The Economic and Financial Affairs Council of the European Union (ECONFIN) has adopted the 6th Directive on Administrative Cooperation (“DAC6”), requiring tax intermediaries to report certain cross border arrangements. Under DAC6, intermediaries may be required to submit all cross-border transactions and backdate them when member states publicise their requirements.
In our upcoming webinar, Legal and Research Executive Ruth Cohen and Director of Best Practice Gary Yantin will help dissect the new regulation and give guidance on reporting and training requirements under DAC6.
In February 2018, VinciWorks introduced the Phishing Training Challenge. The short assessment evaluates the susceptibility of employees to phishing emails by testing their ability to identify red flags in dummy emails. Phishing is a particularly pernicious attack because it circumvents most IT protection layers and preys on the psychological weaknesses of employees.
The Phishing Challenge was sent out to over 16,000 people across multiple industries, including legal, finance, healthcare, engineering and IT. It presented a series of 10 emails to employees and asked them to identify the red flags. An analysis of the data found that:
15% of employees were at high risk for phishing attacks. These employees missed at least half of the red flags.
49% of employees were at medium risk. These employees missed at least a quarter of red flags.
Education level does not affect risk level
The study did not find significant differences across industries. This is important because there might be a tendency to assume highly educated people, such as City lawyers, are at lower risk. This is not the case. The study included over 4,000 people from top-100 law firms. Their results mirrored those of other respondents.
Refresher training improves results significantly
The study found that employees who retested with new emails using VinciWorks’ Phishing Challenge 2.0 performed significantly better. In the refresher challenge with completely new emails and red flags, only 5% of employees were deemed high risk and 38% medium risk.
This improvement is likely due to the fact that employees had a more suspicious mindset and they were familiar with the basic red flags of phishing.
What is phishing?
‘Phishing’ is a cyber-security attack where hackers fraudulently pose as a trustworthy person in order to trick you into revealing information. This is usually done via email, but phishing also takes place by phone or text message.
Phishing attacks can be devastating. They have been the cause of major cyber outages in recent years, paralyzing international companies and even whole countries with devastating effect.
Preventing phishing attacks is not just the job of IT departments. It is everybody’s responsibility. One wayward click on a phishing email could let hackers infect your company’s entire system, causing untold chaos and bringing your business to the brink of crisis.
About the Phishing Challenge
The VinciWorks Phishing Challenge is a hands-on, practical assessment and phishing training tool in which users learn how to identify a phishing threat. Through a series of real phishing emails, users are quizzed on the common red flags that appear in scam emails.
The Phishing Challenge uses real-world examples to educate on the importance of cyber security. It can be used as refresher training for cyber security, or as a way to identify individuals within the organisation who are at high risk of falling into a phishing trap.
The red flags include:
Email sender’s name and address are inconsistent or unusual
Subject line is generic, such as ‘your account’, ‘valued customer’ or ‘invoice’
The message does not contain your email address in the ‘To’ field
There is an urgent tone, prompting you to take immediate action
The email prompts you to click on links and take further action
You do not recognise the sender’s name, or there is no sender that can be verified
There is an attachment to the email with a .zip or other unrecognised file extension
The message is written in awkward or poor language
Hovering over a link displays an unexpected address
The EU’s General Data Protection Regulation (GDPR) has now been in force for a while. The regulation increases the responsibility and liability of organisations, with hefty fines having already been handed to Google by French authorities and other giants such as Whatsapp and Facebook facing investigations.
How often should staff take GDPR training?
The Information Commissioner’s Office (ICO), the UK’s data protection authority, spells out that staff must be trained, and regularly. The ICO states:
The GDPR requires you to ensure that anyone acting under your authority with access to personal data does not process that data unless you have instructed them to do so. It is therefore vital that your staff understand the importance of protecting personal data, are familiar with your security policy and put its procedures into practice. You should provide appropriate initial and refresher training.
The Economic and Financial Affairs Council of the European Union (ECONFIN) adopted the 6th Directive on Administrative Cooperation (“DAC6”) requiring tax intermediaries to report certain cross border arrangements.
The new EU rules which aim to clamp down on aggressive tax planning are set to impose a huge compliance burden on taxpayers and their advisers, potentially even in circumstances where there is no tax benefit at all.
VinciWorks’ DAC6 course, DAC6: Fundamentals, will help all entities who may be considered tax intermediaries develop an understanding of DAC6. The course follows a flow-chart navigation and includes example scenarios to help users understand DAC6. VinciWorks also offers a DAC6 reporting tool to help intermediaries easily keep track of and report cross-border transactions.
GDPR has been law across Europe since 25 May, 2018. It represented a sea-change in how companies must treat data. For any complex regulation, training is one of the best ways to mitigate the risk of things going wrong, and support staff to do it right. Online training is particularly effective when it comes to GDPR training because data protection is about the practical, every-day requirements of keeping data safe and secure.
An ongoing programme of effective GDPR training has many benefits, including:
Increased job satisfaction amongst employees who know they are following best practice across the board
Improved processes and procedures inside the organisation
Reduced maintenance costs
Improved consumer confidence and trustworthiness
Better data security and reduced risk of a data breach
Potential to enhance the reputation of the company as being at the forefront of data protection
The Global Slavery Index estimates that on any given day, there are 15,000 people living in conditions of modern slavery in Australia – a shocking number in a modern, developed country like Australia.
Following consultations with the business community, the Australian Modern Slavery Act 2018 went into effect on 1 January 2019. This comes four years after the British implemented their own Modern Slavery Act. The Act complements Australia’s existing criminal justice response to modern slavery, which includes specialist police investigative teams, a dedicated victim support program and a National Action Plan on Human Trafficking and Slavery.
Compliance with the General Data Protection Regulation (GDPR) is an ongoing process. Organisations should regularly review and update their policies and data collection processes, as well as take training. The best way to refresh staff’s knowledge is to enrol them in a new course around once a year, rather than simply ask them to take the same course they took a year ago. As we approach a year since GDPR came into force, VinciWorks will be adding a new course to the GDPR training suite that includes both refresher training and advanced modules.
How does the course work?
The recommended use of GDPR: A Practical Overview is to put all staff through the basic six modules, and to add advanced modules to specialised staff in certain departments. However, the course can be customised to provide any number of modules in a variety of combinations depending on your industry and data protection training needs.
The UK is obligated to transpose Directive (EU) 2018/843, commonly known as the Fifth Money Laundering Directive (5MLD), into national law by 10 January 2020. Despite Brexit and the flexible date of Britain leaving the EU, the terms of the implementation of 5MLD are set out in the Withdrawal Agreement between the UK and European Commission. Even if such an agreement doesn’t end up being the foundation of Brexit, the 5th Directive will need to become law in the UK.
In April 2019, the UK government launched its consultation on transposing the Fifth Directive into UK law. It contains a number of important expected changes and additional obligations all compliance officers should know about. For those who wish to respond, the consultation is running until 10 June 2019.
Here, we provide a comprehensive accounting of all the key changes compliance officers should know about the Fifth Directive.
The General Data Protection Regulation (GDPR) has been in full force across the EU since 25 May 2019. As of 25 January, 2019, eight months to the day since GDPR came into force, national data protection authorities reported nearly 100,000 complaints from concerned citizens. Google has already been fined by French authorities and several social media giants are currently being investigated.
The law applies to all businesses with customers in the EU, no matter where in the world they are based, and mandates much stricter data protection rules than ever before.
GDPR compliance should be an ongoing process and business must regularly review and, when necessary, update their policies, procedures and training to maintain compliance.
As a companion to our GDPR training suite, we have updated our GDPR compliance guide. The guide is suitable for both organisations who are fully compliant and would like to review the requirements of GDPR and those who have yet to reach full compliance.
Is free will an illusion? Determinist philosophers might think so. Ancient Greek thinkers Leucippus and Democritus were two of the first to theorise that all processes in the world were due to a mechanical interplay at an atomic level, precluding the idea of human beings exercising any kind of free will in a universe operated by deterministic forces.
Aristotle, however, stated that we have the power to do or not to do, and free will can exist when we are aware of the particular circumstances of our actions. However, he still left unanswered the question of defining the choices we make based on causes outside of our control.