Blog

Back to blog

To most people, financial stress = bills, bills, more bills and tax. In reality, a cyber security breach can be far more damaging than any tax bill. Not only could you lose huge sums of money while wasting a significant amount of time, but you could even put your identity or your business reputation at risk.

At Freshwater, we are an online-first firm. Everything we do is digital; from signing documents to lodging returns to storing your financial history. We take protecting your information very seriously.

 

Why the ATO locks your account
Occasionally in Australia, there are scenarios where they ATO will actually lock your TFN. When this happens to our clients, we’re of course asked why their ATO account is suddenly locked or why they are asked to provide ID checks again. It’s frustrating when you just want to log in keep rolling. As annoying as it is please remember, this is a very important security measure. The ATO runs constant monitoring. If it sees unusual logins, repeated failed attempts, or changes that look suspicious, it will freeze access until you confirm who you are.

Yes, it’s a hassle, but remember what is at stake! Your ATO account holds your Tax File Number, your bank details, your PAYG history, and your super records. Criminals target these accounts precisely because they can use them to redirect refunds or create false returns in your name. A short lockout is nothing compared to months of fighting a fraud.

 

The rise of business identity theft
It’s not just individuals at risk. Small businesses are increasingly targeted by scammers who register fake ABNs, send invoices that look legitimate, or hack into emails to swap out supplier bank details. If you pay an invoice without double checking, the money is gone. The bank may not recover it.

This is why cyber awareness is not just a “tech” problem, it is a financial health problem. We recommend that businesses get into the habit of confirming bank details with suppliers, and that they regularly check ASIC and ABN registrations for their own business name to make sure nothing suspicious has been set up in their name.

 

Email compromise
One of the simplest cyber crimes is email forwarding. A hacker breaks into your inbox and sets up a hidden rule so every invoice or financial email is sent to them as well. You don’t notice anything, but behind the scenes someone else is reading everything. This is one reason we do not want sensitive records sent by email. Our secure client portal exists to give you and us peace of mind that private documents stay private. Our Freshwater Portal comes with two factor authentication and also lets you seal each sensitive document you upload for extra protection.

 

How to secure your Freshwater Portal
Securing your Freshwater Portal account with two factor authentication only takes a minute and gives you instant peace of mind. When you next log in, go to your profile settings and look for “Enable Two Factor Authentication.” You will be prompted to link your mobile phone, which means each time you sign in you will confirm your identity with a unique code sent to your device. Once set up, even if someone guesses your password they cannot access your account without your phone. We strongly encourage every client to activate this feature today.

 

The cost of downtime
Even if no money is stolen, the cost of a cyber attack is often in the lost time. If you are locked out of your ATO account, you may miss a BAS deadline. If your payroll system is compromised, your staff may not be paid on time. Penalties, late fees, and stress follow quickly. Preventing these scenarios is not only about security, but about keeping your business running smoothly.

 

Practical steps for every client

  • Turn on multi factor authentication for all important accounts, including your Freshwater portal account.
  • Use strong, unique passwords and change them regularly.
  • Store sensitive files in the portal, not your inbox.
  • Check your email settings for suspicious forwarding rules.
  • Treat urgent, strange payment requests with caution.
  • Be prepared for the ATO to occasionally lock you out, it means the system is protecting you, not punishing you!
  • Research how cyber insurance can protect you and your business.

 

“Tax Done Differently” we believe in making all things tax, accounting and bookkeeping easier, less stressful and more supportive for you. This means taking care of your data as well as your dollars! Cyber crime is not going away, but together we can make it much harder for criminals to succeed.

Post info
Share
Categories

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Other articles you might love

The Truth Behind Payday Super

Super is often treated like a future problem. Not because people are dishonest, but because poor cash-flow habits make it easy to delay. The system has allowed that delay to happen for a long time. What makes this worse is that many employees don’t log into their super accounts regularly. By the time this is noticed, the amounts are large, the stress is high, and the ATO is involved.

Read More >

My Tricks for Managing the Juggle

Time is far more precious than money. You can always make more money. You can’t make more time.

Over the years, I’ve refined a set of habits, systems and boundaries that allow me to run a busy firm, be present for my girls, and still feel relatively calm most of the time. None of these are revolutionary; however, together, they make a huge difference.

Read More >

10 Ways to SAVE as much Tax as Possible in 2026

Most people think tax savings happen in June. They don’t. They happen quietly during the year, in small decisions you may not even realise are saving you at the time.

Here are the 10 small habits I see that make the biggest difference every year…

Read More >

Contact Us

Important Note: During our peak season from July to October, we prioritise maintaining our signature high-quality service. As a result, we may not always be able to take on new clients, however we’re happy to add you to our waitlist.