• David Clarke, Head of Security at QuoStar


• 26.06.2023 12:00 pm
#tax

With large amounts of financial data and information being processed at the start of a new tax year, businesses are particularly vulnerable to cyber-attacks.

Scammers are adept at taking advantage of underprepared systems, and with tax-related criminal activity on the rise, cyber security for businesses need continued attention to ensure appropriate risk management is in line with the latest regulatory changes. So how can businesses be prepared?  

Staff education should always be at the forefront of risk management. Being aware of the latest scams isn’t always front of mind for employees, so ensuring that information and guidance on this topic is available and easy to understand is a good start in cyber-attack prevention. 

The latest phishing attempts and tax-related scams have been cleverly designed to trick your employees into falling for their correspondence, so good prevention measures include teaching staff to verify the authenticity of any tax-related communication by independently contacting the organisation or institution through official channels. It’s also vital that they know to never disclose any personal or business information until verified. 

Guard against identify theft

Tax-related identity theft is another big problem at this time of year. Employers should remember to safeguard all of their tax documents, fill in online tax forms in secure locations, and dispose of paper documents properly. Businesses should also use strong, unique passwords for their tax accounts and enable multi-factor authentication whenever possible. Last but not least, it’s a good idea to regularly monitor the company’s financial accounts for any suspicious activity or unauthorised transactions.

Working from home or in public has become much more common in recent years, so appropriate security arrangements need to be implemented here too. When unsecured Wi-Fi networks are in use, consider a virtual private network (VPN) to encrypt your connection to avoid sensitive data and information being obtained through criminal activity.

Conducting due diligence before downloading any tax software will also help to avoid unauthorised sites and/or fake programs being peddled. Quick research can usually determine the legitimacy of websites and software very quickly, and firms should always use reputable antivirus and anti-malware programs to scan and detect potential threats before downloading any software. 

Identify potential vulnerabilities 

Keeping your security software and other applications up to date with the latest upgrades is another crucial part of risk management at this time of year. Despite daily threats to cyber security, the new tax year can expose underprepared organisations to adept scammers who are actively looking to take advantage of vulnerable systems. 

Having efficient resource allocation will help organisations identify and protect the most important and potentially susceptible areas of their infrastructure. At the very least, firms should invest in encryption and back-up systems to safeguard their critical information, so that it can be recovered in the event of a cyber incident. 

It's also a good idea to have a critical response budget in place, so the business can act quickly and efficiently during in the event of disruption. Robust monitoring tools and threat intelligence services can also help to detect and respond to emerging cyber threats; being proactive instead of reactive will put organisations in a far better position to deal with these threats. 

Keep up to date with legislation

Operating in accordance with the latest changes to legislation is also crucial to the continued success of combating the latest cyber threats. The UK currently has around 20 pieces of legislation that deal with data protection and cyber security, with updates to the Online Harms Bill due in summer 2023. 

Greater attention is now being given to potential AI threats, with countries around the world now acknowledging its potential for criminal activity. China recently introduced a Personal Information Protection Law along with South Africa’s Protection of Personal Information Act (POPIA) recently coming into force. And the UAE released its new Data Protection Law. 

Businesses need to have a heightened awareness of all these risks – not only at the start of the tax year, but also beyond. With the proper budget allocation, education and software systems in place, firms will be able to stay vigilant and up to date with the latest legalisation and standards. By approaching risk management in this way, businesses can ensure that their financial data, customer information and employees stay protected all year long.