VinciWorks

Thought Leadership
0
8 min read

Social engineering: Don’t bite the bait

What is social engineering?

We’ve all heard of headline-making cyber attacks and the havoc they have all too often managed to wreak. This includes the 2019 ransomware attack in Texas that held 22 cities hostage for millions of dollars and lasted for several days before being resolved. These news-worthy attacks, which are usually technical in nature and often do not require any user interaction to do their dirty work, prompt organisations large and small to invest in new technologies to strengthen their defences against these malicious and damaging infiltrations.

But there’s another type of cyber attack that, while perhaps less likely to make headlines, is equally dangerous and potentially damaging to both private individuals and organisations. Social engineering is a cyber crime tactic in which hackers use psychological manipulation to trick victims into breaching security protocols or revealing private information, thereby circumventing the usual protections that cyber security tools are supposed to provide.

New course release – Email@Risk

Email comes with risks, whether in personal or professional settings. Email is usually irretrievable, and all too often people don’t think before clicking send or clicking a suspicious link. One wrong click could cripple your company in a matter of minutes. Each time we open our email, we’re diving into a world of risks.

VinciWorks’ new course, Email@Risk, is designed to help users understand what those risks are and how to take action to mitigate the risks and avoid your email address being the source of the next great data breach or embarrassing ‘reply all’.

The course takes a modern, engaging approach to training on this subject with a focus on relevant, clean design, up to date information and guidance, tips and interactive questions and exercises to ensure that staff have the skills they need to recognise and responsibly respond to a wide variety of email-related risks and threats.

Try now

DAC6 Thought Leadership
0
44 sec read

Finland reconsider XML filing for DAC6 reports

Finland flag — Finland began DAC6 reporting in July 2020

Finland, who began their DAC6 reporting back in July 2020, have recently confirmed that they will be allowing DAC6 reports to be filed via XML from the end of November 2020.

Until now, DAC6 reports in Finland were required to be submitted via an Excel-based tool. However, the new version of the Finnish reporting portal Ilmoitin.fi is expected to be opened at the end of November 2020 and will enable XML-filing. The XML schema and technical guide will be published once they have been finalised.

GDPR breaches – reporting best practice

Major GDPR fines reach a collective €270 million

Since GDPR came into force in May 2018, there have been almost €270 million worth of major fines (those with a value of over €100,000) handed to a total of 50 companies. Companies who have been hit with these fines include Google, British Airways, Marriott Hotel Group and many other big names. A transparent reporting process will help companies identify data breaches, mitigate the risks and take any action required to ensure a data breach doesn’t happen again.

Best practice for reporting personal data breaches

The EU’s General Data Protection Regulation (GDPR) requires organisations to report certain types of personal data breaches to relevant supervisory authorities. Where feasible, you must do this within 72 hours of becoming aware of the breach.

DAC6: The challenges around legal professional privilege in the UK

Legal professional privilege (LPP) is an extremely complicated topic that requires subject matter expertise. When you add DAC6 regulations to the mix, things get even more challenging.

Back in June 2020, following consultations with leading counsel, the Law Society released guidance on their approach to LPP and DAC6. A summary of this document can be found here. HMRC has reviewed the Law Society guidance, and while they cannot endorse it, they have said they have no particular concerns about the Law Society’s view.

HMRC release DAC6 reporting updates

On 2 November 2020, HMRC released an updated version of their XSD schema and user guide. HMRC also released a brief note addressing some of the specific queries raised in feedback on the previous draft of the XSD schema.

Here are some interesting points to note:

Reporting Portal

Work is ongoing on the development of the portal for DAC6 reporting. HMRC has set up a dedicated link at gov.uk, from where you will be able to access the UK reporting tool when it goes live. The newly released user guide and documents will also be published there in due course.

Argentina to implement DAC6-style legislation

In Argentina, intermediaries will be required to report domestic and international arrangements

Argentina is set to implement a new mandatory disclosure regime (MDR) aimed at reducing international tax evasion. The Argentinian law is modelled after DAC6, a European directive that requires lawyers, accountants, tax advisors, bankers and other “intermediaries” to report some aggressive cross-border tax arrangements. It is part of a broader OECD initiative to combat tax evasion, known as BEPS Action 12.

Argentina’s mandatory disclosure resolution, called General Resolution No. 4838/2020, was published in October 2020. The resolution requires reporting for domestic and international arrangements implemented since January 2019, or ones that were implemented before that but that are still active.

Ten ways to customise your compliance training

How to Customise Your Compliance Training

We are passionate about behavioural change. We believe that e-learning has the potential to surpass the classroom experience by delivering targeted, personalised content that feels relevant to every user.

But ensuring that each learner takes a course that is engaging and relevant to their specific job role and learning needs is a challenge. What’s the best way to do this?

VinciWorks is leading the way with training that is more customisable than ever and specifically tailored to each user. In many cases, a course can be customised at the click of a button, and there are many different ways you can customise a course. Here’s a quick rundown of all the things you can do to personalise a course and make it your own.

On-demand webinar: DAC6 reporting — Your questions answered

DAC6 has now been in force for over three months, with intermediaries and businesses in Germany already having to report historical transactions.

Over the past 18 months, VinciWorks has consulted with international law firms, accounting firms, corporate compliance teams and tax authorities to help them grapple with the Directive and develop best-practice for DAC6. Our webinars, core group meetings and face-to-face interactions have drawn questions covering main benefit tests, reporting in Germany, understanding hallmarks, how DAC6 affects non-legal sectors and several other aspects of the Directive.

During this webinar, we gave attendees the opportunity to have their questions answered by our Legal and Research Executive Ruth Mittelmann Cohen and Director of Best Practice Gary Yantin.

DAC6 Q&A – key topics covered

What does the DAC6 reporting delay mean?
How specific countries, such as Germany, Poland and the UK, are implementing DAC6
Updating reports after they have been submitting
Instances when reporting is the obligation of the taxpayer rather than the intermediary
Best practice for reporting in multiple jurisdictions

Watch now

No one likes a Super Spreader… of Personal Data

Fear is a great motivating factor for people to start complying with previously ignored rules and regulations – whether that applies to COVID19 or GDPR. Take for instance the increasing number of anti-maskers suddenly masking up following spiking numbers of COVID-19 deaths in their area. Like most of us not believing authorities’ dire predictions until they hit home, people still tend to be reactive rather than proactive – and even more so when an ongoing situation is rife with uncertainty.

The story of GDPR preparedness seems to follow a similar path. Although introduced in May 2018, with no dearth of heavy fines hitting businesses, there are still an overwhelming number of EU, US and UK businesses that are not fully GDPR compliant, with some that not yet even have begun their GDPR initiatives.

Like COVID-19, GDPR doesn’t seem to be going away anytime soon, although some businesses would probably like it to. So why, after more than two years, are so many organisations unable to rise to the challenge?

Prev.
1
…
108
109
110
111
112
…
170
Next