ato logo
Search Suggestion:

How to protect your business

Use these strong security practices to protect your business from identity thieves.

Last updated 9 January 2024

Strong security practices can help you protect your business, staff and client information from identity thieves.

These criminals can get your business and client details by:

  • breaking into your business and stealing your records
  • taking a photo of your business or employee details
  • stealing your passwords, account logins or myGovID details
  • obtaining access to your data through legitimate means (for example, an employee targeting vulnerabilities in your systems or security controls)
  • using compromised emails with malicious links or programs
  • sending emails to phish for information from your business
  • exploiting security vulnerabilities in software.

Media: Protect your business against identity crime http://tv.ato.gov.au/ato-tv/media?v=bd1bdiunji3ij9External Link (Duration: 1:18)

Complete our online security self-assessment

You can use our online security self-assessment questionnaire to:

  • understand and identify your established online security measures
  • identify areas where you can improve your online practices and processes
  • get more information and resources to help improve your online security measures.

The questionnaire is voluntary and anonymous – we don't record any of your personal information.

Next step:

Know what to protect

Identity thieves may target your:

  • myGovID
  • business activity statements
  • employees' personal information
  • business records containing personal or business information.

Secure your business premises

It only takes a few moments for thieves to photograph or steal information at your workplace. You can help keep your business, customer and employee information safe by:

  • installing physical barriers such as locked doors and windows
  • making sure you have appropriate alarm systems in place
  • filing documents in lockable storage units.

Secure your systems

To protect yourself and your business from identity thieves, we recommend:

  • securing your business files and employee information when they are not in use
  • changing all passwords on a regular basis
  • making sure all employees log out of systems and lock computers when not in use
  • making sure your computers, software and other devices have up-to-date security and anti-virus software.

When sourcing software for your business you may wish to ask vendors how they make sure they are providing secure systems and services. For example:

See also:

Make sure you have internal controls

You can protect your business and employees by:

  • performing background checks on new employees
  • restricting new employees' access to systems and credentials
  • being able to track employees’ actions when dealing with sensitive and personal information
  • removing access to systems and credentials from employees as soon as they leave your employment.

Protect your myGovID

myGovID uses encryption and cryptographic technology and the security features in your device, such as fingerprint or face, to protect your identity.

If you are aware or suspect that your myGovID has been inappropriately accessed, you need to report this immediately to the myGovID support lineExternal Link.

See also:

Find out about:

QC50499