Show download pdf controls
  • Top cyber security tips for individuals

    Do you know how valuable you are? Identity thieves do! Every year thousands of Australians have their identities stolen.

    Criminals use stolen personal information to commit crimes to make money. Often leaving their victims with a bad credit rating and impacting their ability to gain finance, run a business or access government services such as health care.

    Once your identity is stolen it can take a long time to recover. We, along with leading industry bodies, have created a list of top identity security tips to help keep you and your information safe.

    Note: You can download a printable version of Security tips for individuals via the ATO Publication Ordering ServiceThis link opens in a new window – search for Security Tips and select Media – all publications.

    Ensure your passwords are strong and secure

    Use multi-factor authentication where possible. Regularly change passwords, and do not share them.

    Multi-factor authentication requires users to provide multiple pieces of information to authenticate themselves – for example, a text message sent to your phone when logging in to a website.

    An additional layer of security on your accounts can make it harder for others to access your account.

    Strong passwords with a mix of upper and lower case letters, numbers, and symbols also make your accounts harder to hack.

    Ensure all devices have the latest available security updates

    Run weekly anti-virus and malware scans and have up-to-date security software.

    Instances of malicious software (malware) are increasing. It can be easy to accidently click on an email or website link which can infect your computer.

    In some instances, your device may be impacted by ransomware. Ransomware can:

    • lock your computer until you pay a fee to criminals
    • install software which provides access to your bank accounts, allowing criminals to steal your money.

    Use a spam filter on your email account

    Always use a spam filter on your email account and do not open unsolicited messages.

    Be wary of downloading attachments or opening email links you receive, even if they are from someone you know.

    Spam emails can be:

    • embedded with malware
    • used to trick you into providing information or buying non-legitimate goods.

    Do not respond to or click on these emails. This can help you reduce the risk of your personal information being used fraudulently, or your computer being infected with malware.

    Secure your wireless network

    Be vigilant when using public wireless networks. Avoid making online transactions while using public or complimentary wi-fi.

    Not all wi-fi access points are secure. By making online transactions (such as online banking) on an unsecure network, you can put your information and money at risk.

    Be vigilant about what you share on social media

    Keep personal information private and be aware of who you are interacting with.

    People are accustomed to sharing personal information on social media. However, before sharing ask yourself if it is information you want strangers to have access to.

    It is very easy for information on social media sites to be shared outside of your network, even when your security settings are set to private.

    Be sure you know who you are speaking to on social media, and only share information with people you know and trust.

    Criminals can use certain combinations of your personal information to impersonate you to access money, apply for credit cards and bank loans, or commit crimes.

    Treat your personal information like cash

    Do not leave your personal information lying around. If your personal information is stolen, it is very difficult to get back.

    Keep your personal information private. Only share it when you are required to, and only share it through authorised processes and to authorised people.

    Monitor your accounts for unusual activity or transactions

    Check your accounts (including bank accounts, digital portals and social media) for transactions or interactions you did not make, or content you did not post.

    If an organisation you deal with sends you an email alerting you to unexpected changes on your account, do not:

    • click on included hyperlinks
    • open any attachments.

    You should immediately:

    • check your account
    • contact the organisation by phone.

    Ensure your mail is secure

    Ensure your mail is secure and consider using a secure PO Box.

    Mail theft (from your letterbox) is a leading cause of personal information security breaches.

    Do not download programs or open attachments

    Some programs contain malware that can infect your computer, or be used to harvest your personal information.

    Be sure you are downloading authorised and legitimate programs. Unless you know the program is legitimate, do not open attachments or download programs.

    Do not leave your information unattended

    Secure your electronic devices wherever you are. Your personal information can be taken in an instant. In some situations, you won’t even know it was stolen.

    Make sure you:

    • do not leave electronic devices unattended
    • secure your electronic devices with passcodes
    • securely store portable storage devices (such as thumb and hard drives) when not in use.

    Cyber Security Working Group

    The Cyber Security Working Group comprises the ATO, tax practitioner industry groups, and other industry partners including:

    • The Tax Institute
    • Tax Practitioners Board
    • CPA Australia
    • Institute of Public Accountants
    • Australian Business Software Industry Association
    • Chartered Accountants Australia and New Zealand
    • Institute of Certified Bookkeepers

    See also:

    Disclaimer

    This publication was authored by the Cyber Security Working Group – a consultative forum comprising the ATO and professional associations.

    This publication is a general reference only. It is not a substitute for independent professional advice. You should obtain appropriate professional advice for your particular circumstances.

    The Cyber Security Working Group and its constituent associations do not accept responsibility or liability for any loss or damage incurred as a result or in connection with the use or distribution of this material or this publication.

    Last modified: 10 Apr 2017QC 50562