Strong security practices can help you protect your business, staff and client information from identity thieves.
These criminals can get your business and client details by:
- breaking into your business and stealing your records
- taking a photo of your business or employee details
- stealing your passwords, account logins or myGovID details
- obtaining access to your data through legitimate means (for example, an employee targeting vulnerabilities in your systems or security controls)
- using compromised emails with malicious links or programs
- sending emails to phish for information from your business
- exploiting security vulnerabilities in software.
Media: Protect your business against identity crime https://tv.ato.gov.au/ato-tv/media?v=bd1bdiunji3ij9External Link (Duration: 1:18)
You can use our online security self-assessment questionnaire to:
- understand and identify your established online security measures
- identify areas where you can improve your online practices and processes
- get more information and resources to help improve your online security measures.
The questionnaire is voluntary and anonymous – we don't record any of your personal information.
Identity thieves may target your:
- business activity statements
- employees' personal information
- business records containing personal or business information.
Secure your business premises
It only takes a few moments for thieves to photograph or steal information at your workplace. You can help keep your business, customer and employee information safe by:
- installing physical barriers such as locked doors and windows
- making sure you have appropriate alarm systems in place
- filing documents in lockable storage units.
Secure your systems
To protect yourself and your business from identity thieves, we recommend:
- securing your business files and employee information when they are not in use
- changing all passwords on a regular basis
- making sure all employees log out of systems and lock computers when not in use
- making sure your computers, software and other devices have up-to-date security and anti-virus software.
When sourcing software for your business you may wish to ask vendors how they make sure they are providing secure systems and services. For example:
- Will your data be stored in Australia or overseas?
- What data breach support services do they provide?
- Do they follow the Australian Signals Directorate Essential 8 mitigation strategiesExternal Link?
- Do they have security certification (ISO27001, iRAPExternal Link) and what were the outcomes of any assessments?
You can protect your business and employees by:
- performing background checks on new employees
- restricting new employees' access to systems and credentials
- being able to track employees’ actions when dealing with sensitive and personal information
- removing access to systems and credentials from employees as soon as they leave your employment.
myGovID uses encryption and cryptographic technology and the security features in your device, such as fingerprint or face, to protect your identity.
If you are aware or suspect that your myGovID has been inappropriately accessed, you need to report this immediately.
Contact the myGovID support line on 1300 287 539 (select option 2 for myGovID enquiries) between 8.00am and 6.00pm Australian Eastern Standard Time (AEST), Monday to Friday.
International callers can contact us by phoning our switchboard on +61 2 6216 1111 between 8.00am to 5.00pm AEST, Monday to Friday, and request your call be transferred to the myGovID support line.
- myGovIDExternal Link for more information and tips about myGovID security and staying safe online
Find out about:Use these strong security practices to protect your business from identity thieves.