Lock up your login this tax time

The Australian Taxation Office is reminding tax agents that their myGovID gives them access to online services on behalf of their practice and they are responsible for their myGovID so must take steps to protect it.

These steps include using a personal email address when setting up a myGovID. It is a personal digital identity and using a personal email address ensures tax agents have ongoing access to it. Use strong and secure passwords for this email account, and never share them with others.

In addition, keep devices on which a myGovID account has been set up secure. Enable built-in security features in the device such as fingerprint or face, and don’t leave devices unattended. If a device is lost or stolen or it is suspected someone has inappropriately accessed a myGovID, report it to the ATO straight away.

Stay on top of cyber hygiene. Run software updates straight away, keep antivirus software up to date, and always be careful when clicking on links and providing personal identifying information.

If a tax agent is also managing a practice, take additional steps to maintain authorisations and access by regularly checking and updating authorisations in Relationship Authorisation Manager (RAM), removing authorisations in RAM – as well as other systems – as soon as they are no longer required, monitoring user access to online services using the access history report in Access Manager and checking that staff have appropriate permissions for their role in Access Manager.