BOK logo
CHARTERED ACCOUNTANTS

Preparing for EOFY tax scams with business and cyber resilience

Share this article:

Every end of financial year (EOFY) season involves a rush by Australians wanting to get their tax returns completed. Increasingly, though, this period is seen as an opportunity for bad people to take advantage of us.

.

Too often the EOFY rush involves hastily clicking on links, giving personal information to the wrong person, or submitting documents to insecure portals or sites. One in four Australians experience a scam related to EOFY or tax matters, and these scams are not just limited to the June 30 date. In the months leading up to and following, scammers are leveraging a broad range of tactics from texting links to fake ads offering the recipient a tax refund.

For businesses, the threats are just as severe. Yet, half of organisations lack a comprehensive approach to assessing cyber resilience. In response to the growing threats and need for businesses to take preventative measures, the recent federal budget included a $23.4 million investment into a Cyber Wardens program, which aims to train up to 60,000 wardens in SMBs within the next three years.

While this is a progressive step, more needs to be done to ensure every business across Australia is equipped to mitigate the impact of cyber threats, particularly organisations managing Australians’ finances ahead of the EOFY period.

While the government initiative is welcome the best steps for any business, as a starting point, are:

  1. Ensure two factor authentication is turned on wherever it is available.  This should apply to platforms such as cloud-based e-mail systems, client portals, and payments systems.
     
  2. Change your passwords.  It is a fact that many of us use the same password for a lot of logins.  The reason for this is simply, so many passwords!!  However, the best answer is to use an identity & password manager solution such as Dashlane, LastPass, NordPass, or 1Password.  This way you only need to remember one password to gain access to all the others.
     
  3. Your Internet connection (router) is a point of significant threat.  Few routers are actively managed which leaves many opportunities or hackers.  The best solution is to ask your existing IT supplier, if they have the expertise, to ensure your router’s firewall(s) are shutting out the outside world. 
     
  4. A person within the business does need to be able to provide oversight that proper strategies are actually implemented and who can understand what their IT people are saying about their routers and firewall(s).  The government initiative noted above may help small businesses train such a person.  This is not saying a staff member needs to be an IT expert, but they do need to be able to understand what they are told and/or read.  Basic education and training can be enough but extra and ongoing training is increasingly important.

Be on your toes.  While cyber threats are often assumed to come externally from an aggressive attack by someone in a hoodie in a bunker overseas, the reality is many risks come from employees skipping over seemingly complicated approval processes, subscribing to popular apps or products that may not meet compliance requirements, or not checking whether they actually need to use a third party tool or if the same outcomes could be reached with an approved tool already used within the organisation. Make sure your own people aren’t opening the gates to the enemy.

Finally, don’t stop with the above. Cyber criminals around the world are savvy, persistent, and increasingly well-resourced. While they may be targeting consumers and accountants at tax time today, they will quickly find another way to get Australians’ attention tomorrow. Keep your plans, cyber champions, and staff – all the way to the Board level – updated regularly to ensure everyone is ready for the next threat.

 

 

05 June 2023

Want to know more?

Do you have a question about something you've read in this article? Need more information? Want to book an appointment? Simply let us know below and we'll get back to you ASAP.

Share this article:

Disclaimer

In the preparation of this website every effort has been made to provide accurate and timely information. However, errors can occur and applicable laws and regulations may change.

The information contained in the site is general and is not intended to serve as advice. No warranty is given as to the reliability of any information.

Users are encouraged to consult with professional advisers for advice before making any decisions that affect their own interests.

Bourke O’Brien Kennedy disclaims all and any liability to any person as to the consequences of anything done or omitted to be done by any person in reliance whether wholly or partially, upon any information contained in this website.

Links on this website are to resources managed by other parties over whom Bourke O’Brien Kennedy has no control. As such, Bourke O’Brien Kennedy accepts no responsibility as to the accuracy of any statement, opinion or advice contained in any of the supplied information and readers should rely on their own enquiries before making any decisions affecting their own interests.

Privacy Policy

We will only use the information you provide to us to respond to your requests and provide you with information about Bourke O’Brien Kennedy services.

Whenever you receive information from us electronically, you will always have an opportunity to request not to receive the information again and your wishes will be respected.

If you send us a curriculum vitae (CV) to apply for a position with Bourke O’Brien Kennedy, we will only use that information to consider you for available opportunities.

We do not share personal information with third parties except as necessary to carry out our business or as required by law or other processes. We do not sell personal information. All personnel with access to personal information ensure to maintain its confidentiality.

If you have questions or comments about anything to do with our website, please do not hesitate to contact us at bok@bok.com.au