Protecting your business from ID thieves

The COVID-19 pandemic has led to many challenges for small business operators, including a significant escalation in cybersecurity threats.

One of the fastest growing of these threats is identity (ID) crime, with the Australian Competition and Consumer Commission’s (ACCC’s) Scamwatch finding ID theft in Australia increased 234 per cent in 2021.

The scale of the problem is worrying, with a recent survey by the Australian Institute of Criminology finding 19 per cent of respondents had experienced misuse of their personal information.

What identity criminals want

The explosion in ID crime is not just a problem for individuals, it’s a growing headache for businesses. This is due to the increasing amount of personal information they now hold, about their employees, clients and customers.

The ATO has been reminding small businessowners that ID documents are like gold to tax scammers, who can use information such as a driver’s licence, passport and tax file number to steal tax refunds and super.

Cybercriminals can also commit fraud in your name, take over your business and submit amendments to your Business Activity Statements. This makes it vital to protect key information ID thieves target, such as employees’ personal information, business records containing personal information, BAS documents and myGovIDs.

Check your physical records are protected

Worrying about the physical security of your information may seem old-fashioned, but ensuring your business premises and systems are protected is vital.

ID criminals can obtain invaluable business and client details simply by breaking into your premises and photographing business records or employee details.

To combat this, fit physical barriers such as window and door locks, file copies of documents and ID information in lockable storage units, and ensure you install an appropriate alarm system to protect against intruders.

Securing your business online

Strong online security practices are also essential to protect information about your business, employees and clients from ID thieves.

If you hold financial records, confirm the identity of anyone requesting changes to their information and fully verify new payment details. Ensure your employees are trained to identify suspicious requests for personal information, or emails that may link to fake websites built to capture passwords.

It’s also important to secure your email account through multi-factor authentication or a strong, unique passphrase.

Good online security also means changing all the passwords used in the business on a regular basis and ensuring they are not easy for potential thieves to guess. Updated security and anti-virus software needs to be installed on all devices used by the business and by any employees working from home.

When sourcing business software and support (such as payroll services), ask vendors about their system security, including where the data will be stored and their security certification and support services for data breaches.

Reporting cybercrime to the ATO

While your business’s reputation can take a real battering if you don’t have adequate protections for both your own and your clients’ ID information, there are also regulatory requirements when it comes to data breaches.

Businesses have an obligation to report all tax-related security issues to the ATO.

To help you manage your obligations to protect identity information, the ATO has an online security self-assessment questionnaire small businesses can use to check their performance in this area. This can help you identify which online security measures you are getting right as well as potential areas for improvement.

Businesses also have data breach reporting obligations under the Privacy Act. The Office of the Australian Information Commissioner has helpful tips on how to create a solid data breach response plan.

Protect your myGov ID

The government’s push for more online transactions means more and more personal and business information needs to be protected. If you or a key employee accesses the government’s online services on behalf of your business, you will need a myGovID.

This new digital identity key uses encryption technology to protect your identity when interacting with government agencies online. To strengthen protection of your identity and business information online, you can now set up face verification on myGovID.

If you are aware or suspect your myGovID has been inappropriately accessed, you need to report it immediately.

If you need any assistance setting up your myGovID, please get in touch via email or contact us on 03 5120 1400.

Material contained in this publication is a summary only and is based on information believed to be reliable and received from sources within the market. It is not the intention of RGM Financial Planners Pty Ltd ABN 36 419 582 Australian Financial Services Licence Number 229471, RGM Accountants & Advisors Pty Ltd ABN 69 528 723 510 that this publication be used as the primary source of readers’ information but as an adjunct to their own resources and training. No representation is given, warranty made or responsibility taken as to the accuracy, timeliness or completeness of any information or recommendation contained in this publication and RGM and its related bodies corporate will not be liable to the reader in contract or tort (including for negligence) or otherwise for any loss or damage arising as a result of the reader relying on any such information or recommendation (except in so far as any statutory liability cannot be excluded).

Liability limited by a scheme approved under Professional Standards Legislation.