It’s an unfortunate reality that cyber security attacks are on the rise and now more than ever organisations need to be proactive about protecting information from a range of scams and threats.
As a result of the way recent high-profile breaches have played out in the media, our clients have been asking how we protect their personal information.
Rest assured that we take the issue very seriously. This month we look at seven security steps adopted by Hall Browns to enable the safe keeping of our files. It covers the location of our data and backups; how often those backups are updated; and the software protections that we have implemented.
We also outline the policies and procedures that we have in place around cyber security, and there are tips from the Australian Taxation Office about how to recognise criminal activity, and the imposters that claim to be acting on their behalf.
Seven Steps to Data Security
Recent data breaches at leading Australian companies Optus and Medibank have us all thinking about data security, and understandably our clients have sought clarification about the way that we secure their personal information.
Be assured that Hall Browns has a number of Information Technology (IT) protections in place:
- Data Sovereignty – All servers and data storage drives (including backups) are maintained within our host environment in secure Australian data centres.
- Data Backup – All data is backed up hourly, daily, weekly, monthly and yearly and tested monthly to ensure that there are multiple backup positions available. These backups are housed across two data centres within Australia.
- Antivirus – All Systems are protected by Enterprise grade Antivirus and Antimalware systems updated at least every four hours to ensure the latest antivirus patterns are active.
- Web Protection – Websites accessed by staff are scanned to ensure that they do not contain any virus or malware and are checked against known fraudulent websites before access is allowed.
- Internet Protection – Internet access is protected via Enterprise Grade Unified Threat Protection Devices and all traffic is monitored.
- Remote Access – Remote Access is secured by two-factor authentication.
- Email – BothIncoming and outgoing emails are protected as part of the Microsoft Exchange Online Protection suite.
A username, password and an authentication code are required to login into our systems, and Password Management Software automatically generates and regularly updates passwords for many of our software applications.
Halls Brown has internal policies and procedures in relation to cyber security which include regular password changes and:
- strict rules about handling information. Staff are not permitted to check-out hard copies of client records or make print copies when working from home.
- Tax File Numbers (TFNs) for individuals are not sent via email – you may have noticed TFNs missing from ATO correspondence that is emailed to you.
Recent events have proven that we all need to be more vigilant and the Australian Taxation Office (ATO) would like us to be better at recognising imposters.
The ATO will never:
- send you a link in an email or text asking you to log in to its online services.
- ask for your personal identifying information, such as your tax file number or bank account details, on social media. To make sure you’re interacting with verified ATO accounts, look for the blue verified tick on Facebook and Twitter, and a high follower count on LinkedIn.
- request payments through unusual methods, such as gift cards, crypto assets or cardless cash.
- threaten you with immediate arrest. If this happens, report the incident directly to the ATO.
Protecting your personal information is a top priority and at Hall Browns we ensure our staff is educated about the latest scams and phishing techniques.
If you have any queries about data security, please contact our office on (07) 3831 1055 or [email protected].