Preparing for EOFY tax scams with business and cyber resilience

Every end of financial year (EOFY) season involves a rush by Australians wanting to get their tax returns completed. Increasingly, though, this period is seen as an opportunity for bad people to take advantage of us.

.

Too often the EOFY rush involves hastily clicking on links, giving personal information to the wrong person, or submitting documents to insecure portals or sites. One in four Australians experience a scam related to EOFY or tax matters, and these scams are not just limited to the June 30 date. In the months leading up to and following, scammers are leveraging a broad range of tactics from texting links to fake ads offering the recipient a tax refund.

For businesses, the threats are just as severe. Yet, half of organisations lack a comprehensive approach to assessing cyber resilience. In response to the growing threats and need for businesses to take preventative measures, the recent federal budget included a $23.4 million investment into a Cyber Wardens program, which aims to train up to 60,000 wardens in SMBs within the next three years.

While this is a progressive step, more needs to be done to ensure every business across Australia is equipped to mitigate the impact of cyber threats, particularly organisations managing Australians’ finances ahead of the EOFY period.

While the government initiative is welcome the best steps for any business, as a starting point, are:

  1. Ensure two factor authentication is turned on wherever it is available.  This should apply to platforms such as cloud-based e-mail systems, client portals, and payments systems.
     
  2. Change your passwords.  It is a fact that many of us use the same password for a lot of logins.  The reason for this is simply, so many passwords!!  However, the best answer is to use an identity & password manager solution such as Dashlane, LastPass, NordPass, or 1Password.  This way you only need to remember one password to gain access to all the others.
     
  3. Your Internet connection (router) is a point of significant threat.  Few routers are actively managed which leaves many opportunities or hackers.  The best solution is to ask your existing IT supplier, if they have the expertise, to ensure your router’s firewall(s) are shutting out the outside world. 
     
  4. A person within the business does need to be able to provide oversight that proper strategies are actually implemented and who can understand what their IT people are saying about their routers and firewall(s).  The government initiative noted above may help small businesses train such a person.  This is not saying a staff member needs to be an IT expert, but they do need to be able to understand what they are told and/or read.  Basic education and training can be enough but extra and ongoing training is increasingly important.

Be on your toes.  While cyber threats are often assumed to come externally from an aggressive attack by someone in a hoodie in a bunker overseas, the reality is many risks come from employees skipping over seemingly complicated approval processes, subscribing to popular apps or products that may not meet compliance requirements, or not checking whether they actually need to use a third party tool or if the same outcomes could be reached with an approved tool already used within the organisation. Make sure your own people aren’t opening the gates to the enemy.

Finally, don’t stop with the above. Cyber criminals around the world are savvy, persistent, and increasingly well-resourced. While they may be targeting consumers and accountants at tax time today, they will quickly find another way to get Australians’ attention tomorrow. Keep your plans, cyber champions, and staff – all the way to the Board level – updated regularly to ensure everyone is ready for the next threat.

 

 

05 June 2023

Want to know more?

Do you have a question about something you've read in this article? Need more information? Want to book an appointment? Simply let us know below and we'll get back to you ASAP.

General Disclaimer

The information contained on this website is general in nature and does not take into account your personal circumstances, financial needs or objectives. Before acting on any information, you should consider the appropriateness of it and the relevant product having regard to your objectives, financial situation and needs. In particular, you should seek the appropriate financial advice and read the relevant Product Disclosure Statement or other offer document prior to acquiring any financial product.

Dr John Tickell is a registered Medical Doctor, who graduated at the University of Melbourne, Australia. Dr John has spent several decades travelling and researching the eating and living habits of the longest living, healthiest people on our planet.

The author may give opinions and make general or particular statements in this literature regarding potential changes of lifestyle habits based on experience and research. You are strongly advised not to make any changes or take any action as a result of reading or listening to this material without specific advice from your doctor, physician or registered Health Professional.

The author, the Publisher, the Editor and their respective employees or agents do not accept any responsibility for the actions of any person, or injury, loss or damage occasioned - actions which are in any way related to information contained herein.

Opinions and statements in this literature are based on verified research and experiences by the authors and are to be regarded as health and wellness advice.

Privacy Policy

What Personal Information Do We Collect?

The personal information that we collect will depend on your relationship with us and the service(s) you or your organisation have engaged us to provide or are interested in. It may include:

Name and contact information (including telephone and mobile number, email address and residential and postal address);

Individual information (including racial or ethnic origin(s), language(s) spoken, religious belief(s) and affiliation(s), date of birth, age, place of birth, gender(s), occupation(s), employment and qualification details, financial records, income details, asset listings, taxation records, bank account details, insurance policies, medical history, disability status, criminal record and Court records);

Payment and transactional information (including banking and credit card details);

Other personal or sensitive information (including information contained in communications or documents, any information required due to the nature of your matter, or information we are required to or permitted to collect by law).

Collecting Personal Information

HOW WE COLLECT PERSONAL INFORMATION

We may collect your personal information directly from you or in the course of our dealings with you. For example, we collect personal information from you or about you from:

Correspondence between you and us;

Meetings and interviews with us, telephone calls with us, the instructions you provide to us;

Visits to and submissions you make on our website;

Your interactions with our electronic direct mail and/or emails from our marketing campaigns (such as clicks on links included in these emails); and

Registration and forms you may fill in for our marketing-related activities and events.

WHY WE COLLECT, HOLD AND USE PERSONAL INFORMATION

We collect and hold your personal information for a variety of purposes, and you permit us to use it:

To provide you with our services and carry out our business functions;

For purposes related to the provision of our services such as , educational briefings, seminars and coaching and other service offering updates, conducting client satisfaction surveys and feedback requests, statistical collation and website traffic analysis;

Where you have consented to its use or disclosure;

Where we reasonably believe that use or disclosure is necessary to lessen or prevent a serious, immediate threat to someone's health or safety or the public's health or safety;

Where we reasonably suspect that unlawful activity has been, is being or may be engaged in and the use or disclosure is a necessary part of our investigation or in reporting the matter to the relevant authorities;

Where such use or disclosure is required under or authorised by law (for example, to comply with a subpoena, a warrant or other order of a court or legal process);

Where we reasonably believe that use or disclosure is necessary for the prevention, investigation, prosecution and punishment of crimes or wrongdoings or the preparation for, or conduct of, proceedings before any court or tribunal (or the implementation of orders of a court or tribunal or on behalf of an enforcement body);

To develop and improve our business, products and services; and

For any lawful purpose.

Where we wish to use or disclose your personal information for other purposes, we will obtain your consent.

HOW WE HOLD AND STORE PERSONAL INFORMATION

Your personal information is held and stored on paper, by electronic means or both. We have physical, electronic and procedural safeguards in place for personal information and take reasonable steps to ensure that your personal information is protected from misuse, interference, loss and unauthorised access, modification and disclosure:

Data held and stored on paper is stored in a secure premises.

Data held and stored electronically is protected by internal and external firewalls, high encryption and all access to electronic data including databases requires password access

Access to personal information is restricted to staff and contractors whose job description requires access. Our employees and contractors are contractually obliged to maintain the confidentiality of any personal information held by us.

We undertake regular data backups, with the data copied and backed up to multiple locations for redundancy purposes.

Our staff receive regular training on privacy procedures.