As part of this campaign, Australian business number (ABN) holders will receive a series of emails from the ATO in the coming months, which include tips on ABN obligations, business structures, registering for goods and services tax (GST) and understanding employer responsibilities.

“Small businesses are vital participants in the tax and super system. As stewards for small businesses, our role in making it easy for small-business owners to get their tax and super right is more important than ever.,” ATO deputy commissioner Will Day stated. “Our goal is to provide small businesses with guidance, tools and tips so new business owners can focus on growing their business with confidence.”

The ATO conceived the campaign in light of the data that approximately 50 per cent of businesses fail in the first three years, often because they have at least been remiss in their ATO obligations from the start.

GST obligations

In particular, GST registration and payment is an ongoing area of concern for the ATO, which estimates that almost $8 billion in GST each year hasn’t been collected due to non-compliance, with small businesses contributing significantly to this gap.

And while not every small business needs to be registered for GST, but when their GST turnover is $75,000 or more or when they provide taxi, limousine or ride-sourcing services they must register and collect GST and then pay this to the ATO.

Day encouraged small businesses to set aside GST, as well as pay-as-you-go (PAYG) withholding and super if they have employer obligations. “Don’t be tempted to dip into GST, PAYG withholding or super to manage your cashflow – set up separate bank accounts for these funds so you’re always prepared when it’s time to pay,” he said.

Reporting side hustles

With over 700,000 taxpayers are supplementing their income with ‘side hustles’ including ‘gig’ or sharing economy activities, the ATO has reminded that if a hobby has turned into a profit-making business, it is the side hustler’s responsibility to fulfill the pertinent tax, super and registry obligations.

“Generally, a business involves continuous and repeated activities aimed at making a profit. Visit ato.gov.au/areyouinbusiness to learn more about whether your activities qualify as a business and understand your obligations,” Day said.

Early reporting encouraged

The ATO is also encouraging new small businesses to plan ahead to avoid a large tax bill when they lodge their first tax return by voluntarily entering and prepaying their estimated tax liability through PAYG instalments as soon as they start their business.

“We know that successful small business owners understand their tax, super and registry obligations and we are committed to helping them do so.” Day said. “Through transparent communication, including the support we have available for small businesses, small-business owners are better equipped to keep up with their obligations and stay on top of their tax payments. After all, small business is serious business.”

The post ATO offers additional support to small-business owners on their tax obligations appeared first on Inside Small Business.

The ATO’s renewed focus on overdue tax debts is landing hardest on the very enterprises Australia depends on for jobs and growth. For thousands of small-business owners, enforcement is starting to feel less like a nudge toward compliance and more like an extra weight on already-strained cash flow.

I’m not asking for exemptions or shortcuts; I understand that tax keeps the system running. Yet after two years of sticky inflation, softer consumer spending and rising interest rates, many of us are juggling BAS, super and PAYG alongside wages, rent and invoices that take longer than ever to be paid. When cash in the account won’t stretch to cover everything, delaying a tax payment isn’t about gaming the rules – it’s a short-term survival tactic.

The ATO can’t simply ignore outstanding debts, but the current escalation path is punishing viable firms that just need time. Tens of thousands of businesses are currently engaged in formal payment arrangements with the ATO, and garnishee notices and director-penalty warnings have returned at pace. For a small café, an electrical contractor, or a digital-services micro-firm, one sudden account freeze can tip a delicate balance into insolvency.

The stress is compounded by uncertainty. Owners swap stories: why did one peer receive six months’ breathing space while another had funds swept from their account after a single missed instalment? Clearer guidance on thresholds and timelines would give directors confidence to engage early rather than retreat in fear.

None of this is to dismiss the ATO’s challenge. The tax gap is real, and chronic non-payers do exist. But the recovery strategy could do more to distinguish deliberate avoidance from temporary hardship. A short, transparent pause on garnishees for debts under, say, $100,000 – provided a realistic plan is lodged – would help steady firms that are fundamentally solvent. An expanded hardship-advice hotline staffed by people who understand small-business cash cycles would lift engagement and reduce defaults.

There’s also a longer-term opportunity here. COVID-era support proved that structured, time-bound relief can keep businesses afloat and tax flowing in the long run. Low-interest consolidation loans or government-backed deferrals, linked to clear repayment milestones, would prevent a wave of unnecessary wind-ups and protect jobs the economy can’t afford to lose.

Above all, tone matters. When letters arrive without warning or accounts are frozen before a conversation occurs, trust erodes. Most owners I know are proud to contribute their share; they simply need the system to recognise how volatile trading conditions have become.

Small business isn’t looking for indulgence. We’re looking for partnership: consistent rules, proportional responses, and a willingness to see cash-flow pressure for what it is – temporary, not terminal. Give us a predictable path back to compliance and we’ll take it, because the alternative is closure, and that helps no-one: not staff, not communities, and certainly not the tax base.

A resilient economy is built on resilient small businesses. Treat us as collaborators rather than cases, and we’ll repay the faith – literally.

The post Small businesses aren’t dodging tax – we’re drowning in it appeared first on Inside Small Business.

Securing customer data isn’t optional – so why does it still feel overwhelming for so many SMEs?  With Australia recording 527 data breaches in the first half of 2024 alone – the highest in over three years – the urgency for stronger security measures has never been greater. A single breach can lead to financial penalties, legal action and a loss of customer trust. Yet, compliance feels overwhelming. The good news? Protecting customer data and maintaining compliance doesn’t have to be complicated or costly.

Understanding legal compliance for SMEs

SMEs in Australia must adhere to the Privacy Act 1988 and the Australian Privacy Principles (APPs) if they collect, store, or process personal information. Even businesses not legally required to follow these regulations should still implement best practices to maintain trust and avoid reputational damage.

Many SMEs collect more customer data than they need – often storing it in unsecured spreadsheets, outdated systems, or even email threads. This not only increases security risks but also makes compliance more challenging. A better approach? Only collect essential personal data, obtain clear and informed customer consent, and secure information with encryption and restricted access. Regularly updating privacy policies to reflect current practices isn’t just about legal compliance – it’s about building a culture of data security that fosters long-term customer trust.

However, a worrying gap remains between awareness and action. Zoho research found that nearly 350,000 businesses don’t know what to do if they experience a data breach. Even more concerning, 19.7 per cent of SMEs didn’t realise they had a legal responsibility to communicate with customers about the data they collect. Without clear guidance, many SMEs risk non-compliance and financial penalties simply due to a lack of awareness.

Avoiding common data handling pitfalls

Many SMEs unknowingly expose themselves to security risks through outdated software, unsecured data storage, and poor access controls. Zoho research reveals that while 59.4 per cent of SMEs acknowledge their vulnerability to data breaches, many are not taking adequate action to strengthen their data security. Cybercriminals target businesses using outdated systems, making it critical to keep software and security tools updated.

Additionally, SMEs often rely on multiple different apps, many of which may not be necessary, to store, process, and manage customer data. The more systems a business uses, the more challenging it becomes to track and protect customer data. This complexity, combined with limited resources, makes it harder to ensure data privacy and security, increasing the risk of non-compliance and breaches.

Another common oversight is granting unnecessary data access to employees. Implementing role-based permissions ensures only authorised personnel can view critical information. Regular security training is equally important – staff who can recognise phishing attempts and social engineering scams are the first line of defence against cyber threats.

Strengthening data protection through consent and security measures

Transparency in data collection isn’t just good practice but a legal requirement. And these policies should be clear, specific, and regularly updated to remain compliant. Additionally, customers must have easy opt-out options; failing to provide a clear way to withdraw consent creates compliance risks and trust issues. Free online privacy policy generators can help SMEs align with legal requirements, but consulting a legal expert offers added peace of mind.

SMEs must prioritise security measures to protect collected data. Cyber threats are constantly evolving, and businesses need to stay ahead. Routine security audits help identify vulnerabilities before they lead to costly breaches. Multi-factor authentication protects sensitive accounts from unauthorised access, while encrypted backups provide a safety net against ransomware or accidental data loss. Monitoring access logs ensures businesses can track who interacts with customer data.

By implementing both consent-based data collection and strong security measures, SMEs can enhance compliance, mitigate risks, and build long-term customer trust. As cyber threats grow, prioritising security isn’t just about avoiding penalties – it’s a strategic investment in long-term success.

The post How can SMEs ensure compliance with data protection standards? appeared first on Inside Small Business.

The Australian Competition and Consumer Commission (ACCC) has also reminded businesses to adequately disclose any upfront card payment surcharges that apply, so that customers can make informed decisions before ordering, booking, and paying for a product or service.

The reminders come as the ACCC zeroes in on misleading surcharging practices and other add-on costs for the 2025-26 financial year. As such, the agency will be actively monitoring business compliance and may take appropriate compliance or enforcement action, in line with its Compliance and Enforcement Policy.

“Businesses need to ensure their customers know about any card payment surcharges upfront, and that they are only charging what it costs them to accept those card payments,” ACCC deputy chair Mick Keogh said.

Laws have been in place to regulate pricing and card surcharges, with the Australian Consumer Law prohibiting businesses from misleading people about the prices they charge and the Competition and Consumer Act, which prohibits businesses from charging a card payment surcharge that is higher than the business’s ‘cost of acceptance’ for credit card payments.

In relation to the campaign, the ACCC has commenced an education and compliance campaign to inform businesses, particularly small businesses, of their obligations and help them to comply with the relevant laws.

The agency is also helping businesses comply with the law through advertisements, updated guidance materials, and close engagement with relevant industry representatives to support their small-business members in complying with the laws.

“We understand that small businesses need to be across a lot of information to comply with all of the laws that apply to their business; however, charging excessive surcharges and not being upfront with customers about pricing can result in small businesses losing customers,” Keogh said. “It is important for small businesses to ensure they understand their obligations and check their costs of acceptance to know what amounts they can legally charge their customers as a payment surcharge, as well as reviewing how they inform customers of their prices, including any applicable surcharges.”

More information to help businesses comply with the law is available on the ACCC website. Businesses are also encouraged seek advice from their bank or payment facilitator, an accountant, or business advisor to assist them, especially concerning their ‘cost of acceptance’.

The post Businesses reminded of their obligations regarding card payment surcharges appeared first on Inside Small Business.

Understanding legal compliance for SMEs

SMEs in Australia must adhere to the Privacy Act 1988 and the Australian Privacy Principles (APPs) if they collect, store, or process personal information. Even businesses not legally required to follow these regulations should still implement best practices to maintain trust and avoid reputational damage.

Many SMEs collect more customer data than they need – often storing it in unsecured spreadsheets, outdated systems, or even email threads. This not only increases security risks but also makes compliance more challenging.

A better approach? Only collect essential personal data, obtain clear and informed customer consent, and secure information with encryption and restricted access. Regularly updating privacy policies to reflect current practices isn’t just about legal compliance – it’s about building a culture of data security that fosters long-term customer trust.

However, a worrying gap remains between awareness and action. Zoho research found that nearly 350,000 businesses don’t know what to do if they experience a data breach. Even more concerning, 19.7 per cent of SMEs didn’t realise they had a legal responsibility to communicate with customers about the data they collect. Without clear guidance, many SMEs risk non-compliance and financial penalties simply due to a lack of awareness.

Avoiding common data handling pitfalls

Many SMEs unknowingly expose themselves to security risks through outdated software, unsecured data storage, and poor access controls. Zoho research reveals that while 59.4 per cent of SMEs acknowledge their vulnerability to data breaches, many are not taking adequate action to strengthen their data security. Cybercriminals target businesses using outdated systems, making it critical to keep software and security tools updated.

Additionally, SMEs often rely on multiple apps – many of which may not be necessary – to store, process, and manage customer data. The more systems a business uses, the more challenging it becomes to track and protect customer data. This complexity, combined with limited resources, makes it harder to ensure data privacy and security, increasing the risk of non-compliance and breaches.

Another common oversight is granting unnecessary data access to employees. Implementing role-based permissions ensures only authorised personnel can view critical information. Regular security training is equally important – staff who can recognise phishing attempts and social engineering scams are the first line of defense against cyber threats.

Strengthening data protection through consent and security measures

Transparency in data collection isn’t just good practice – it’s a legal requirement. Policies should be clear, specific, and regularly updated to remain compliant. Additionally, customers must have easy opt-out options; failing to provide a clear way to withdraw consent creates compliance risks and trust issues. Free online privacy policy generators can help SMEs align with legal requirements, but consulting a legal expert offers added peace of mind.

Beyond consent, SMEs must prioritise security measures to protect collected data. Cyber threats are constantly evolving, and businesses need to stay ahead. Routine security audits help identify vulnerabilities before they lead to costly breaches. Multi-factor authentication protects sensitive accounts from unauthorised access, while encrypted backups provide a safety net against ransomware or accidental data loss. Monitoring access logs ensures businesses can track who interacts with customer data.

While data protection may seem complex, compliance is well within reach for SMEs that take a proactive approach. Strengthening security measures not only mitigates risks but also builds customer confidence and differentiates businesses in an increasingly data-conscious marketplace. As cyber threats grow, prioritising security isn’t just about avoiding penalties—it’s a strategic investment in long-term success.

The post How can SMEs ensure compliance with data protection standards? appeared first on Inside Small Business.

Updated annually, the ATO’s benchmarks allow small-business owners to compare their performance based on metrics such as average expenses against other businesses in the same industry.

The updated benchmarks cover 100 industries and over 2 million small businesses around the country. The industries include Accommodation and food; Building and construction trade services; Education, training, recreation and support services; Health care and personal services; Manufacturing; Retail trade; and Transport, postal and warehousing.

“The benchmarks are a valuable tool for small businesses wanting to stay in good financial health,” said ATO Assistant Commissioner Tony Goding. “Think of our benchmarks like a routine test you take with your GP each year. These can help small businesses diagnose their strengths or spot the early warning signs.”

Goding added, “The benchmarks can help you see how your business stacks up. If your numbers are outside of the benchmark range compared to others in your industry it may be time for a closer look at your business plan.”

The ATO also clarified that it does not use the benchmarks in isolation. However, if small businesses find themselves falling outside the ATO’s benchmarks, they are more likely to trigger a closer examination by the office to determine if they have made mistakes or deliberately committed an unlawful act such as tax evasion.

In relation to this, the ATO has reiterated its zero tolerance towards non-compliance as small businesses that are avoiding their tax obligations are considered to be part of the shadow economy which accounts for nearly 60 per cent of the gross small-business income tax gap or around $11.2 billion per annum in missing tax.

“It’s all about levelling the playing field for honest businesses who are being undercut by their dishonest competitors that aren’t paying the tax they’re supposed to,” Goding said.

The benchmarks are accessible on the ATO website and via the ATO app business performance check tool. The key benchmark ratios can also be downloaded from data.gov.au.

The post ATO introduces new financial benchmarks for small businesses in 100 industries appeared first on Inside Small Business.

In particular, the ATO will have the following agenda that it will focus on in the next quarter:

• Data matching activities to ensure all income is reported, as well as the crackdown on contractors that are found to be omitting income
• Monitoring of the quarterly to monthly shift on BAS reporting for GST purposes and ensure compliance as a means to help build good business habits and help improve cashflow management.
• Implementing measures that will help boost small businesses, including encouraging them to do self-amendments to correct errors and omissions.

The ATO says it will also continue to be on the lookout for potential noncompliance, errors, and other issues involving non-commercial business losses, small-business capital gains tax (CGT) concessions, business income is not personal income and GST registration, and income of taxi, limousine and ride-sourcing services.

“To better support small businesses, we are committed to helping small businesses get it right when meeting their tax and superannuation obligations. That’s why we’re being transparent and each quarter sharing specific risk areas we are focusing on,” the ATO said in its press statement.

“Small business is serious business and by sharing these concerns with you early we want to help you set up good habits to get it right and stay on track,” the agency added.

The post ATO zeroes in on incoming reporting, BAS compliance for the upcoming quarter appeared first on Inside Small Business.

Tighter employee laws

Recent industrial relations reforms, including a 5.2 per cent increase in the national minimum wage; permitting ‘employee-like’ contractors to seek Commission intervention for unfair contract term disputes; not permitting pay secrecy clauses to address gender pay gap; multi-employer bargaining; giving employees the enforceable right to seek flexible working conditions; and 10 days’ paid family and domestic violence annual leave, have increasingly stretched resources of SMEs, making it difficult for them to adapt resources to growth and changing markets. A study found that over half of Australian SMEs believe that the Industrial Relations Reforms will make payroll procedures more complex, with many completely unprepared for the changes. 40 per cent also found it difficult to keep up with legislation and compliance obligations.

Lack of resources

43 per cent of SMEs consider the cost of hiring talent too much, and a further 47 per cent find the hiring process too lengthy. 25 per cent of SMEs indicated that lack of time and capacity was the main reason they were unable to adapt new technology into their business. Despite this, Small Business Loans Australia found that 60 per cent of all Australian businesses are already using AI, or planning to integrate AI in the next two years. SMEs are adopting AI tools such as AI-powered reporting and chatbots with automated email replies to streamline time-consuming tasks and improve operational efficiency.

Inadequate government support

Small Business Loans Australia noted that without further government assistance, many SMEs will face increasingly difficult circumstances. 94 per cent said that they need more Government support to help them survive, and 41 per cent said they require financial support to pay wage increases. In addition, the number of companies forced into external administration grew by 39 per cent in 2023-24.

Increased competition

SMEs should expect to see more competition from an increasing number of Australians starting side hustles. In fact, Small Business Loans Australia found that one in two Australians are considering starting a small business in the next five years and a further 38 per cent would run a side hustle in addition to their main job.

Late payments

SMEs will still face cashflow challenges that are exacerbated by late payments, which affect three-quarters of businesses. To add to the challenge, many SMEs prioritise customer and client satisfaction over their own cashflow, leaving them hesitant to chase late payments

Cyberattacks

Data from Accenture’s Cost of Cybercrime Study found that 43 per cent of cyberattacks target small businesses. The number of reported cyberattacks has also steadily risen, with 16,000 more cyberattacks in 2022 than in 2019. Limited resources are seen as a major factor as 48 per cent of SMEs spend less than $500 a year on cyber security. 

Overpayment in financial services fees

SMEs often lack the resources and time to shop around for better rates across financial products. As a result, according to research, most SMEs paid too much when conducting international trade through a bank. A recent Money Transfer Australia study found that 62 per cent are trading internationally through the big four banks, despite generally higher exchange rate mark-ups and fees compared to specialist money providers.

The post Seven key challenges for SMEs in 2025 appeared first on Inside Small Business.

This is according to the latest State of Trust report, the annual report on security and compliance by trust management platform company Vanta.

The report revealed that cybersecurity threats are now the top concern for 52 per cent of Australian business and IT leaders — more than operational risk (41 per cent), financial risk (40 per cent) and brand reputation damage (30 per cent). More so, 58 per cent have shared that security risks for their organisation have never been higher.

However, only 44 per cent of small Australian businesses (1–50 employees) say they have a dedicated security budget, and 66 per cent feel confident in their team’s ability to show the impact of their security program on the business. In addition, 62 per cent of Australian organisations believe their security and compliance measures need improvement, even though businesses across the board are spending on average nine working weeks per year to become compliant.

Jonathon Coleman, APAC general manager for Vanta commented, “After two years of major cyber breaches hitting the Australian headlines, Australian businesses are waking up to the very real idea of cyber threats. But awareness is only half the battle. Action is the other half — and as larger businesses invest more in their own cyber protection, the vulnerabilities left in the defences of small businesses become only more apparent to attackers, who tend to be opportunistic in nature.”

Coleman added, “Compliance is a major step forward in improving cybersecurity, but historically the amount of time and effort organisations needed to put into compliance has been prohibitive. But we’re in the AI age now, where organisations can automate a large amount of compliance work, which helps make it less of a check-box exercise and more of a strong ongoing security measure that helps drive business.”

Vanta’s report also uncovered the changing attitude towards compliance within Australia’s businesses, with 66 per cent now recognising that a more efficient approach to security and compliance will positively impact the business through better time and cost-savings and 63 per cent acknowledging that good security practices will result in higher customer trust.

Paul Hawkins, chief information security officer at CipherStash, commented, “Not taking cybersecurity seriously enough can be a business-ending decision for a startup that’s early on its journey. These types of businesses often don’t have the level of trust relationship with their customers that bigger businesses have, and so it’s vital to build and protect that precious trust because that’s what helps drive future business growth.

Hawkins added, “There are three practical things I’d suggest to all startups looking at cybersecurity for the first time. First is to identify what you have. Understand what service providers you’re using, where you’re storing your data and customer data, and get visibility into your IT assets. Secondly, get your identity foundations in place. Centralise your systems around an identity provider, and reduce the number of long-lived login credentials to make it easier to revoke access whenever you need. And finally, use managed services for security to get visibility and security capabilities without having to build and operate those systems yourself.”

The post Despite growing cyber awareness, SMEs remain stuck in their cybersecurity efforts appeared first on Inside Small Business.

Yet, compliance is not optional. Small businesses, like their larger counterparts, must adhere to the same legal standards for data protection or face potential penalties. More than that, a commitment to privacy builds customer trust, which is invaluable in a competitive market. 

So how can you meet these privacy challenges head-on, regardless of budget or technical capability?

Understanding the privacy landscape

New and proposed privacy regulations in Australia focus on increased transparency, giving consumers more control over their data. Small businesses must be aware of these changes to prepare effectively. The key to staying compliant is understanding the type of data you’re collecting and why.

Typical data collection includes names, contact information, and purchase histories – data essential for providing a personalised customer experience. But collecting this data brings responsibility. Businesses need to clearly communicate how they use it and ensure customers know their options regarding privacy.

Simple steps to start tackling privacy compliance

Despite these challenges, you have options. By focusing on simple, cost-effective strategies, small businesses can enhance their privacy compliance and mitigate risks.

Perform a data audit

Begin by understanding the types of data you collect. Conduct a basic data audit to identify where customer data is stored and how it’s used. Identify what’s necessary and eliminate any data that doesn’t serve a business purpose. This approach reduces the amount of data you’re responsible for protecting and aligns with principles of data minimisation – a fundamental aspect of modern privacy regulations.

Update privacy policies

Transparency is critical to building customer trust. Even if your business operates with a lean website or relies on simple email marketing, make sure your privacy policy is clear and easy to understand. This policy should outline what data is collected, how it’s used, and give customers choices around data sharing. Many small businesses use privacy policy templates, but it’s essential to customise these to reflect your actual practices.

Use low-cost tools for data protection

Data security doesn’t have to be costly. There are affordable solutions for small businesses to improve data handling. For instance, secure storage options, such as cloud-based systems with built-in encryption, can help keep customer data safe. Look for tools that provide straightforward data management features, such as the ability to delete or anonymise customer data upon request. Email marketing services, for example, often offer opt-out and data deletion capabilities, which support compliance with consumer rights.

Train your team on privacy basics

When you have a small team, everyone needs to understand the fundamentals of data privacy. Free or low-cost training resources are available that can provide a basic understanding of privacy best practices. Simple training can help your staff recognise potential privacy risks and understand their role in keeping customer data secure.

Working with a consultancy can provide guidance on specific training requirements based on your business operations. A tailored privacy training program ensures your team is equipped to handle customer data responsibly, with minimal disruption to daily tasks.

Small businesses may not have the resources of larger companies, but they can still meet privacy challenges with a strategic, customer-focused approach. By understanding the regulatory landscape, adopting simple practices, and seeking expert guidance, you can not only comply with privacy laws but also gain a competitive edge in an increasingly privacy-conscious market.

The post How to comply with privacy laws on a small budget appeared first on Inside Small Business.