Person using laptop with large red warning sign projected over the top, surrounded by digital security images

Tips for tax agents to reduce the risk of cyber attacks

30 April, 2025

Agents are being reminded to be vigilant about malware (software designed to cause harm) and to operate good cyber security practices in order to reduce the risks to client data and agents' ability to operate. The implications of a data breach can be significant, not just for an agent’s ability to practice but also for their clients, with potential long term implications on clients’ tax affairs.

HMRC's Agent Update 130 included a warning that agents may be targeted by cyber criminals, who seek to infect digital devices with malware in order to steal information about an agent's business and their clients.

Agents who fall victim to cyber attacks may not only have client data stolen, but may also find their HMRC accounts are accessed by hackers, which can result in HMRC immediately suspending access. Restoring secure access takes time, which will be disruptive to the agent's business.  

Cyber security tips

To combat these risks, agents are reminded to operate robust cyber security practices. These include:

  • checking software is automatically updated regularly — apply the updates and do not ignore or delay them. Avoid software that is no longer receiving security updates
  • shutting down devices overnight and over weekends. This can improve cybersecurity by reducing the risk of unauthorised access and potential malware execution, especially if your computer is connected to an unsecured network. Additionally, it allows for proper application of security updates that may require a full restart
  • contacting software providers if unexpected password reset notifications are received on tax and accounting software packages – these can be indicative of a hacker trying to access client data. A common tactic is to reset a password just before the weekend. If password reset notifications cannot be explained by talking to the software provider, agents may need to contact HMRC's Online Services Helpdesk
  • avoiding following links or downloading attachments in suspicious or unexpected emails
  • keeping antivirus protection up to date and regularly running scans
  • using strong passwords and changing your password if a device has been compromised
  • Not connecting to unsecured networks in café’s, on the train etc

If an agent's HMRC account has been suspended, they will need to contact HMRC's Online Services Helpdesk, and will have to ensure all systems are completely free from malware to prevent further attacks.

For further information and tips on cyber security, visit the National Cyber Security Centre. Agents might also consider taking the Government-backed Cyber Essentials certification scheme.