With tax season upon us, it’s essential for Australian small businesses to keep front of mind that this is a time of year cybercriminals await with huge anticipation. Tax time brings with it an avalanche of potentially exploitable personal and financial information being stored and shared, and this equates to open season for cybercriminals. However, too many small businesses, micro-businesses, and self-employed workers don’t take the threat seriously enough.
Sadly, we know from Norton research that over one-third (35 per cent) of micro businesses and self-employed workers say the arrival of tax time does not make them more wary to online threats than the rest of the year, while the figure is even higher for small businesses, with more than two-fifths (41 per cent) admitting the same. This is staggering for a time of year in which we know the number of Australian Taxation Office (ATO) scams go through the roof, with over two-fifths (42 per cent) of working Australians claiming to have been targeted by scams – either by phone, email or text – impersonating the ATO in the past.
As it stands, 2018 was a bumper year for cybercriminals – they managed to fleece $1.3 billion from Australians – and without small businesses taking the proper care, 2019 could prove even more lucrative for them. Cybercrime is becoming more sophisticated and the reason for this is very simple: data is incredibly valuable.
Yet, many Australian small businesses are not rising to meet the threat these criminals pose. Almost half (48 per cent) of micro businesses and self-employed workers do not believe they are more susceptible to cyber-security risks at tax time, a figure that drops to a not-much-better 40% for small business workers.
Perhaps most troubling is that over a third (35 per cent) of micro businesses and self-employed workers, as well as almost two-fifths (38 per cent) of small-business workers, would be willing to do an online tax lodgment without even having cyber security software installed on their device which could help protect against fake websites, keyloggers and ransomware. This is despite over 80 per cent of small businesses, micro-businesses, and self-employed workers being worried about online identity theft as a result of cybercrime. Clearly, the awareness is there, but the action is lacking.
Now, I know that trying to protect yourself from cyberattacks can seem like a completely overwhelming task, but the fact is that basic behaviours like proper password hygiene, using effective cyber security software, updating (patching) devices and vigilance when it comes to activities like online banking, can make all the difference. These are easy measures for Aussie businesses no matter how large or small to put in place, as is – and I can’t stress this enough – being wary of emails, text messages, and phone calls claiming to be from the ATO. If you’re left in any doubt about the validity of any communication from the ATO, be sure to contact them directly via their fraud hotline: 1800 008 540.
Mark Gorrie, Senior Director and Security Expert – ANZ, Norton LifeLock