Show download pdf controls
  • Security Advice for tax professionals

    Criminals may target your practice to access your information and that of your clients. It is essential to review your security procedures from time to time. They may also use your business to lodge fraudulent statements on their behalf.

    We recommend you:

    • check the proof of identity for all new clients and question any discrepancies
    • only lodge for clients whose identity you have confirmed
    • ensure your computer security systems are up to date and protected against cyber attacks
    • discuss the importance of securing personal information with your staff
    • ensure your staff understand what is appropriate to discuss on social media or via email.

    On this page:

    Data breaches

    If you think someone else may have access to your AUSkey, cancel it. Then contact us so we can track your TFN for unusual activities.

    If you have experienced a data breach in your practice, Data breach guidance for tax professionals outlines the steps you may need to take to secure your client records and protect them against potential refund and superannuation fraud.

    See also:


    To report suspected fraud or criminal activity:

    • make an online report
    • phone us on 1800 060 062 (between 8.00am and 6.00pm, Monday to Friday).

    See also:

    Fraud can be the result of many things, including criminals stealing someone's identity to lodge incorrect returns and steal refunds, obtaining access to your client records to gain information, or impersonating your business to gain a benefit.

    To reduce the risk of fraud in your practice, we suggest that you:

    • always confirm the identity of new clients, especially when they are requesting bulk lodgments or amendments
    • restrict access to your systems and records to those with a genuine need
    • ensure any employee who deals with us online on behalf of your business has their own AUSkey
    • check existing client records for unusual updates or lodgments
    • ensure both the physical and cyber security of your premise is strong, using adequate filing systems and software to protect your client records
    • cancel your AUSkey if you suspect its misuse.

    Secure your business premises

    It only takes a few moments for thieves to photograph or steal information at your workplace. You can help keep your business, client and employee information safe by:

    • installing physical barriers such as locked doors and windows
    • ensuring you have appropriate alarm systems in place
    • filing documents containing personal and business information in lockable storage units.

    Secure your systems

    To protect yourself and your business from identity thieves, we recommend:

    • securing your business files and employee information when they are not in use
    • changing all passwords on a regular basis
    • ensuring all employees log out of systems and lock computers when not in use
    • making sure your computers and other devices have up-to-date security and anti-virus software.

    When sourcing software for your business, you may wish to confirm with the vendors:

    Protect your AUSkey

    If you are aware or suspect that your AUSkey has been compromised, we recommend you log into the Australian Business Register AUSkey website and change your password.

    If you are a standard AUSkey holder you should also inform the AUSkey Administrator.

    If you are the Administrator AUSkey holder you should cancel an AUSkey when you are alerted to unauthorised access. You should also:

    • check AUSkey Manager and confirm all transactions are legitimate
    • regularly log into AUSkey Manager to ensure only those authorised to have access to the portals hold active AUSkeys
    • cancel AUSkeys for staff who no longer require them
    • remove access immediately if your client has any concerns about an individual AUSkey holder's activities
    • ensure any employee who deals with us online on behalf of your business has their own AUSkey
    • keep AUSkey passwords secure – they should not be shared.

    See also:

    Complete our online security self-assessment

    As a tax professional you can play a big part in protecting your business information and your clients', including making sure it is safe online. We encourage you to remain vigilant, take precautions, address security, and uphold your client and business privacy by assessing your online practices at least quarterly.

    You can use our online security self-assessment questionnaire to:

    • identify areas where you can improve your online practices and processes
    • understand and identify your established online security measures
    • get more information and resources to help improve your online security measures.

    The questionnaire is voluntary and anonymous – we do not record any of your personal information.

    Next steps:

    Last modified: 28 Feb 2018QC 50500