Save content
Have you found this content useful? Use the button above to save it to your profile.

Are we under attack?

3rd Nov 2014
Save content
Have you found this content useful? Use the button above to save it to your profile.

How's your IT security? Could be better? From my recent experience we could probably all be better.

I had a phone call from HMRC's IT security people last week. Apparently someone - not one of our team - has used our agent login and requested some tax refunds to go a bank account which, I am guessing, HMRC are monitoring. No-one has lost any money and the tax accounts in question are still showing as in credit, so they have evidently corrected the damage.

As a result though we were locked out of the HMRC online system for the rest of the day, and I had to change our password. Not a big deal in itself, except that there are about ten of us in the office who access the site, and some are part-time so I couldn't communicate the change to everyone at the same time (I had guessed that emailing the new password to everyone wouldn't be the smartest move).

Despite my best endeavours, one of the tax team got in early the next day, tried to log in a couple of times with the old password and the system automatically locked us all out for two hours! Unfortunately, it happened again a couple of days later when someone logged in from one of our tax applications where the old password was obviously saved and just shown as a string of asterisks. I think everyone now knows to avoid this, but we have now carried out a full virus, malware, etc scan of all our computers, removed a handful of malicious programs, and will be following HMRC's advice and changing the password yet again tomorrow. I suspect there will be further lockouts while the new password beds in to all our browsers and software.

Let me put this into context - we have two full-time IT staff in the firm, we use top anti-virus and anti-malware software that is automatically updated across the network. Firewalls and security settings are fixed by our administrator at the highest level that leaves our PCs still useable. As a result we have never had files infected by a virus or any damage to our IT system. And even with all that, it seems login and password information has been compromised. If you're a sole practitioner trying to manage your own IT I reckon this is a wakeup call to make sure your security is as good as it can be!

We're not alone. Our local MP was telling me that Government IT systems are continually under attack, primarily from China, so a huge amount of resources are devoted to keeping them - and our data - safe. IT specialists in the private sector tell similar stories.

So, yes, we're all under attack. What are you waiting for? Change those passwords now!! And regularly every few months.

Tags:

You might also be interested in

Replies (2)

Please login or register to join the discussion.

avatar
By Vaughan Blake1
04th Nov 2014 10:36

One does wonder...

If the breach could be on HMRC's side of the Gateway.

Thanks (0)
By ireallyshouldknowthisbut
04th Nov 2014 16:22

.

Given the very large volume of "pishing" emails we get aimed straight at accountants, including some VAT ones which looks really good - until you remember that HMRC does not email you a VAT return - I am not that surprised that something snuck round your door and took a bite. 

 

Thanks (0)