making tax digital€¦ · quickbooks quickbooks desktop desktop 2019 quickbooks quickbooks cloud...
Post on 30-Jul-2020
6 Views
Preview:
TRANSCRIPT
EffectiveTax recording will be more
accurate, providing fewer
opportunities for errors,
miscalculations and fraudulent
activity.
EfficientThe process will be faster and
more automated for businesses,
accountants and HMRC, helping
them save valuable time.
EasierWith the right software, Making
Tax Digital will make it easier for
small businesses to record and
file their tax returns online.
Making Tax DigitalWhat you need to know for you and your business
We will still be able to provide
you with the same support and
advice that we do now. We will
continue to guide you to ensure
you are fully compliant with all
the new reporting requirements.
We will continue to update you
until the 1st April 2019 deadline,
but please feel free to contact
your usual Cowgills advisor if you
have any concerns.
You can also visit our website
and follow us on Twitter to keep
up to date with the latest news.
Firstly you need to think about
your software, as the biggest
change will be the need for
digital record-keeping.
The good news is that if you
are currently using one of the
major cloud based accounting
packages such as Xero, Sage or
FreeAgent, your software will be
compatible.
We suggest that you get used
to your new digital software as
soon as possible to help make
the transition smoother.
We can help What can I do?
Making Tax Digital is a key part of the Govenment’s plans to modernise the tax system. It is
designed to make it easier for individuals and businesses to get their tax right as well as simplifying
the HMRC submission process. It will change the way that businesses keep their accounting
records, report profits and interact with HMRC.
1
Need help?
For more information on how we can help, please speak to your usual Cowgills or CHW advisor.
Call 01204 41 42 43 or email enquiries@cowgills.co.uk
To find out more and how we can help, please email your usual advisor for more details.
2
From April 2019, subject to the
implementation of a potential
grace period, if businesses fail to
comply, they will attract ‘points’
and penalities in line with the
Government’s new two-tier
‘points-based’ penalities regime.
The proposed regime for
businesses and individuals will
be enforced within 15 days of an
overdue tax payment. However,
there may be an initial grace
period for late filers still getting to
grips with the new digital system.
What are the penalities?
The facility to enter VAT return information directly onto the HMRC
website will no longer be available from the 1st April 2019. In order
to submit a VAT return to HMRC from that date Making Tax Digital
compatible software will be required.
What are the practical changes for businesses?
You can still provide quarterly updates for other taxes but there is no
mandatory requiremment to do so as of yet. The Government has
committed that it will not widen the scope of MTD for businesses
beyond VAT before 2020 at the earliest. After this you may need to
keep a digital record for your other taxes too.
Note: If you have previously authorised HMRC to receive your VAT
return from an agent, they can still do this.
What versions of software are compatible?
Developer Product Platform Version
Sage 50 Accounts Desktop 25*
Sage Sage Business Cloud Cloud All
Xero All Cloud All
FreeAgent All Cloud All
Quickbooks Quickbooks Desktop Desktop 2019
Quickbooks Quickbooks Cloud All
Kashflow Kashflow Cloud All
ClearBooks ClearBooks Cloud All
*Requires additional subscription
What about other taxes?
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Barclays Business BankingKnow your cyber and fraud risks
Let’s go forward
2 | Know your cyber and fraud risks | November 2018
“..cyber activities over the past 12 months have impacted businesses – from their reputation, through to their systems, to their bottom line.”Ciaran Martin – CEO NCSC
www.nationalcrimeagency.gov.uk/890-the-cyber-threat-to-uk-business-2017-2018/file
3 | Know your cyber and fraud risks | November 2018
• Why should cybercrime matter to me?
• Social engineering what do you need to know?
• Common cyber threats
• Steps you can take to help protect yourself and your business
What we will cover
4 | Know your cyber and fraud risks | November 2018
Why should cybercrime matter to me?
5 | Know your cyber and fraud risks | November 2018
1. Barclays commissioned research to tackle SME cybercrime, published 25th April 2018.
2. Get Safe Online and Action Fraud figures, based upon crime report to the National Fraud Intelligence Bureau totalling a business loss of £1,079,447,765
between 31/03/2015 and 31/03/2016.
£35,0001
The average cost of a breach is of businesses surveyed have
experienced an attack1
44%
95%of losses are attributable
to human error2
Cybercrime cost
50,000jobs1
Why should you care?
6 | Know your cyber and fraud risks | November 2018
Phishing and spear phishing Malware
Impersonation fraud Data theft
7 | Know your cyber and fraud risks | November 2018
Survey Deliver Breach Affect
Stages of a cyber attack
8 | Know your cyber and fraud risks | November 2018
Survey DeliverSocial Engineering
Social EngineeringRemovable devicesMan in the middleImpersonation
Stages of a cyber attack
9 | Know your cyber and fraud risks | November 2018
Social engineering – what do you need to know?
10 | Know your cyber and fraud risks | November 2018
““
Social Engineering
The clever manipulation of the natural human tendency to trust
Tony Blake
11 | Know your cyber and fraud risks | November 2018
Social Engineering
The scammer’s toolkit
Create a sense of authorityWe tend to comply with authority rather than follow our conscience..
Create a sense of consequenceWe tend to be loss-averse and will seek to avoid a negative consequence.
Create a sense of urgencyWe make worse decisions under stress and time pressure.
Appeal to our vanity or greedWe struggle to resist opening that email attachment which promises to tell.
12 | Know your cyber and fraud risks | November 2018
Spoof emails trying to get the
recipient to:
• Click on a link
• Open an attachment
• Give away information
• Make a payment
Phishing Vishing Smishing
Spoof phone call trying to get
the recipient to:
• Divulge security details
• Pay money
• Give away information
Spoof text message call trying
to get the recipient to:
• Click on link
• Pay money
• Give away information
• Call premium number
Key types of social engineering
13 | Know your cyber and fraud risks | November 2018
From email details can be easily spoofedTo: business.owner@email.comFrom: your.contact@business.com**URGENT** ACCOUNT COMPRIMISE
Dear Business Owner,
We are contacting you as your account has been compromised. In order to reactivate your account you need to access the recovery link below and verify your details.
www.business.com/account_recovery
YOU WILL NOT BE ABLE TO ACCESS YOUR ACCOUNT UNLESS YOU ACT NOW.
Kind regards
Your ContactAccount ManagerBusiness
Links can be easily spoofed hover your cursor over the link to check the destination URLwww.malicious_link.co.uk
Subject line designed to encourage action
General or unusual greeting
Phishing
14 | Know your cyber and fraud risks | November 2018
Phone call with fraudster pretending to be from bank, HMRC or a large business asking for pass codes, pin numbers, verification codes or personal information.
Phone call with fraudster pretending to be from fraud department or police saying that there is a fraud occurring on your account. They try and make you transfer funds to a “safe account” whilst they investigate. They may even know some information about your account.
1
2
Vishing
15 | Know your cyber and fraud risks | November 2018
My Bank
Balance - £2756.07
Deposit - £567.00 (your work)
Debit - £1569.45 (card payment –onlineshop.co.uk)If this wasn’t you please call 000000000 or click here
HMRC
Your are due a refund of £3765.87 for overpayment of income tax. To claim your refund please fill in this form and the transaction will be processed in 3 working days.
Smishing
16 | Know your cyber and fraud risks | November 2018
• Never reveal personal or financial data including usernames, passwords, PINs, or ID numbers. Remember that a bank or other reputable organisations will never ask you for this information or to move your money – whether by email, call or SMS
• Do not assume a caller is genuine because they have some basic information about your account and don’t trust caller ID – it can be manipulated to display a genuine looking number
• Do not allow remote access to your computer – Barclays will never ask for this
• If you receive such a call, hang up and call the Barclays fraud team using official contact details held on file
• Do not open email attachments from unknown sources
• Do not readily click on links in emails from unknown sources. Instead, roll your mouse pointer over the link to reveal its true destination, displayed in the bottom left corner of your screen. Beware if this is different from what is displayed in the text of the link from the email.
How to avoid social engineering attacks
17 | Know your cyber and fraud risks | November 2018
Common cyber threats
18 | Know your cyber and fraud risks | November 2018
Invoice fraud CEO Fraud
URGENT OVERDUE INVOICE
The Boss
Please pay £32,000 to s/c 000000a/c 12345678 immediately.
You have an invoice that is now 30 days overdue.
Please pay £12,000 to the details below immediately.
S/C 000000A/C 12345678
To: your.name@email.comFrom: your.boss@email.comSubject: Urgent Payment
I require £20,000 to be transferred to our solicitor immediately.S/C 000000A/C 12345678
If you do not make this payment we will incur fines.THE BOSS
Impersonation fraud
19 | Know your cyber and fraud risks | November 2018
Enabled by cyber
Process is key – verify requests and details
Can be internal request or invoice
Make sure all staff know your processes
Impersonation fraud
20 | Know your cyber and fraud risks | November 2018
Ransomware
•Computer/Network encrypted
•Required to pay a ransom for access
•Fastest growing malware attack
Trojan
•Allows hackers remote access to your systems
•They can alter files, change screens, view activity and use your computer to attack others.
Malicious Software - Malware
21 | Know your cyber and fraud risks | November 2018
Be prepared – make sure that you:
• back up regularly
• update software regularly
• have anti virus/antispyware
software and a firewall.
Be aware of the risks:
• Be careful when you
click on links
• Limit the use of
removable devices
Make sure that everyone is
aware of the risks and how
to mitigate them.
Malicious Software - Malware
1 2 3
22 | Know your cyber and fraud risks | November 2018
Public Wi-Fi – know the risks
23 | Know your cyber and fraud risks | November 2018
Be aware of
the risks
If you wouldn’t
have the
conversation in
public then don’t
send it in public
Think before
you send
information
When on public Wi-Fi
1 2 3
24 | Know your cyber and fraud risks | November 2018
1234561.
2.
3.
4.
5.
6.
7.
8.
9.
10.
Password
12345678
qwerty
12345
123456789
letmein
1234567
football
iloveyou
How secure is your password?
25 | Know your cyber and fraud risks | November 2018
Have a strong password –
use upper case,
lower case, numbers
and special characters
1
#B3Saf3!
2 3Wherever possible set up
– a second step like a code that you
generate or have texted to you
2-factor authentication
Have a
for each
account
different password
Two steps are better than one
26 | Know your cyber and fraud risks | November 2018
Steps you can take to help protect yourself
27 | Know your cyber and fraud risks | November 2018
• User education
Survey
Deliver
• Password policy
• Secure configuration
• Malware protection
Breach
• Monitoring
• Patch
management
• User training
• Network
perimeter defence
• Secure configuration
• User access
Affect
• Controls and continuitymanagement
Action you can take
28 | Know your cyber and fraud risks | November 2018
Some basic guidance
“Please note that the following information is not a comprehensive guide to cyber security and keeping yours and your customers information safe. There can be no replacement for having the expertise of a cyber security professional and regulartesting of systems and networks. We always recommend seeking out professional expertise to ensure you are compliant with all legalities and requirements from a data protection perspective.”
6
7
8
10
9
1
2
3
4
5
User Education and AwarenessEducate all your employees no matter what their level or role
Network SecurityAvoid connecting to untrusted networks
MonitoringConstantly monitor inbound and outbound traffic
Malware ProtectionEnsure you have the most up to date version of your chosen software
Information Risk managementEmbed an Information Risk Management Regime across your organisation
Incident ManagementEstablish an incident response and disaster recovery plan
Managing User PrivilegesDo they need the access?
Secure ConfigurationRemove or disable unnecessary functionality
Home and Mobile WorkingProtect data using an appropriately configured Virtual Private Network
Removable Media ControlsLimit removable devices such as USB drives
10 Steps to cyber security
29 | Know your cyber and fraud risks | November 2018
The National Cyber Security Centre (NCSC) brings the UK’s cyber
expertise together to transform how the UK tackles cyber security
issues. Their site contains industry updates, blogs, threat reports
and other useful information.
www.ncsc.gov.uk
A nationally recognised certification establishing that you take cyber
security seriously and have stood up to resilience checks carried out
by a professional body.
NCSC hosts the Cyber Security Information Sharing Partnership
(CiSP), which is a joint industry/government initiative to share
cyber threat and vulnerability information in order to increase
overall situational awareness of the cyber threat and therefore
reduce the impact on UK business.
When signing up you will find a regional group to join that
can help you get started.
Free learning around all things digital, including modules
on cyber security. Great for individuals and businesses.
www.digital.wings.uk.barclays/for-everyone/
Cyber Essentials
What support is available?
30 | Know your cyber and fraud risks | November 2018
Reporting cybercrime
31 | Know your cyber and fraud risks | November 2018
You can report phishing attacks that pretend to be from Barclays to:
internetsecurity@barclays.co.uk
Reporting phishing
32 | Know your cyber and fraud risks | November 2018
•Have strong passwords and use 2-factor authentication
•Make sure that all you software is up to date
•Don’t trust any link, attachment, text or number
•Have processes in place in your business for ALL payments. Make sure everybody know the process
• Take steps to make sure that all your team are aware of the risks and the steps that they can take to help
protect your business.
Barclays will not ask you for your PinSentry codes, PINs or security credentials.
You can check that a Barclays number is genuine before calling it through our
phone number checker at:
www.barclays.co.uk/security/phone-number-lookup/
Remember
33 | Know your cyber and fraud risks | November 2018
• digital.wings.uk.barclays – our platform to educate all staff members in all things digital. Please log on and complete the cyber security module to enhance your understanding
• www.cyberaware.gov.uk – HM Government site – Be Cyber Aware is a cross-government campaign funded by the National Cyber Security Programme
• www.cyberaware.gov.uk/cyberessentials – Cyber Essentials – Government-backed and industry supported scheme to guide businesses in protecting themselves against cyber threats
• ncsc.gov.uk – working with partners across industry, government and academia to enhance the UK’s cyber resilience
• actionfraud.police.uk In the UK report all fraud and cybercrime allegations to Action Fraud:Telephone: 0300 123 2040
• www.barclays.co.uk/business-banking/manage/security/ – articles and videos detailing scams to watch out for and quick tips to help protect you.
• getsafeonline.org – an online resource of advice about staying safe while online
• pcisecuritystandards.org/pci_security/small_merchant – information for small merchants
• http://www.met.police.uk/docs/little_book_scam.pdf - general scam and cyber crime information
Further reading
34 | Know your cyber and fraud risks | November 2018
@ BarclaysBizChat Barclays Business UK Barclays Business
Or search Barclays Business Fraud
Keep connected
Stay up to date with business hints and tips through social media
35 | Know your cyber and fraud risks | November 2018
Barclays is a trading name of Barclays Bank UK PLC and its subsidiaries. Barclays Bank UK PLC is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority (Financial Services Register No. 759676). Registered in England. Registered number is 9740322 with registered office at 1 Churchill Place, London E14 5HP.
Disclaimer
This document has been prepared by Barclays Business, a trading name of Barclays Bank UK PLC, and is provided to you for information purposes only, and may be subsequently amended, superseded or replaced. Barclays accepts no liability whatsoever for any loss
arising from the use of this document or reliance on the information contained herein. The accuracy or completeness of any information herein which is stated to have been obtained from or is based upon any third-party sources is not guaranteed by Barclays. All
opinions and estimates are given as of the date hereof and are subject to change. The information in this document is not intended to predict actual results and no assurances are given with respect thereto. © Barclays 2018. No part of this presentation may be
reproduced in any manner without the prior written permission of Barclays.
Barclays digital webinars Introduction to Cyber Security
Barclays is a trading name of Barclays Bank UK PLC and its subsidiaries. Barclays Bank UK PLC is authorised by the Prudential Regulation Authority and regulated by the
Financial Conduct Authority and the Prudential Regulation Authority (Financial Services Register No. 759676). Registered in England. Registered number is 9740322 with
registered office at 1 Churchill Place, London E14 5HP.
1. Barclays commissioned research to tackle SME cybercrime, published 25th April 2018.
2. Get Safe Online and Action Fraud figures, based upon crime report to the National Fraud Intelligence Bureau totaling a business loss of £1,079,447,765
between 31/03/2015 and 31/03/2016.
What is a Cyber Security webinar?
At Barclays we understand that in this ever changing digital landscape it is more important than ever to protect your business.
This webinar has been designed to give you and your staff an introduction to cyber security issues, empowering you to take practical action to be better protected.
Why should you attend webinar?
You are concerned about the potential risks and threats of cyber security and online fraud.
You want to ensure you and your staff are up to speed with the latest threats and prevention techniques.
You want to understand what help and support
is available for SMEs.
What does a webinar include?
An overview of cyber security and what it means for businesses.
A look at the main cyber threats and how to help prevent them.
Tangible next steps to help you and your staff stay safe and secure online.
Additional support and information that can
help you on your journey.
How to book a webinar
To book a webinar or to find out more, speak to your Business Banking Manager or Relationship team.
Webinars are available Monday to Friday between 8:00am – 4:00pm and delivered at a time that suits your business.
You will need a desktop/laptop computer
and telephone .
1
Did you know
£35,000 is the average loss to an SME from successful cyber attacks.1
44% of businesses have suffered an attempted cyber attack.1
95% of losses from cyber attacks result from human error.2
Let’s go forward
top related