Receive the latest mybusiness newssign up
The ATO’s top 10 digital security tips

Website Notifications

Get notifications in real-time for staying up to date with content that matters to you.

The ATO’s top 10 digital security tips

A mouse about to click a button that says SECURITY

Here are some tips straight from the ATO to help business owners maintain the most digitally secure business they possibly can.

It can be difficult to cover all the aspects of digital security. Security systems have many different facets, and it can be hard to remember each of them at all times.

The ATO has tried to alleviate this burden by consulting with the Cyber Security Working Group to collate the best tips to help business owners maintain their digital security.


1. Have a strong and secure password

The ATO suggests using passwords that consist of a collection of lower and upper case letters, numbers and symbols, and changing them frequently.

However, experts such as Ixia’s senior product marketing manager Jason Landry and hacker turned security expert Kevin Mitnick have previously told My Business that the best passwords do not necessarily contain the previously mentioned combinations, but instead are simple, sometimes nonsensical, passphrases.

A mouse about to click a button that says SECURITYThe ATO also suggested using multi-factor authentication. This involves using a provider that sends a temporary code to your phone, app or other device. This code is then required to log into a service, in addition to your regular log-in credentials.

2. Remove unnecessary access

Ex-employees should not be able to access the business' files. As such, the ATO says steps should be taken to ensure that access is revoked once an employee stops working for the business.



This also applies to employees who change positions within the business, as their new position may not require access to files they previously could access.

By not taking steps to revoke unnecessary access, you could enable past employees to commit identity fraud.

3. Update all devices

To avoid falling victim to malware (malicious software) and ransomware (software that holds your files hostage unless you pay a fee), every device and program your business uses should be updated, including anti-virus and malware scanning software.

4. Be wary of external devices

External device security is a commonly ignored security consideration.

According to the ATO, unfamiliar USBs and external hard drives can contain malware, and therefore should not be plugged into business devices until they have been properly verified not to contain any malware.

5. Watch out for email spam

Sooner or later, spam or scam emails will miss the junk folder and find their way into a user’s inbox. Business owners and their employees should be vigilant in not clicking any attachments or links in an email, even from supposedly legitimate email accounts.

Moving missed spam and scam emails into the junk folder can help your spam filter recognise more types of spam.

My Business has previously covered phishing scams, a type of scam that targets business owners to siphon as much money from a business as possible, and how to not be stung by these scams.

6. Use secure wireless networks

Using unsecured wireless networks when out and about, such as making business-related payments on a mobile device, can result in that data being observed by those with malicious intent.

As such, avoid using unsecured wireless networks in order to keep your data as secure as possible.

7. Don’t share everything on social media

A person in a hoodie holds a tablet. Their face is obscured by shadowsIt is always important to keep personal information to an absolute minimum when using a social media account for a business.

Business owners should also be careful who they interact with, as scammers may try to impersonate the business owner or the business itself. Scammers may try to obtain this information by sending emails to staff or suppliers via a middle-man scam.

My Business has previously published an article on what to look out for and how to stop a middle-man scam affecting your business.

8. Watch out for unusual account activity or transactions

If your accounts, either financial or digital, show interactions that no one in the business is responsible for, they may have been breached.

The ATO also mentions that if a supplier sends an email about unexplained changes, it is important not to open any attached files or open any links, as it may be a scam attempt.

If this occurs, contact that business or supplier by telephone to confirm.

9. Secure your mail

By using a PO box, the ATO says businesses can secure their mail and reduce the chance of information security breaches by mail theft.

10. Keep devices secured

Unattended devices are a simple way for private data to be stolen quickly and without much warning.

Make sure your devices with passcode functionality have a passcode enabled. Keep your storage devices secure, such as USBs and external hard drives, and ensure that information of any kind is not left unattended.

The ATO’s top 10 digital security tips
mybusiness logo