GST software leaves SMEs open to online threats, say cyber security experts

-A +A

(May 7): Small and medium enterprises (SMEs) using goods and services tax (GST) accounting software are becoming more vulnerable to cyber threats due to its online-based system, say cyber security experts.

Due to the lack of awareness of such threats and failure to understand the risk in place, SME retailers are unaware that inability to protect their data allows hackers to penetrate their systems to obtain discrete information, including financial records and data which could cost companies a fortune.

“GST readiness has exposed a new segment of SMEs that previously did manual calculations and paper submissions into becoming computerised or online-based.

“One of the requirements for these new accounting systems was that it should be able to be used by a non-IT based user. Further to that, companies need to send their tax reports on a regular basis and ensure there is an easily accessible archive of this data available for inspection,” said Barracuda Networks regional manager Thiban Darmalingam.

The system opens another door to hackers to manipulate or steal data if companies do not have protection to keep their data electronically secure.

“Companies need to ensure all access into their business is secure. Rather than wait to be ‘robbed’, companies need to look into sealing all access ways and be able to monitor who is watching or trying to access your data,” said Darmalingam.

He said that bigger retailers would not have much of a problem adapting to the GST and installing the software while at the same time ensuring that their data was well protected because they would already have the mechanism and security solutions to handle it.

The focus, he said, was now on the SMEs that did not have the resources and manpower to protect their businesses from attacks.

“The level of awareness is still low. There is a need to educate the SMEs about the importance of protecting their businesses,” said Darmalingam.

Meanwhile, Barracuda Networks US senior product marketing manager Tony Liu said there were quite a number of threats, one of which is commonly known is ransomware, a form of malware that steals and holds up data to gain ransom.

“It is a serious threat. Imagine your data is held captive by a hacker and unless you pay them, you will lose all your data. Statistics show that 60% of companies that lose their business data will eventually shut down their business.

“With a lot of GST accounting softwares being cloud-based or requiring online updating of data, SMEs become exposed to online vulnerabilities such as this. Businesses need to plan ahead and think about storage backup for their business data,” said Liu.

In the case of Target in the United States last year, hackers were able to access their system through network credentials stolen from a third party SME vendor. This led to the credit card information of 40 million customers being stolen by hackers.

“We did not see it coming. What happened to Target was two years of ‘hacking process’. When you realise it, it is already too late,” said Barracuda Networks US senior product marketing manager (security) Ruoting Sun.

Sun said SMEs in Malaysia could become gateways to bigger corporations if they didn’t place more emphasis on security.

“As long as you are online, you are vulnerable to online threats,” he said.

Business entities in Malaysia need to be GST-ready to comply with government regulation. In order to do so, the entities need to purchase and equip themselves with GST accounting software, made available through vendors certified by the Malaysian Royal Customs Department.

The list of the vendors is available on the Customs website. The cost of the software varies between RM2,000 and RM10,000.

Recently, a restaurant owner in Shah Alam became the first person to claim trial over a charge of violating the Goods and Services Tax Act 2014.

On April 30, The Star Online reported that Raja Bunesah Begum Kamaruddin, 38, was summoned to the Shah Alam Sessions Court to hear five charges against her establishment, Restoran Hameeds Corner, in Section 16, Shah Alam.

The charge against her was for issuing about 2,000 invoices from April 7 to 11 without bearing details as required by Section 22 of the GST Act.

The government of Malaysia has been collecting RM42 million a day since the implementation of the GST on April 1.

The decision to implement the GST, however, was not popular among the people with 10,000 joining the recent May Day rally held in Kuala Lumpur demanding that the government relook the GST implementation. – The Malaysian Insider