Business

Why weak personal security is a risk to business too

Many businesses are becoming better protected in the IT sphere, argues Jono Wilson of Barnett & turner, but the lax personal security of employees can still pose a risk.

We’ve all become quite used to the idea of enterprise security. In business environments, there are often well-defined procedures and protocols for using IT and most companies understand the potential risks.

But what about our personal security? We’re often less careful outside the work environment and many of us have a large digital footprint.

Email is a particular concern. If you think about it, your email address is a linchpin for pretty much everything else you do online. It’s the primary building block for most authentication. If you need to reset a password, where does the link get sent?

Many of us can get quite lax over password protection too. We’re asked to remember so much information for so many different online contexts, we end up going for the easy option and repeating the same letter/number combination.

Perhaps in a business, you’re encouraged to change your password every 30 days. But when did you last change it with your home ISP? In some cases, it can be five, ten or even fifteen years ago. So if there’s one thing you definitely do as a result of reading this short article, my plea would be that you go and change that personal password. Don’t put it off until next week or next month, as it’s way too easy to forget.

If someone manages to get into your personal email, it can easily help them to gain access to other services too. A door is thrown wide open. And this can have a knock-on effect to the enterprise environment too, as it may be that personal emails feature in multi-factor authentications.

Another issue is that people may not even know their personal email has been compromised and, if they do find out, they lack the expertise or resources to sort things out.

One very useful free site is https://haveibeenpwned.com/. You simply type in your email address and it will give you a description of any compromising activity on the account. At least then, you’re aware and in a position to take some action.

As a business owner or manager, it may be worth talking to your staff about the potential issues that arise with private security online. After all, there’s no point in investing in your own security when it can be undermined by the personal email accounts of your employees.

If you would like to discuss anything related to this article please do not hesitate to call Barnett & Turner on 01623 659659 or email Jonathan at jwilson@barnettandturner.co.uk

Helping employees live your brand

How your staff can become ambassadors for the business… Jono Wilson, managing partner of accountancy firm Barnett & Turner, shares his insight on how your team members can play an important role in promoting your brand.

Your company’s brand is one of your most valuable assets. It’s what differentiates you in the marketplace and cements your reputation. When employees believe in the brand, a business will prosper. So here are a dozen quick tips for ensuring that everyone is playing their part in the process.

Ensure brand alignment

It’s essential to ensure that both employees and the leadership team understand what your brand stands for. Any lack of clarity from the top will mean employees don’t understand what is expected of them, which will translate into a confusing experience for your customers.

Communicate the vision

Make sure your employees understand the brand proposition. It’s vital that everyone is speaking from the same page when it comes to who you are and what you do, so make sure you have communicated the vision effectively. How can your team deliver on the corporate brand promise if they aren’t clear about what it is?

 Keep it simple

Your brand needs to have simplicity at its heart. Some marketers can alienate their internal audience by creating an overly complex brand structure that is difficult to execute for employees.  

Make your employees the hero

Celebrate your employees in your brand materials and put them front and centre. Ditch the generic stock imagery or shots of your slick new building and create imagery centred around your teams. 

Educate your employees

Provide your employees with training and guidance about how to represent and live the brand. Map out the customer journey with them, helping them identify what materials to use and how to ensure a cohesive brand experience.  

Create great content

You must create compelling and relevant content that will inspire employees to spread the word. Company news, articles and press releases can be fine, but interactive and design-rich media such as infographics, images and videos will work much better.

Invest in design

Make your employees proud of your brand and its content by ensuring it looks the part. Today people are far more design savvy than ever before and regularly consume design-rich content. Make sure your brand can stand up against not just your competitor set, but also the brands that your employees are interacting with. 

Don’t be over-protective of your brand

You should have the confidence to let employees present your brand in a way that feels authentic to them. Give them the understanding, tools and guidance and then let the brand breathe. Not every employee is the same and one size does not fit all. Different types of people require different tactics in order to turn them into brand ambassadors, so try to have as flexible an approach as possible and build a full brand tool kit that they can draw from.

Don’t be afraid of social media – let employees tell the brand story

When social media first became popular, many employers banned its use at work because it was a distraction. If you want your employees to post, tweet and snap about your business, you’ll need to relax those rules. Also, give employees the opportunity to attend industry events and conferences where they can meet clients and get the chance to promote the brand to their peers or competitors. 

Make it easy to share and keep them informed

Send out a weekly company-wide email that includes all content (news, articles, events, images etc) that employees can share. They know their clients best and can send on information that is timely and accurate. You should also encourage employees to follow, like and share the firm’s social media updates with their networks. 

Internal networking

Encourage internal networking by providing a forum for staff to interact with each other. It will help facilitate sharing of information, peer-to-peer learning and idea generation. You would be surprised how much practical insight can be brought into your branding communications.

Listen and act on feedback

Engage in a two-way dialogue with your employees. Invest the time to listen to your staff and provide them with a forum to influence the direction your brand takes. This might include an annual survey where employees can provide candid anonymous feedback. 

Finally, remember your brand is not static. It can morph over time and should be as dynamic as your organisation and its people. Always look for it to evolve.

If you would like to discuss anything related to this article please do not hesitate to call Barnett & Turner on 01623 659659 or email Jonathan at jwilson@barnettandturner.co.uk

,

Ransomware - are your systems protected?

,

Ransomware is a word that can strike fear into businesses and individuals alike, especially after the recent news articles about the NHS infection and other global attacks from WannaCry and its derivatives.

So what exactly is ransomware?

It’s a malevolent piece of software which goes through your computer files and ‘encrypts’ them so they cannot be opened or ‘decrypted’ without a special unlock code.  Once the files have been altered, the ransomware then displays a message explaining how much it will cost to obtain the unlock code and how long you have until the files are destroyed.  Some users have reported that even though they have paid the fee, they’ve not received the unlock code and lost their files.

Ransomware is not a new thing; it has been around in various forms since 1989. It’s only recently been making the headlines due to the untraceable nature of new payment methods, such as Bitcoin.

How is it spread?

The most common method of transmission is through email attachments sent to you (eg inside Word documents, pdfs, spreadsheets etc), although your machine can also be infected by other machines on the same network already infected by the ransomware.  This can even happen at home if you have multiple computers connected to the internet at the same time.

There are many types of malware all working in different ways to achieve the same result, blocking you from your files.  Once you are infected, your options are limited: you either pay to release your files, pay a specialist to try to recover them (not normally successful) or lose all the data.

What can you do to reduce your risk or the impact of infection?

There are a number of simple and inexpensive ways to stay clear of ransomware

·      Keep your antivirus and Windows Defender updated

·      Keep your machine updated with the latest Windows updates issued by Microsoft

·      Review all emails and their attachments before opening them.
 

If the email is not from a sender you expect or recognise (ie a friend, bank, gas/electric supplier, online shop etc), then delete it.  If it is from a known source, don’t just open it, as people can fake where emails are from. Have a look at the content and the attachment name and see if they are related. Just as importantly, ask yourself whether you expected an email from the sender. If you are at all concerned, delete the email.

Make a copy of your files to a portable storage device, such as a USB stick or a USB hard drive which is only connected to your computer to back up your files. Alternatively, you could use a DVD/Blu-ray disk or one of the many cloud storage options available on the internet. You should also create a factory reset disc or learn about ‘Restore Factory Settings’.

If your computer is running a version of Windows pre 8, 8.1 or 10, then you can create a factory reset disc/ USB drive.  For Windows 8, 8.1 or 10 users, you have the facility to ‘Restore Factory Settings’. In both cases, this wipes all information from your computer and reinstalls Windows to its original factory configuration.  Once complete, you will need to reinstall your software and upload your files from the location in which you stored them.

While ransomware can be disastrous for the unprepared, following these straightforward suggestions can alleviate your main fear: the loss of business or personal data.

 If you would like to discuss anything related to this article please do not hesitate to call Barnett & Turner on 01623 659659 or email Jonathan at jwilson@barnettandturner.co.uk

,

Could changing your accounting date help reduce your tax bill?

,

If you’re an unincorporated business (a sole trader or partnership), you have free choice when it comes to your accounting date says Barnett & Turner’s Jono Wilson. Some choose a date for commercial reasons – for example to fit in with a cyclical trading pattern or to fall in a slack period – and for others the logical choice may be 5 April (or 31 March) to align with the tax year.

Choosing the right year end will not only make life administratively easier for a business, but choosing a year end other than 5 April (or 31 March) can also give you a cash-flow advantage and create outright tax savings, if the circumstances are right.

Depending on the choice of accounting date, new businesses and individuals joining existing partnerships may see some of their profits taxed twice because of special rules which dictate when – and to what extent – business profits are assessed. Profits taxed twice are known as “overlap profits”. 

Businesses trading when self-assessment was introduced in 1996/97 may be carrying overlap profits and changing a business’ accounting date can also cause profits to be doubly assessed.

The value of any doubly assessed or overlap profits is subsequently carried forward and given as a tax-reducer when a business ceases, when an individual leaves a partnership and on certain changes of accounting date.

The thought of profits being taxed twice naturally gives rise to a common misconception that overlap profits are bad. In reality, a change of accounting date can be used to your advantage, which is illustrated in the very simple case study below.

 A partnership with a 30 April year end went from being highly profitable to being loss making, almost overnight. A 30 April year end is great, as it allows a lengthy period between making profits and paying tax on them, but, where a business falters as above, tax becomes payable when the business has no cash (unless it has a very prudent and very disciplined tax provision policy). In this case, changing the year end to 31 March enabled the partners to use their significant overlap profits and it also enabled earlier access to trading losses; this not only created significant cash-flow benefits for the business, but it also got rid of the overlap profits.

A few years later, the business returned to significant profitability, almost as spectacularly as it became loss making, resulting in significant tax bills made worse by the catch-up effect of a large self-assessment balancing payment plus payments on account. In the light of this, the partnership year end was returned to 30 April, which created some new overlap profits, but it also had two additional and significant benefits:

o   It deferred payment of significant amounts of tax by 12 months, creating positive cash flow and allowing the business to get its tax provisioning in check; and

o   It pushed profits into a later tax year, giving the opportunity to undertake some income tax planning and reduce the deferred tax liabilities.

So if you’re unincorporated and interested in finding out more about this specific issue of your accounting date, it’s certainly worth starting a conversation with your accountant.

If you would like to discuss anything related to this article please do not hesitate to call Barnett & Turner on 01623 659659 or email Jonathan at jwilson@barnettandturner.co.uk

Are you really geared up to tackle fraud?

While many businesses believe they are doing all they can to counter fraudulent activity, they often lack the latest data analytics, argues Jono Wilson of Barnett & Turner. And that could prove costly.

Many companies still rely on old-fashioned human intervention to spot potential fraud, but in the modern era they may well be missing a trick. Data analytics are an excellent tool and can prove to be surprisingly cost-effective.

There are actually numerous tests available to help you identify red flags.

Take occupational fraud schemes, for example. You can easily compare purchasing rates between vendors and look for discrepancies or search for vendor preference patterns. 

Why not check sales prices and margins by customer? If you find unexpected anomalies or unusual pricing, it could suggest an internal fraud involving a member of your staff. 

Be on the look-out for ‘kickbacks’ too – expense reimbursements or sizeable petty cash withdrawals prior to an important contract being signed.

And it’s often useful to focus on the sums involved in cash payments to agents or customers, as round figures can be revealing of suspicious activity.

Some organisations will undertake a very good data matching test by comparing payroll records (name, address, postcode, bank account details) with records on a suppliers’ list. Any duplications will automatically raise concerns.

You might well think that your internal or external auditors will be doing this kind of work, but have you actually checked that they’re making use of the latest data analytics themselves? Of course, it’s also possible for you to invest in the tools yourselves. The important thing is to be proactive and to avoid complacency that might cost your company a lot of money. 

Did you know?

·      A typical organisation loses 5% of revenue each year through fraud

·      Smaller firms will usually have far fewer anti-fraud controls in place than larger ones

·      The more authority a person has within a business, the greater the scale of their typical fraud

·      Organisations with specific anti-fraud controls in place reduce losses significantly and detect frauds up to 50% quicker

Source: Report to the Nations on Occupational Fraud and Abuse, 2016, Association of Certified Fraud Examiners

If you would like to discuss anything related to this article please do not hesitate to call Barnett & Turner on 01623 659659 or email Jonathan at jwilson@barnettandturner.co.uk

,

Businesses prepare for tightening of data rules writes Jono Wilson of Barnett & Turner Chartered Accountants.

,

Next year’s General Data Protection Regulation (GDPR), which comes into effect on 25th May 2018, is causing quite a lot of angst among IT professionals, marketers and other business people. And the UK’s exit from the EU isn’t necessarily going to change things. Whatever your personal view on Brexit, you might be forgiven for thinking that British businesses are no longer going to have to worry too much about EU regulations.

The reality, however, is that directives from Brussels are still going to be a fact of life until the point of formal departure.

There is a further reason, however, to take note of the GDPR.  According to the trade magazine and website Computer Weekly, the rules will affect any UK business which offers any type of service to the EU market, ‘regardless of whether your business stores or processes data on EU soil, and whether the UK stays in the EU or not’.

The UK Information Commissioner’s Office describes GDPR as operating on similar principles as the Data Protection Act, but with an added layer of detail and an additional concept of accountability. So what are the key issues you’re likely to confront?

Lawful processing

If you are processing personal data, you need to have a legal basis for doing so and must be able to document it. Relying on someone’s consent? Well, you may be find that they have greater rights in future – particularly to have their data deleted.

Consent

People need to take affirmative action to give consent to their data being used. If they are silent or you have pre-ticked boxes for them, that won’t count.  You need to record when and how the consent was given. What’s more, it can be withdrawn at any time.

The rights of individuals

The GDPR gives a number of protections to individuals that your organisation must observe:

The right to be informed – you need to provide ‘fair processing information’, which will usually involve a privacy notice. It’s important to be transparent over how you use data.

The right of access – individuals will have similar rights to those under the Data Protection Act. They can ask you to confirm you hold data and request access to that data.

The right to rectification – if information you hold is incorrect or incomplete, an individual has the right to demand that you correct it.

The right to erasure – also known as ‘the right to be forgotten’. Someone is entitled to request that you delete or remove personal data if there is no compelling reason for your continuing to process it.

The right to restrict processing – if an individual asks for the processing of their data to be blocked, you must respect their request. You are only allowed to store the data and retain enough information to ensure their wish is respected.

The right to data portability – this allows people to obtain and then reuse their data – transferring it from one IT environment to another.

The right to object – an individual can object to profiling conducted in the public interest or for direct marketing purposes. They can also object to the use of data for scientific or historical research and statistics.

The detail of the regulations is understandably complex, so if you feel that you are likely to be impacted, it’s important that you read more online or take professional advice on how to prepare.

https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf

If you would like to discuss anything related to this article please do not hesitate to call Barnett & Turner on 01623 659659 or email Jonathan at jwilson@barnettandturner.co.uk

, ,

Could your generosity end up costing you? - Make sure you don’t lose out writes Jono Wilson of Barnett & Turner.

, ,

If you’ve given some money or household items to a charity recently, the chances are you’ve been asked whether you’d like to ‘Gift Aid’ your donation. The representative of the charity will have told you that this claim increases your gift by 25%.  So, for every £80 donated, the charity receives £100 – made up of your own donation of £80 and £20 of tax reclaimed from HMRC.

On the face of it, the Gift Aid option may seem like an obvious choice, but there is a potential downside.  If you have not paid sufficient income tax or capital gains tax during the year to cover the reclaimed tax, HMRC will require you to make up the difference, which may result in an unexpected tax bill due to your generosity!

It’s an issue which is likely to take on a greater prominence, as recent changes to the way in which investment income is taxed will result in many individuals ceasing to be taxpayers:

  • Prior to 6 April 2016, dividends were received with a notional credit which was included when calculating tax paid for Gift Aid purposes, but the notional credit has now been abolished and the first £5,000 of dividend income (decreasing to the first £2,000 from 6 April 2018) is taxed at a rate of 0%; and

 

  • The savings rate of income tax offers another 0% tax band available to individuals with interest income falling within the first £5,000 in excess of their personal allowance.

These changes will disproportionately affect pensioners with modest incomes and owners of companies who remunerate themselves in the most tax-efficient way.

Many of the individuals that will be impacted by this change are not required prepare tax returns each year. It does seem likely, however, that because of HMRC’s digital and information gathering powers, they will soon be able to identify non-taxpayers who have made Gift Aid donations and pass on an unexpected bill to the donor.

It’s therefore worth considering your own position, as well as that of those close to you. You may have some options to ensure that neither you nor the charity lose out.

If you feel that you might be caught out, but your spouse would not, it’s worth considering getting them to make the donation instead.

If you are the owner of a small company, it may be possible to make the charitable donations through the business, rather than on an individual level.  Although a company cannot make donations through the Gift Aid scheme, it should receive corporation tax relief on the donations and there may be scope to increase the amount you give to reflect this.

If you believe that you may be adversely affected by these changes, it’s worth having a chat with your accountant.

If you would like to discuss anything related to this article please do not hesitate to call Barnett & Turner on 01623 659659 or email Jonathan at jwilson@barnettandturner.co.uk

, ,

Prepare to go public: the gender pay gap under scrutiny

, ,

From April 2017, the Government expected companies to be open about the pay gap that exists between male and female workers says Jonathan Wilson of Barnett & Turner. The move is a response to a large body of evidence, collected over many years, which shows men tend to get the better deal when it comes to salary. And that’s despite the fact that the Equal Pay Act (now largely superseded by the Equality Act) was introduced as far back as 1970.

According to the Office for National Statistics, the gender pay gap for full-time employees in 2016 was 9.4%. The gap for all employees, both full and part-time, was 18.1%. Although both figures are down since the 1990s, they are falling fairly slowly.

In the hope that public scrutiny will force private-sector employers to act, large businesses are now required to publish data on the pay gap every year. The rules apply to any company employing at least 250 employees as of 5th April each year. By 4th April 2018, businesses are expected to publish their data on their websites.

The Equality Act 2010 (Gender Pay Gap Information) Regulations of 2017 says they will have to let the public know:

▪ the organisation’s overall gender pay gap (expressed as a percentage), using both the mean and median hourly rate of pay for female and male employees;

▪ the proportion of male and female employees in each of the organisation’s four pay quartiles;

▪ the organisation’s overall bonus gender pay gap (expressed as a percentage), using both the mean and median bonus payments received by female and male employees over the preceding 12-month period;

▪ the proportion of female and male employees who received a bonus in that period.

For the purposes of this exercise, a ‘relevant employee’ is defined as being anyone working ‘under a contract personally to do work’. This means that casual staff and self-employed contractors need to be considered – both in terms of headcount and also the financial rewards they receive.  There is, however, a recognition that if you don’t have the relevant data about an individual – or it’s not reasonably practicable to obtain it – you don’t have to include it in your calculations.

So, what should your business be doing to ensure you’re complying with the law? First of all, establish if you are a ‘relevant employer’ under the terms of the regulations. If you believe you are, then start the process of analysing your employees’ remuneration packages and assembling the necessary information to make your calculations.

Remember, if there is a significant pay gap within your organisation, it may have PR implications for you. So now is the time to start thinking of the narrative you may choose to publish alongside the figures – explaining why there’s a discrepancy and informing the wider world of what you’re doing to address it.

If you would like to discuss anything related to this article please do not hesitate to call Barnett & Turner on 01623 659659 or email Jonathan at jwilson@barnettandturner.co.uk

,

Do all the government’s noughts and ones add up?

,

PETER WILKINSON of Barnett & Turner’s Associate firm, Langtons has been closely involved in discussions of the government’s plans to digitise the tax reporting system. Here he gives his own perspective on a number of the questions accountants and their clients are asking. Is the whole ‘Making Tax Digital’ project actually going ahead?

Yes. A number of related consultations were launched in November last year, but it’s pretty clear the plans will proceed, albeit with a few fairly minor concessions. We were hoping to get the final shape of it in the Finance Bill. However, this is light on detail and it is clear that a lot of the rules are going to be made by regulations, which will minimise parliamentary scrutiny.

The plans are controversial, aren’t they?

Again, yes. The Treasury Select Committee, chaired by Andrew Tyrie MP, supports the principle of digitisation. At the same time, they’ve gone through the proposals in forensic detail, taken evidence from a variety of people including the Federation of Small Businesses, and concluded that a year’s lead time for the project just isn’t enough. At the moment, their feeling is the supposed benefits just aren’t proven. They recommend pilot schemes to see how the idea works in practice.

What will the new regime actually mean for businesses?

Effectively, you’ll be making five tax returns a year. HMRC doesn’t see it that way, but you’re going to be expected to report quarterly on your income, expenditure and taxable profit. If that’s not a tax return, then what is? You can paint stripes on a horse, but that doesn’t make it a zebra!

You’ll then have to put in a further return at the end of the year, making corrections as appropriate to your earlier submissions. You will need software to upload the relevant data to the Revenue.

Will smaller businesses be able to cope?

That’s a good question. HMRC assumes that everyone will use business software and it will be a straightforward data dump. But a lot of small businesses don’t have the correct level of sophistication. Can their software deal with debtors and creditors, for instance? With stock and work in progress? We’ve been told that it will be possible for very small companies to submit three-line accounts – their turnover, expenses and profit.  But if that’s it, there does really seem little point to the whole exercise.

Are there any exemptions?

Practically none. Your turnover would have to be lower than £10,000 per annum to stay outside the new digital system.

Could it be that we’ll have to pay tax quarterly?

For the moment, the answer is no, although many people have speculated that this may be the long-term goal of the government.

What are the cost implications for business?

It seems very likely that larger accountancy bills will become the norm. And although there’s some suggestion that companies may be able to continue using Excel spreadsheets with some kind of technological bolt-on, the chances are you’ll need some new software. The government is trying to persuade developers to offer this for free, but whether that comes to fruition remains to be seen. There is bound to be expense in setting the new system up, training people in its use and so on.

If you would like to discuss anything related to this article please do not hesitate to call Barnett & Turner on 01623 659659 or email Jonathan at jwilson@barnettandturner.co.uk

,

Connecting the farmhouse: the challenges of technology in rural areas

,

When you live in a rural community, it’s not always possible to access the services city-dwellers take for granted, writes Jonathan Wilson of Barnett & Turner, Chartered Accountants. If you’re based in a big town or city, you tend to take access to the internet for granted. It’s one of those services that you expect to find alongside water, gas, electricity and other utilities.

Travel out into the rural heartlands and you’ll see a rather different picture though.

In farming country, some of the properties are just too remote for BT (which has a near monopoly on the installation of fibre connections around the UK) to view as financially viable. Taking a cable to a farmhouse a mile or more from the nearest road seems to be a step too far. In fact, communications regulator OFCOM noted in December 2016 that nearly a million rural properties didn’t have decent broadband connections.

There are a number of proposed solutions to this problem, including opening up the market to small providers and offering vouchers to residents, who may ‘club together’ to select the service which is most cost effective.

In the meantime though, there is a real issue for farmers, in that HMRC assumes that everyone will be filing returns online as part of the government’s imminent Making Tax Digital strategy.

The days of an old-style paper-and-pen VAT return and a paper cashbook are now numbered. We live in a world of cloud-based accounting, but it presupposes access to the web. A flaky 3G signal on a mobile isn’t really a practical or reliable option and dongle-based access is highly expensive.

As farms pass between the generations, more and more of our clients are committed to the idea of online accounting, but are frustrated by the broadband service available to them.

In the short term, the best option may be a quarterly meeting with your accountant. Inevitably, there would be a cost implication, but your professional adviser is likely to be based in a town and have high-speed web access. There may, of course, be an advantage to these more regular get-togethers. You can use them as an opportunity to ask questions and seek advice, while your accountant can keep a closer eye on the state of your finances in real time.

If you would like to discuss anything related to this article please do not hesitate to call Barnett & Turner on 01623 659659 or email Jonathan at jwilson@barnettandturner.co.uk

Need business advice?