Welcome and introduction
Members were welcomed to the first Tax Profession Cyber Security Working Group meeting, noting apologies and proxies and no conflicts of interest were declared.
Introductions and brief biographies of group members were conducted.
Group intent
The intent of the group is in line with it's charter to:
- understand the cyber security issues facing the tax professional community
- identify education and resource opportunities for tax professionals to improve their cyber security capability
- support relevant government initiatives.
The existing Cyber Security Stakeholder Group considers issues more broadly across government and related sectors, while we will have a more operational view focussed on tax professionals.
We are tasked with identifying the needs that will be addressed as a part of our forward program of work and outcomes to be achieved.
Member comments
A range of topics and issues that fall under the umbrella of cyber security were discussed, including:
- identification of and guidance to existing relevant resources and tools
- development of bespoke education resources
- developing benchmarks or identifying tools that the tax profession can use to both self-assess their own cyber awareness and preparedness and that of any third-party products used
- better information security practices
- identifying and mitigating adverse internal behaviours
- practical steps for preventing and responding to cyber events.
Australian Taxation Office (ATO) and Tax Practitioners Board (TPB)
The current focus areas of work were discussed, including Client-to-agent linking as an important fraud mitigation program.
There is a significant program of work within the ATO’s risk and strategy and IT space related to mitigating fraud and cyber risks and identifying scams and credential compromises.
The TPB provides guidance to tax professionals under their statutory regime, especially in relation to the requirement for agents to protect the confidentiality of their clients. The TPB recently held a ‘Defend yourself against cyber threats’ webinar.
Member comments
It was noted that tax professionals do not know where to start regarding their cyber security requirements, due to the large volume of information available.
There are products available for business users to assist in minimising the risk of phishing and other fraud or scam attempts. The group will investigate this further.
Members identified that while prevention is discussed as a focus area, there is an important need to consider what to do after a cyber incident occurs. The group agreed this is an important aspect of the cyber story that needs to be explored.
Forward work program
A broad range of cyber security-related topics were discussed, and members will identify and note the top areas of focus they would like to see addressed by the group.
The topics will be collated and shared with the group before the December meeting to establish a shared understanding of the group’s future priorities.