Tag: data

qr code

QR Quishing Scams

Posted on | by Allan Hall

Banks warn of Christmas QR code scams

Financial institutions and consumer advocates are sounding the alarm on the surge of Christmas-related scams, cautioning that criminals are employing a novel tactic by exploiting COVID-era QR codes to pilfer personal information.

What is Quishing?

Quishing is a form of phishing attack that uses QR codes instead of text-based links in emails, digital platforms or on physical items. Quishing is a social engineering technique used by scammers and cybercriminals to trick you into providing personal information or downloading malware onto your device.

—cyber.gov.au

A recent Westpac report highlighted that over half of reported scams related to purchases and sales in November and December last year. They emphasised that scammers often capitalise on the increased spending and potential distractions during the holiday season.

To illustrate the heightened risk, Westpac experienced a 5 per cent uptick in fraud-related calls following the facilitation of over 31 million point-of-sale transactions during the recent Black Friday and Cyber Monday sales.

Westpac’s research uncovered that 38 per cent of Australians fell victim to scams originating from fake websites, online retailers and marketplaces.

QR codes, once considered outdated by 2019, regained popularity during the COVID-19 pandemic due to the demand for contactless services. However, the Federal Trade Commission (FTC) in the United States has cautioned that scammers are now concealing harmful links in QR codes found at locations such as parking meters, cafes and bars.

The FTC outlined various deceptive tactics employed by scammers, including false claims of undelivered packages, account issues and fraudulent activities requiring immediate password changes. Young stressed the importance of verifying payment details before transferring funds and warned against clicking on links in SMS or email communications.

In the aftermath of clicking on deceptive links, individuals risk having their information stolen or malware installed on their devices.

Westpac identified several other prevalent Christmas scams, including enticing individuals to fake websites through social media advertisements, exploiting parcel-related anxieties with fake updates via SMS or email, and promoting seemingly lucrative fake investments.

Westpac also highlighted that investment scams pose a significant challenge, constituting half of all reported losses. These scams often promise substantial returns and involve scammers investing considerable time in grooming victims, making them difficult to identify.

In Australia, reported losses to Scamwatch on social media platforms have surged to over $66 million in 2023, marking a 40 per cent increase from the previous year. Consumer group Choice, along with 20 other organisations globally, is urging governments to mandate social media and technology companies to implement measures protecting consumers from scams.

Choice criticised tech giants such as Facebook, Instagram and Google for their failure to prevent scammers from exploiting their platforms, arguing that these companies possess the resources and technology to enhance consumer protection but are reluctant to do so without legal requirements.

Please note that Allan Hall will be closed from 22 December and will reopen on Monday 8 January 2024.

CONTACT ALLAN HALL BUSINESS ADVISORS

cyber security

ATO deadline reminder for contractor reporting

Posted on | by Allan Hall

Taxable payments annual report (TPAR) lodgements due 28 August 2023

The ATO is reminding businesses required to lodge a Taxable payments annual report (TPAR) to do so by 28 August 2023.

This deadline is crucial for businesses falling under the TPRS regime to fulfil their reporting obligations.

Entities operating within the construction, cleaning, courier, road freight, information technology, security, as well as investigation or surveillance sectors, and that have engaged contractors in these domains, are mandated to comply with TPAR requirements.

Tony Goding, ATO Assistant Commissioner, stresses the TPRS’s pivotal role in levelling the playing field by ensuring all enterprises contribute their fair share of taxes. Not reporting payments to contractors and deliberately under-reporting income raises red flags, potentially triggering closer inspections by the ATO.

The TPRS serves as an instrument in the ATO’s arsenal, helping in the discovery of unreported income. The TPAR equips the ATO with an array of data points to uncover discrepancies, such as unreported earnings, non-submission of tax returns or activity statements, unjustified GST claims or misuse of Australian Business Numbers.

Recent ATO actions serve as a reminder of compliance expectations. Over 16,000 penalties were issued to businesses failing to lodge TPARs for prior years. With an average fine of around $1,110, these underscore the growing difficulty of evading ATO scrutiny, especially when utilising cash transactions to evade tax.

A recent example exemplifies the efficacy of the TPAR data. An investigation into a cleaning company unveiled a mismatch between declared income and actual earnings. Despite reporting $6,892 in income, the cleaning service provider was found to have received over $80,000 from multiple companies. An audit confirmed the non-submission of activity statements and concealed payments. This resulted in adjustments to the tax return and the imposition of penalties.

CONTACT ALLAN HALL BUSINESS ADVISORS

, , , , , , , , ,
Coat of arms of Australia

2023-24 Federal Budget

Posted on | by Allan Hall

Tax and Superannuation Overview

2023-24 Federal Budget Highlights

The Federal Treasurer, Dr Jim Chalmers, handed down the 2023–24 Federal Budget at 7:30 pm (AEST) on 9 May 2023.

The Budget forecasts the underlying cash balance to be in surplus by $4.2 billion in 2022–23, the first surplus since 2007–08, followed by a forecast deficit of $13.9 billion in 2023–24.

The Treasurer has described the tax measures as “modest but meaningful” including changes to the Petroleum Resources Rent Tax and confirmation of a 1 January 2024 implementation of the BEPS Pillar Two global minimum tax rules.

A range of measures provide cost-of-living relief to individuals such as increased and expanded JobSeeker payments and better access to affordable housing. No changes were announced to the Stage 3 personal income tax cuts legislated to commence in 2023–24.

As part of the measures introduced for small business, a temporary $20,000 threshold for the small business instant asset write-off will apply for one year, following the end of the temporary full expensing rules.

The full Budget papers are available at www.budget.gov.au and the Treasury ministers’ media releases are available at ministers.treasury.gov.au. The business tax and superannuation highlights are set out below.

READ FULL BUDGET REPORT

Business highlights

  • The instant asset write-off threshold for small businesses applying the simplified depreciation rules will be $20,000 for the 2023–24 income year.
  • An additional 20% deduction will be available for small and medium business expenditure supporting electrification and energy efficiency.
  • FBT exemption for eligible plug-in hybrid electric cars will end from 1 April 2025.
  • Employers will be required to pay their employees’ superannuation guarantee (SG) entitlements at the same time as they pay their salary and wages from 1 July 2026.

Small business depreciation — instant asset write-off threshold of $20,000 for 2023–24

The instant asset write-off threshold for small businesses applying the simplified depreciation rules will be $20,000 for the 2023–24 income year.

Small businesses (aggregated annual turnover less than $10 million) may choose to calculate capital allowances on depreciating assets under a simplified regime. Under these simplified depreciation rules, an immediate write-off applies for low cost depreciating assets. The measure will apply a $20,000 threshold for the immediate write-off, applicable to eligible assets costing less than $20,000 first used or installed between 1 July 2023 and 30 June 2024. The $20,000 threshold will apply on a per asset basis, so small businesses can instantly write-off multiple low-cost assets. The threshold had been suspended during the operation of temporary full expensing from 6 October 2020 to 30 June 2023.

Assets costing $20,000 or more will continue to be placed into a small business depreciation pool under the existing rules.

The provisions that prevent a small business entity from choosing to apply the simplified depreciation rules for 5 years after opting out will continue to be suspended until 30 June 2024.

Increased deductions for small and medium business expenditure on electrification and energy efficiency

An additional 20% deduction will be available for small and medium business expenditure supporting electrification and energy efficiency.

The additional deduction will be available to businesses with aggregated annual turnover of less than $50 million. Eligible expenditure may include the cost of eligible depreciating assets, as well as upgrades to existing assets, that support electrification and more efficient use of energy. Certain exclusions will apply, including for electric vehicles, renewable electricity generation assets, capital works, and assets not connected to the electricity grid that use fossil fuels.

Examples of expenditure the measure will apply to include:

  • assets that upgrade to more efficient electrical goods (eg energy-efficient fridges)
  • assets that support electrification (eg heat pumps and electric heating or cooling systems), and
  • demand management assets (eg batteries or thermal energy storage).

Total eligible expenditure for the measure will be capped at $100,000, with a maximum additional deduction available of $20,000 per business.

When enacted, the measure will apply to eligible assets or upgrades first used or installed ready for use between 1 July 2023 and 30 June 2024. Full details of eligibility criteria will be finalised in consultation with stakeholders.

FBT exemption for eligible plug-in hybrid electric cars to end

The FBT exemption for eligible plug-in hybrid electric cars will end from 1 April 2025.

Arrangements involving plug-in hybrid electric cars entered into between 1 July 2022 and 31 March 2025 remain eligible for the exemption.

Employers to be required to pay SG on payday

Employers will be required to pay their employees’ superannuation guarantee (SG) entitlements at the same time as they pay their salary and wages from 1 July 2026.

Employers are currently required to make SG contributions for an employee on a quarterly basis to avoid incurring a superannuation guarantee charge.

The proposed commencement date of 1 July 2026 is intended to provide employers, superannuation funds, payroll providers and other stakeholders sufficient time to prepare for the change.

Changes to the design of the superannuation guarantee charge will also be required to align with the increased payment frequency. The government will consult with relevant stakeholders on the design of these changes, with the final framework to be considered as part of the 2024–25 Budget.

In addition, funding will be provided to the ATO to, among other things, improve data matching capabilities to identify and act on cases of SG underpayment.

Superannuation measures

  • Superannuation earnings tax concessions will be reduced for individuals with total superannuation balances in excess of $3 million from 1 July 2025.
  • The non-arm’s length income (NALI) provisions will be amended to provide greater certainty to taxpayers.

Reducing tax concessions for super balances exceeding $3M

Superannuation earnings tax concessions will be reduced for individuals with total superannuation balances in excess of $3 million.

From 1 July 2025, earnings on balances exceeding $3 million will incur a higher concessional tax rate of 30% (up from 15%) for earnings corresponding to the proportion of an individual’s total superannuation balance that is greater than $3 million. The change does not impose a limit on the size of superannuation account balances in the accumulation phase and it applies to future earnings, ie it is not retrospective.

Earnings relating to assets below the $3 million threshold will continue to be taxed at 15%, or zero if held in a retirement pension account.

Interests in defined benefit schemes will be appropriately valued and will have earnings taxed under this measure in a similar way to other interests.

Need help?

If you would like assistance to interpret these changes and how they may affect your individual or business circumstances, please contact your Allan Hall Advisor on 02 9981 2300.

CONTACT ALLAN HALL BUSINESS ADVISORS

computer security

Enhancing cybersecurity with MFA

Posted on | by Allan Hall

Adopting a multi-factor authentication (MFA) strategy

With technology advancing, it has become easier for hackers to gain access to our personal data.

In the past, passwords were considered the best line of defence against cybercriminals, but times have changed.

That’s why adding an extra layer of security to your online accounts is essential, not just for your information, but for your customer information too.

That’s where multi-factor authentication (MFA) comes in.

MFA is a security measure that combines two or more ways to prove your identity to allow access to an account. By doing this, it makes it much harder for cybercriminals to steal or compromise your credentials. MFA types include:

  • something you know such as a password, PIN or response to a challenge like naming the first street you lived in
  • something you have such as a physical token, smart card or an SMS sent to your phone containing a code
  • Something you are for example a fingerprint, facial recognition or iris scan.

Cybercriminals may still get their hands on your password, but they will need your biometrics or a code to fully unlock your account. While MFA is not available for every online account, it’s becoming a more widely-applied way to verify your identity. Banks, social media platforms and software providers are adopting this measure to protect their users’ information.

Enabling MFA on your email accounts and computer software, especially if working remotely, is crucial. Adopting this practice in a work capacity strengthens the protection of your systems and sensitive information.

Implementing this strategy, alongside the other cybersecurity best practices, gives your systems a greater line of defence in the event of a cyber incident. By taking proactive steps to secure your online accounts, you can help safeguard your personal information and that of your customers. So, take the time to set up MFA on your accounts and enjoy the peace of mind that comes with knowing your information is secure or visit the ACSC website to find out more about implementing your MFA strategy.

CONTACT ALLAN HALL BUSINESS ADVISORS

computer security

Make cybersecurity a priority for 2023

Posted on | by Allan Hall

Recent cyber-attacks have shown how important it is to have robust cybersecurity practices in place to protect both your business and customer information.

The Australian Cyber Security Centre’s essential 8 strategies provide guidance on how you can create a baseline of protection against cyber incidents.

Their first topic covers application controls. 

Application control strategy

Put simply, application control involves you putting together a list of computer apps and/or downloadable programs that are ‘authorised’ as being legitimate and safe to use.

You then add these authorised apps to your computer’s application control feature. These features act as your computer’s security guard, ensuring that you can only download and use the approved list of apps that can be on your computer.

Doing this can minimise the risk of malicious code (also known as malware) being downloaded onto your systems, which can then disrupt, damage or even gain unauthorised access to your computer systems.

It’s important that you regularly review the list of approved apps and remove any you no longer need. It’s also crucial that you test the application control to make sure it works. Simply try and download an app that isn’t on your authorised list and make sure your system blocks the download.

CONTACT ALLAN HALL

using xero on an iphone

Changes to multi-factor authentication coming for Xero customers

Posted on | by Allan Hall

Over the last few years, our lives – and businesses across the world – have moved online at a rapid pace.

Unfortunately, cybercriminals have followed and are using new, digital methods to target Australians. As custodians of your data, Xero does all they can to protect the information held in your account.

One of the ways is through multi-factor authentication (MFA), a process designed to secure how you log in to Xero and verify it’s really you. An upcoming Australian Tax Office (ATO) update to MFA regulations means anyone that accesses an Australian organisation globally needs to re-authenticate their device every 24 hours when logging in to Xero.

What’s changing with MFA?

Many of Xero’s Australian customers would have started using MFA back in 2018 when it was first introduced by the ATO. Throughout 2021, Xero rolled out mandatory MFA for users in all other countries. Today, every Xero customer must use MFA when they log in.

Recently, in response to growing cybersecurity threats, the ATO updated its regulations around MFA for software providers like Xero. This means that the length of time a device is trusted for must be limited to 24 hours for cloud-based business applications, such as Xero. 

From early October, ‘remember me on this device’ will change. Currently, you can skip authentication for 30 days when signing in to Xero via MFA (such as through the Xero Verify, Google Authenticator or Authy apps), which remembers the unique device you’ve logged in with. With this update, you will need to re-authenticate your trusted device (such as a laptop, tablet or phone) every 24 hours.

When will this happen?

The 24 hour change to Xero’s MFA trust device frequency will start from early-October. From then, you’ll need to authenticate daily when you log in to your account.

Why is this being changed for Australian customers?

This is a regulatory change from the ATO and is to support cybersecurity measures to protect users’ valuable data – just think of all the critical information stored within your Xero account. It’s important to keep this safe.

You’ll likely remember when MFA was first mandated by the ATO. Just like last time, Xero is updating its platform to comply with this change and make it a smooth transition.

What if I’m in another country, like New Zealand, but access an Australian organisation in Xero?

This change doesn’t just apply to Australia but to anyone globally that accesses an Australian organisation – even if it’s just one account in Australia that you log in to. This is because you are accessing information (including personally identifiable information) that falls under the ATO’s remit.

Do I need to make any updates myself?

No – rest assured that the Xero platform will update automatically in early October. Since all Australian customers already use MFA, you won’t have to change anything about how you log in to Xero – except for daily authentication. This means you can continue to use your usual verification tool, whether it’s Xero Verify or a third-party app like Google Authenticator.

Why is cybersecurity so important and should I be worried?

Security has always been important at Xero and we want to keep your valuable business data safe. Since the start of the pandemic, activity by cybercriminals has been on the rise in Australia. As our lives have moved more and more online, so too have the approaches of cyber criminals.

They’ve continued to evolve and use increasingly sophisticated ways to entrap victims online. One of the most common types of cybercrime is phishing, which tricks you into clicking on a fraudulent email, text message or web link to then access your online accounts and steal your personal and business information.

How does MFA help protect me against cybersecurity threats?

MFA is one of many important tools used to safeguard against cybersecurity threats. It’s a security process which uses at least two different factors, something you know (your password) and something you have (mobile device), before you can enter your account.

This second layer of security is designed to prevent anyone else from accessing your account, even if they know your password. In fact, research shows that MFA can prevent up to 80% of data breaches.

What does this mean for Xero’s mobile apps?

Xero’s suite of mobile apps, such as the Xero Accounting App, Xero Expenses and Xero Projects, will also be impacted by these new regulations. When the new versions are introduced, you will no longer be able to choose the lock device option ‘Don’t lock it’. You will either need to use a security code, which will be available on Android for the first time and is currently available on iOS, or use Face ID.

What if I normally share my login with members of my team?

Shared logins reduce the security of your Xero account. The more people who have access to a login, the more likely it is to be compromised. Everyone who accesses an organisation in Xero should have their own login details (as per Xero’s terms and conditions).

If they don’t already, now is the time to make sure everyone is set up with what they need to securely use Xero. 

Read more about MFA here and troubleshoot any possible issues here »

CONTACT ALLAN HALL

ransomware

The Australian Cyber Security Centre warns of Ransomware amidst increasing attacks

Posted on | by Allan Hall

Ransomware attacks are on the rise in Australia

Learn how to protect yourself against it and secure your devices.

What is ransomware?

Ransomware is a common and dangerous type of malware. It works by locking up or encrypting your files so you can no longer access them.

A ransom, usually in the form of cryptocurrency, is demanded to restore access to the files. Cybercriminals might also demand a ransom to prevent data and intellectual property from being leaked or sold online.

The effects of ransomware

Ransomware can cause severe damage to both individuals and organisations. You could face significant downtime while you restore your devices and data to their original state.

If you don’t have a backup, it could be impossible to recover your files.

Downtime or data loss can hurt your reputation, and cost you money.

What to look for

Ransomware can infect your devices in the same way as other malware or viruses. For example:

  • visiting unsafe or suspicious websites
  • opening emails or files from unknown sources
  • clicking on malicious links in emails or on social media.

Common signs you may be a victim of ransomware include:

  • pop-up messages requesting funds or payment to unlock files.
  • you cannot access your devices, or your login doesn’t work for unknown reasons.
  • files request a password or a code to open or access them.
  • files have moved or are not in their usual folders or locations.
  • files have unusual file extensions, or their names or icons have changed to something strange.

Case Study: Ransomware attacks can be devastating, but backups protect what matters most.

How backing up saved a business from ransomware

Ransomware can happen to anyone, anywhere, at any time, and for one business, it did. With assistance provided by the Australian Cyber Security Centre (ACSC), the business recovered from the attack, files intact and avoided months in downtime.

Gerri, who worked at a small design firm, noticed one morning she could not access a design file. The file extension was different and the icon was a blank page rather than the usual logo. Suspecting something, she raised it with her colleague Simon.

Simon decided to look at all the files on their server and noticed in real time that their files were being encrypted randomly, making them unusable.

“We actually caught it happening and then I pulled the plugs on everything and managed to save a lot,” said Simon.

A .txt file titled ‘Read Me’ popped up – it was a note sent by a cybercriminal saying the files were encrypted with ransomware. The note demanded a ransom in cryptocurrency to unlock them.

Simon took a screenshot of the ransom note and ran anti-malware and anti-virus on all their machines. He quickly called the Australian Cyber Security Hotline on 1300 CYBER1 to report the ransomware attack and seek advice about how to recover.

Luckily, the business was following ACSC best practice advice and kept regular backups of their work to cloud servers and external drives, as well as a Network Attached Storage device.

Due to Simon’s quick thinking and awareness, he was able to save the majority of their files; however, they lost some newer files that were encrypted by the ransomware.

The business consulted an IT professional, who reformatted their systems to ensure there was no trace of ransomware on their networks, as well as updated their anti-virus software.

Unfortunately, the encrypted files could not be recovered, taking the business an additional 2 weeks to recreate the lost work and to get all the systems back up and running.

“The downside was having to reload the software onto the systems, which took hours for some,” said Simon.

However, if it was not for the backups made prior to the attack, the situation could have been much more severe.

“Backup all your stuff daily… if it wasn’t for that we would have been stuck for months,” said Simon.

The ACSC has updated its ransomware guidance to help Australian individuals and businesses protect themselves and respond to a ransomware attack.

The ACSC is here to help all Australians impacted by cyber incidents. ACSC cyber security advice and assistance is available 24/7 through the Australian Cyber Security Hotline (1300 CYBER1) and through ReportCyber.

ACSC advice

Never pay a ransom

There is no guarantee you will regain access to your information, nor prevent it from being sold or leaked online. You may also be targeted by another attack.

The practical guides below will help you to protect yourself against ransomware attacks and tell you what to do if you’re held to ransom.

If you get stuck

CONTACT ALLAN HALL

invoice

Understanding eInvoicing

Posted on | by Allan Hall

Change can be hard, particularly when things seem to be working and the need to do things differently isn’t obvious.

Perhaps you’ve found this when it comes to invoicing for your business.

You may be used to sending PDF invoices via email and manually entering the invoices you receive into your accounting software. You may even be used to dealing with regular problems with invoicing, like late, lost or compromised invoices or mistakes.

If you think this is all the normal cost of running a business — it doesn’t have to be!

Switching to eInvoicing will help you reduce manual data entry, because eInvoices automatically appear in your business software, ready to be checked and paid.

While getting started with eInvoicing can seem daunting, it’s probably much easier than you think.

Deputy Commissioner for Small Business Deb Jenkins presents a new series of short videos about eInvoicing to help you out. They help explain how eInvoicing can benefit your business by helping you save time and money.

eInvoicing doesn’t give the ATO access to your invoice data. It’s not a compliance measure; it aims to reduce your admin, boost your cash flow and give you more time to focus on what matters most.

eInvoicing products and services are becoming more available over time. More than 16,500 Australian businesses are adopting it, including well-known and large Australian companies and federal and state governments.

There has never been a better time to get started. Talk to your adviser or business software provider today to find out about making the change.

CONTACT ALLAN HALL

inflation/stocks

How businesses with accurate data insights are surviving inflation

Posted on | by Allan Hall

Article by SmartCompany: The Great Data Divide

How SMEs with accurate data insights are surviving the inflationary cycle

Key points

  • Real-time data is more accessible to small and medium businesses than ever before
  • It’s allowing a generation of business owners who’ve had to rely on experience and gut feel to transform their businesses into data-driven operations and grow their revenues and margins in the face of difficult economic headwinds

Regardless of industry, businesses can be divided into haves and have nots by the accuracy and recency of their data. For those running on gut feel, or how they’ve always done it, a perilous combination of economic drivers could push them to the wall.

With every news story headline, the outlook seems to get more challenging for SMEs. With supply chains stretched, prices rising and skilled employees impossible to find, there are pressures across every single facet of business.

Unfortunately, if you believe the forecasts — it’s likely to stay that way for a while yet. It seems that business owners are confronted with a never-ending set of challenges, and to make money in the current climate, good data, far more than good luck, is required.

In the current environment, and for a long while into the future, the divide between those who have data and those who don’t, is akin to a forecast about who will (and won’t) thrive, or even survive. While big data remains the province of large corporates and governments, real-time data is more accessible to SMEs than ever before.

This article also references the Xero Small Business Insights Report findings for July 2022. 

Read the full article here »

At Allan Hall we’re experts in Xero – online accounting software that’s easy to use. Find out more about Xero here or drop us a line to get started. A better way to work – together with us, share access to your business numbers so everyone is up to speed. Xero accounting software lets you work anywhere.

CONTACT ALLAN HALL