Four tips to protect your business from cybercriminals

Natasha Gardner • October 23, 2025


In this increasingly digital age, small businesses are becoming more and more vulnerable to the threat of cybercrime. In particular, there has been an increase in supply chain attacks targeting small businesses. Cybercriminals are constantly adapting their tactics and using AI to fuel their attacks. As technology advances, so does the risk to your sensitive data.


This increasing risk means it’s more important than ever to get the basics right. The good news is, AI still can’t beat smart cyber habits. October is Cyber Security Awareness Month, so we’re here to equip you with four essential tips to safeguard your business against cybercrime.


1. Strengthen your first line of defence

Humans can often be the weak spot in a business’s cybersecurity efforts, so it’s important to have a strong first line of defence in your systems to protect your business.


It doesn’t have to be super complex or expensive – the easiest and most effective solutions are free or low-cost. 


To start with, get your security basics sorted:


  • Passwords: Strong passwords are the foundation of your online security. Use long, unique passwords for each account, and consider using a password manager to keep track of them.
  • Multi-factor authentication (MFA): MFA adds an extra layer of protection by requiring additional verification, such as a code sent to your phone, when logging in.
  • Secure products and services: Choose reputable providers that prioritise security. Look for certifications like ISO and SOC2 compliance when selecting software and services.
  • Use public wifi safely: While the most secure option is to use wi-fi at your home or office, there are a few things to keep in mind if that’s not an option:
  • Use your personal mobile phone as a hotspot – it’s significantly safer than café, hotel, or airport networks.
  • Connect to a trusted VPN first, if available.
  • Verify any wi-fi network with the venue before continuing – fake hotspots are a common scam to capture credentials.
  • Don’t access confidential or sensitive information over public wi‑fi.
  • Avoid oversharing personal information online: Attackers harvest publicly available details to tailor convincing phishing and social engineering attacks (email, SMS, voice, and social apps). Even small personal facts (roles, travel, family, habits) help them impersonate people you trust or bypass checks.


2. Educate your team about phishing

One way cybercriminals can exploit small businesses is through phishing scams, in which cybercriminals impersonate trusted individuals or organisations to trick them into revealing sensitive information through deceptive emails or text messages.


A phishing email looks like it comes from a legitimate source, but fraudulently tries to get you to provide sensitive information, such as your password or credit card details. Some of these emails might also try to infect your device by getting you to click a link to a malicious website or attachment.

However, even the most advanced phishing is still toothless if you know enough to pause, think critically about the message, and react appropriately if something doesn’t seem right.


With this in mind, it’s important to educate your team about phishing and train them to:


  • Adopt a zero trust approach: Your team motto where data is concerned should be ‘never trust, always verify’. Bake security into your processes, for example, a payment can’t be processed without specific verification steps (even if it appears to be the CEO asking you to process it!)
  • Identify phishing attempts: Teach your employees how to spot phishing emails by being on the lookout for suspicious links, urgent requests, or grammatical errors.
  • Avoid suspicious links and attachments: Encourage your employees to hover over links before clicking, and to avoid downloading attachments from unknown senders.


3. Learn how to spot a deepfake

Conventional scams are difficult enough to spot, but AI-based scams can be harder to detect and so even more dangerous. Deepfakes allow cybercriminals to create seemingly legitimate audio and video that can be incredibly convincing. Voice cloning replicates somebody’s tone and language to trick someone else into having a genuine phone conversation. 


Cybercriminals can use deepfakes to impersonate executives, clients, or even government officials. Train your team to look for signs of deepfakes, such as:

  • inconsistent eye blinking or pupil dilation
  • artificial-looking noise or distortions
  • poor lip-syncing
  • blurred or irregular shadows


4. Stay informed and vigilant, and report suspicious activity

Cyber threats are constantly evolving, so it’s crucial to stay informed about the latest scams and security best practices. Regularly update your software and apps, apply security patches, and consider subscribing to cybersecurity newsletters or blogs.


Finally, ensure you and your team report any suspicious activity. Work to create a culture where employees feel comfortable reporting anything unusual, even if it turns out to be harmless.


So, what should you do if the worst happens and your business gets attacked or compromised?


First of all, and most importantly – don’t panic. But do act quickly. Don’t be afraid to speak up – the cyber criminal wants you to be too embarrassed to tell anyone. Report the attack to your local Computer Emergency Response Team (CERT) agency or national cybersecurity agency, and if there’s an immediate threat to life or risk of harm, call the police. 


Cybersecurity is everyone’s responsibility. By following these tips and staying vigilant, you can significantly reduce your risk of falling victim to cybercrime.

More GTP Articles

Inherited assets & CGT: what to know before you sell

By Karen Grainger May 5, 2026
It’s common to inherit land, shares or other investments and assume there won’t be any tax to think about. While inheriting an asset usually doesn’t trigger capital gains tax (CGT) straight away, CGT can become an issue later—particularly when you decide to sell. What affects the CGT outcome? · When the deceased originally acquired the asset (especially whether it was before or after 20 September 1985 ). · What the asset is (a home, an investment property, farmland, shares, a business asset, etc.). · Whether it was ever used to produce income (for example, rented out) or used in a business. · Who owned it and how (for example, owned jointly, or inherited through multiple generations). Questions we commonly ask (because the answers can change the result): · When did the deceased buy the asset? (And was it inherited from an earlier estate?) · Was the asset originally purchased with someone else (for example, a spouse or sibling)? · Was the asset used in a business (and could any small business CGT concessions apply)? As a general rule, there’s usually no CGT event when you inherit an asset . However, if you sell the inherited asset later, CGT may apply—and the calculation often depends on when the deceased acquired the asset and how it was used . If the inherited asset is a home: the main residence exemption may still apply after the owner’s death, but it can depend on things like when the deceased moved out, whether the property was rented, and who lived in the property after death. Cost base (the starting point for CGT): for many inherited assets, your cost base will depend on whether the deceased acquired the asset before or after 20 September 1985 . In broad terms, if the asset was owned by the deceased before that date, the cost base is often the market value at the date of death . If it was acquired after that date, the cost base is generally carried over based on the deceased’s position (with adjustments in some cases). Where the asset is connected to a business, small business CGT concessions may be relevant. If you’re thinking about selling something you inherited, it’s worth getting advice early—before contracts are signed—so we can confirm what records you’ll need and what the CGT position is likely to be.

Possible changes to Capital Gains Tax

By Matt Richardson April 30, 2026
It is Federal Budget night on May 12 and even though you may not be an excited accountant or tax agent counting down the days, if you are an investor, it is likely there will be changes announced which will impact you. The change which is likely to be unveiled will be the Albanese Government’s approach to capital gains tax, targeting mainly share and property investors, but will also impact business owners who sell business assets. It is likely the Albanese Government will re-introduce an inflation indexation model for calculating capital gains tax. This proposed change has gained more traction in the media over the last few weeks. Currently, individual taxpayers and trust beneficiaries are able to reduce their capital gains tax on the sale of any capital investment by 50 per cent, providing this investment has been owned for at least 12 months. Please note – superannuation funds receive only a one-third discount. For an individual, this means half the gain is tax free, the remaining half of the gain is taxed at the taxpayer’s marginal tax rate. This discount system on capital gains has been in place since 1999. Capital gains tax (CGT) was introduced in 1985 and is applied to realised gains and losses on assets acquired after 19 September 1985. If an asset was purchased prior to the introduction of CGT, then it is exempt from CGT when sold. From 1985 to 1989 an indexation system was used where inflation factors were applied to the original cost, so only the “real/after inflation” gain was taxed. At this stage there has been no indication whether the changes, if introduced, would be grandfathered, to spare existing investors from any initial pain.

Keeping Your Car Logbook Simple and ATO-Compliant

By Kathryn Hamilton April 15, 2026
Keeping a car logbook is an important part of managing your vehicle expenses, especially if you’re looking to maximise your tax deductions and GST claims or reduce your FBT liability. The Australian Taxation Office requires you to keep a logbook for a minimum continuous period of 12 weeks to establish your business-use percentage. Each trip should include the date, start and end times, kilometres travelled, and the purpose of the journey. Your logbook needs to reflect your typical vehicle use and can generally be relied on for up to five years, as long as your usage doesn’t significantly change. You’ll also need to record your vehicle’s odometer readings at the start and end of each FBT year and financial year. For many small business owners and tradies, keeping a car logbook is necessary but often pushed aside during busy workdays. Manually recording trips can be time-consuming, and it’s easy to forget details after the fact. There are now several apps available that reduce the manual effort of keeping a logbook. One we often recommend, which complies with ATO requirements, is Driversnote. Driversnote is designed to simplify the process by using GPS tracking to automatically record trips. This helps ensure journeys are logged consistently without relying on manual entry. Trips can be easily categorised as business or personal, and the app generates reports that align with ATO logbook requirements. This can make it easier to stay organised and provide accurate information at tax time. The app also stores data securely and keeps a history of trips, which can be useful if you ever need to review your records. For those who regularly use their vehicle for work, tools like Driversnote offer a practical way to maintain a logbook without the usual hassle—helping keep everything accurate, organised, and in one place. If you’re unsure whether a logbook is right for your situation, contact us— one of our team can help you work out the best way to track your vehicle use and ensure your records are accurate for FBT and tax time.

Extension of instant asset write off

By Jessie Nippers April 7, 2026
The Federal Government has once again extended the $20,000 instant asset write-off , providing continued support for small businesses looking to invest and grow. Under the latest legislation, eligible businesses can access the $20,000 threshold for assets first used or installed ready for use between 1 July 2025 and 30 June 2026 . This extension means businesses can continue to immediately deduct the full cost of qualifying assets, rather than depreciating them over several years. How the write-off works The instant asset write-off allows small businesses with an aggregated turnover of less than $10 million to claim an immediate deduction for assets costing less than $20,000 (excluding GST). The threshold applies on a per-asset basis , meaning multiple assets can be written off, provided each individual item is under the limit. Eligible assets can include tools, equipment, vehicles (subject to other limits), and office technology. Both new and second-hand assets may qualify, provided they are used for a business purpose. A critical point often missed is timing. It’s not enough to purchase an asset before 30 June— it must be installed and ready for use by that date to qualify for the deduction. What happens to assets that are above $20,000? If an asset exceeds the $20,000 threshold, it cannot be immediately written off in full. Instead, it is allocated to the small business general depreciation pool and depreciated over time. Under current rules, assets in this pool are typically depreciated at 15% in the first year and 30% in each subsequent year (on a diminishing value basis). This means the tax deduction is spread across multiple years rather than claimed upfront. Why the extension matters This measure continues to deliver meaningful cash flow benefits. By bringing forward deductions, businesses can reduce taxable income in the current year, freeing up funds for reinvestment or day-to-day operations. However, the extension is temporary. From 1 July 2026 , the threshold may revert back to just $1,000 unless further legislation is passed.  This ongoing uncertainty makes forward planning essential so talk to your accountant today to plan ahead.

Fringe Benefits Tax (FBT): What Business Owners Need to Know

By Jessie Lakin March 31, 2026
Fringe Benefits Tax (FBT) is a separate tax from GST and income tax that applies when a business provides benefits to employees or other associates. With the FBT year ending on 31 March , now is the time to review any benefits provided over the past 12 months to ensure you remain compliant. Understanding Fringe Benefits? A fringe benefit is any non-cash benefit, reimbursement, or expense paid by a business that is provided instead of, or in addition to, salary and wages. A simple way to think about it is if the business is paying for a personal expense or private use of a business asset, it may be a fringe benefit. Who FBT Applies To? FBT may apply where benefits are provided to individuals who are employees or are otherwise associated with the business. This includes: Employees Company directors Associates of employees or directors (including family members) Trust beneficiaries who are involved in, or connected to, the business  For example, where a director is provided with the use of a company vehicle for private purposes, an FBT liability may arise irrespective of whether the director receives remuneration in the form wages. For businesses operating through a company or trust structure, it’s important to remember that the business is a separate legal entity . This means personal use of business assets is treated similarly to providing a benefit to an employee. Important Exception Sole traders or partnership owners using their own business assets personally do not trigger FBT. However, FBT can still apply if these businesses provide benefits to employees. Common FBT Areas for businesses While FBT can apply in many situations, the most common areas we see are: 1. Car Fringe Benefits If an employee, director or associate uses a company car for private purposes, FBT applies. Even parking the car at home overnight counts as personal use. TIP - Use the logbook method to track business-related travel and reduce FBT liability. 2. Entertainment Benefits Providing employees, directors or associates with free meals, drinks, and staff events (such as Christmas parties) may be subject to FBT. TIP - Limit to under $300 per person for minor benefits exemption, as this threshold deems the value insignificant. 3. Expense Payment Benefits If the business pays for personal costs on behalf of an employee or associate, this may be considered a fringe benefit. TIP - It’s important to distinguish between personal and work-related expenses. If the expense is work-related, the employer may be able to classify it as a business expense instead. 4. Housing and Accommodation Benefits Providing employees with rent-free housing or at a reduced rent can trigger FBT. TIP - Employers may be eligible for exemptions if housing is necessary for employees in remote areas or living away from their usual place of residence to carry out their duties. What you should to do If you believe you may be providing a fringe benefit to an employee, director, or associate, we recommend the following: Ensure accurate records and supporting documentation are maintained Complete the annual FBT questionnaire provided by Green Taylor Partners Provide all relevant information to enable us to assess whether FBT applies and assist you in meeting your compliance obligations
More Posts