We’re writing to you about the significantly increased cyber security risks we are all facing at present, including some scams which some of our clients have been experiencing recently:
A number of clients have received phone or email contact purportedly from the ATO advising they have outstanding amounts due, and that immediate payment is required or else legal action will be launched. The bank account details are of course fraudulent. Although the ATO may contact by phone from time to time it will not make demands in this fashion. If you receive any such demand for outstanding amounts of which you are not aware, you should contact us immediately for us to verify.
We realise this can be very distressing, and the callers can sound genuine. Do not under any circumstances give further personal details, or make payments on these demands.
Bank account change advice.
We recently had a client who was allegedly contacted by us (Bartons) advising of a change of our bank account details for future payments. It turned out that client was aware they had had their security breached, and the hacker had assimilated our data with the client and put together a credible looking advice on our letterhead, from what appeared to be a genuine Bartons email address.
Be extremely careful with such advice from your suppliers and if you are at all suspicious, contact the supplier direct for confirmation.
Do not respond to emails that are at all dubious. In particular, do not open attachments, which are likely to launch malware onto your system. Examples include unexpected requests from software vendors, messages requiring a response or click and unanticipated Voicemail messages
Basic cyber security measures.
There are a range of measures you can put in place to limit the damage from cyber attack:
- Train staff and users on careful, sceptical use of online resources
- Ensure anti-virus and anti-spam software is up to date on all connected devices
- Be careful with provision of sensitive information by email – consider the use of secure Document Management Systems if you are transmitting sensitive information. We are about to launch our own.
- Change passwords regularly and use 2 factor authentication where possible
- Back up your information regularly and check that the backup works!
- Have a disaster recovery plan in the event something major happens.
While we’re on it – have you considered your obligations under the Privacy Act? A data breach is bad enough from a disruption perspective, but if sensitive information is breached there are serious implications for you as an organisation. Have a look at the website for the Office of the Australian Information Commissioner (OASIC) for more information.
Cyber risks are growing exponentially, and like any business risk needs to be managed appropriately. We all owe it to ourselves and stakeholders to become more savvy in this area.
Feel free to contact us should you require any assistance in this area. We’ve recently conducted a full IT audit of our environment which was very helpful. Our IT Manager, Chad Simmons, would be happy to talk further with you.