Accounting Practice Cyber Security Health Check

Your ATO portal access makes you a high-value target.

Cyber criminals specifically target accountants because of what you can access: ATO portals, client TFNs, bank account details, and the trust relationships you hold with clients. A compromised accounting practice doesn't just lose data—it becomes a launchpad for fraud against every client on your books.

BAS fraud is exploding. Criminals are hijacking accountant credentials to lodge fraudulent BAS refunds, redirecting thousands of dollars before anyone notices. By the time the ATO claws it back, your client relationship is destroyed—and you're explaining to the TPB why your systems were compromised.

The TPB and Privacy Act have real consequences.

The Tax Practitioners Board Code of Professional Conduct requires you to maintain "knowledge and skills relevant to the services you provide"—and that now explicitly includes cyber security. TPB investigations can result in suspension or termination of your registration. Meanwhile, Privacy Act penalties for failing to protect client information can reach $50 million. If you can't demonstrate you took reasonable steps, you're risking both your registration and serious financial penalties.

Your PI insurer is paying attention too.

Professional indemnity claims from cyber incidents are rising sharply. Insurers are asking detailed questions about your security controls at renewal—and denying claims when practices can't show they had basic protections in place. A health check gives you documented evidence of your security posture.

One compromised password can expose every client.

Think about what's accessible from your practice management system: client names, TFNs, dates of birth, bank accounts, financial statements, tax returns. If an attacker gets in through a weak password or phishing email, they have everything they need for identity theft and fraud—multiplied across your entire client base.

This cyber health check covers what actually matters for accounting practices.

Plain-English questions covering ATO portal security, Xero/MYOB/practice management protection, client TFN handling, BAS fraud prevention, email security, and staff awareness. No technical jargon—designed so any practitioner or practice manager can complete it and understand the results.

What you get:

66

Plain-English Questions

Specific to accounting practices—no technical knowledge required

Clear Security Score

See exactly where you're protected and where you're exposed

Prioritised Actions

Gaps ranked by risk with specific steps to fix each one

Professional Reports

Comprehensive Word report with scores, recommendations, and improvement plan

What You Receive

Every assessment generates a comprehensive report. Download a sample below.

Summary Report

Plain-English findings with scores, prioritised improvement plan, risk associations, and resources

Download Sample

Complete it in about 60 minutes. No technical knowledge required. Your data never leaves your device.

Who is this for?

Sole practitioners, small-to-medium accounting firms, and tax agents. Practice principals, partners, and office managers responsible for compliance and operations. Any accounting practice that handles client financial information and wants to understand their cyber security posture—without needing IT expertise to do it.

AI-Powered

Your Assessment Includes a Personal AI Security Advisor

Two AI assistants are built into the tool — one to help you during the assessment, one to help you make sense of your results. Like having a security professional on call.

During the assessment

Not sure what a question is asking? Just ask.

Every question in the assessment has an AI helper built in. Tap it and ask anything — "What does this question actually mean?", "Can you give me an example?", "Why does this matter for my business?" — and you'll get a plain-English explanation instantly.

✓ Explains technical concepts in everyday language
✓ Gives real-world examples relevant to your industry
✓ Never suggests how to answer — just helps you understand
✓ No technical background required to complete the assessment

AI question helper explaining a cyber security question in plain English during the assessment

Assessment question interface showing radio button answer choices and plain English guidance

After you finish

Your Personal Security Advisor — available the moment you see your results.

Once your results are in, an AI security advisor has your full assessment in front of it and is ready to answer any question about what it means — in plain English, as if you're talking to a security professional.

✓ "Explain my highest risk gap in simple terms"
✓ "Walk me through how to fix action #3"
✓ "Which gaps are easiest to fix myself?"
✓ Ask anything — your advisor knows your specific results

AI Personal Security Advisor chat interface showing results-based guidance after completing the health check

No consultants. No jargon. No guesswork.

For the first time, small businesses get the same quality of guidance that used to cost hundreds of dollars an hour — built directly into the assessment.

Get the Accounting Health Check

Buy Now

$1,199 + GST

Common Questions

Why are accounting firms targeted by cyber criminals?

Accountants hold the keys to their clients' financial lives — ATO portal credentials, TFNs, bank account details, and trust relationships built over years. Criminals exploit compromised accounting credentials to lodge fraudulent BAS refunds, redirect tax returns, and commit identity fraud against every client on your books. A single breach can affect dozens of businesses simultaneously.

What cyber security obligations do accountants have?

The Tax Practitioners Board (TPB) Code of Professional Conduct requires registered tax agents and BAS agents to take reasonable steps to protect client information. The Privacy Act 1988 imposes obligations on practices that collect personal information. PI insurers increasingly assess cyber controls at renewal. A documented health check demonstrates you have taken those reasonable steps.

What does the Accounting Practice Health Check cover?

The health check covers ATO portal and myGovID security, client data protection, password and access controls, email security, backup procedures, software and device management, staff security awareness, and incident response readiness. Questions are tailored to the specific risks facing accounting and bookkeeping practices — not generic checklists.

What do I receive after completing the health check?

You receive a professional Word report with an overall security score, domain-by-domain breakdown, and a prioritised action list ranked by risk. The report is suitable for sharing with your PI insurer, your IT provider, or keeping on file as evidence of due diligence with the TPB.

View all frequently asked questions →

TPB Cyber Security Requirements for Accountants and BAS Agents

What the Tax Practitioners Board Code of Conduct actually requires from registered agents on cyber security — and what evidence you need if something goes wrong.

Read the guide