In today’s digital world it would take a very brave person to ignore the risk of cyber criminal activity.  Tax agents and Inland Revenue are not immune. Read on to find out how you can reduce the risk of falling victim to cybercrime when using myIR.

Multifactor authentication

In October 2022 Inland Revenue introduced multifactor authentication or two-step verification for access to myIR accounts. While this function is optional, it is one of the tools in the toolbox that comes highly recommended to strengthen security.

You can choose to receive security codes by email or app or both. If using email, the email address must be unique to your myIR profile. A firm can choose to make multifactor authentication a requirement for all their staff IRD logins. This can be reset in their myIR accounts.

More information and instructions on how to set up two-step verification is available on Inland Revenue’s website.

Business processes

Tax agents can control the level of access their people may have to information and functions in myIR. There is a helpful information sheet (including screen shots) and a guide available on Inland Revenue’s website.

Tax agents may find these reports useful as a starting point to ensure access to myIR accounts are kept ‘tidy’:

• the ‘bank account changes’ report (available in the agency activity report); and
• the delinking and linking report

Your agent account manager can also help with any questions you may have.

With many firms now operating under hybrid and flexible working environments, it would be useful to ensure workplace policies and practices are regularly reviewed and updated to address protection from cybercrime. Best practice would also suggest that cyber security software be employed in firms’ systems and hardware, and kept up to date.

Stay vigilant and investigate any suspicious activity or behaviour that may come to your attention.  The sooner you act the lesser the potential loss or damage.

If the unthinkable happens

Despite the many tools and best practice policies that may be adopted, there remains a risk that you may fall victim to hackers or cyber criminals. In the event of a breach, time is of the essence.

Don’t delay, contact Inland Revenue immediately and inform them of the breach. This will allow Inland Revenue to implement security related protocols in the system and begin action to recover any unauthorised payment of funds that may have been released. More information on what to do if you fall victim to a scam is available here.