Show download pdf controls
  • Security advice for tax professionals

    Criminals may target your practice to steal you or your client's information. They may also use your business to lodge fraudulent claims.

    As a tax professional you need to protect your business and client information, including making sure it is safe online.

    We recommend you:

    • check the proof of identity for all new clients and question any discrepancies
    • only lodge for clients whose identity you have confirmed
    • make sure your computer security systems are up to date and protected against cyber attacks
    • train your staff in the need to, and methods of, securing client information
    • make sure your staff understand what is appropriate to discuss on social media or via email.

    You should remain vigilant, take precautions, address security, and uphold your client and business privacy by assessing your online practices at least quarterly.

    On this page

    Complete our online security self-assessment

    You can use our online security self-assessment questionnaire to:

    • understand and identify your established online security measures
    • identify areas where you can improve your online practices and processes
    • get more information and resources to help improve your online security measures.

    The questionnaire is voluntary and anonymous – we do not record any of your personal information.

    Next step:

    Know what to protect

    Identity thieves may target your:

    • myGovID
    • business activity statements
    • employees' personal information
    • business records containing personal or business information.

    Secure your business premises

    It only takes a few moments for thieves to photograph or steal information at your workplace. You can help keep your business, client and employee information safe by:

    • installing physical barriers such as locked doors and windows
    • making sure you have appropriate alarm systems in place
    • filing documents in lockable storage units.

    Secure your systems

    To protect yourself and your business from identity thieves, we recommend:

    • securing your business files and employee information when they are not in use
    • changing all passwords on a regular basis
    • making sure all employees log out of systems and lock computers when not in use
    • making sure your computers and other devices have up-to-date security and anti-virus software.

    When sourcing software for your business, you may wish to ask vendors how they make sure they are providing secure systems and services. For example:

    See also:

    Make sure you have internal controls

    You can protect your business and employees by:

    • performing background checks on new employees
    • restricting new employees' access to systems and credentials
    • being able to track employees’ actions when dealing with sensitive and personal information
    • removing access to systems and credentials from employees as soon as they leave your employment.

    Protect your myGovID

    myGovID uses encryption and cryptographic technology and the security features in your device, such as fingerprint or face, to protect your identity.

    If you are aware or suspect someone has inappropriately accessed your personal information in myGovID, you need to report this immediately.

    Contact the myGovID support line on 1300 287 539 (option 2) between 8.00am and 6.00pm Australian Eastern Standard Time (AEST), Monday to Friday.

    International callers can contact us by phoning our switchboard on +61 2 6216 1111 between 8.00am to 5.00pm AEST, Monday to Friday, and request your call be transferred to the myGovID support line.

    See also:

    Report fraud

    Fraud can be the result of many things, including criminals:

    • stealing someone's identity to lodge incorrect returns and steal refunds
    • obtaining access to your client records to gain information
    • impersonating your business to gain a benefit.

    To report suspected fraud or criminal activity:

    • make a tip-off
    • phone us on 1800 060 062 (between 8.00am and 6.00pm AEST, Monday to Friday).

    To reduce the risk of fraud in your practice, we suggest that you:

    • always confirm the identity of new clients, especially when they are requesting bulk lodgments or amendments
    • restrict access to your systems and records to those with a genuine need
    • check existing client records for unusual updates or lodgments
    • make sure both the physical and cyber security of your premises is strong, using adequate filing systems and software to protect your client records
    • contact the myGovID support line on 1300 287 539 (option 2) between 8.00am and 6.00pm AEST, Monday to Friday if you suspect the misuse of your myGovID.

    Data breaches

    If you have experienced a data breach in your practice, data breach guidance for tax professionals outlines the steps you may need to take to secure your client records and protect them against potential refund and superannuation fraud.

    See also:

    Find out about:

    Last modified: 27 Jul 2021QC 50500