finance – Fiscal Artisans

by Fiscal Artisans
February 20, 2023
Uncategorized0

2022–23 Working From Home Deductions: What’s Changed?

#image_title

The Australian Taxation Office has just released its revised methods for working-from-home deductions for the 2022–23 tax year. The main change this year is that the ATO is now more focused on making sure people are actually working from home, and not just claiming the deduction without any evidence to back it up. So if you’re planning on making a claim for working from home this year, make sure you follow these new guidelines to avoid being caught out!

From the 2022–23 income year, the methods available to calculate working-from-home deductions are the:

  • revised fixed rate method
  • actual cost method.

While the actual cost method remains unchanged, the revised fixed rate method has been updated to better reflect contemporary working-from-home arrangements, making it easier to calculate expenses and avoid time-consuming apportionment calculations.

The revised fixed rate method:

  • has increased from 52 cents to 67 cents per hour worked from home
  • removes the requirement to have a dedicated home office space
  • works out the claim for
  • electricity and gas
  • phone and internet usage
  • computer consumables
  • stationery
  • allows taxpayers to separately claim the work-related portion of the decline in value of depreciating assets – such as office furniture and technology.

The revised fixed rate method can also be used by businesses that operate some or all of their business from home to claim home-based business expenses.

If you plan to use the revised fixed rate method for your 2022–23 tax return, you need to have:

  • from 1 July 2022 to 28 February 2023 – a record which is representative of the hours you worked from home. (e.g. diary notations or a work record showing start and finish times for at least 1 month of work as a representative period of time for the year)
  • from 1 March 2023 to 30 June 2023 – a record of the total number of hours you worked from home (such as a timesheet, roster or diary) as well as evidence you paid for each of the expenses you incurred that are covered by the fixed rate method (for example, a phone or electricity bill). You will also need records for any equipment you bought to work from home, like technology or furniture (which provides details of the supplier, cost, date acquired).

    So this will mean that, for EVERY HOUR you want to claim work-from-home deductions using this method, you MUST have the time documented. While this may not be needed for your employer, it is necessary in order to be able to make a full and legitimate tax deduction at year-end.Your diary – paper or electronic – will become your best friend this year!

    There are many apps that can be used for this, or even just a consistent notation on your diary of your start and finish times, recorded daily. But recorded it must be!

Working from home is becoming more common, so make sure you know what you can and can’t claim in order to get the best return on your investment. Contact Fiscal Artisans today for expert advice on how to maximise your deductions this financial year!

CONTINUE READING
by Fiscal Artisans
September 30, 2022
Article-Images-11.png?fit=500%2C500&ssl=1
accountantBusinessCompanyDirectorsFinanceLeadershipMyGovIDPlanningsmall businesstax0

The Optus Hack – and what you (and I) need to do with our business data!

 

 

 

 

The Optus Hack – and what you

(and I) need to do with our business data!

It has become common knowledge that Optus has had its database breached.

And this has personal relevance to me, as I am an Optus mobile subscriber, with my business (mobile) number and those of my entire family impacted by the breach. I received the ‘generic’ email from Optus on Saturday (12:51 am. Nice they got it out at a time when it was likely to be buried under a plethora of spam emails), so the awareness of the issue came more from the press reports than the ‘genuine communication’ to its customers.

The key issues we need to look at here are:

  1. What was taken, and
  2. How did it happen?
  3. What does this mean in my situation?
  4. Stuart, is the data you hold on me safe?

It APPEARS (as Optus has not been crystal clear yet with this information) that their basic database information has been ‘taken’.

This includes:
Full customer name
Date of birth
Phone numbers
Email addresses
Account addresses

They claim that payment details (Bank and credit card numbers?) and passwords have not been taken – just the identification data. But that is bad enough.

Access may also have been obtained to the I.D. document details provided for the ‘100-point check’ each account holder needs to provide.

This would also mean access to items like:
Driver’s licence – state, number and expiry date;
Medicare card number and details; (They have reported that details of at least 35,000 current and expired medicare cards were accessed)
Passport details;
Other items used for verification could be your electricity account details, rates notice, etc.

The danger here is that these details are potentially enough to create a fraudulent I.D. or to assume someone’s identity to do things like:

  • Change your bank account details, and get new cards issued to defraud you;
  • Alter phone account details, and have your calls and mobile account redirected to someone else;
  • Create new credit card accounts in your name that someone else controls (and leave you with a debt or bad credit record).

How did it happen?
While Optus has been claiming that it was a sophisticated attack, it seems the reality is that they left their backdoor unlocked and the lights on. The door might not have been wide open, but it was not far removed from that situation.
Many business systems are set up to ‘talk’ to each other using an interface or ‘API’ to do so.

To explain this, here is an explanation from The New Daily
In basic terms, APIs are ways for computers to pass code between each other (such as instructions). They are often used to enable services such as Google’s weather alerts, which make use of Bureau of Meteorology data.
They are supposed to be safe because companies usually have authentication rules attached to their APIs – but Optus allegedly did not.
“What we’ve seen is there was an API where you pass a phone number, and a phone number’s just … you just keep adding one, and you cover them all eventually,” Mr Hunt said.
“So why was there an API [without user] authentications? That could be a programming error.”

So the system that Optus was using did not have enough security built into it to stop a systematic ‘guessing’ of the key to access the data. It would be like if I could get hold of your ATM card and just keep guessing your PIN time after time without ever being locked out of the process. In time, with enough guesses, I will get access and can get all of your money. In this case, it only takes one correct ‘guess’, and access is obtained to potentially the whole database.

Data security is becoming increasingly important, and more attention needs to be given to this by everyone in business – even if you are a ‘business of one’ and freelancing or self-employed. Again, look at your contact details, the data you hold on your associates, customers, and finance arrangements and think about what data you need to hold – and how secure it is.
It is often considered that your database is one of your greatest assets in a business, and the reality is, that it is also potentially one of your greatest liabilities or risk factors, as you need to ensure you are ‘protecting’ your position and that of your customer base when you undertake your activities.
So, the potential danger here is that the data obtained won’t just impact activity with Optus. It can impact people in other areas.

Like in activity with the Tax Office.

I have been asked by a concerned client to check data on the Tax Agents portal, as it appears that some hackers are trying to change details with the ATO. This could result in tax refunds landing in the wrong bank accounts, GST or other tax claims being made incorrectly, or business entities being created to defraud the government, using false names obtained via a data hack to draw funds out from the ATO.

We will be doing random checks of client data on the ATO site to make sure nothing has changed (and if you are an Optus customer, don’t hesitate to get in touch with us, and I will check your ATO data to make sure it is all ok)

So, what can you do about this?

After spending over 4 hours on the Optus ‘chatbot’ trying to get some clarity on what has been taken – and running into the same brick wall as everyone else on finding out ‘exactly’ what was released, the action that I took was as follows: (and what I would suggest is done by anyone else who is a current Optus Mobile system user)

  1. Contact VicRoads (or, if you are not in Victoria,  your local roads authority) and request a new driver’s licence with a new number. They will also ‘flag’ that the current licence may have been compromised and can’t be used for I.D. verification. I don’t think it will get you out of any speeding or redlight fines, however. Sorry about that!
    I found the process with VicRoads took all of 5 minutes and 5 lines of information. So unlike dealing with Optus, it was painless;
  2. Contact Medicare via MyGov, and request a new Medicare card for you and your entire family. They will issue a new card with essentially the same details but ‘moved on’ sequentially. Again, this will override the ‘old’ cards and make the number redundant.Again, the Medicare website has been set up to deal with this Optus issue, and the process is simple.
  3. Passports – this appears to be a harder scenario. Currently, it does not appear that the Passport office will ‘simply’ process new passports to replace any that ‘may’ have been compromised. And it will come down to finding out precisely what data Optus received and held regarding I.D. for their customers.News Flash! Optus has now agreed (Been made to!) to pay the cost of passports that need to be replaced due to data being released through this breach. The replacement process is still to be determined, so keep an eye on the Passports Australia website and contact Optus to confirm if these details have been accessed. As mentioned above, they are still to provide full details of what data has been accessed and what I.D. documents they retained on their files.
  4. There are various ‘data monitoring’ sites available (Optus is funding a 12-month subscription to Equifax to those impacted who shout loud enough) that will let you know if changes have been made to any of your accounts. It may take a bit of work to set everything up, but it will only take one notification of fraudulent change to make the subscription worthwhile.
  5. Contact your banks and financial institutions, change your passwords, online pin numbers, etc. Make sure that the systems are set up to contact you with any changes made on your accounts, so you can act quickly if any suspicious activity has occurred.

The need for security over a business’s data is significant, and everyone in business needs to look at this situation and identify the lessons relating to their own data.

As business owners, we hold a large amount of data on our clients – and also on our suppliers, financiers and associates. And, the more ‘automated’ we make things, the more data we hold to make that possible. E.G. ID numbers such as ACN, ABN, TFN, Director IDs, driver’s licences, bank accounts, addresses, date of birth, etc., are all recorded. If that data is hacked, it becomes easy for an identity to be duplicated or to change and divert the information.

  1. Look at what data you hold for your customers., clients, suppliers etc., and what security is used to access those details. And what do you need to retain once identification has been confirmed, or the ‘transaction’ has been completed?
    How is this stored and saved? Who has access to this data? What checks can you make to see if changes have been made without your knowledge?
  2. What is needed to access your database? – is it just a password, or have you set up 2-factor authentication? Many online systems require this, but I have noted that many people fail to take it up if they can avoid it. The lesson is – DON’T AVOID IT. It is like leaving the key under the mat for your front door. Sure, the door is locked, but finding the key is not as hard as you want to believe it is.
  3. Do you use the same password for multiple sites? I know, remembering multiple passwords is a Pain in the pass-word, but the frequency of database hacks makes keeping them unique more and more important. You can use programs like Last Pass to keep track of your different passwords – and create unique, hard-to-crack passwords or passphrases for each site you use. This type of system will also ‘flow’ through to all your devices, so you don’t have to keep track of them separately. (At Fiscal Artisans, we are using Last Pass, and it works well on computer browsers and mobile phone systems)Most mobile phones can also help you create unique passwords stored on the phone, so you don’t have to remember them (Just keep your phone security tight!)
  4. If you use your mobile phone to access most sites, it is not hard to see which sites have duplicated passwords – and which ones have potentially been compromised. You can usually find this in Settings/passwords/security recommendations. Your web browser (such as Google) or your computer setup may help you with this process. Keep them unique, combining UPPER and lower case letters, numbers, and special characters. And don’t use easy-to-remember words or numbers that relate to you, like your birthday, middle name, or kids’ names.

Ok, so what are we doing about this?

This is how we operate in terms of Fiscal Artisans with our data.

  1. All of our operating system access requires 2FA, meaning that as well as a password, all access requires a code that can only be obtained via my phone (which is pretty much permanently embedded with me). All staff use unique 2FA access, log-ins and passwords for their access to our systems as well.
    Unique passwords are used for all systems, and these are kept secure at all times.
  2. All paperwork and related data for clients, such as questionnaires and paper copies of data that have been emailed to our clients, is scanned, then shredded if it does not need to be saved or stored or sent as a hard copy (and the shredded paper is turned into garden compost and worm food!) so no data or client information is disposed incorrectly, or kept beyond the time it is needed.
  3. Where former clients have ‘moved on’ and are no longer using our services, any data we hold for them is taken ‘off line’ from our systems and kept in a separate archive system until the required period has elapsed. Then, after around 7 years, that data is deleted and completely purged from our systems.
  4. We only share data that you have agreed to be shared with associates and will always ‘copy you in’ to communications of data provided to third parties like finance associates, legal advisers etc.
  5. We review our systems frequently to ensure that data is stored correctly, security is maintained at a high level, and superfluous data that is not needed is removed.

We suggest that all business operators look at their systems and determine if changes need to be made to increase their security over the data they hold.

We are happy to assist and advise around your data management, and we can assist you with associates who can provide you with the services needed to improve your data security.

Meanwhile, please check your own systems and make sure that they are as secure as possible.

After all, you wouldn’t leave your front door open or leave the keys in your car would you?

Treat your data with the same level of security.

Enjoy your weekend – and check your data security!

For more information, or to discuss your own data situation, please email me at stuart.smith@fiscalartisans.com.au or call me on 0409788399.

← Back

Thank you for your response. ✨

Stuart Smith CPA
Director
Fiscal Artisans.

 

CONTINUE READING
by Fiscal Artisans
September 28, 2022
Article-Images-10.png?fit=500%2C500&ssl=1
CashflowFinanceHome LoansInvestmentPlanningPropertyReal estatetax0

How Healthy is your Home Loan

 

Book your home loan health check today

With interest rates on the rise, there has never been a better time to review your home loan.

Our team of brokers can look at the options available on the market, and compare the options to your current situation.

We can look at your rate, term, repayments, and equity, giving your loan a full check-up to make sure it’s still right for you and your current needs.

Then, if they can add value to what you already have, they will talk you through:

  • What rates are available for your loan options
  • 100% offset options on fixed or variable loans
  • How LVR (your loan to value ratio) works
  • what other options are available to you

This can also be the start of your plans to look at your financial plans, whether that be an investment property, holiday home, renovations, debt consolidation or minimisation, or helping your children get into their first place.

Click here (Home Loan Fact Finder) to download the fact finder, then send it to us at info@fiscalartisans.com.au.

We will review the information and pass it to our finance associates to analyse. They will then get in touch with your to arrange a time to talk with you and discuss your alternatives and look at the best options on the market for your home loan options.

Find out how you can pay down your home loan faster, use your equity to reduce your tax liabilities and increase your wealth portfolio and set up your future plans.

Take advantage of this opportunity, and give your home loan a spring clean!

CONTINUE READING