It is important you keep all your business and client information secure. If your data is lost or compromised, it can be very difficult or very costly to recover.
The ATO has developed these tips in consultation with the Cyber Security Working Group (CSWG), a group of tax practitioner industry groups and other industry partners, such as software developer associations, who are working with them to combat the growing threat of identity theft and cybercrime.
Use multi-factor authentication where possible. Regularly change passwords, and do not share them.
Multi-factor authentication requires users to provide multiple pieces of information to authenticate themselves – for example, a text message sent to your phone when logging into a website.
As a business owner, remember:
Immediately remove access for people who:
Unauthorised access to systems by past employees is a common cause of identity security or fraud issues for businesses.
Run weekly anti-virus and malware scans and have up to date security software.
Instances of malicious software (malware) are increasing. It can be easy to accidentally click on an email or website link which can infect your computer.
In some instances, your device may be impacted by ransomware. Ransomware can:
USBs and external hard drives may contain malware, which can infect your business computers without you noticing.
It can cost your business a lot of money to repair the damage.
Stolen information could be used to commit crimes, often in your business’s name.
Do not open any unsolicited messages.
Be wary of downloading attachments or opening email links you receive, even if they are from a person or business you know. They can infect your computer with malware and lead to your business or client information being used to commit fraud.
Spam emails can be embedded with malware and can be used to trick you into:
Avoid making online transactions while using public or complimentary wi-fi.
Not all wi-fi access points are secure. By making online transactions (such as online banking) on an unsecure network, you can put your information and money at risk.
Keep your personal information private and be aware of who you are interacting with.
Many businesses now have a social media presence. Much like your personal profile, you should consider what information you share.
Scammers are able to take information you publicly display and impersonate you or your business. Impersonators may send emails to trick your staff into providing valuable information or releasing funds.
Check your accounts (including bank accounts, digital portals and social media) for transactions or interactions you did not make, or content you did not post.
If an organisation you deal with sends you an email alerting you to unexpected changes on your account, do not:
You should immediately:
Ensure your mail is secure and consider using a secure PO Box.
Mail theft is a leading cause of information security breaches.
Some programs contain malware that can infect your computer (including ransomware which locks your files until you pay a criminal), or be used to harvest your sensitive personal and business information.
Be sure you are downloading authorised and legitimate programs.
Secure your electronic devices wherever you are.
Your information can be stolen in an instant. In some situations, you won’t even know was stolen. Make sure you: