$399 + GST Get My Health Check

In about an hour, see exactly where you're exposed, turn your gaps into a prioritised action plan you can track, and get a professional report you can show your insurer, regulator, or clients — no IT knowledge needed.

BAS agents are prime targets for credential theft.

Criminals know that one set of compromised bookkeeper credentials can unlock access to dozens—sometimes hundreds—of client businesses. Your ATO portal login isn't just a password; it's a gateway to lodge fraudulent BAS refunds, change bank details, and steal money from every client you service.

BAS fraud losses are in the millions. The scam is simple: steal your credentials, lodge inflated BAS refunds, redirect the money to criminal accounts. By the time the ATO reverses it, the money is gone—and your clients are asking why you let this happen. Some bookkeepers have lost their entire client base overnight.

The TPB and Privacy Act have real consequences.

As a registered BAS agent, you're bound by the Code of Professional Conduct. The Tax Practitioners Board (TPB) — which registers BAS agents — treats securing client information as part of your obligations, and an investigation can suspend or cancel your registration. The Privacy Act adds another layer: penalties for failing to protect personal information can reach $50 million. "I didn't know" won't save your registration or protect you from fines.

Working from home? Working from client sites? The risks multiply.

Many bookkeepers work across multiple locations—home offices, client premises, shared workspaces. Each location is another opportunity for credentials to be stolen, devices to be compromised, or sensitive data to be exposed. Do you know if your setup is actually secure?

Xero, MYOB, QuickBooks—your accounting software is a target too.

It's not just the ATO portal. Attackers who compromise your accounting software access can see bank feeds, create fraudulent invoices, and manipulate financial records. Multi-factor authentication, strong passwords, and proper access controls aren't optional anymore.

This health check is built specifically for bookkeepers and BAS agents.

Plain-English questions covering ATO portal security, accounting software protection, client data handling, email security, phishing recognition, and the specific risks of working across multiple locations. No technical jargon—designed so any bookkeeper can complete it and understand the results.

What you get:

67
Plain-English Questions
Specific to bookkeepers and BAS agents—no technical knowledge required
Clear Security Score
See exactly where you're protected and where you're exposed
Prioritised Actions
Gaps ranked by risk, then turned into a phased action plan you track to completion
Professional Reports
Comprehensive Word report with scores, recommendations, and improvement plan

What your results look like

Finish in about an hour and you get a clear overall score, a breakdown across every security domain, and every gap turned into a prioritised action plan you can track and export. (Example output.)

Cyber Security Health Check results screen showing an overall score and maturity across Essential, Recommended and Advanced practice levels
Your overall score, plus maturity across Essential, Recommended and Advanced practices.
Domain Maturity Analysis showing a score-by-domain bar chart and a gap risk distribution pie chart
A breakdown across every security domain, with your gaps grouped by risk level.
What You're Doing Well section highlighting the security areas where the business is already strong, with a score and an Excellent rating
It's not just problems — it highlights what you're already doing well, too.
Identified Gaps table listing each gap with time, cost, urgency, risk and priority, plus a plain-English recommendation
Every gap ranked by priority, each with a plain-English recommendation.
Action Register table listing chosen actions with owner, due date and status, plus a Download register Excel button
Turn gaps into a tracked action register — owner, due date, status, export to Excel.

What You Receive

Every assessment generates a comprehensive report. Download a sample below.

Summary Report

Plain-English findings with scores, prioritised improvement plan, risk associations, and resources

Download Sample

Complete it in about 60 minutes. No technical knowledge required. Your data never leaves your device.

Who is this for?

Registered BAS agents, contract bookkeepers, and bookkeeping practices. Whether you work solo from home, visit client sites, or run a small team—if you handle client financial data and ATO portal access, this health check is designed for you.

AI-Powered

Your Assessment Includes a Personal AI Security Advisor

Two AI assistants are built into the tool — one to help you during the assessment, one to help you make sense of your results. Like having a security professional on call.

During the assessment

Not sure what a question is asking? Just ask.

Every question in the assessment has an AI helper built in. Tap it and ask anything — "What does this question actually mean?", "Can you give me an example?", "Why does this matter for my business?" — and you'll get a plain-English explanation instantly.

  • Explains technical concepts in everyday language
  • Gives real-world examples relevant to your industry
  • Never suggests how to answer — just helps you understand
  • No technical background required to complete the assessment
AI question helper explaining a cyber security question in plain English during the assessment
Assessment question interface showing radio button answer choices and plain English guidance
After you finish

Available the moment you see your results.

Once your results are in, an AI security advisor can answer any question about what they mean — in plain English, like talking to a security professional. It can even draft a phased action plan from your specific gaps — what to fix first, next, and over time.

  • "Explain my highest risk gap in simple terms"
  • "Walk me through how to fix action #3"
  • "Which gaps are easiest to fix myself?"
  • Ask anything — your advisor knows your specific results
AI Personal Security Advisor chat interface showing results-based guidance after completing the health check

Get the Bookkeeper Cyber Health Check

Get My Health Check
$399 + GST
Instant download · 30-day money-back guarantee · Runs entirely on your device

Common Questions

Why are bookkeepers and BAS agents targeted by cyber criminals?
Bookkeepers and BAS agents hold direct access to client ATO portals, bank feeds, payroll systems, and financial accounts. Criminals target bookkeeper credentials specifically because one compromised login can provide access to multiple client businesses simultaneously. BAS fraud — where criminals redirect GST refunds to their own accounts — is a growing threat that directly implicates the bookkeeper's systems.
What obligations do BAS agents have around cyber security?
The TPB Code of Professional Conduct requires registered BAS agents to take reasonable steps to protect client information and maintain the integrity of the tax system. The Privacy Act applies to BAS agents who collect personal information. ATO's Online Services for Agents requires practitioners to protect their myGovID credentials and report suspected compromises promptly.
What does the Bookkeeper Health Check cover?
The health check covers myGovID and ATO portal security, cloud accounting software access controls, bank feed and payment system security, client data handling practices, email security against phishing, backup procedures, and incident response planning for BAS agents and bookkeeping practices.
What do I receive after completing the health check?
You receive a professional Word report with an overall score and prioritised action list. Recommendations are specific to bookkeeping practice risks — not generic IT advice. The report is suitable for sharing with your PI insurer or keeping on file as evidence of TPB compliance.

View all frequently asked questions →

Further Reading

Resource

Cyber Security for Bookkeepers and BAS Agents

Why bookkeepers are prime targets for ATO portal fraud, what the TPB requires, and the specific steps that protect your practice and your clients.

Read the guide