Accountants urged to take note of new TPB guidance

As part of updated guidance on cyber security for all registered tax practitioners, the TPB now recognises that cyber security awareness training can assist tax and BAS agents in protecting themselves from a cyber attack.

The TPB will now specifically recognise that cyber security training which a tax practitioner undertakes will contribute to them meeting their continuing professional education/development requirements with the TPB and their obligations under the code of professional conduct.

“The TPB recognises the emerging threat of cyber attacks and the importance of tax practitioners proactively protecting themselves, their practice and their clients”, said acting chair of the TPB, Greg Lewis.

New guidance on extensions of professional indemnity insurance cover has also been released, with the TPB recommending that practitioners consider whether they require additional protection against cyber threats, including losses that a tax adviser may suffer from a cyber attack.

“One way that tax practitioners can protect themselves is to consider whether they should take out additional professional indemnity insurance cover to assist with first-party losses arising from a cyber attack. Such losses can include a ‘denial of service’ attack or the costs of rectifying harm done, such as repairing and restoring systems that have been damaged by malicious acts,” added Mr Lewis.

The ATO, in consultation with the TPB and other professional and industry associations, have developed practical cyber security tips, with the following considered as minimum for best practice:

• - Install and maintain anti-virus software on your workplace computers
• - Deploy firewalls on your workplace computers and/or workplace networks
• - Ensure that your computer operating systems and programs always have the latest security patches
• - Protect client records or files using encryption where possible
• - Regularly change your passwords
• - Consider using a second form of authentication (for example, SMS) to protect your online accounts (for example, email) where possible.