Gillespie Advisory News

Protecting your business from ID thieves

Written by Gillespie Advisory | Nov 4, 2022 4:29:15 AM

The COVID-19 pandemic has led to many challenges for small business operators, including a significant escalation in cybersecurity threats.

One of the fastest growing of these threats is identity (ID) crime, with the Australian Competition and Consumer Commission’s (ACCC’s) Scamwatch finding ID theft in Australia increased 234 per cent in 2021.
 
The scale of the problem is worrying, with a recent survey by the Australian Institute of Criminology finding 19 per cent of respondents had experienced misuse of their personal information.

What identity criminals want

The explosion in ID crime is not just a problem for individuals, it’s a growing headache for businesses. This is due to the increasing amount of personal information they now hold, about their employees, clients and customers.

The ATO has been reminding small businessowners that ID documents are like gold to tax scammers, who can use information such as a driver’s licence, passport and tax file number to steal tax refunds and super.

Cybercriminals can also commit fraud in your name, take over your business and submit amendments to your Business Activity Statements. This makes it vital to protect key information ID thieves target, such as employees’ personal information, business records containing personal information, BAS documents and myGovIDs.

Check your physical records are protected

Worrying about the physical security of your information may seem old-fashioned, but ensuring your business premises and systems are protected is vital.

ID criminals can obtain invaluable business and client details simply by breaking into your premises and photographing business records or employee details.

To combat this, fit physical barriers such as window and door locks, file copies of documents and ID information in lockable storage units, and ensure you install an appropriate alarm system to protect against intruders.

Securing your business online

Strong online security practices are also essential to protect information about your business, employees and clients from ID thieves.

If you hold financial records, confirm the identity of anyone requesting changes to their information and fully verify new payment details. Ensure your employees are trained to identify suspicious requests for personal information, or emails that may link to fake websites built to capture passwords.

It’s also important to secure your email account through multi-factor authentication or a strong, unique passphrase.

Good online security also means changing all the passwords used in the business on a regular basis and ensuring they are not easy for potential thieves to guess. Updated security and anti-virus software needs to be installed on all devices used by the business and by any employees working from home.

When sourcing business software and support (such as payroll services), ask vendors about their system security, including where the data will be stored and their security certification and support services for data breaches.

Reporting cybercrime to the ATO

While your business’s reputation can take a real battering if you don’t have adequate protections for both your own and your clients’ ID information, there are also regulatory requirements when it comes to data breaches.

Businesses have an obligation to report all tax-related security issues to the ATO.

To help you manage your obligations to protect identity information, the ATO has an online security self-assessment questionnaire small businesses can use to check their performance in this area. This can help you identify which online security measures you are getting right as well as potential areas for improvement.

Businesses also have data breach reporting obligations under the Privacy Act. The Office of the Australian Information Commissioner has helpful tips on how to create a solid data breach response plan.

Protect your myGov ID

The government’s push for more online transactions means more and more personal and business information needs to be protected. If you or a key employee accesses the government’s online services on behalf of your business, you will need a myGovID.

This new digital identity key uses encryption technology to protect your identity when interacting with government agencies online. To strengthen protection of your identity and business information online, you can now set up face verification on myGovID.

If you are aware or suspect your myGovID has been inappropriately accessed, you need to report it immediately.

Important: This provides general information and hasn’t taken your circumstances into account. It’s important to consider your particular circumstances before deciding what’s right for you. Although the information is from sources considered reliable, we do not guarantee that it is accurate or complete. You should not rely upon it and should seek qualified advice before making any investment decision. Except where liability under any statute cannot be excluded, we do not accept any liability (whether under contract, tort or otherwise) for any resulting loss or damage of the reader or any other person.

Any information provided by the author detailed above is separate and external to our business and our Licensee. Neither our business nor our Licensee takes any responsibility for any action or any service provided by the author. Any links have been provided with permission for information purposes only and will take you to external websites, which are not connected to our company in any way. Note: Our company does not endorse and is not responsible for the accuracy of the contents/information contained within the linked site(s) accessible from this page.