Show download pdf controls
  • How to protect your business

    Identity thieves can get your business details by:

    • breaking into your business and stealing your records
    • taking a photo of your business or employee details
    • stealing your passwords, account logins or AUSkey details
    • obtaining access to your data through legitimate means (for example, a malicious employee targeting vulnerabilities in your systems or security controls)
    • using compromised emails with malicious links or programs
    • sending emails to phish for information from your business
    • exploiting non-secure or easy to access software.

    On this page:

    Know what to protect

    Identity thieves may target your:

    • AUSkey
    • business activity statement
    • employee's (or employees') personal information
    • business records containing personal or business information.

    Secure your business premises

    It only takes a few moments for thieves to photograph or steal information at your workplace. You can help keep your business, customer and employee information safe by:

    • installing physical barriers such as locked doors and windows
    • ensuring you have appropriate alarm systems in place
    • filing documents containing personal and business information in lockable storage units.

    Secure your systems

    To protect yourself and your business from identity thieves, we recommend:

    • securing your business files and employee information when they are not in use
    • changing all passwords on a regular basis
    • ensuring all employees log out of systems and lock computers when not in use
    • making sure your computers and other devices have up-to-date security and anti-virus software.

    When sourcing software for your business you may wish to confirm with the vendors:

    Protect your AUSkey

    If you are aware or suspect that your AUSkey has been compromised, we recommend you log into the Australian Business Register AUSkey website and change your password.

    If you are a standard AUSkey holder you should also inform the AUSkey Administrator.

    If you are the Administrator AUSkey holder you should cancel an AUSkey when you are alerted to unauthorised access. You should also:

    • check AUSkey Manager and confirm all transactions are legitimate
    • regularly log into AUSkey Manager to ensure only those authorised to have access to the portals hold active AUSkeys
    • cancel AUSkeys for staff who no longer require them
    • remove access immediately if your client has any concerns about an individual AUSkey holder's activities
    • ensure any employee who deals with us online on behalf of your business has their own AUSkey
    • keep AUSkey passwords secure – they should not be shared.

    See also:

    Ensure you have internal controls

    You can protect your business and employees by:

    • performing background checks on new employees
    • restricting new employees' access to systems and credentials like AUSkey
    • being able to track employees’ actions when dealing with sensitive and personal information.

    Complete our online security self-assessment

    As a taxpayer you can play a big part in protecting your records, client information and your employee information and making sure it is safe online. We encourage you to remain vigilant, take precautions, address security, and uphold your client and business privacy by assessing your online practices at least quarterly.

    You can use our online security self-assessment questionnaire to:

    • identify areas where you can improve your online practices and processes
    • understand and identify your established online security measures
    • get more information and resources to help improve your online security measures.

    The questionnaire is voluntary and anonymous – we don't record any of your personal information.

    Next steps:

    See also:

    Last modified: 16 Jan 2018QC 50499