Sunshine Coast and Brisbane Accountants - Clarke McEwan Accountants and Business Advisorrs
Sunshine Coast and Brisbane Accountants - Clarke McEwan Accountants and Business Advisorrs

Can you prevent a hack?

Clarke McEwan Accountants

Can you prevent a hack?


In the wake of the Optus data leak, legislation before Parliament will lift the maximum fine for serious or repeated breaches of the Privacy Act from $2.2m to up to $50m. But there are no guarantees that even the strongest safety measures will prevent an attack. So, what does that mean for business and their customers?


Legislation before Parliament will lift penalties for serious or repeated privacy breaches, provide new powers to the Australian Information Commissioner, require entities to provide detailed data to the Information Commissioner to assess public risk, and give the regulator greater information sharing powers. In a statement, Attorney General Mark Dreyfus said, “When Australians are asked to hand over their personal data they have a right to expect it will be protected.” But the question is, can any business claim that customer data will be protected from hackers?


If a customer needs to disclose their personal information to your business to work with you, at the point the data is collected, your business is the custodian of that data. A duty of care exists from the moment the data is collected to the point the information is no longer required and destroyed.


The Privacy Act requires organisations to take “reasonable steps” to protect the data collected. ‘Reasonable’ steps “requires the existence of facts which are sufficient to [persuade] a reasonable person.” That is, in the event of a data breach, the business will need to prove the steps they have taken to protect client data.


Lessons from RI Advice


Australian Competition and Consumer Commission v RI Advice Group Pty Ltd was a landmark case. While specific to the obligations of an Australian Financial Services License (AFSL), it demonstrates that ASIC are willing to pursue not just companies that breach their duty of care but the directors and officers involved.


RI advice is a financial services company that, through its AFSL, authorised representatives to provide financial services. As you would expect, as part of providing financial services, the authorised representatives received, stored and accessed confidential and sensitive personal information. Between June 2014 and May 2020, nine cybersecurity incidents occurred at practices of RI Advice’s Authorised Representatives. Enquiries following the incidents revealed:


  • Computer systems which did not have up-to-date antivirus software installed and operating
  • No filtering or quarantining of emails
  • No backup systems or back-ups being performed; and
  • Poor password practices including sharing of passwords between employees, use of default passwords, passwords and other security details being held in easily accessible places or being known by third parties.


RI Advice took steps to manage their cybersecurity introducing a cyber resilience program, controls and risk management measures for its representatives including training, incident reporting, and contractual professional standard terms, but by its own admission, it took too long to implement.


RI Advice was ordered to pay $750,000 towards ASIC's costs. Handing down the decision Justice Rofe said, “It is not possible to reduce cybersecurity risk to zero, but it is possible to materially reduce cybersecurity risk through adequate cybersecurity documentation and controls to an acceptable level.”


Scams and how to avoid them


I got a text the other day “Hi Mum, I have broken my phone and I am using this number.” The “Hi Mum” scam has exploded with more than 1,150 Australians falling victim to the ploy in the first seven months of 2022, with total reported losses of $2.6 million. Once the scammer establishes contact, they start requesting money for an urgent bill or a replacement phone etc. For those with children or dependant family members, it is not that hard to believe. According to the Australian Consumer and Competition Commission (ACCC), two-thirds of family impersonation scams were reported by women over 55 years of age.


Another common scam is the lost or unable to deliver package texts and voicemail. With Christmas just around the corner, we can expect to see another escalation of this scam where tracking links purportedly from Australia Post, Toll, or Amazon etc., are used to instal malware. Once accessed, the malware will access your contacts and spread the malware and potentially access your personal information and bank details.


In July, the Australian Taxation Office (ATO) reported a new wave of ‘Tax refund SMSF scams’. The texts purported to be from the ATO stating that the individual had a tax refund and to click on the link and complete the form. Another scam purporting to be from the ATO advised that the recipient was suspected of being involved in cryptocurrency tax evasion and requested that they connect their wallet. At which point the wallet was accessed and any assets stolen.


The ACCC’s Targeting Scams report states that in 2021, nearly $1.8bn in losses were reported but the real figure is likely to be well over $2bn. 


 The largest combined losses in 2021 were:


  • $701 million lost to investment scams with 2021 figures significantly increased by cryptocurrency scams - more scammers are seeking payment with cryptocurrency and losses to this payment method increased 216% to $84 million.
  • $227 million lost to payment redirection scams.
  • $142 million lost to romance scams.


Protecting yourself from scams


Help educate older relatives. The over 55s are the most likely to fall victim to a scam.

  • Always use the primary website or app of your suppliers not a link from a text or email.
  • Don’t click on links from emails or text messages unless you are (absolutely) certain of the source. For email, if the sending email domain is not clear or hidden, hover over the name of the sending account to check if the email is from the company domain.
  • For Government services, use your MyGov account. Any messages to you from the ATO or other Government services need will be published to your MyGov account. Never click on links purporting to be from a bank, ATO or Government department.


Protecting your business from scams


Payment redirection scams, where the email of the business is compromised, caused the highest reported level of loss for business in 2021 at a combined $227 million.

Payment redirection scams involve scammers impersonating a business or its employees via email and requesting an upcoming payment be redirected to a fraudulent account. In some cases, scammers hack into a legitimate email account and pose as the business, intercepting legitimate invoices and amending the bank details before releasing emails to the unsuspecting business. Other times, scammers

 

 impersonate people using a registered email address that is very similar to one from a legitimate business.


  • Educate your team about threats and what to look out for, the importance of passwords and password security, and how to manage customer information. Phishing attacks, if successful, provide direct access into your systems.
  • Ensure staff only have access to the business systems and information they need. Assess what is required and close out access to anything not required. Also assess how customer personal information is accessed and communicated. Personal information should not be emailed. Email is not secure and it is too easy for staff to inadvertently send data to the wrong person.
  • No shared login details or passwords.
  • Complete a risk assessment of your systems and add cybersecurity to your risk management framework.
  • Develop and implement cyber security policies and protocols. Have policies and procedures in place for who is responsible for cybersecurity, the expectations of staff, and what to do in the event of a breach. Your policies should prevent shadow IT systems, where employees download unauthorised software.
  • Understand your organisation’s legal obligations. For example, beyond the Privacy Act some businesses considered critical infrastructure such as some freight and food supply operations are subject to the Security of Critical Infrastructure Act 2018. This might involve small businesses in the supply chain.
  • Use multifactor authentication on your systems and third-party systems.
  • Update software and devices regularly for patches
  • Back-up data and have backup protocols in place. If hackers use ransomware to lock your systems, you can revert to your backup.
  • If customer data is being shared with related or third parties domiciled overseas, ensure your customer is aware of where their data is domiciled and your business has taken all reasonable steps to enforce the Australian Privacy Principles. Your business is responsible for how the overseas recipient utilises your customer’s data.
  • Only collect the customer data you need to provide the goods and services you offer.
  • Ensure protocols are in place for accounts payable.
  • Don’t forget the hardware – laptops, computers, phones. 
Federal Budget 2025-26: what it means for your small business
By Clarke McEwan March 29, 2025
The Treasurer, Jim Chalmers, delivered the Federal Budget on 25 March. But what’s in the Budget for small business owners? We’ve got the lowdown on the main opportunities. #FederalBudget #Budget #businesstips
By Clarke McEwan March 21, 2025
As your accountant, we won't just look after the financial side of your business, we can also advise you on the strategic side of your company, including the importance of business development as vital part of your growth plan. Business development (BD) is what helps your company move from slow, organic growth to fast-paced, hypergrowth. And it’s only by putting the right drive and expertise behind your BD that you can turn your strategic ideas into real success stories. So, how can we help you achieve this? Talk to you about your strategic goals The starting point for any kind of BD activity is to pin down your goals and aims as a business. When you know what you want to achieve over the coming months, it’s far easier to define a strategy for success. And that’s easier to do when you talk to an objective adviser, like us. We can sit in on your board meetings, talk to your executive team and get a real handle on what makes the business tick. And, armed with this knowledge, we’ll work with you to drive the direction of your BD and find the best opportunities for you to focus on. Help you create a clear BD strategy and plan Having a defined set of BD goals is a good starting point. But to put this all into action in a productive way, you’re going to need a comprehensive plan for your BD projects. Our years of experience advising business leaders and their teams really comes into play here. We know the best routes to take, the budgets that will be needed and the right tactics for bringing in more contracts, sales and partnerships. By putting these strategies into a clear plan, and linking this to agreed timescales, you have a BD route map to follow and action. Introduce you to a broader network of business partners We work with a wide range of businesses across many different sectors, industries and niches. By introducing you to our network of clients, we welcome you into a supportive community of like-minded business owners. And that’s excellent news when looking for new partnerships. Whether it’s attending a local conference, an online webinar or one of our in-house client events, you’re going to meet new people, share new ideas and make the right connections. This is a great way to build alliances and work together with other local businesses. And when you’re well-connected, you set the very best foundations for your future BD activity. Provide better routes to funding and investment Whatever goals you’ve set for your BD projects, it’s likely that you’re going to need additional funding to finance this activity. Investing in your expansion, or new partnerships, is vital to getting a good return on your BD, so great access to finance is a definite bonus. We’ll advise you on the most appropriate funding channels and how you can use these facilities to finance your BD plans. And we can also link you up with banks, lenders and business finance specialists – so you get the advice and finance you need to bring your BD to life. Help you track and measure your BD performance Meeting your BD targets takes time – and a whole lot of dedication. Measuring your BD performance over time, helps you stay on track and gives you a good indication of how well you’re tracking against your planned progress. We’ll help you create the reporting and metrics you need, so you have clear data to track your progress over time. You can log your activity in your project management system, or your client relationship management (CRM) software, and keep clear notes on contacts made, relationships built and targets converted etc. If you want to get more from your BD, please do get in touch. We’ll partner with you to put some real drive, experience and impetus behind your BD strategies.
By Clarke McEwan March 13, 2025
The Government has announced a temporary ban on investors buying established homes between 1 April 2025 to 31 March 2027. The measure aims to curb foreign “land banking.” From 1 April 2025, foreign investors (including temporary residents and foreign-owned companies) will be prohibited from acquiring established dwellings unless they qualify for specific exemptions. While exemptions exist, they are limited. In addition, foreign investors purchasing vacant land will be required to meet development conditions that require the land to be used productively within a reasonable timeframe.
By Clarke McEwan March 13, 2025
Global Google searches for the word “tariffs” spiked dramatically between 30 January and 2 February 2025, a +900% increase to the previous 12 months. We look at what tariffs really mean. Who pays for tariffs? Tariffs increase the price of imported goods and reduce trade flows of that good or service. Traditionally used to protect specific domestic industries by reducing competition, tariffs increase the price of foreign competitors and reduce demand. In his first term, President Trump imposed a 25% global tariff on steel and a 10% tariff on aluminium (which Australia managed to reduce to zero with supply limits imposed instead). The impact was reportedly a 2.4% increase in the price of aluminium and 1.6% increase in the price of steel in the domestic US market. The cost of tariffs is not borne by overseas suppliers but indirectly through a reduction in trade and domestically through higher prices, particularly where those goods and services are common. For the US however, the negative impact of tariffs will be felt less abruptly than many of its trading partners as trade only represents around 24% of US gross domestic product (GDP) – whereas trade accounts for 67% of Canda’s GDP. Where we are at with US trade tariffs While talking to shock jock Joe Rogan during his election campaign, Donald Trump stated, “this country can become rich with the proper use of tariffs.” In his second week of office, President Trump used emergency powers to curb the “extraordinary threat” of illegal aliens, drugs and fentanyl into the US, by imposing the following tariffs : · Canada - 25% additional tariff on imports from Canada (except energy resources that have a reduced 10% additional tariff). Canada responded by imposing its own 25% tariffs on a range of predominantly agricultural products and household goods. Canada is a trading nation and exports represent two-thirds of its GDP. In 2023, the US represented 77% of Canada’s total goods export. · Mexico - 25% additional tariff on imports from Mexico . Mexico has responded with its own 25% tariff on US goods. · China - 20% additional tariff on imports from China. The US trade deficit was over $900bn in 2024 of which China accounts for around $270bn. The additional tariff on postal shipments from China to the US has since been temporarily suspended for items with a value under $800 until the US postal service is able to collect the tariff. China’s response has been to impose additional tariffs on certain US imports including a targeted 15% tariff on agricultural products including chicken, wheat, corn and cotton, and a 10% tariff on fruit, vegetables, dairy products, pork, beef and sorghum. Export controls have been placed on some critical minerals. In addition, China has filed a complaint to the World Trade Organization. Industry specific tariffs and investigations · Steel imports – from 12 March 2025, the original 25% steel tariff is set to resume without the bi-lateral agreements reached over time with many nations including Australia watering down the tariff. · Copper imports – while no actions on tariffs, the President has ordered an investigation into the threat to security of copper imports . · Imports of timber, lumber products – while no action or impositions as yet, the President has ordered an investigation into the threat to security of imports of timber, lumber and derivative products such as paper. · US tech giants – it seems that the President is concerned by digital services taxes (DST) imposed on US technology companies and has vowed to respond with tariffs and other measures. Australia does not impose a DST and instead is aligned to the OECD reforms of digital taxing rights. Will Australia face US tariffs on other goods? Australia has a large trade surplus with the US which would normally make the imposition of tariffs less likely. However, specific industries may be impacted by product or industry based tariffs, such as steel and aluminium. The largest American imports into Australia are financial services, travel services, telecoms/ computer/ information services, royalties and trucks. Australia’s largest exports to the US are financial services, gold, sheep/goat meat, transportations services and vaccines. Impacts of trade wars on Australia Australia is impacted indirectly by demand. China is Australia's largest two-way trading partner, accounting for 26% of our goods and services trade in 2023. If Chinese demand slows as a result of a trade war, Australia’s economy will slow. But there is a pattern in President Trump’s approach to international and trade relations that suggests that an all-out trade war might not occur: a bold line or policy is stated - a statement that tells a story to the US public consistent with his election sentiments; then, wound back either partially or fully after concessions have been secured or concessions stated. For Australia, there is a risk in these policy machinations that China again agrees to reduce the US trade deficit by purchasing more from the US, potentially to the detriment of Australian suppliers. For Australian business, uncertainty and volatility is the problem. Uncertainty slows the economy and impacts business revenue while at the same time, costs may increase. For those in the business of selling product manufactured and distributed from China or through other trading partners directly impacted by tariffs, watch for more supply chain issues and potential cost increases. If the US export markets retracts, there is also a risk other trading nations look to dump their products to help offset losses.
FBT 2025: What you need to know
By Clarke McEwan March 12, 2025
The Fringe Benefits Tax (FBT) year ends on 31 March. We’ve outlined the hot spots for employers and employees.
Which Xero app is right for your business?
By Clarke McEwan March 2, 2025
Which Xero app is right for your Aussie business? We’ve got the lowdown on the top 12 Xero apps and how they can form your perfect Xero app stack. #xero #apps #businesstips
More Posts
Share by: