Bookkeeper
Cyber Security Health Check
Your ATO portal credentials are worth thousands to criminals. They're actively hunting for them.
In about an hour, see exactly where you're exposed, turn your gaps into a prioritised action plan you can track, and get a professional report you can show your insurer, regulator, or clients — no IT knowledge needed.
BAS agents are prime targets for credential theft.
Criminals know that one set of compromised bookkeeper credentials can unlock access to dozens—sometimes hundreds—of client businesses. Your ATO portal login isn't just a password; it's a gateway to lodge fraudulent BAS refunds, change bank details, and steal money from every client you service.
BAS fraud losses are in the millions. The scam is simple: steal your credentials, lodge inflated BAS refunds, redirect the money to criminal accounts. By the time the ATO reverses it, the money is gone—and your clients are asking why you let this happen. Some bookkeepers have lost their entire client base overnight.
The TPB and Privacy Act have real consequences.
As a registered BAS agent, you're bound by the Code of Professional Conduct. The Tax Practitioners Board (TPB) — which registers BAS agents — treats securing client information as part of your obligations, and an investigation can suspend or cancel your registration. The Privacy Act adds another layer: penalties for failing to protect personal information can reach $50 million. "I didn't know" won't save your registration or protect you from fines.
Working from home? Working from client sites? The risks multiply.
Many bookkeepers work across multiple locations—home offices, client premises, shared workspaces. Each location is another opportunity for credentials to be stolen, devices to be compromised, or sensitive data to be exposed. Do you know if your setup is actually secure?
Xero, MYOB, QuickBooks—your accounting software is a target too.
It's not just the ATO portal. Attackers who compromise your accounting software access can see bank feeds, create fraudulent invoices, and manipulate financial records. Multi-factor authentication, strong passwords, and proper access controls aren't optional anymore.
This health check is built specifically for bookkeepers and BAS agents.
Plain-English questions covering ATO portal security, accounting software protection, client data handling, email security, phishing recognition, and the specific risks of working across multiple locations. No technical jargon—designed so any bookkeeper can complete it and understand the results.
What you get:
What your results look like
Finish in about an hour and you get a clear overall score, a breakdown across every security domain, and every gap turned into a prioritised action plan you can track and export. (Example output.)
What You Receive
Every assessment generates a comprehensive report. Download a sample below.
Summary Report
Plain-English findings with scores, prioritised improvement plan, risk associations, and resources
Download SampleComplete it in about 60 minutes. No technical knowledge required. Your data never leaves your device.
Who is this for?
Registered BAS agents, contract bookkeepers, and bookkeeping practices. Whether you work solo from home, visit client sites, or run a small team—if you handle client financial data and ATO portal access, this health check is designed for you.
Your Assessment Includes a Personal AI Security Advisor
Two AI assistants are built into the tool — one to help you during the assessment, one to help you make sense of your results. Like having a security professional on call.
Not sure what a question is asking? Just ask.
Every question in the assessment has an AI helper built in. Tap it and ask anything — "What does this question actually mean?", "Can you give me an example?", "Why does this matter for my business?" — and you'll get a plain-English explanation instantly.
- ✓ Explains technical concepts in everyday language
- ✓ Gives real-world examples relevant to your industry
- ✓ Never suggests how to answer — just helps you understand
- ✓ No technical background required to complete the assessment
Available the moment you see your results.
Once your results are in, an AI security advisor can answer any question about what they mean — in plain English, like talking to a security professional. It can even draft a phased action plan from your specific gaps — what to fix first, next, and over time.
- ✓ "Explain my highest risk gap in simple terms"
- ✓ "Walk me through how to fix action #3"
- ✓ "Which gaps are easiest to fix myself?"
- ✓ Ask anything — your advisor knows your specific results
Get the Bookkeeper Cyber Health Check
Get My Health CheckCommon Questions
Why are bookkeepers and BAS agents targeted by cyber criminals?
What obligations do BAS agents have around cyber security?
What does the Bookkeeper Health Check cover?
What do I receive after completing the health check?
Further Reading
Resource
Cyber Security for Bookkeepers and BAS Agents
Why bookkeepers are prime targets for ATO portal fraud, what the TPB requires, and the specific steps that protect your practice and your clients.
Read the guide