Monthly Archives: August 2016

How Secure is your Email

Did you know….?

  • Some email accounts, (typically free accounts or those as part of a wider service like gmail, Hotmail even Bigpond, Optus etc), are routinely and systematically scrutinised and analysed for what you are doing and what you are sending and who to.
  • Email bounces via of a number of servers and through various services between leaving you and reaching the recipient. This creates numerous points of vulnerability.
    • Points of weakness are the sender’s device, the network, (i.e., the internet provider), the servers and the recipient’s device.
  • Not all email clients are equal. Some are more secure than others.
  • Webmail is the least secure – but you can take precautions like using strong passwords, enabling two factor authentication and enabling notifications for new sign-in locations or devices

Important Security Issues

  • You should never have a Tax File Number (TFN) written in the body of an email
  • You should never have a TFN written in an attachment within an email unless it is encrypted (password protected)
  • If you are using a webmail based email address, look at upgrading and getting your own domain name with a secure provider – it is more professional and costs very little to activate an email address. You don’t need an active website in order to have your own email address. At the very least, make sure you have enabled the highest possible security available for that service.
  • Consider using encryption software for sensitive documents or information being sent by email

In effect, there is no security of identity-sensitive information like a TFN in an email, and any one of the people with access to your or the recipient’s devices, email servers or intercepting emails could obtain the TFN that you have sent.

This opens up a can of worms for the sending of Income Tax Return by email (it contains the TFN), and for sending the end of year payment summaries directly from the software.

It is not limited to TFNs. The sending of any information that could be used to compromise someone’s identity, including credit card details, bank account details and other private information are all questionable.

Recommendations

  • Use a password manager application like 1Password or Last Pass. This not only securely manages all your passwords but can generate very strong passwords randomly.
  • Always use strong passwords
  • Regularly change passwords
  • Regularly check settings and preferences to make sure you are still using the optimum security setting available for your email application
  • Always update your operating system, software and applications when prompted
  • Enable two factor authentication on anything you can
  • Back up everything

 

 

Checking Australian Business Numbers (ABN)

The law states that every business making a payment must check the validity of their suppliers.  They must check that:

  1. Suppliers have provided an ABN and that it is a valid ABN and it belongs to them.
  2. Check that the supplier is allowed to charge GST.
  3. You must obtain a valid tax invoice from suppliers.

If your supplier used an invalid ABN or is not registered for GST but they have charged it, and you pay it to that supplier then the ATO position, based on the law, is that you are not allowed to claim back that GST from the ATO.

There are increasing reports of the ATO conducting reviews of businesses in the areas of supplier registration and validity of GST claims. Therefore, the business owner needs to understand that these are matters that should not be ignored and will be reviewed in an audit, with potential penalties applied by the ATO if GST is incorrectly claimed when the business owner knew it shouldn’t have been claimed.

ABN Lookup

As of February 2015, the Government have declared that the ABN Lookup Tool can now be relied upon.

The Commissioner of Taxation has advised that:
If you primarily rely on information about another entity in ABN lookup to self-assess your taxation liabilities or entitlements, and that information turns out to be incorrect:

  • The Commissioner will not take compliance action to recover any tax shortfall
  • You will also be protected against any false or misleading statement penalty and any interest charges.

However, you will not be protected against any liability to tax shortfall, penalties or interest charges if you and the entity on ABN Lookup are associates.

Accounting software companies are increasingly offering solutions within the software to make it easier for business owners to check the ABN status of a supplier by linking directly to the ABN Lookup website.

ICB Recommends

  1. When a new supplier is being considered, or prior to any payment to a new supplier, check their GST status.
  2. Once a year, check the ABN registration status of all major and/or regular suppliers you are conducting business with.
  3. To be absolutely certain that you are entitled to claim back all GST charged to you by suppliers, the  comprehensive system would be to check all suppliers before any payment is made- but this is not a legal requirement.

When you use the ABN Lookup, always keep a copy of the results for your reference.