• How to protect your business

    Identity thieves can take your business details by:

    • breaking into your business and stealing your records
    • taking a photo of your business or employee details
    • stealing your passwords, account logins and AUSkey
    • obtaining access to your data through legitimate means (eg as an employee).

    Know what to protect

    Identity thieves may target your:

    • AUSkey
    • business activity statement
    • employee (or employees') personal information
    • business records containing personal or business information.

    Secure your business premises

    It only takes a few moments for thieves to photograph or steal information at your place of work. You can help keep your business, customer, and employee information safe by:

    • installing physical barriers such as locked doors and windows
    • ensuring you have appropriate alarm systems in place
    • filing documents with personal and business information in lockable storage units.

    Secure your systems

    To protect yourself and your business from identity thieves we recommend:

    • securing your business files and employee information when they are not in use
    • changing all passwords on a regular basis
    • ensuring you and your staff log out of systems and lock computers when they are not in use
    • making sure your computers and other devices have up-to-date security and anti-virus software.

    Protect your AUSkey

    Your AUSkey acts as a second layer of protection on top of your username and password. This is to ensure only authorised people can access your accounts.


    • Don’t share AUSkey access. Tailor each person's access to their role.
    • If using your AUSkey on more than one device, consider storing it on a secure USB stick with a password.
    • Review AUSkey access rights on a regular basis.
    • Check for suspicious activity by reviewing who is using your AUSkey (or AUSkeys).
    • Control the number of systems and activities that a standard AUSkey can perform.
    • Ensure only relevant people have Administrator AUSkey access.

    Find out about:

    Ensure you have internal controls

    You can protect your business and employees by:

    • performing background checks on new employees
    • restricting new employees' access to systems and credentials like AUSkey
    • being able to track employees’ actions when dealing with sensitive and personal information.

    Complete our online security questionnaire

    As a taxpayer you can play a big part in protecting your information and making sure it is safe online. We encourage you to remain vigilant, take precautions, address security, and uphold your client and business privacy by assessing your online practices at least quarterly.

    You can use our online security self-assessment questionnaire to:

    • identify areas where you can improve your online practices and processes
    • understand and identify your established online security measures
    • get more information and resources to help improve your online security measures.

    The questionnaire is voluntary and anonymous. None of your personal information is recorded by us

    Next steps:

    See also:

    Last modified: 10 Jan 2017QC 50499