ato logo
Search Suggestion:

Top cyber security tips for individuals

Tips for individuals to keep your personal information safe from cyber criminals.

Last updated 13 November 2024

Increase your online security

Your personal information is an important part of your identity. There are many ways you can interact with us online, and the following tips can help you make sure your online transactions with us are safe.

Access online services with your Digital ID

A Digital IDExternal Link, such as myIDExternal Link, is the most secure way to access our online services and help protect your personal information. Your myID is unique to you and shouldn’t be shared. Sharing it gives others access to your personal data across services, such as tax and health.

When you access ATO online services through myGov, the sign-in method you’ve used with the highest identity strength becomes your online access strength. You’ll use this for all future access. 

For example, if you have a myID with a Strong identity strengthExternal Link and use it as your sign-in method, your minimum online access strength will be Strong. Whenever you sign in to myGov to access ATO online services, you’ll need to use your Strong myID.

Follow these steps to set your online access strength:

  1. Set up your myIDExternal Link to a Standard or Strong identity strength – if you already have a myID, go to step 2.
  2. Connect your myID to your myGov accountExternal Link – you can do this before you sign in to myGov or once you’ve signed in.  
  3. Sign in to myGovExternal Link with your myID – select Continue with Digital Identity to use myID as your sign-in method.
  4. Go to ATO online services – your online access strength is now set. You can view your online access strength (Standard or Strong) under your Personal details in ATO online services or My details if you're using the ATO app.

You can increase your online access strength at any time. For example, if you increase your myID identity strength from Standard to StrongExternal Link and use it to access ATO online services, your minimum online access strength will be set to Strong.

Strong is currently the highest level of online access strength you can achieve.

Your online access strength only applies to ATO online services. It doesn't apply to your myGov account or other linked services.

Use multi-factor authentication

Multi-factor authentication requires a combination of:

  • something the user knows (PIN, secret question)
  • something you have (card, token), or
  • something you are (fingerprint or other biometric).

Enabling multi-factor authentication increases your online safety, but the most secure way to access online accounts and services is by using a Digital ID such as myID. Protect yourself against cyber criminals and set up your myIDExternal Link now.

Use strong and secure passphrases

Consider moving from a password to a passphraseExternal Link. Using passphrases can:

  • boost the security of your accounts
  • make it harder for cyber criminals to access your information. 

A passphrase:

  • should be easy for you to remember
  • can involve a set of 4 of more random words, numbers and/or symbols depending on the website’s password requirements.

The longer your passphrases, the better.

A random mix of unrelated words:

  • is less predictable than a password
  • will produce a stronger passphrase – for example, ‘crystal onion clay pretzel‘.

A password manager can help you generate or store passphrases. Regularly change passphrases and do not share them.

Regularly back up your devices

Back up your files and devicesExternal Link regularly on a physical device (such as an external hard drive) or in the cloud. This is helpful if your data becomes damaged, lost, stolen or infected by ransomwareExternal Link.

Secure your backup devices by making sure they are not continuously connected to your main network.

Make sure all devices have the latest available security updates

Cyber criminals hack devices using known weaknesses in systems or apps. Updates have software security upgrades and make it harder to hack.

Regular updates are critical in maintaining a secure system. It's important to:

  • check for any updates regularly, or
  • turn on automatic updates.  

Antivirus softwareExternal Link can help prevent, detect, and remove malwareExternal Link from your device. Make sure you turn on your antivirus software and keep it up to date.

Be careful when clicking on links, downloading programs or opening attachments

Be careful when downloading attachments or clicking on links, even if the message seems to come from someone you know.

Always access our online services directly via ato.gov.au, my.gov.au or the ATO app – not by following a link.

Be sure you are downloading authorised and legitimate programs. Unless you know the program is legitimate, do not open attachments or download it.

Some programs contain malware that can infect your computer or be used to harvest your personal information.

Use a spam filter on your email account

Always use a spam filter on your email account and do not open unsolicited messages.

Be wary of downloading attachments or opening email links you receive, even if they are from someone you know.

Spam emails can be:

  • embedded with malware
  • used to trick you into providing information or buying non-legitimate goods.

Do not respond to or click on these emails. This can help you reduce the risk of your personal information being used fraudulently, or your computer being infected with malware.

Learn more about how to secure your emailExternal Link.

Monitor your accounts for unusual activity or transactions

Check your myGov Inbox and your accounts (including banking and online services) regularly. If you know everything is in order, it will be harder for a scammer to convince you otherwise.

If an organisation you deal with sends you an email or SMS alerting you to unexpected changes on your account, do not:

  • click on included hyperlinks
  • open any attachments.

You should immediately:

  • check your account
  • contact the organisation by telephone.

Be vigilant about what you share on social media

Keep personal information private and be aware of who you are interacting with.

People are accustomed to sharing personal information on social media. However, before sharing ask yourself if it is information you want strangers to have access to.

It's very easy for information on social media sites to be shared outside of your network, even when your security settings are set to private.

Be sure you know who you are speaking to on social media, and only share information with people you know and trust.

Criminals can use certain combinations of your personal information to impersonate you to access money, apply for credit cards and bank loans, or commit crimes.

Keep your personal information secure

Keep your tax file number (TFN), passwords, superannuation and other sensitive information (such as your myGov or bank account details) secure. Don't share them with others, including in emails, to prospective employers or on social media.

Secure your electronic devices wherever you are. Your personal information can be taken in an instant. In some situations, you won’t even know it was stolen.

Make sure you:

  • do not leave electronic devices unattended
  • secure your electronic devices with passcodes
  • securely store portable storage devices (such as thumb and hard drives) when not in use.

Learn more about how to protect yourself onlineExternal Link.

QC50562