Cyber threats typically arise when your data, computer system, network, or device is targeted by a cyber attacker who seeks to gain unauthorised access or exploit any vulnerabilities present in your information management system, compromising its confidentiality, integrity, or availability.

A cyber-attack can have negative consequences for your business's operations, functions, brand or reputation. An attack may also affect your client’s data integrity, and value, as well as the people, processes, and technologies involved in managing that data. 

Scamwatch data shows the main delivery methods for cyber-attacks are smartphones and email. The top 3 cybercrime types for individuals include:

• identity theft
• online banking fraud; and
• online shopping fraud.

For businesses, the top 3 threats are:

• email compromise
• business email compromise fraud; and
• online banking fraud.

A VPN, which stands for virtual private network, establishes a secure, encrypted connection for your internet traffic, keeping your online activity hidden and protects your privacy. A VPN creates a secure tunnel between your device and the internet to protect data during transmission. This secure tunnel, masks your IP address and online activity (including links you click and files you download), and hides your physical location. This ensures that your online experiences are private, protected, and more secure. 

Connecting to public Wi-Fi can be convenient, but it does come with risks. Here are some tips to help you minimise the risk of your data being compromised:

1. Use a Virtual Private Network (VPN): a VPN encrypts your internet connection, making it much harder for hackers to intercept your data.
2. Avoid sensitive activities: try not to access sensitive information, such as online banking or personal emails, while on public Wi-Fi.
3. Stick to HTTPS websites: ensure the websites you visit use HTTPS, which encrypts the data exchanged between your browser and the website.
4. Turn off file sharing: disable file sharing on your device to prevent others on the same public Wi-Fi network from accessing the files on your laptop.
5. Keep your software updated: regularly update your device’s software to protect against vulnerabilities.
6. Verify the network: always confirm the network name with the staff at the location to avoid connecting to a malicious hotspot.
7. Disable auto-connect: turn off the auto-connect feature on your device for the public network, to prevent it from automatically connecting to the public Wi-Fi network without your explicit permission.

By following these steps, you can significantly reduce the risk of your data being compromised while using public Wi-Fi.

While each password manager offers different features, generally password managers are safe to use. The password managers themselves do not store or access your master password or the encrypted information in your password database. Be sure to choose well-recognised and reputable password safe software though.

While Excel password protection can provide a basic level of security, it is not foolproof. There are limitations to this protection that users should be aware of. For example, there are third-party tools and software available that can be used to bypass Excel password protection. Additionally, the strength of the password chosen can impact the effectiveness of the protection. Using password safe software is much safer than a password protected Excel spreadsheet.

While Firewalls are one component of a cyber security strategy, they act as the first line of defence in protecting your computer systems from unauthorised access, cyber-attacks, and other potential threats by analysing and controlling incoming and outgoing network traffic. However, it’s important to understand firewalls alone cannot provide comprehensive protection against all types of cyber threats. Integrating firewalls into a broader security framework that includes things like regular software updates, strong password policies, multi factor authentication, employee training and encryption can significantly enhance your overall security posture. Additionally, combining firewalls with other security measures such as antivirus software, virtual private networks (VPNs), and access controls can create multiple layers of defence, making it more difficult for hackers.

Security patches are perhaps the single most important digital security strategy, right up there with antivirus and anti-malware software. A security patch is simply a software update recommended by the vendor of your hardware, your operating system, such as Windows or MacOS, or your application software, such as Google Chrome or Microsoft Office. It is essential protection against vulnerabilities that have been discovered since you first installed your computer system. Any given software typically has many security patches released over its lifetime. 

Choosing not to update your software means that you're leaving security holes for hackers to exploit. The time between the discovery of a security vulnerability and its exploitation by hackers is alarmingly short. It’s crucial to patch your computer as soon as updates are available to protect against these threats.

If you're unsure about the legitimacy of an email, it's always best to err on the side of caution. However, you can check the email address carefully to see if it matches the sender's actual email address. You should also check if a link in an email is legitimate. Do not click on it - instead, you can hover your cursor over it and the target URL (where the link will take you) will appear.

Professional indemnity (PI) insurance policies will generally cover tax practitioner liability for cyber-related events or incidents if the liability arises in relation to the provision of tax agent services. This is in contrast with cyber insurance cover, which generally covers for events such as third party cyber liability, first party hacker damage, cyber extortion, data breach notification costs and public relations costs. We recommend you assess the risk of cyber-attack and consider whether you need to take out additional PI insurance cover to assist with first party losses arising from a cyber-attack. Preventing cyber security incidents, and protecting the reputation of your business, is still paramount. See our explanatory paper for more information.

Business.gov.au has some information on their website about the Small Business Cyber Resilience Service which provides free, tailored, person-to-person support for small businesses to build their cyber resilience and recover from a cyber incident. The Small Business Cyber Resilience Service helps small businesses by:

• recommending specific actions, tools and guidance to improve cyber security
• providing practical steps to recover from a cyber incident
• providing case management support following an incident
• referring additional support services where required.

You may also want to check out the Australian Cyber Security Centre's Small Business Cyber Security Guide. It includes basic security measures to help protect your business against common cyber security threats.

Cloud computing, at a broad level, is the provision of information technology resources as a service through a network (including storing, managing and processing data), typically over the internet, instead of using a local server or a personal computer. When entering any arrangements with your provider make sure to ascertain where and how your information will be stored and managed.

When entering into cloud arrangements, you should also be mindful of your obligations under the Code of Professional Conduct (Code). It is important to be mindful of Code item 6 which states a tax practitioner must not disclose any information relating to a client’s affairs to a third party without the client’s permission, unless there is a legal duty to do so. 

In addition to your obligations under the Code, you should also be aware that the Privacy Act 1988 (Cth) sets out a number of Australian Privacy Principles which govern the use of, storage and disclosure of personal information. 

For more information on cloud computing and the Code you can refer to our Practice note.