cybersecurity

ATO Make cyber security a priority for 2023

It’s critical to safeguard your business and client information from cyber incidents.

Recent cyber attacks have shown how important it is to have robust cyber security practices in place to protect both your business and customer information.

Business owners hold the keys to their customers’ lives on their devices and are responsible for keeping that information safe from cybercriminals.

Application control

Put simply, application control involves you putting together a list of computer apps and/or downloadable programs that are ‘authorised’ as being legitimate and safe to use. You then add these authorised apps to your computer’s application control feature. These features act as your computer’s security guard, ensuring that you can only download and use the approved list of apps can be on your computer.

Doing this can minimise the risk of malicious code (also known as malware) being downloaded onto your systems, which can then disrupt, damage, or even gain unauthorised access to your computer systems.

It’s important that you regularly review the list of approved apps and remove any you no longer need. It’s also crucial that you test the application control to make sure it works. Simply try and download an app that isn’t on your authorised list and make sure your system blocks the download.

Source: ATO

cybersecurity

Do you think you can spot a cyber threat?

Cyber security is more important than ever

Protecting your customers and your data from cybercriminals should be one of your top business priorities.

Ensure that you know how to identify and respond to cyber threats. Increasing your knowledge and awareness is the best way to protect your business.

Luckily, you don’t have to be an IT expert to step up your cybersecurity. Protect your business now with these five ways to increase your online account security:

1. Make 2 Factor-Authentication Mandatory

2 Factor-Authentication (2FA) helps prevent a hacker from getting into your account, even if they steal your password. To avoid common phishing techniques associated with text message codes, choose to apply 2-Factor Authentication.

Alongside the traditional password, 2FA-enabled users are required to enter a one-time security code that they receive via text which is the best way to authenticate the user.

You don’t have to make 2FA mandatory in your business, but we strongly recommend it as do most good cloud computing platforms.

2. Close shared login accounts

Shared logins mean multiple people in your business know a password and can make it harder to track any work or issues you may have.

3. Remove risky access to your data

Consider removing account access for any staff who are no longer with you.

4. Update your software

If your browser operating system or apps are out-of-date, the software might no longer be safe from hackers. Keep your software updated to help protect your account.

5. Use unique, strong passwords

It’s risky to use the same password on multiple sites. If your password for one site is hacked, it could be used to access your accounts on multiple sites. Instead, consider using a password manager.

If you’re ever unsure about a phone caller, SMS, voicemail or email claiming to be genuine but seems suss, do not reply. You can also follow the latest scams and advice on how to protect yourself on the ATO website or via Scamwatch.

Looking for a Xero Certified Bookkeeper for your business? Are you drowning in paperwork? Cash flow keeping you awake at night? Learn how Notch Above Bookkeeping can solve all these problems, and more. Contact our team on 1300 015 130 Australia-wide.

woman florist with ipad

Protect yourself and your business online

October is Cyber security awareness month

Throughout October the Australian Cyber Security Centre (ACSC) is sharing guides and resources that will help you protect all your information from cyber criminals.

Update your devices and applications

Cybercriminals hack devices by using known weaknesses in systems or apps. Check your devices for updates, and turn on automatic updates so that future updates are made straight away when charging and in Wi-Fi.

Turn on multi-factor authentication

Multi-factor authentication (MFA) is a security measure that requires at least 2 proofs of identity to grant access. MFA options can include a physical token, random pin or fingerprint.

Using MFA significantly boosts your protection against criminals. While they might manage to steal one proof of identity, like your password, they will be locked out of your account without the other.

Learn how to turn on MFA for your accounts.

Set up backups

Backing up your data means saving copies of your files to an external storage device, or an online server like the cloud. It means you can restore your important information if something goes wrong.

Setting up automatic backups in your system or application settings will give you peace of mind.

Already checked these on your to-do list? Take the next steps. Visit cyber.gov.au for more detailed guidance, or subscribe to alerts to find out more about the latest cyber threats.

If you’re ever unsure about a phone caller, SMS, voicemail or email claiming to be genuine but seems suss, do not reply. You can also follow the latest scams and advice on how to protect yourself on the ATO website or at Scamwatch.

advice

Digital Solutions for small business

Looking for tailored advice for your small business?

The Digital Solutions program works with you to adopt digital tools to save you time and money and to help grow your business.

Key points

  • Round 1 of the Digital Solutions program will end on 31 March 2023
  • Read more here including how to contact a Digital Solutions provider
What do you get?

The Digital Solutions – Australian Small Business Advisory Services program works with small businesses to make the most of digital tools and offers broader advice specific to your business needs such as:

  • how digital tools can help your small business
  • websites and selling online
  • social media and digital marketing
  • using small business software
  • online security and data privacy.

Digital Solutions is a 7-hour packaged service that offers 3 hours of tailored one-on-one support and group workshops or webinars.

Who is this for?

Small businesses with fewer than 20 full-time (or equivalent) employees, as well as sole traders, can access services at the subsidised rate. The service is available across all metropolitan and regional areas in Australia.

How much does it cost?

The Digital Solutions program is $44 for 7 hours of support and your first interaction with the service is free.

About the Digital Solutions advisers

Digital Solutions advisers hold formal qualifications in business or information technology-related disciplines and have at least 2 years’ experience providing digital advice to small or medium-sized businesses.

Looking for a Xero Certified Bookkeeper for your business? Are you drowning in paperwork? Cash flow keeping you awake at night? Learn how Notch Above Bookkeeping can solve all these problems, and more. Contact our team on 1300 015 130 Australia-wide.

Source: Australian Govt

computer virus

ASCS warns of increasing ransomware attacks

Ransomware attacks are on the rise in Australia.

Learn how to protect yourself against it and secure your devices.

What is ransomware?

Ransomware is a common and dangerous type of malware. It works by locking up or encrypting your files so you can no longer access them.

A ransom, usually in the form of cryptocurrency, is demanded to restore access to the files. Cybercriminals might also demand a ransom to prevent data and intellectual property from being leaked or sold online.

The effects of ransomware

Ransomware can cause severe damage to both individuals and organisations. You could face significant downtime while you restore your devices and data to their original state.

If you don’t have a backup, it could be impossible to recover your files.

Downtime or data loss can hurt your reputation, and cost you money.

What to look for

Ransomware can infect your devices in the same way as other malware or viruses. For example:

  • visiting unsafe or suspicious websites
  • opening emails or files from unknown sources
  • clicking on malicious links in emails or on social media.

Common signs you may be a victim of ransomware include:

  • pop-up messages requesting funds or payment to unlock files.
  • you cannot access your devices, or your login doesn’t work for unknown reasons.
  • files request a password or a code to open or access them.
  • files have moved or are not in their usual folders or locations.
  • files have unusual file extensions, or their names or icons have changed to something strange.

Case Study: Ransomware attacks can be devastating, but backups protect what matters most.

How backing up saved a business from ransomware.

Ransomware can happen to anyone, anywhere, at any time, and for one business, it did. With assistance provided by the Australian Cyber Security Centre (ACSC), the business recovered from the attack, files intact and avoided months in downtime.

Gerri, who worked at a small design firm, noticed one morning she could not access a design file. The file extension was different and the icon was a blank page rather than the usual logo. Suspecting something, she raised it with her colleague Simon.

Simon decided to look at all the files on their server and noticed in real time that their files were being encrypted randomly, making them unusable.

“We actually caught it happening and then I pulled the plugs on everything and managed to save a lot,” said Simon.

A .txt file titled ‘Read Me’ popped up – it was a note sent by a cybercriminal saying the files were encrypted with ransomware. The note demand a ransom in cryptocurrency to unlock them.

Simon took a screenshot of the ransom note and ran anti-malware and anti-virus on all their machines. He quickly called the Australian Cyber Security Hotline on 1300 CYBER1 to report the ransomware attack and seek advice about how to recover.

Luckily, the business was following ACSC best practice advice and kept regular backups of their work to cloud servers and external drives, as well as a Network Attached Storage device.

Due to Simon’s quick thinking and awareness, he was able to save the majority of their files; however, they lost some newer files that were encrypted by the ransomware.

The business consulted an IT professional, who reformatted their systems to ensure there was no trace of ransomware on their networks, as well as updated their anti-virus software.

Unfortunately, the encrypted files could not be recovered, taking the business an additional 2 weeks to recreate the lost work and to get all the systems back up and running.

“The downside was having to reload the software onto the systems, which took hours for some.” said Simon.

However, if it was not for the backups made prior to the attack, the situation could have been much more severe.

“Backup all your stuff daily… if it wasn’t for that we would have been stuck for months.” said Simon.

The ACSC has updated its ransomware guidance to help Australian individuals and businesses protect themselves and respond to a ransomware attack.

The ACSC is here to help all Australians impacted by cyber incidents. ACSC cyber security advice and assistance is available 24/7 through the Australian Cyber Security Hotline (1300 CYBER1) and through ReportCyber.

ACSC advice

Never pay a ransom

There is no guarantee you will regain access to your information, nor prevent it from being sold or leaked online. You may also be targeted by another attack.

The practical guides below will help you to protect yourself against ransomware attacks and tell you what to do if you’re held to ransom.

If you get stuck

money handout

Digital and Skills Tax Boost for Small Businesses

Support for small businesses in going digital and upskilling their employees

The Government is delivering $1.6 billion in tax relief.

As part of the plan for a strong economy and a stronger future, the Technology Investment Boost will increase digital uptake while the Skills and Training Boost will help small businesses attract, retain and upskill staff.

Building on previous small business investment incentives, including the ability to instantly write off assets, which is in place until 30 June 2023, the 2022-23 Budget includes a comprehensive package of measures to support small businesses to grow, innovate and create more jobs.

Technology Investment Boost

The Government’s Technology Investment Boost reduces the cost of going digital, supporting businesses to invest more in their digital capability. This measure will provide tax relief of $1 billion.

More than 3.6 million small businesses with an annual turnover of less than $50 million will be able to claim a bonus 20% deduction for the cost of expenses and depreciating assets, up to $100,000 of expenditure per year.

Eligible expenditure includes items such as portable payment devices, cybersecurity systems and subscriptions to cloud-based services.

The boost will apply to expenditure incurred from 7:30pm (AEDT) on 29 March 2022 (Budget night) until 30 June 2023.

Skills and Training Boost

The Government’s Skills and Training Boost encourages small businesses to train new staff and upskill existing staff, helping them to be innovative and grow. This measure will provide tax relief of $550 million.

Small businesses will be able to claim a bonus 20% deduction for the cost of external training courses delivered to employees in Australia or online, by providers registered in Australia.

This boost will apply to eligible expenditure incurred from Budget night until 30 June 2024.

Making it easier to do business

The Government is continuing to support small businesses by making it easier to do business. This includes:

  • $10.4 million to enhance and redesign the Payment Times Reporting Portal and Register, making it easier to view the payment practices of Australia’s largest organisations
  • $5.6 million for a dedicated small business unit in the Fair Work Commission, making it easier for them to meet workplace obligations
  • $8 million to the Australian Small Business and Family Enterprise Ombudsman making it easier to access expert advice
  • $4.6 million to extend Beyond Blue’s NewAccess for Small Business Owners program, making it easier to access mental health support
  • $2.1 million for Financial Counselling Australia’s Small Business Debt Helpline making it easier for small business owners to receive financial advice.

Cash flow support

The GDP uplift rate that applies to PAYG income tax and GST instalments will be reduced to 2% for the 2022-23 income year.

This will mean lower tax instalments, delivering $1.85 billion in cash flow support for 2.3 million small to medium businesses, sole traders and others who use the instalment amount method.

Did your paper-based office-based bookkeeping systems let you down during the floods? Now’s the time to think about a Cloud Bookkeeping solution — ask us how on 1300 015 130.

Source: PM of Australia

privacy keyboard button

Data privacy statistics

Small businesses falling short in data privacy obligations

The vast majority of Australia’s 2.4 million small businesses are inadequately prepared for sweeping changes to the Commonwealth Privacy Act, according to new research from leading global technology platform, Zoho, which found that only one-third of small businesses currently have a defined and documented data privacy policy.

The research found that one in every four businesses (27 per cent) either do not have a data privacy policy or are unsure if they do. The remaining 38 per cent have an informal policy, an unenforced policy, or have not read their policy.

“Data privacy is one of the defining issues for the business community today. Unfortunately, confusion and uncertainty reign supreme amongst Australia’s small businesses,” said Vijay Sundaram, Zoho’s Chief Strategy Officer.

“Many of those who must comply with proposed legislative changes are woefully unprepared, while the vast majority – whether the Privacy Act applies to them or not – are highly exposed to a breach with serious implications.

“It’s still too easy for small businesses to overlook their responsibilities when it comes to data privacy, but the threat and the potential cost is real.”

He added that the technology sector and regulators must prioritise awareness, among small businesses.

“Small businesses cannot be expected to become privacy and cybersecurity experts, so the technology industry and policymakers must make awareness, education and action amongst these businesses a top priority.

“Otherwise, with regulation becoming more stringent, penalties more severe and attacks more prevalent and damaging, small businesses will be unfairly and disproportionately impacted. For them, a breach could be catastrophic,” Mr Sundaram said.

Credit: Zoho

What is the Commonwealth legislation for privacy?

As per the Office of Australian information Centre (OAIC), the Privacy Act was enacted to promote and safeguard individuals’ privacy and to govern how Australian Government agencies and organisations with annual revenues of more than $3 million, as well as some other organisations, handle personal information.

What are the suggested changes to the legislation?

Currently, the majority of Australian businesses are exempt from compliance with the Privacy Act because of the small business exemption. The small business exemption is a monetary threshold that exempts businesses with annual revenue of less than $3 million from the Privacy Act. The OAIC has proposed that the exception be repealed as part of Australia’s various privacy reforms.

Employers who handle employee records are also exempt from the Privacy Act. The OAIC has proposed that this exception be also deleted.

Third-party persistent cookies

Third-party persistent cookies, often known as tracking cookies, are saved in the memory of your device and have an expiration date.

Third-party persistent cookies, on the other hand, are accessed on websites that did not create them. This enables the cookie’s creator to gather and receive data whenever the user visits a page containing a resource that belongs to them.

Credit: Zoho

Slightly less than half (43%) are either uncomfortable or very uncomfortable with their customers’ data being used by companies with which they have no direct contact, 32% are ambivalent, and 25% are either comfortable or very comfortable with their customers’ data being accessed.

The fact that one in three were unsure highlights the importance of education and awareness. This, however, is lacking.

Only 20% of small businesses say third-party providers have done a good job of clarifying how their data is utilised. In comparison, 31% say suppliers have done a poor or inadequate job, and another 31% haven’t even explored the topic, indicating that basic awareness is lacking.

“Australia is a nation of entrepreneurs, and while running a small business should be celebrated and encouraged, there are critical data requirements,” Sundaram continued.

“Operating a business – no matter the industry – in a COVID-19 -the normal world will be dependent on collecting more data – for health and safety measures and as a competitive advantage – than ever before.

“The reforms are designed to protect, but they must allow adequate time to, first, educate small businesses about their requirements and then ensure that they’re compliant.”

Almost half (44%) of the businesses allow tracking on their website to share content on social media sites – some of which have been involved in well-documented privacy breaches. Almost a quarter (21%) use third parties to track advertising activity.

Google (30%) and Facebook (25%) are the dominant platforms, garnering over half of all small business advertising activity.

Support needed for education, retail

According to the Office of the Australian Information Commissioner (OAIC), the three most common industries to experience and report a data breach are financial services, healthcare and education.

While almost half of the financial services and healthcare bodies have strong policies and practices, only 22% of educational institutions have a defined, documented and enforced data privacy policy.

Credit: Zoho

Few industries have changed more drastically in the wake of the pandemic than education, with millions of students participating in remote education. Not only do the majority of education providers not have a defined, documented and enforced policy, but they are also three times more likely to say technology vendors had done a bad or unsatisfactory job of explaining data tracking (39%) than those who had done a good job (14%).

With lockdowns closing highstreets for prolonged periods, eCommerce sales have reached new heights over the last 18 months. Despite their reliance on online channels, fewer than one in three retailers (31%) have a defined, documented and enforced data privacy policy; a grave figure as the busy retail season approaches.

“The nature of our business means that we handle incredibly personal, private information. We’re required to obtain 100 points of identification – including a passport, driver’s licence, date of birth – from every client and store information in an incredibly discreet, circumspect and sensitive way.

“We have to demonstrate to the regulator that we can keep our client’s data safe, and a strictly enforced privacy policy that we communicate to our clients,” said Ray Trevisan, Fund manager/Director at OTG Capital.

“We use multi-factor authentication, secure blockchain signed documents, password protection and generator tools, so we’re comfortable that we have the systems in place to provide the safety and security that our clients deserve.

“However, hackers are becoming more aggressive and sophisticated, so we have to be smarter and more diligent in safeguarding our business. The safety of our clients and the reputation of our business depends on it.”

Source: SMEs falling short in data privacy obligations: Zoho Report. (2021). Retrieved October 2021 from Dynamic Business

cloud accounting Notch Above Bookkeeping Brisbane

Australian SMBs record strongest sales growth in June

Xero Study

Study reveals that Australian small businesses enjoyed their best sales in June 2021.

This was ahead of the latest COVID-19 restrictions in New South Wales, Victoria, and South Australia. 

The data — released by Xero — is based on aggregated and anonymised transactions from hundreds of thousands of small businesses. It examines the health of Australia’s small business economy from the Xero Small Business Index.

Index hit a record high

The Index grew 12 points to 144 points in the months leading up to the restrictions, reaching its highest level since January 2017. It’s also the sixth month in a row that small firms have outperformed the national average.

“Xero’s data reveals Australian small businesses were continuing to show positive signs of recovery at the end of the 2020-21 financial year,” said Joseph Lyons, Managing Director Australia, and Asia, Xero.

“This is despite June’s data capturing the bulk of Victoria’s fourth lockdown.”

The agility and resilience of the small business sector were most evident in the strong growth in sales, hitting a three-month high.

“Recognising the series of significant events that have transpired since June, we will be looking to our July metrics to understand how the return of lockdowns in three states has truly impacted the small business economy’s recovery.”

Lowest payment delays

The rise in June was largely supported by a 2.9-day fall in time to be paid, which is now at a record low of 20.1 days, and strong sales growth despite stay-at-home restrictions being in place in Melbourne for the first 11 days of June and in Greater Sydney.

This is only the second time since tracking began in January 2017 that this metric has dropped below 23 days.

The substantial drop in payment times corresponds to the end of the Australian financial year.

New Zealand and the United Kingdom both saw a similar drop in payment times at the conclusion of their fiscal years in March.

Both countries’ gains were then reversed in subsequent months’ data, so Australia will have to wait until July’s results to see if the pattern continues

Strongest sales growth

Sales in small businesses, after adjusting the annualised two-year growth, increased 10.7 per cent year-on-year. This is a significant increase from May 2021 sales growth of 6.3 per cent on an adjusted basis.

The sales performance came despite stay-at-home restrictions in place in Melbourne for the first 11 days of June and in Greater Sydney from 25 June.

Victoria recorded the slowest sales growth of the states, rising 9.3 per cent year-over-year on an adjusted basis.

News South Wales had not yet been impacted by the Greater Sydney lockdown with sales up around the national average of 10.6 per cent year-over-year.

Using annualised two-year growth, healthcare and social assistance and rental, hiring, and real estate services were the strongest performing industries for June 2021, year-over-year. Meanwhile, hospitality and arts and recreation experienced the lowest sales growth.

Jobs continue to rise

Across Australia, small business jobs rose 4.3 per cent year-over-year on an adjusted basis in June 2021, with the Melbourne lockdown in early June putting the brakes on jobs growth.

However, across the country, there were significant state-based differences with Western Australia recording an increase of 8 per cent year-over-year on an adjusted basis, compared to Melbourne which recorded a rise of 2.8 per cent year-over-year.

Despite a softer national small business jobs increase, this is the fourth month small business jobs were above 4 per cent year-over-year on an adjusted basis, illustrating small business continues to make a strong contribution to Australia’s job recovery in 2021.

Meanwhile, the Australian Bureau of Statistics said that in June 2021, 27 per cent of businesses reported having difficulty finding suitable staff to fill jobs and almost one in five businesses did not have enough staff based on current operations.

SMB wage growth remains steady

As per the study, wages in small businesses, as measured by average employee hourly earnings, rose 3.4 per cent year-over-year.

After adjusting for the effect of the low result in June 2020, the wage increase was 2.7 per cent year-over-year, exactly the same as it was for May and still down on the pre-pandemic pace of growth of around 3 per cent.

Notch Above Bookkeeping has your business up and running with Xero quickly and accurately. We can help you install the software, configure your security settings, import your business data (chart of accounts/suppliers/debtors/employees) as well as set up your invoicing, payroll and taxation requirements. We also provide advice on the best Xero package for your needs.

Contact us to get Xero, the world’s easiest cloud accounting system setup and working for your business on 1300 o15 130 (Australia-wide).

Source: Xero