register (ABR) portals.

ATO Warning: Maintain High Standards for AUSkey Access Control

It was on Monday 30 January 2017 that the ATO issued a warning to AUSkey holders that fraudulent activity has been detected. The ATO issued a formal statement and gave key recommendations for internal risk management and mitigation. The ATO also emphasised the immense risk to businesses impacted by fraudulent AUSkey activity.

“Once an AUSkey has been allocated,” the ATO statement reads, “access is gained to the Business Portal so that fraudulent Business Activity Statements can be lodged and bank details updated to accounts that are not controlled by the entity.”

The ATO offered one leading strategy for internal mitigation: AUSkey protocols must be stringent and well understood among the staff with access. The ATO went on to advise that businesses regularly document the team members who have access and ensure old employees no longer have functional login credentials. The overall extent of the 2017 ATO hack is impossible to know. However, the incident continues to serve as a reminder for businesses to better mitigate risk in today’s cybercrime climate.

A History of Attacks: ATO Frequent Target for Cybercrime Hits

In fact, this wasn’t the first time ATO portals had been subject to fraudulent AUSkey activity. The ATO reported similar attacks in both 2013 and 2015. Andrew Gardiner, a representative from the National Tax and Accountants Association told SmartCompany that the 2017 attack solidifies the true risk involved in an increasingly digital tax environment. Simply put, the financial risks to businesses are high, and professionals must be vigilant.

“Now that we deal with the ATO online on such a regular basis, people do become complacent,” Gardiner said. “People just need to be diligent – and businesses that are diligent treat their AUSkey like their credit card.”

Best Intentions Aren’t Enough: Creating A Well-Rounded Cybersecurity Approach

However, creating rigid internal standards and procedures isn’t the be-all-end-all solution to AUSkey cyber risks. Cyber-attacks happen and very often under conditions outside the control of impacted professionals. So, it’s critical to fully understand the scope of threats facing professionals in an increasingly digital finance environment. After all, these risks have the potential to impact every company’s most critical asset – their clients.

This means doing more than managing internal access and keeping track of AUSkey holders. Businesses must remain one step ahead of the increasingly sophisticated network of cybercriminals in the digital marketplace. The good news is, implementing thorough cybersecurity strategies and best practices aren’t as hard as it seems.

So, in addition to treating AUSkey data the same way as credit card data, here’s a list of strategies for keeping your team prepared and vigilant in the face of cybercrime:

  • Stay in the loop – Knowing what threats you are up against really is half the battle. Staying in touch with news of the latest and most dangerous cyber-attacks allows you to remain proactive and stay informed. Knowledge is power.
  • Communicate with your team – Make sure you’re talking to your team – especially those with AUSkey access – about the potential risks and cyber threats that exist. Create an environment where your staff feels comfortable to ask questions or report suspicious activity of any kind.
  • Make a plan – No matter what, be sure to put down your cyber security efforts on paper in some way. Maybe you’ll schedule regular meetings to check-in on cybersecurity missions and update staff. Perhaps you’ll create a list of cybersecurity standards that all staff members must be aware of. No matter which approach you take, planning ahead is critical.
  • Partner with an expert – If you’re struggling to get a concrete plan in place, reach out to experts. The initial step of asking for help can be tricky, but once you partner with a tech expert, cyber security challenges become much less daunting.

Many Australian IT service providers have extensive experience in providing cybersecurity services across Australia. They work alongside clients from Melbourne to Brisbane to ensure their networks stay secure and well-monitored.

Instead of just wondering if your business’ ATO protocol is powerful enough to stop cybercrooks, find out. Work with a professional managed IT provider and you can expect regular system check-ups. They will identify your company’s weakness and recommend security solutions designed to provide optimal protection for your network, servers, computers, and mobile devices.

Most companies today are not doing everything possible to stop cyber-intruders but if you’re ready to step up your game, then work with the best Outsourced IT services provider in your area.

Remember! Australian businesses are at risk! Don’t wait for disaster to strike. Most IT professionals offer free assessments of your current network in terms of the types and severity of cyber-attacks that might occur. Once you partner with an excellent IT services provider, they will work hard to make sure your systems are fully protected. They will also perform regular backups to all data so that if something does happen, you can quickly reinstall your programs and files and keep working.

Published on 22nd June 2018 by Ian Brady.