Show download pdf controls
  • Security Advice for tax professionals

    Criminals may target your practice to access your information and that of your clients. It is essential to review your security procedures from time to time. They may also use your business to lodge fraudulent statements on their behalf.

    We recommend you:

    • check the proof of identity for all new clients and question any discrepancies
    • only lodge for clients whose identity you have confirmed
    • ensure your computer security systems are up to date and protected against cyber attacks
    • discuss the importance of securing personal information with your staff
    • ensure your staff understand what is appropriate to discuss on social media or via email.

    On this page:

    Data breaches

    If you think or know someone else may have inappropriately accessed your personal information in myGovID, you need to report it to the myGovID support line immediately.

    If you have experienced a data breach in your practice, Data breach guidance for tax professionals outlines the steps you may need to take to secure your client records and protect them against potential refund and superannuation fraud.

    See also:


    To report suspected fraud or criminal activity:

    • make an online report
    • phone us on 1800 060 062 (between 8.00am and 6.00pm, Monday to Friday).

    See also:

    Fraud can be the result of many things, including criminals stealing someone's identity to lodge incorrect returns and steal refunds, obtaining access to your client records to gain information, or impersonating your business to gain a benefit.

    To reduce the risk of fraud in your practice, we suggest that you:

    • always confirm the identity of new clients, especially when they are requesting bulk lodgments or amendments
    • restrict access to your systems and records to those with a genuine need
    • check existing client records for unusual updates or lodgments
    • ensure both the physical and cyber security of your premise is strong, using adequate filing systems and software to protect your client records
    • contact the myGovID support line if you suspect the misuse of your myGovID

    Secure your business premises

    It only takes a few moments for thieves to photograph or steal information at your workplace. You can help keep your business, client and employee information safe by:

    • installing physical barriers such as locked doors and windows
    • ensuring you have appropriate alarm systems in place
    • filing documents containing personal and business information in lockable storage units.

    Secure your systems

    To protect yourself and your business from identity thieves, we recommend:

    • securing your business files and employee information when they are not in use
    • changing all passwords on a regular basis
    • ensuring all employees log out of systems and lock computers when not in use
    • making sure your computers and other devices have up-to-date security and anti-virus software.

    When sourcing software for your business, you may wish to confirm with the vendors:

    Inappropriate access to myGovID

    myGovID offers a greater level of security with identity document verification, compared to username and password credentials and SMS verification codes.

    If you are aware or suspect someone has inappropriately accessed your personal information in myGovID, you need to report this immediately.

    Contact the myGovID support line on 1300 287 539 (select option 2 for myGovID enquiries) between 8.00am and 6.00pm AEST, Monday to Friday.

    International callers can contact us by phoning our switchboard on +61 2 6216 1111 between 8.00am to 5.00pm AEST and request your call be transferred to the myGovID support line.

    See also:

    • visit myGovIDExternal Link for more information and tips about myGovID security and staying safe online.

    Complete our online security self-assessment

    As a tax professional you can play a big part in protecting your business information and your clients', including making sure it is safe online. We encourage you to remain vigilant, take precautions, address security, and uphold your client and business privacy by assessing your online practices at least quarterly.

    You can use our online security self-assessment questionnaire to:

    • identify areas where you can improve your online practices and processes
    • understand and identify your established online security measures
    • get more information and resources to help improve your online security measures.

    The questionnaire is voluntary and anonymous – we do not record any of your personal information.

    Next steps:

    Last modified: 15 Apr 2020QC 50500