Accounting Practice
Cyber Security Health Check
Accountants are one of the most targeted professions in Australia. Criminals know exactly what you have access to.
In about an hour, see exactly where you're exposed, turn your gaps into a prioritised action plan you can track, and get a professional report you can show your insurer, regulator, or clients — no IT knowledge needed.
Your ATO portal access makes you a high-value target.
Cyber criminals specifically target accountants because of what you can access: ATO portals, client TFNs, bank account details, and the trust relationships you hold with clients. A compromised accounting practice doesn't just lose data—it becomes a launchpad for fraud against every client on your books.
BAS fraud is exploding. Criminals are hijacking accountant credentials to lodge fraudulent BAS refunds, redirecting thousands of dollars before anyone notices. By the time the ATO claws it back, your client relationship is destroyed—and you're explaining to the TPB why your systems were compromised.
The TPB and Privacy Act have real consequences.
The Tax Practitioners Board (TPB) — which registers tax and BAS agents — now treats cyber security as part of the skills you're required to keep current. A TPB investigation can suspend or cancel your registration. On top of that, Privacy Act penalties for failing to protect client information can reach $50 million. If you can't show you took reasonable steps, both your registration and serious fines are on the line.
Your PI insurer is paying attention too.
Professional indemnity claims from cyber incidents are rising sharply. Insurers are asking detailed questions about your security controls at renewal—and denying claims when practices can't show they had basic protections in place. A health check gives you documented evidence of your security posture.
One compromised password can expose every client.
Think about what's accessible from your practice management system: client names, TFNs, dates of birth, bank accounts, financial statements, tax returns. If an attacker gets in through a weak password or phishing email, they have everything they need for identity theft and fraud—multiplied across your entire client base.
This cyber health check covers what actually matters for accounting practices.
Plain-English questions covering ATO portal security, Xero/MYOB/practice management protection, client TFN handling, BAS fraud prevention, email security, and staff awareness. No technical jargon—designed so any practitioner or practice manager can complete it and understand the results.
What you get:
What your results look like
Finish in about an hour and you get a clear overall score, a breakdown across every security domain, and every gap turned into a prioritised action plan you can track and export. (Example output.)
What You Receive
Every assessment generates a comprehensive report. Download a sample below.
Summary Report
Plain-English findings with scores, prioritised improvement plan, risk associations, and resources
Download SampleComplete it in about 60 minutes. No technical knowledge required. Your data never leaves your device.
Who is this for?
Sole practitioners, small-to-medium accounting firms, and tax agents. Practice principals, partners, and office managers responsible for compliance and operations. Any accounting practice that handles client financial information and wants to understand their cyber security posture—without needing IT expertise to do it.
Your Assessment Includes a Personal AI Security Advisor
Two AI assistants are built into the tool — one to help you during the assessment, one to help you make sense of your results. Like having a security professional on call.
Not sure what a question is asking? Just ask.
Every question in the assessment has an AI helper built in. Tap it and ask anything — "What does this question actually mean?", "Can you give me an example?", "Why does this matter for my business?" — and you'll get a plain-English explanation instantly.
- ✓ Explains technical concepts in everyday language
- ✓ Gives real-world examples relevant to your industry
- ✓ Never suggests how to answer — just helps you understand
- ✓ No technical background required to complete the assessment
Available the moment you see your results.
Once your results are in, an AI security advisor can answer any question about what they mean — in plain English, like talking to a security professional. It can even draft a phased action plan from your specific gaps — what to fix first, next, and over time.
- ✓ "Explain my highest risk gap in simple terms"
- ✓ "Walk me through how to fix action #3"
- ✓ "Which gaps are easiest to fix myself?"
- ✓ Ask anything — your advisor knows your specific results
Get the Accounting Health Check
Get My Health CheckCommon Questions
Why are accounting firms targeted by cyber criminals?
What cyber security obligations do accountants have?
What does the Accounting Practice Health Check cover?
What do I receive after completing the health check?
Further Reading
Resource
TPB Cyber Security Requirements for Accountants and BAS Agents
What the Tax Practitioners Board Code of Conduct actually requires from registered agents on cyber security — and what evidence you need if something goes wrong.
Read the guideWant a broader small business assessment?
View Generic Small Business Health Check →