Tax professionals' role
As a tax professional, you are vital in ensuring the integrity of the tax and superannuation systems. When you represent your clients, it's important you take reasonable steps to avoid enabling tax fraud. Your business holds sensitive data that is appealing to identity thieves and cybercriminals. It's important you protect this data.
To help protect your practice and client information we recommend you:
- follow the agent verification methods guidelines and
- check the proof of identity for all new clients
- question any discrepancies in proof of identity
- avoid retaining copies of any documents used to verify clients
- only lodge for clients whose identity you have confirmed
- train your staff in why and how to secure client information
- check existing client records for unusual updates or lodgments
- perform background checks on new employees
- educate your employees about what is appropriate to discuss on social media or by email.
Security advice for your business
It is important to keep your business, staff and client information secure. If your data is lost or compromised, it can be very difficult, time consuming and costly to recover.
Strong security practices can help mitigate the risks from identity thieves or cybercriminals infiltrating your systems. Criminals can try to access this information by:
- breaking into your business and stealing your records
- taking a photo of your business or employee details
- stealing your passwords, account logins or personally identifying information (PII)
- using legitimate access as an employee to steal information (also known as insider threat)
- using compromised emails with malicious links or programs
- sending emails to phish for information from your business
- exploiting security vulnerabilities in software.
Media: Protect your business against identity crime http://tv.ato.gov.au/ato-tv/media?v=bd1bdiunji3ij9External Link (Duration: 1:18)
Secure your physical premises
You can help keep your business, customer and employee information safe by:
- installing physical barriers such as locked doors and windows
- making sure you have appropriate alarm systems in place
- ensuring paper documents and devices are not left unattended
- filing paper documents in lockable storage units
- ensuring your mailbox is secure and cleared out daily to avoid mail theft
- securely storing portable storage devices (such as thumb and hard drives) when not in use.
Secure your electronic information
Secure your electronic devices and physical files wherever you are. Your information can be stolen in an instant. In some situations, you won't even know it's been stolen.
Stolen information could be used to commit crimes, often in your business' name.
Make sure you:
- don't leave your electronic information unattended
- ensure employees log out of systems and lock computers when not in use
- secure your electronic business files and employee information when they're not in use
- secure your electronic devices (such as phones or tablets) with passcodes.
Protect your Digital ID
Your Digital ID, such as myID, is a simple and secure way to prove who you are when accessing government online services including Online services for business and Online services for agents.
myID uses encryption and cryptographic technology and the security features in your device, such as fingerprint or face, to protect your identity.
Your myID belongs to you - protect your myIDExternal Link and don’t share it with others. Sharing your myID could enable others to access your personal data across online services.
If you're aware or suspect that your myID has been inappropriately accessed, report it immediately to the myID support lineExternal Link.
Report fraud
Fraud can be the result of many things, including criminals:
- stealing someone's identity to lodge incorrect returns and steal refunds
- obtaining access to your client records to gain information
- impersonating your business to gain a benefit.
Tax professionals may be targeted to steal client information. Criminals may also use tax professionals' businesses to lodge fraudulent claims.
To report suspected fraud or criminal activity, make a tip-off by phoning us on 1800 060 062 (between 8.00am and 6.00pm AEST, Monday to Friday).
You can also report a cybercrimeExternal Link.
Data breaches
If you have experienced a data breach, you will need to take steps to secure your business information and client records from potential fraud:
- Data breach guidance for businesses
- Data breach guidance for tax professionals
- IDCAREExternal Link provides help to organisations that experience data breach events. We also have information on how to get help for identity theft.