Question

1) Security & E-Business

List 5 different types of security issues that may confront a Small Business Enterprises (not all are internet based). Discuss some proactive security solutions.

Include an actual example.

Explain the recent legislation change in regards to hacking of SBE’s that meet specific conditions.

2) Budgeting for Labour Commitments

List and discuss some of the employee and payroll issues that may challenge a SBE. Select an actual example for one of these issues and discuss it in reference to the current payroll legislation.
List some of the main sources that a SBE can refer to for assistance. Explain how these sources can assist a SBE.

3) Record Keeping & Compliance

Small business enterprises must comply with the Australian Taxation Legislation. List some of these requirements inclusive of their due dates.
Discuss how compliance with the current legislation may benefit a Small Business Enterprises.

Answer 1

QUES : 1.

Different types of security issues that may confront a Small Business Enterprises :-

• #1: Malicious Code. A northeast manufacturing firm software bomb destroyed all the company programs and code generators. Subsequently the company lost millions of dollars, was dislodged from its position in the industry and eventually had to lay off 80 workers. To make sure this doesn’t happen to you, install and use anti-virus programs, anti-spyware programs, and firewalls on all computers in your business. Moreover, ensure that all computer software is up-to-date and contains the most recent patches (i.e., operating system, anti-virus, anti-spyware, anti-adware, firewall and office automation software).
• #2: Stolen/Lost Laptop or Mobile Device. Last year, a Department of Veterans Affairs’ employee’s laptop was stolen from his home. The laptop contained 26.5 million veterans’ medical history. In the end, the laptop was recovered and the data was not used; however, the VA had to notify 26.5 million veterans of the incident, resulting in Congressional hearings and public scrutiny. To make sure this does not happen to you, protect your customers’ data when transporting it anywhere on a portable device by encrypting all data that resides in it. Encryption programs encode data or make it unreadable to outsiders, until you enter a password or encryption key.
• #3: Spear Phishing. A medium-size bicycle manufacturer relied heavily on email to conduct business. In the normal course of a business day, the company received as many as 50,000 spam and phishing emails. In one case, an employee received a “spear phishing” email that looked like it came from the IT Department, and asked the employee to confirm the “administrator password.” Luckily for the company, when the employee asked the line manager for the “administrator password” he investigated further and realized the email was a scam. To make sure this does not happen to you, instruct all employees to contact their manager, or simply pick up the phone and contact the person who sent the email directly. It’s important to make your employees aware of what a spear phishing attack is and to be on the look out for anything in their in-box that looks suspicious.
• #4: Unsecured Wireless Internet Networks. According to news reports, hackers pulled off the “biggest data breach ever” through a wireless network. A global retail chain had over 47 million customers’ financial information stolen by hackers who cracked through a wireless network that was secured by the lowest form of encryption available to the company. Currently, this security breach has cost the company $17 million, and in particular $12 million in one quarter alone, or 3 cents per share. To make sure this doesn’t happen to you, hen setting up a wireless network, make sure the default password is changed and make sure you encrypt your wireless network with WPA (Wi-Fi Protected Access).
• #5: Insider/Disgruntled Employee Threat. A former employee for a company handling flight operations for major automotive companies, deleted critical employment information two weeks after he resigned from his position. The incident caused around $34,000 in damages. To make sure this does not happen to you, divide critical functions and responsibilities among employees within the organization, limiting the possibility that one individual could commit sabotage or fraud without the help of other employees within the organization.

SOME PROACTIVE SECURITY SOLUTIONS :-

1. Malicious Code (Spyware/Viruses/Trojan Horse/Worms)

According to a 2006 FBI Computer Crime Study, malicious software programs comprised the largest number of cyber attacks reported, which resulted in an average loss of $69,125 per incident. Malicious software are computer programs secretly installed on your business’s computer and can either cause internal damage to a computer network like deleting critical files, or can be used to steal passwords or unlock security software in place so a hacker can steal customer or employee information. Most of the time, these types of programs are used by criminals for financial gain through either extortion or theft.

2. Stolen/Lost Laptop or Mobile Device

Believe it or not, stolen or lost laptops are one of the most common ways businesses lose critical data. According to a 2006 FBI Crime Study (PDF), a stolen or lost laptop usually resulted in an average loss of $30,570. However, a high profile incident, or an incident that requires a company to contact all their customers, because their financial or personal data might have been lost or stolen, can result in much higher losses due to loss of consumer confidence, damaged reputation and even legal liability.

3. Spear Phishing

Spear phishing describes any highly targeted phishing attack. Spear phishers send e-mail that appears genuine to all the employees or members within a certain company, government agency, organization, or group. The message might look like it comes from an employer, or from a colleague who might send an e-mail message to everyone in the company, such as the head of human resources or the person who manages the computer systems, and could include requests for user names or passwords.

4. Unsecured Wireless Internet Networks

Consumers and businesses are quickly adopting and implementing wireless Internet networks. According to an InfoTech Study, wireless Internet networks penetration will reach 80% by 2008. While wireless Internet networks provide businesses an opportunity to streamline their networks and build out a network with very little infrastructure or wires, there are security risks businesses need to address while using wireless Internet networks. Hackers and fraudsters can gain entry to businesses’ computers through an open wireless Internet network, and as a result, could possibly steal customer information, and even proprietary information. Unfortunately, many businesses don’t take the necessary measures to secure their wireless networks. According to a 2005 Symantec/Small Business Technology Institute Study, 60% of small businesses have open wireless networks. In addition, many other small businesses may not use strong enough wireless security to protect their systems. Not properly securing a wireless network is like leaving a business’s door wide open at night.

5. Insider/Disgruntled Employee Threat

A disgruntled employee or an insider can be more dangerous than the most sophisticated hacker on the Internet. Depending on your business’s security policies and password management, insiders may have direct access to your critical data, and as a result can easily steal it and sell it to your competitor, or even delete all of it, causing irreparable damage. There are steps and measures you can take to prevent an insider or disgruntled employee from getting access to key information and damaging your computer networks.

ACTUAL EXAMPLE :

Case Study:

A former employee for a company handling flight operations for major automotive companies, deleted critical employment information two weeks after he resigned from his position. The incident caused around $34,000 in damages. According to reports, the employee was upset about being released by the company earlier than he had anticipated. Allegedly, the company’s firewall was compromised and the perpetrator broke into the employee data base and deleted all the records. Statements from the company indicate that the disgruntled former employee was one of only three people who knew the log-in and password information for the firewall that protected the employee data base.

Advice:

There are a number of ways your company can protect itself from insider or disgruntled employee threats:

• Divide critical functions and responsibilities among employees within the organization, limiting the possibility that one individual could commit sabotage or fraud without the help of other employees within the organization.

• Implement strict password and authentication policies. Make sure every employee uses passwords containing letters and numbers, and do not use names or word.

• Moreover, be sure to change passwords every 90 days, and most importantly, delete an employee’s account or change the passwords to critical systems, after an employee leaves your company. This makes it harder for disgruntled employees to damage your systems after they have left.

• Perform due diligence BEFORE you hire someone. Do background checks, educational checks, etc to ensure that you are hiring good people.

THREE NEW CHANGES in federal court rules have vastly expanded law enforcement's ability to hack into computers around the world.

The changes, to a federal court procedure known as Rule 41, were announced last week by the Supreme Court. They would let magistrate judges routinely issue search warrants to hack into computers outside their jurisdiction. The changes would also let magistrates issue a single search warrant for numerous computers in multiple jurisdictions, saving law enforcement the burden of having to obtain a separate warrant for each computer.

QUES : 2.

Challenges of Payroll Processing Faced by Organizations

1. Compliance:

It is essential that any organisation’s payroll system comply with the country’s laws as well as other employee related requirements. ‘Good corporate Governance’ has become more of a necessity now than an option. Also organizations might have to pay a high price for non-compliance. Payroll providers have to monitor changes in legislation at all levels continuously, to ensure all payroll processes comply with the changes. The payroll process should be built in such a way that it complies with the industry’s requirements, such as generating employee equity reports and council reports.

2. Accuracy:

Generally payroll is a batch process where updations happen on a weekly or monthly basis. But historical information is also important. Payroll systems should be able to provide accurate information with regards to both present and past payroll processes. Forward-looking scenarios, such as possible promotions, hikes and maternity pays should be built into the system.

3. Higher Costs:

For acquiring a payroll system and implementing it, an organization has to make a significant investment. The business has to ensure that maintenance costs remain low and technology upgradations happen at an optimal fee.

4. Safety and Security:

It is crucial that payroll data is protected from any possible data leaks. Breaches in payroll confidentiality can have adverse effects on any business. Therefore it is important to put strict internal controls in place.

5. Taxation-Related Issues:

It is not easy including accurate tax calculations in payslips. This is because tax rules are dynamic and keep changing. Regular updates are required to ensure that employees’ salaries are taxed correctly. Incorrect tax calculations can lead to penalties, inconvenience and additional work.

6.Burden on Finance Team:

A number of small and medium enterprises generally do not have a specific payroll person. Instead, they assign the responsibility to employees in the HR or accounts department. It might result in inefficiency if the person does not remain updated on legal, tax and other issues.

There are two solutions to the above challenges: outsourcing and technology. Automating most of the functions will not only help reduce the time involved in creating reports, it would also reduce errors while ensuring accuracy.

However, the issue with automation is that the tasks that are managed by technology have to be manually vetted to ensure accuracy. Outsourcing to an efficient Finance and Accounting BPO Services company, gives a company access to both talent and technology that facilitates payroll processing.

Benefits of Outsourcing Payroll Processing

Outsourcing the payroll function is a viable solution for companies that want to optimize internal productivity and investment in in-house technology. The benefits of outsourcing payroll processing to an expert include:

• Freeing up more time for key personnel
• Lower payroll processing costs
• Compliance with IRS rules and regulations
• Guidance from knowledgeable payroll experts who can answer any questions on payroll
• Leveraging the technology of the outsourcing provider
• Establishing of secure electronic systems with reduced risk of confidential information being misused
• Allocating payroll as an operating expense, rather than capital outlay
• Reduced errors, subsequent down time and troubleshooting

In conclusion, payroll processing is a considerable expense for the company and ensuring that it is streamlined is an important task. Outsourcing is one solution to help businesses to overcome the challenges of this key function.

QUES : 3.

When new tax and superannuation measures and legislation are introduced, we provide practical guidance for taxpayers deciding whether to follow the existing law or attempt to anticipate the proposed changes.

We also provide advice about our administrative approach to specific proposed law changes.

Our advice covers the options available to taxpayers and the consequences of choosing particular options. It also covers what action, if any, we'll take during the period until the final outcome of a proposed law change is known.

For the SME market segment, the ATO has a greater reliance on third party data sources for risk assessment processes. These data sources may be from other government departments, financial institutions or other third parties.286 The ATO approaches to this market segment are outlined in their publication, Tax compliance for small-to-medium enterprises and wealthy Australians (Tax Compliance) which was produced following recommendations contained in the IGT’s Review into the ATO’s Compliance Approaches to Small and Medium Enterprises with Annual Turnovers Between $100 million and $250 million and High Wealth Individuals (SME Review).