Avisar Charter Professionals - Pay The CRA

How Do I Make a Payment to the CRA?

One of the most common questions we hear from our clients is “how do I make a payment to the CRA?”

The Canada Revenue Agency (CRA) offers a number of options for making payments, allowing you to choose the payment method that best suits your immediate needs. In the past, the only options available to taxpayers (individuals or businesses) would have been to use a remittance form provided by CRA to pay at the bank teller or by mail through Canada Post.

The remittance forms had magnetic ink encoding so the payment would be applied to the correct taxpayer and tax year. These old-school remittance forms are still provided by CRA but only by special request as they are intentionally moving toward more electronic options. Even though we all know change can be hard, we believe these new options are actually easier for taxpayers.

Electronic Payment Options for The CRA

The two most common electronic options are making payments using your financial institution’s online banking bill payment service or via CRA’s My Payment service.

Payment using online banking is as simple as setting up a new payee, like a utility bill or credit card. For individuals, you simply enter your SIN for your account number and select the payment option (e.g., payment on filing, arrears balance or installment).

Businesses typically have to select “Business Tax Payment” or a similar option within bill payments to get to the CRA payments. Once there, you select the type of payment (GST, corporate tax or payroll).

Most banks also allow you to file your GST or payroll remittance at the same time as payment.

CRA’s My Payment service has been around for a number of years and accepts Interac Debit, Visa Debit or Debit Mastercard payments. It uses the same login information as your online banking account (so you don’t have to remember another dreaded password). Unlike online banking which can take a day to process, with My Payment you get an immediate confirmation, great for those last-minute tax payments. Important note: credit card payments are not accepted through the My Payment service.

The steps for My Payment are very similar to online banking: first, select your payment type, account number, payment period and amount. Once you are happy with the payment to be made, confirm and click “Pay Now” to proceed to select the bank to pay from.

Did you know that you can set up pre-authorized debit (PAD) payments to CRA? PAD payment agreements can be set up for a one-time payment or for a series of payments (like installments). You can create a PAD payment agreement in your CRA My Account or by asking that your electronic filer completes and files form T185, Electronic Filing of a Pre-authorized Debit Agreement.

Of course, we would be remiss if we left out credit card payments, we all love the points! The option is available, but it’s not free. Two third-party providers, PaySimply and Plastiq, accept credit cards for a fee of about 2.5%.

In-Person Payment Options for the CRA

You can make a payment to CRA by visiting your Canadian bank, financial institution, or credit union, if you have a personalized remittance voucher. Personalized remittance vouchers can be requested through My Account or by calling the appropriate general enquiries line 1-800-959-5525 (Business) or 1-800-959-8281 (Individual). For individual taxpayers only, your tax return preparer may be able to print a personalized remittance voucher that can be used to make your tax payment in person via cheque or debit.

CRA’s newest payment option allows you to pay in person with cash or debit at any Canada Post outlet across Canada using a QR code that contains information that allows CRA to credit your account. Personalized remittance vouchers from CRA or from your tax return preparer will already contain this QR code. If you do not have a personalized remittance voucher, you can create a QR code at paysimply.ca. Service fees for Canada Post payment services range from $3.95 – $7.95 and are dependent on the amount of the payment.


Disclaimer: Avisar Chartered Professional Accountant’s blog deals with a number of complex issues in a concise manner; it is recommended that accounting, legal or other appropriate professional advice should be sought before acting upon any of the information contained therein.
Although every reasonable effort has been made to ensure the accuracy of the information contained in this post, no individual or organization involved in either the preparation or distribution of this post accepts any contractual, tortious, or any other form of liability for its contents or for any consequences arising from its use.

Phishing, mobile phone hacker or cyber scam concept.

4 Threats to Watch Out for When a Hacker Gets Your Phone Number

The more personal information we supply online, the greater at risk we are of identity theft, experts say.

Passing out your digits is all it takes to put you at risk of identity theft, warn cyber-security experts.

From account profiles to online registration forms – be it for retailers, hospital records or social media platforms – we are supplying personal information digitally without hesitation or regard for the implications.

“If someone has your phone number, they are likely to have other identity elements as well, so don’t be surprised,” says Claudiu Popa, a certified security and privacy risk adviser and CEO of Informatica Corporation, a Canadian cybersecurity consulting firm.

In a world where our offline and digital identities are symbiotic, here are some identity theft scams, and mitigation tactics, to watch out for.

Spoofing to scam

You’ve likely received several of these spammy, or spoofing, calls. The caller poses as police, the Canada Revenue Agency, or the immigration service, demanding payment and threatening jail time, deportation, and so on. Many are falling victim to a potentially financially devastating scam, warn experts.

“If [call recipients] don’t have that level of awareness, they are a sitting duck, and that’s who [spoofers] are hoping to catch,” says Popa.

According to the Canadian Anti-Fraud Centre, these scams have defrauded Canadians of more than $16.7 million since 2014. It has become so prevalent that the Canadian Radio-television and Telecommunications Commission recently ramped up its efforts to combat it.

The commission will require telecom service providers to implement, by next September, a new framework called STIR/SHAKEN (Secure Telephone Identity Revisited/Signature-based Handling of Asserted Information Using Tokens) technology, which enables the recipient to determine before answering whether the call is suspicious or not. In the meantime, the commission, now requires, as of Dec. 19, that these providers block calls with numbers more than 15 digits long or that can’t be dialed (such as those with a string of letters or zeros), or provide more advanced call-filtering services.

“Legislation would put the responsibility back on the organizations, and that will hit the cellphone carriers,” says Matt Coveart, identity theft expert at DragonFly I.D., an identity restoration service provider. “They are going to have to do more.”

Mitigate it

  • Avoid answering any calls received from unknown numbers.
  • If you do answer the call, immediately hang up and do not answer any questions.
  • Never give out any personal information (such as social insurance numbers and banking information) without verifying the request is legitimate.
  • Report any calls received to the Canadian Anti-Fraud Centre.
  • Keep abreast of offerings by your mobile provider to help stop these calls

Porting for profit

Identities are now being compromised by phone porting, whereby the fraudster, with phone number in possession, links that phone to another SIM card, enabling access to its apps, cloud and email accounts and more.

From there, the fraudster may call the mobile service provider, impersonating the phone owner and make account changes or report the device lost or stolen. They may change passwords on accounts using the “forgot password” option, gaining access through verification codes now sent to them.

Meanwhile, victims may be locked out of their accounts, unable to call, text or use data. They may fall prey to extortion threats or have their bank accounts drained and credit cards racked up.

“It’s very targeted. They find an old cellphone bill and try to leverage that information. The representatives believe the device is stolen or lost,” says Coveart. “They [cyber criminals] say they would like to have the phone ported to another device. Once it’s ported to that device … there are all sorts of impersonation scams from that point.”

Mitigate it

  • Protect your personal information. Cautiously fill out online forms, only entering what you absolutely need to. Does this company really need your date of birth, gender or marital status? Is it even legal to request it?
  • Contact your mobile service provider to find out what additional security measures are available if your phone is lost or stolen, or has been compromised.
  • If your identity is hacked, report it to the Canadian Anti-Fraud Centre and your local police force, and immediately contact your financial institutions and credit bureaus.

Phishing for vulnerability

According to security firm Wandera, 83 per cent of phishing attacks in 2019 took place in text messages or in apps. Meanwhile, a recent IBM study reported that users are three times more vulnerable to phishing attacks on a mobile device than a desktop.

Hackers know this, and target accordingly. Similar to email phishing, these fraudulent requests may be urgent or threatening, demanding payment or personal information, and/or encouraging users to click on ransomware-infected links or attachments. They may also be simple requests, including account updates or password confirmations.

“What people don’t understand about ransomware is that your data gets stolen first,” says Popa. “So that [info] goes out there and it just joins the masses of personal information that is available about anyone going forward and forever.”

Mitigate it

  • Never respond to (or click on) suspicious messages, links or attachments sent via text or apps.
  • Report suspicious messages to your mobile service provider, and anti-fraud centre.
  • If the message sent looks legitimate, contact the alleged sender (i.e., your bank) before responding or entering any information to confirm receipt.
  • Update any passwords/log-in credentials associated with targeted accounts.

Mining for identities

With access to one piece of personal information, fraudsters can mine for more data to piece together an identity, Popa says. With the amount we share online – from birthdates, to family members, to marital statuses, to employers – we make it easy for them, he adds.

A quick search of a phone number, he says, can lead to its mobile service provider. One phone call to that provider can reveal account details when the right questions are asked. One account detail can direct to a social media account. Furthermore, Popa adds, fraudsters can use data they collect from multiple individuals and combine the information to create virtual people.

“It could be a phone number. It could be a picture. It could be a home address, social media profile. Any one of these identity elements can give rise to an opportunity to gather more data about an individual,” he says.

“You can mix someone’s social insurance number with someone’s home address and suddenly you don’t have someone who really exists. That’s called a synthetic identity … and you can multiply your opportunities for making money.”

In an internal report completed last August, and obtained by the Canadian Press through an Access to Information request, Privacy Commissioner Daniel Therrien called out federal political parties for not adequately protecting Canadians personal information and misusing voter data without proper consent. The report states that Canadian privacy policies fall short on setting limits on how data is used, how long it is kept, whether it is accurate, and how it is safeguarded through security systems.

Mitigate it

  • When possible, create distinct digital identities across platforms and accounts using pseudonyms or nicknames, different email addresses, fake birthdates, and so on, advises Popa. Keep track of this information for customer service. “People need to understand one thing. The person that they are in real life is different than the digital identity that they have online. Divorce these two concepts,” he says. “The way they do that, is to be as pseudonymous as possible online.”
  • Use an offline password manager and database to keep track, creating new and distinct passphrases, rather than passwords (minimum of 12 characters, including spaces and punctuation), advises Popa. “Type in a sentence. It’s much easier to remember and it’s less likely to guess it.”

Disclaimer:
Avisar Chartered Professional Accountant’s blog deals with a number of complex issues in a concise manner; it is recommended that accounting, legal or other appropriate professional advice should be sought before acting upon any of the information contained therein.

Although every reasonable effort has been made to ensure the accuracy of the information contained in this post, no individual or organization involved in either the preparation or distribution of this post accepts any contractual, tortious, or any other form of liability for its contents or for any consequences arising from its use.

hiring virtually

Ask the Right Questions When Hiring Virtually, Pros Say

With remote interviews, many of the cues you would normally use to read a person are lacking. But there are still tactics you can use to help make the right choice when hiring virtually.

Even in normal times, selecting the right candidate for a position can be challenging. But, for many organizations, COVID-19 has made the process even more difficult by requiring employers and candidates to adjust to remote interviews that lack the kind of human connection – including direct eye contact and collegial handshakes – that in-person exchanges can bring.

The shift comes with consequences, experts say. According to new research from Robert Half Canada, more than half (56 per cent) of employers say the cost of making a bad recruiting choice is higher than it was pre-pandemic.

Still, given that remote work is likely here to stay for many and that virtual hiring offers access to larger talent pools, we are likely to see more, rather than less, remote recruiting going forward.

Here are four tactics that can help you make the right decision when hiring virtually.

Prepare your questions

With remote interviews, you have to be slightly more pointed in the way you ask questions, says David Dial, founder of Calgary-based Dial Solutions Group.

“Some people are professional interviewers. They do a great interview. Then they show up and within the first week you’re saying, ‘This isn’t the person we interviewed.’ ”

One solution, Dial suggests, is to ask questions that put the candidate into unique or challenging job-related scenarios. Listen for evasive responses, he adds.

“Take the person away from a script and observe how they behave,” he says. “If they’re feeling uncomfortable answering, dig in a little bit with follow-up questions.”

Connect creatively

When interviewing in person, you can often get a feeling about a candidate by reading their body language, Dial says.

“Remotely, you miss that … so you need to listen very carefully,” he says.

To help compensate for a lack of in-person cues, Michael French, regional vice-president of Robert Half Canada, suggests spending a few minutes getting to know the candidate. Choose questions that showcase their personality and why they are interested in the role and organization, he says, and pay attention to facial expressions and tone.

“Get a good understanding of how and why they came to meet you,” he says. “Make sure their tone comes across as comfortable.”

Connections can also be made with prospective teammates, adds French. Once candidates are shortlisted, arrange video conferences with future colleagues and consider their feedback during the final selection process.

Stay alert to cues

The pandemic has brought added stress for many employees, and it’s important to show flexibility and understanding, says French.

There are limits to employer flexibility, though. If a candidate reschedules an interview more than once, it may indicate someone who is unreliable. If they have persistent technical issues during the interview process, this could be a knowledge gap.

Beyond having the right skills, it often comes down to a candidate’s attitude and the overall impression they make, French says.

“Look out for someone who responds negatively,” he cautions.

This could be a sign they’re not the right fit for the role, adds Dial.

Probe for solutions

Finally, if you find yourself with a bad hire on your hands, try to avoid the knee-jerk reaction of firing on the spot, says French.

Instead, exhaust all options to keep the new employee rather than waste time and resources used to replace them, he advises. For example:

  • Consider whether talking about any issues – such as punctuality, meeting deadlines – could put things on track.
  • Assess whether retraining could be easily executed.
  • Find out if the employee has personal issues because of the pandemic.
  • Determine whether your virtual onboarding process is effective.

If you must let an employee go, Dial adds, do it fast and within the probationary period. “Mistakes are made when people hire because they’re desperate to fill the role,” he says.

“Take your time hiring the person. But, if it’s wrong, change it quickly.”

Disclaimer:
Avisar Chartered Professional Accountant’s blog deals with a number of complex issues in a concise manner; it is recommended that accounting, legal or other appropriate professional advice should be sought before acting upon any of the information contained therein.

Although every reasonable effort has been made to ensure the accuracy of the information contained in this post, no individual or organization involved in either the preparation or distribution of this post accepts any contractual, tortious, or any other form of liability for its contents or for any consequences arising from its use.

Take The Right Steps Now, Avoid “Pension Envy” Later

If you work in the private sector and are wondering how you can replicate the “gold plated” pensions of your friends in the public service, envy not! You can enjoy a similar pension experience while complementing your private investment savings (e.g., RRSP, TFSA, etc.).

My wife, brother and some of my friends are teachers, and my parents are retired teachers, so I am well versed when it comes to what’s on the minds of teachers. One topic that never seems to concern them is retirement security – if you bring up retirement and investing, they are happy to boast about their incredible pension.

And why shouldn’t they? Teachers and most other public service pensions are what you call the “gold plated” pensions in Canada because they are the best available for retirement income. This is mainly because these pension funds are shrewdly managed and have thus yielded historically high returns, and the payout formulas that determine benefits typically work in the recipient’s favour. Also, the pensions are backed by the power of the government and, under most circumstances, are protected from inflation.

If you are a private sector employee, your pension might not have all these bells and whistles. For instance, I am helping a client complete her pension package after years of working for one of Canada’s big banks; the pension package she received shows the pension is underfunded (meaning they don’t have enough assets to cover their obligations to pensioners), no inflation protection at all and underwhelming pension formulas.

Governmet Pension Benifits Available To Canadians

In Canada, we are fortunate to have access to two government-sponsored pension plans outside our workplace pensions: Canada Pension Plan (CPP) and Old Age Security (OAS). CPP is based on your earnings while working, while OAS is based on how long you have lived in Canada.

As prospective retirees approach retirement age (say, age 60-plus), understanding when to begin collecting your pensions becomes an important planning point and forms my central argument on how to overcome any pension envy you might have.

TRADITIONAL VIEWS OF GOVERNMENT PENSION PLANS

Historically, it seems that most Canadians have decided to start their government pensions as early as possible (CPP at age 60 and OAS at age 65). Reasons Canadians have reported that they elect to start these benefits early are:

  • They are predicting a certain life expectancy.
  • They do not have enough personal savings to supplement their retirement income until their government benefits start.
  • They want to manage any tax consequences.
  • They wish to attend to their estate planning.*

In my experience, the other key reason I believe Canadians tend to start their pension benefits early is because, quite simply, they can. If the government is handing out cookies to Canadians in the form of government pension benefits today, it’s no surprise that Canadians would not want to wait to start eating them.

How to Reduce Pension Envy

It is possible to achieve similar pension benefits to your family and friends in the public service. How? By considering the option to defer your entitled government pensions (e.g., OAS and CPP).

More specifically, you have the flexibility to select when to start your CPP benefits (between age 60 and 70) and your OAS benefits (between age 65 and 70).

This decision on when to start your government benefits is a critical choice that you only have one chance to make. So, you want to make sure you are making it with your eyes open.

WHAT IS AT STAKE?

How about $83,000 more in retirement income, lower risk of outliving your money and higher-quality income, to start? Consider these factors for help deciding whether delaying your pension benefits might fit in with your overall retirement plan:

Enhanced income: Each month you defer CPP and OAS, you receive an increase in your pension benefits of close to 0.7% per month, or 8% per year.

Here is how this would look if you lived to be 90: If you are eligible for the maximum of both pensions and defer each pension from age 65 to 70, your retirement income will be $83,390 higher overall, and you will receive greater cumulative dollar value after your 81st birthday.**

Lower risk of outliving your money: Over the last two decades, private-sector pensions have shifted from a defined benefit (similar to public service pensions) to a defined contribution pension scheme. This change has meant that retirees may have less certainty of their guaranteed pension income over their lifetime.

You can lessen this worry by maximizing your government pension sources, as these provide retirement income for life. In this way, Canadians – who are living longer than ever – can rest assured that they will continue to receive a higher retirement income, with annual inflation protection to boot.

Higher-quality returns: As noted in the first point above, each year that you defer your CPP and OAS to the maximum age 70, your retirement benefit goes up by close to 8% per year.

Going forward, if you are a typical Canadian retiree running a balanced portfolio with your retirement savings (such as in RRSPs), a return of 8% per year is likely to be a difficult target for you to reach without taking on excessive risk. Half of your balanced portfolio invested in fixed income is only earning between 0 and 2% today. More importantly, your returns on your private savings are likely not entirely guaranteed, while your government pension deferral benefit is.

Over the past few decades, changes to pension regimes have highlighted the value of the public service pension plans. As part of your detailed retirement plan, electing to defer your government pensions may help reduce or eliminate your pension envy.

To be sure if this retirement strategy is ideal for you, it is important to work with a financial professional to come up with a plan that is ideal for your unique retirement circumstances.

* “Taking CPP early can come at a steep long-term cost” by Rob Carrick, published in the Globe & Mail print edition on December 9, 2020.

** For the examples used in this article, we assume that the person is eligible for the maximum of both CPP and OAS benefits, with no inflation adjustments in the calculations.


Disclaimer:
Avisar Chartered Professional Accountant’s blog deals with a number of complex issues in a concise manner; it is recommended that accounting, legal or other appropriate professional advice should be sought before acting upon any of the information contained therein.

Although every reasonable effort has been made to ensure the accuracy of the information contained in this post, no individual or organization involved in either the preparation or distribution of this post accepts any contractual, tortious, or any other form of liability for its contents or for any consequences

Accessibility and Inclusion

Online + Accessibility = Inclusion

You can no doubt relate to how it feels when you’re scanning through links within text and half of them don’t work. Or your friend sends you a link to a cool podcast but, when you load it up, you can’t hear the speaker over the background noise.

As a listener, you likely got frustrated and decided to move on to something easier on your ears (and your patience). Seamless user experiences are often something we take for granted, but facing barriers to retrieving online content can be a common experience for people with disabilities.

The key difference? If you’re just annoyed or frustrated by a site, you can probably still get information from it, or choose to find something else. But what if you need that information, from that source – right now! – and can’t access it properly? If it wasn’t designed with accessibility in mind, this would not be a matter of choice.

Assistive Technologies Help Break Access Barriers

As businesses and organizations have focused on providing virtual services and information many workplaces are already learning how to implement ways for individuals to control and customize their experience. But universal access is about more than just adding closed captioning for persons who are hard of hearing, or about adding control buttons for those wanting to jump through an audio presentation.

People may also bring their own tools to help them access online content (you may notice some now come built-in with your systems).

ASSISTIVE TECHNOLOGY EXAMPLES:

  • Screen reading: Reads out loud what’s onscreen, announcing navigation elements
  • Speech recognition: Will follow spoken commands from the user or type out their dictated words
  • Screen magnification: Makes part or all of a screen larger so that words or images are easier to see

If you’ve ever needed your vision corrected, think about the difference you felt the first time you donned those new glasses or contact lenses. You suddenly could see things you’d maybe missed before, in their full array of light and colour!

Eliminating barriers to access is an integral step toward diversity, inclusion and belonging. The key goal is for everyone, no matter their situation, to have the same experience using the “glasses” that work for them.

(Dis)Ability Is A Spectrum

According to Accessibility Services Canada, accessible information serves the needs of people with “vision, motor and cognitive impairments.” This concept acknowledges that the need for help navigating content exists on a spectrum. For example:

  • Think of the “brain fog” experienced by people with fibromyalgia, severe food intolerances and even temporary “pregnancy brain.”
  • Consider visual perception impairments, including colour blindness, migraines, or dry eyes due to menopause.
  • Remember that some of us process information differently and need plain-language information that’s broken into shorter, more manageable units.

While this list is by no means exhaustive, maybe you already recognize yourself here or know someone whose needs can be overlooked in the design of online content.

Universal Online Access Spans Decades

The need for universal access has gained political traction, but it has been on the minds of information designers practically since the Internet began:

1995: Initial guidelines are drafted about making an “Information Superhighway” that works for everyone.

2005: The Accessibility for Ontarians with Disabilities Act (AODA) is the first provincial act of its kind to become law, with other provinces following in later years. Compliance is encouraged in stages, depending on the type and size of the organization. This is in response to research and guidelines for coding and writing web content by the World Wide Web Consortium through its Web Content Accessibility Guidelines (WCAG).

AODA guidelines require that documents and content be updated so that people are able to navigate websites using technologies that make browsing possible beyond looking at the screen or clicking a mouse.

2008: The most recent set of approved WCAG guidelines and checkpoints is released, updating the 1999 version 1.0.

2019: The federal Accessible Canada Act goes into effect.

2021: All websites and web content were required to comply with WCAG 2.0 level AA to meet AODA requirements by January 1.

With more training and building our understanding, Canadian workforces are coming together to create a more inclusive experience, no matter how online information is used.

Learn More

Excerpts of this article are republished from CPA Canada’s Diversity, Equity and Inclusion series.


Disclaimer: Avisar Chartered Professional Accountant’s blog deals with a number of complex issues in a concise manner; it is recommended that accounting, legal or other appropriate professional advice should be sought before acting upon any of the information contained therein.

Although every reasonable effort has been made to ensure the accuracy of the information contained in this post, no individual or organization involved in either the preparation or distribution of this post accepts any contractual, tortious, or any other form of liability for its contents or for any consequences arising from its use.

The Latest In Antivirus Technology: What You Need To Know

The need for antivirus protection came to us just shortly after computers started talking to each other. For years most people needed to install and maintain an up-to-date antivirus program to remain unaffected by malicious activity. Cybersecurity threats have advanced significantly since then. Fortunately for us, a new generation of defences has evolved along with them.

What’s Wrong With Traditional Antivirus Solutions?

Most of us know what antivirus solutions do for us. We may not all know the technical details, but we get it. Special software is needed to protect your computer (often referred to as an “endpoint”) from malicious intent that may lie in wait. Antivirus software is installed on a computer and, as long as it is updated regularly, it monitors files for bad code and quarantines them if issues are detected.

This essential premise has not changed – you still need to protect yourself against malicious code being propagated by nefarious individuals; what has changed is the method of attack, what is attacked and the resulting outcome.

Traditional antivirus has become a victim of its own success. Attackers now know where the defence is installed and how it scans and searches for the viruses, and they have exploited the fact that traditional software relied on “updates,” or signature files that told the antivirus software what to look for. In most cases this meant looking for a particular bad file that had been unwittingly installed.

The traditional defence also came into play primarily during the scan, when the antivirus software would run scheduled investigations looking for trouble. What this meant was that, in the time between scans, there was vulnerability.

Since then, traditional antivirus software has become susceptible to newer attack scenarios like:

  • memory-based intrusions
  • PowerShell scripting language weaknesses
  • macro-based attacks
  • remote log-in masking and cracking

What Are “Next Gen” Antivirus Solutions?

The single largest advantage of next-generation antivirus (NGAV) solutions is that they not only prevent many different types of attacks, but they also are no longer tied to the target computer and can actually learn from attacks as they happen.

While traditional defensive software depended on the placement of a file (or the manipulation of code in an existing file), NGAV no longer has this limitation, as it is focused on events.

Events involving things like processes, applications, network connections or even files are monitored and malicious intent is determined based on how these events change as the result of attacks.

NGAV is a significant step forward in several aspects:

  • First, NGAV applications tend to be cloud-based. This means a lower dependency on local installations, and new information can continually, and more quickly, be shared with all subscribers – no need to wait for scheduled updates.
  • Second, NGAV has taken advantage of advancements in the area of machine learning. Essentially, the NGAV programs are capable of learning what the normal operation of your programs looks like and able to identify deviations caused by malicious code.

The newer capabilities also include some extremely complex advancements in the areas of threat intelligence and behavioural analysis. These carry extreme value in that the systems are able to monitor and identify not just malicious programs, but also the impacts those programs have.

Essentially, any changes impressed on the target system are identified right away by the impact they have. Rather than the system needing to wait for a file definition update to tell it there is new malicious code to watch for, the NGAV discerns the change in normal operation and takes action. With this significantly improved threat intelligence, the defence can be executed lightning fast.

NEXT GEN VERSUS TRADITIONAL

The biggest difference between the traditional and NGAV programs is one of timing. Traditionally, your defences were reactive to intrusion: Attackers developed a new way to attack, and once those attacks were encountered, studied and built, updates were made available to prevent those exact problems in future. With the machine learning and artificial intelligence of new systems, a proactive approach is now available.

The advantages of NGAV are furthered by the fact that business networks, and even those at home, are increasingly more interconnected with various types of devices. It is commonplace now for even small to medium-sized (SMB) organizations to have multiple layers of connected devices.

Servers, computers, mobile devices and network gear all create entry points for malicious software and need to be protected. Before NGAV, each one of these would need its own versions of antivirus software, and each would come with its related maintenance and updates.

Closing Thoughts

Cybersecurity importance has continued to rise over the last few years. Ransomware, malware and denial of service attacks are on the rise, and smaller organizations are just as vulnerable as larger targets. Even most business insurance companies are now offering cybersecurity coverage due to the prevalence of these activities. Without proper coverage, your data – including customer and transactional details – can be copied, shared or held for ransom. But with these next-generation antivirus solutions, you can help protect your electronic assets.


Disclaimer: Avisar Chartered Professional Accountant’s blog deals with a number of complex issues in a concise manner; it is recommended that accounting, legal or other appropriate professional advice should be sought before acting upon any of the information contained therein.

Although every reasonable effort has been made to ensure the accuracy of the information contained in this post, no individual or organization involved in either the preparation or distribution of this post accepts any contractual, tortious, or any other form of liability for its contents or for any consequences arising from its use.

Fed Budget 2021: Electronic Filing Payments, Certifications

Federal Budget 2021: Electronic Filing, Payments and Certification

Budget 2021 proposes a number of measures that would better facilitate CRA’s ability to operate digitally, while also enhancing security.

Notices of Assessment (NOA)

Budget 2021 proposes to provide CRA with the ability to send certain NOAs electronically without the taxpayer having to authorize CRA to do so. This proposal would apply in respect of individuals who file their income tax return electronically and those who use the services of a tax preparer that files their return electronically. Taxpayers who file their income tax returns in paper format would continue to receive a paper NOA from CRA. This measure would come into force on Royal Assent of the enacting legislation.

Correspondence with Businesses

Budget 2021 proposes to change the default method of correspondence for businesses that use CRA’s My Business Account portal to electronic only. However, businesses could still choose to also receive paper correspondence. This measure would come into force on Royal Assent of the enacting legislation.       

Information Returns – T4A and T5

Budget 2021 proposes to allow issuers of T4A (Statement of Pension, Retirement, Annuity and Other Income) and T5 (Statement of Investment Income) information returns to provide them electronically without having to also issue a paper copy and without the taxpayer having to authorize the issuer to do so. This measure would apply in respect of information returns sent after 2021.

Electronic Filing Thresholds

Budget 2021 proposes a number of measures that would limit the ability to file paper returns, including:

  • persons or partnerships that file more than 5 (reduced from 50) information returns of a particular type (e.g. T4 or T5 slips) for a calendar year would be required to file them electronically;
  • professional tax preparers would be required to file electronically where they prepare more than a total of 5 (reduced from 10) corporate or income tax returns for a calendar year. The exception for trusts would be removed; and
  • professional tax preparers that file electronically would only be permitted to file a maximum of 5 (reduced from 10) paper returns of each type per calendar year.

These measures would apply in respect of calendar years after 2021.

The mandatory electronic filing thresholds for returns of corporations under the Income Tax Act, and of GST/HST registrants (other than for charities or Selected Listed Financial Institutions) under the Excise Tax Act would be removed, resulting in most corporations and GST/HST registrants being required to file electronically.

Electronic Signatures

Budget 2021 proposes to allow electronic signatures on certain prescribed forms, as follows:

  • T183, Information Return for Electronic Filing of an Individual’s Income Tax and Benefit Return;
  • T183CORP, Information Return for Corporations Filing Electronically;
  • T2200, Declaration of Conditions of Employment;
  • RC71, Statement of Discounting Transaction; and
  • RC72, Notice of the Actual Amount of the Refund of Tax.

This measure would come into force on Royal Assent of the enacting legislation.

Electronic Payments

Budget 2021 proposes that electronic payments be required for remittances over $10,000 under the Income Tax Act and that the threshold for mandatory remittances for GST/HST purposes be lowered from $50,000 to $10,000. Budget 2021 also proposes to clarify that payments required to be made at a financial institution include online payments made through such an institution. This measure would apply to payments made on or after January 1, 2022.


Disclaimer: Avisar Chartered Professional Accountant’s blog deals with a number of complex issues in a concise manner; it is recommended that accounting, legal or other appropriate professional advice should be sought before acting upon any of the information contained therein.

Although every reasonable effort has been made to ensure the accuracy of the information contained in this post, no individual or organization involved in either the preparation or distribution of this post accepts any contractual, tortious, or any other form of liability for its contents or for any consequences arising from its use.

Avisar Charter Professionals - Cybersecurity

Preserve Cybersecurity While Working Remotely

Most organizations have moved their workforces to some form of remote work as a result of the COVID-19 pandemic. Surprisingly, remote work has proven effective for many organizations, and they are now contemplating updating their remote work policies to allow employees more flexibility in a post-COVID-19 world. However, from a cybersecurity standpoint, remote work presents unique challenges and risks.

Employees may be accessing sensitive corporate data from their personal devices, or they may be using company-issued devices for corporate and unauthorized personal use. In both instances, hackers will prey on these distracted employees: sending them phishing emails in hopes of gaining access to the organization’s network, or stealing credentials which they sell to criminals who may then launch cyberattacks.

Technical Tips For a More Secure Network

That said, there are some basic steps organizations can take to improve their cybersecurity posture. Here are few technical steps you can use as a good starting point.

The extra step in the MFA process could be an email or text message confirmation, a biometric method, such as facial recognition or a fingerprint scan, or something physical like a USB fob.

  • Updates and patches. During the pandemic, most IT departments were focused on moving a large portion of the organization’s workforce to remote work. This may have put other IT tasks on hold, such as patching and implementing non-critical updates. 

Hackers will take advantage of this delay to access networks and potentially steal data. Thus, implementing any updates and patches as quickly as possible should be a priority.

  • Securing home routers. Employees working from home are relying on the Internet and Wi-Fi access at their residence. Did they change their router password after it was first installed? If not, their home network may be vulnerable.

It is important to take simple steps to protect home networks and prevent hackers from having access to connected devices. While changing a router password is a good first step, your employees should take additional measures. For example:

  • Ensure that firmware updates are installed, so that security vulnerabilities can be patched.
  • Make sure the encryption is set to WPA2 or WPA3.
  • Restrict inbound and outbound traffic.
  • Use the highest level of encryption available.
  • Switch off WPS.

Employees needing help with these measures should connect with your IT department.

Passwords should be unique for every account and should comprise a long string of upper- and lower-case letters, numbers and special characters. Additionally, organizations should consider implementing shorter periods for password resets, for example, going from a 90-day to a 30-day reset cycle.

Help Your Employees Stay “Cyber-Vigilant”

While implementing strong technical safeguards is essential to having a strong cybersecurity posture, the most important risk to organizations remains its people when they fall victim to phishing campaigns. Phishing emails are sent by hackers to steal information that can be used in further targeted phishing attacks, credit card and wire fraud, and in installing malicious software on the victim’s device or on the networks they access.

During this pandemic, there has been a marked increase in the number of phishing campaigns that target remote workers in a bid to steal their personal information or gain access to company accounts.

The key to avoiding this vulnerability lies in employee training and reminders to constantly be vigilant. For example:

  • If an email appears unusual or requests immediate action (even when it comes from a “known” source), your employees should have the reflex to pause and proceed carefully.
  • If the email contains a URL, they should know to hover their cursor over the link to validate the source, and to not open any unexpected attachments.
  • If they suspect that they may have inadvertently fallen for a hacker’s ruse, their reflex should be to immediately report the incident to IT, rather than trying to resolve the issue themselves or ignoring it.

The pandemic has shown that remote work is an effective way for organizations to continue operating, so it is likely that some form of remote work will be part of how organizations operate in the future. That said, being aware of the risks and taking some basic steps can significantly reduce your chances of becoming a victim of a cyberattack while working remotely.


Disclaimer: Avisar Chartered Professional Accountant’s blog deals with a number of complex issues in a concise manner; it is recommended that accounting, legal or other appropriate professional advice should be sought before acting upon any of the information contained therein.

Although every reasonable effort has been made to ensure the accuracy of the information contained in this post, no individual or organization involved in either the preparation or distribution of this post accepts any contractual, tortious, or any other form of liability for its contents or for any consequences arising from its use.

Protecting Your Business From Identity Theft

When we think about fraud committed against individuals, many of us immediately think of identity theft. Identity theft is the taking of a victim’s private information (such as their social insurance number or birthdate) to use for financial gain.

Examples of identity theft include applying for and using a credit card with the stolen information. Our awareness of identity theft as a crime has increased significantly over the past few years, because the issue has been regularly featured on the news and in popular culture, and the risks have been frequently highlighted by financial literacy organizations (such as CPA Canada).

What is business identity theft?

Though many people are well aware of the risks of individual identity theft, what is not as commonly known is that identity theft can just as easily happen to a business. Identity theft for a business has the same definition as for an individual: acquiring a business’s private information to use for financial gain.

Why does business identity theft happen?

Any person(s) committing fraud, including identity theft, will typically need to have all three of the following factors: incentive, rationalization and opportunity.

What information is needed to commit business identity theft?

For individual identity theft, a person’s social insurance number (SIN) and birthdate are key pieces of information to acquire. For a business, the key information to protect against identity theft is your company’s business number (BN) and/or provincial tax identification number. In Ontario, that would be your Business Identification Number (BIN). Other key information that may be used for business identity theft include:

  • legal corporate / business name
  • mailing address
  • supplier names
  • customer names
  • employee information (e.g., email addresses and phone numbers)

What are examples of business identity theft schemes?

There are several ways in which a business identity thief can use the acquired information for financial gain. Examples include:

  • transferring funds out of the business bank accounts
  • opening and using a corporate credit card
  • applying for and receiving a loan from the bank
  • making large business purchase orders
  • filing false tax returns to receive refund amounts from the government

Consequences of Business Identity Theft?

The consequences of identity theft for a business, much like for an individual, is lost time and money. Examples include:

  • loss of revenue and cash from the business if fraudulent purchases are made
  • reputational damage if the fraudulent use of the business’s identity is carried out in ways that are antithetical to the business
  • tax liabilities to the government if fraudulent corporate tax returns are filed

Mitigating the Risk of Identity Theft

To mitigate business identity fraud, there are both preventative and detective actions that can be taken. Preventative actions help to protect against the theft occurring in the first place. Detective actions help to discover the business identity theft before significant losses have occurred.


Disclaimer: Avisar Chartered Professional Accountant’s blog deals with a number of complex issues in a concise manner; it is recommended that accounting, legal or other appropriate professional advice should be sought before acting upon any of the information contained therein.

Although every reasonable effort has been made to ensure the accuracy of the information contained in this post, no individual or organization involved in either the preparation or distribution of this post accepts any contractual, tortious, or any other form of liability for its contents or for any consequences arising from its use.

Cyber Securirty - Risk Mitigation

Cyber Security: Mitigating the Risks to Cyber Attacks

Cyber attacks come in a variety of forms and with a variety of intentions. Whether for money or pure disruption, organizations are at risk of both the intrusion and the potential breach of regulatory obligations.

Identifying Cyber Risks

Nearly 90% of cyber incidents are phishing attacks. While the technological maturity level of an organization can greatly influence the response rate, statistics show that upwards of 30% of the targets of a phishing attack open malicious emails.

Up to 12% were found to take the next step and open the included website or attachment. As a result, your user base is often one of the weakest points in your environment.

Getting on The Right Track

Organizations can significantly reduce their cyber risk with the implementation of a consistent IT methodology with security in mind. Start by taking an inventory of your organization’s hardware and software.

By simply removing unsanctioned hardware and software from access to your network, you immediately improve your defences. Manage this going forward by restricting the administrative privileges needed to install new applications and to configure hardware options.

As part of your IT methodology, establish a consistent configuration base of all your devices. Add rigour to how these units are configured, and ensure that proper security protocols are used. In many cases, simply making changes from the manufacturer’s default settings will help reduce exposure.

Once you have established your configuration, employ change-control procedures to assess and monitor their upkeep. Work in a regular patching process to ensure that all your devices are up to date with the latest changes from the manufacturer, which often include security improvements. Many attacks focus specifically on out-of-date software versions.

As discussed earlier, many attacks are buoyed by fooling users into clicking a dangerous link or downloading malicious applications. As such, do not underestimate the importance of educating your user base. Be sure to highlight what to look for, enforce a critical thinking approach, and reassess as needed. Phishing email drills can be very eye-opening and can help to reinforce preparedness.

Getting the Right Help

Cyber security is an increasingly complex and important topic. As such, it is often difficult for smaller organizations to stay on top of their security needs. They may not have the proper in-house skills to set the right IT methodology in place or manage it going forward. There is certainly a cost-benefit consideration to hiring the needed technical help versus bringing it in externally.

Do not hesitate to look for help. There are numerous consulting companies that can be engaged to conduct an initial cyber security review or assessment of your current environment. These companies can either direct you as to where to make the most important improvements or take over the responsibility as part of an outsourcing agreement.

Responsibility to Protect

Currently, in Canada, it is not against the Criminal Code to fail to implement cyber security measures. However, there are a number of civil and liability obligations that are relevant.

Most notably, the federal Personal Information Protection and Electronic Documents Act (PIPEDA) is relevant to all personal information involved in commercial activities. PIPEDA calls for the protection against loss or theft, modification, copying, unauthorized access, or even disclosure of personal information. This means that the organization itself has a duty to protect the data in its realm.

PIPEDA is not the only regulatory component to be concerned with. Several provinces have passed similar legislation that requires the keepers of data to safeguard this information. Various industry regulators have also implemented regulations around not only the protection of data but also the reporting of intrusive events. For example, the Canadian Securities Administrators (CSA) requires market participants to implement a security framework (relative to their scale).

Cyber attacks are a part of the new reality in our increasingly connected commercial paradigm. Your industry, your scale and the sensitivity of your data will dictate how much you need to do to mitigate the inevitable intrusions. The basic steps above will help to reduce simple or widespread cyber attacks. However, do not underestimate the importance of an effective IT methodology to fully mitigate risks associated with cyber attacks.


Disclaimer: Avisar Chartered Professional Accountant’s blog deals with a number of complex issues in a concise manner; it is recommended that accounting, legal or other appropriate professional advice should be sought before acting upon any of the information contained therein.

Although every reasonable effort has been made to ensure the accuracy of the information contained in this post, no individual or organization involved in either the preparation or distribution of this post accepts any contractual, tortious, or any other form of liability for its contents or for any consequences arising from its use.