Tax time and the end of financial year (EOFY) are one of the busiest times for small businesses.
In addition to standard business operations, many small businesses run EOFY sales and there are tax, payroll and superannuation obligations that require additional time and focus.
That makes this the perfect period for cyber criminals to pounce.
Small business owners and staff need to be prepared and alert to the increased activity to avoid being a victim of cyber attack.
Here is how to be prepared for EOFY cyber scams.
How cyber criminals can target your small business this EOFY
The EOFY marks a time with additional compliance activities and when many small business operators have increased dealings with the Australian Tax Office (ATO), the Australian government’s MyGov website and financial institutions.
Cyber criminals know this and attempt to impersonate these trusted organisations to scam small businesses.
Common scam activities include:
- Cyber scammers using email, SMS or telephone to impersonate the ATO and demand money for outstanding debts.
- Generating fake links to MyGov and tricking users into handing over access to their accounts.
- Using fraudulent links and fake invoices to trick you into paying at a time when you are busy and distracted.
What can I do to protect my small business from EOFY cyber attacks
There are a number of practical ways you can help protect your small business from the most common EOFY cyber attacks:
1. Be aware of texts or emails from the ATO
At this time of year, it’s important to be especially wary of any emails, phone calls, texts or social media messages claiming to be from the ATO or myGov.
Don’t engage with it if you aren’t confident that it’s genuine.
The ATO reported that between 2021-22 and 2022-23, contact by scammers via email jumped 179% and more than 400% for SMS.
The ATO says it will never send an unsolicited SMS that contains a hyperlink. It also has clear and simple information on its website about recent scams and how to verify genuine communication.
2. Consider using e-invoicing software to protect your information
Small businesses are increasingly losing hard-earned money to fake invoices and payment redirection scams.
e-Invoicing software is becoming a popular way to send and record bills without sending PDF invoices via email. It enables businesses to send and receive invoices directly to and from their accounting systems and record bills without data entry.
Peppol, an international eProcurement framework, was adopted by the Australian government in 2019.
Xero and MYOB are examples of companies that use the accredited e-invoicing protocol.
3. Banish poor processes and weak passwords
Lazy cyber security habits make small businesses vulnerable to cyber attacks.
- Implement multi-factor authentication (MFA) to protect your email and business accounts.
- Also upgrade to unique passphrases on all log-ins and consider a password manager to safely store your passwords.
- Make sure you set your apps, plug-ins and browsers to auto-update so you have the latest security updates.
4. Don’t let your guard down when you are busy
When you are busy and tired, it’s harder to spot a scam, fake invoice or phishing attack.
Be careful whenever someone insists that you must act immediately, whether it’s to pay an invoice or attend to an account upgrade.
Come back to the task when you have more time and can read and consider the request properly.
Make sure to stick to your usual banking and payment processes.
Watch out for red flags such as strangely configured email addresses, unusual or “confidential” requests or unsophisticated language and typos.
Don’t let EOFY be the end of your small business
You don’t have to be a tech wizard to protect your small business during EOFY and tax time.
There are many simple and practical steps you can take to make sure your business isn’t a victim of a cyber attack at this busy time of year.
Consider making one of your new financial resolutions to take the free and fast Cyber Wardens training course, and get your staff to sign up too.
It only takes 2 minutes to start your journey to being more cyber secure, by enrolling in the free and simple Cyber Wardens online training. The course is self-paced and you’ll learn simple steps for small business quick wins in cyber security.
Help protect your small business from scams and hackers with free and simple cyber security training