As hackers become increasingly sophisticated, data breaches are proliferating across the globe.
And with the introduction of the National Data Breaches (NDB) scheme – new mandatory data breach reporting laws that place strict obligations on businesses – data security has never been more important for your practice.
The threat to accounting practices
The imperative to ensure data security is perhaps even more urgent for accounting practices than other types of businesses, and no matter what their size.
The confidential client data practices typically hold makes them a prime target for cyberattack. An online survey of 183 Australian small accounting firms conducted by Smithink reveals that over 15 percent had been hacked or suffered an incident with malicious software.¹
Are hackers the only data security threat to my practice?
Accidental data breaches caused by practice staff can be just as disastrous as a cyberattack. Sensitive client data ending up in the wrong hands, whether by emailing it to the wrong person, unwittingly posting it online, or misplacing a USB stick, could incur hefty fines under the NDB Scheme.
Know your obligations under the NDB Scheme
Introduced in February, the NDB scheme strengthens data privacy regulations by requiring businesses to notify individuals when the loss of their information is likely to result in serious harm.
It’s imperative to familiarise yourself with the scheme to see if your practice needs to comply, and if so, ensure you can meet its obligations in the event of a data breach. Many practices are still unprepared to meet the Scheme’s obligations, which could place them at risk of fines up to $1,800,000.
Free research report: The Practice of Now
We surveyed 3,000 accountants from Australia and worldwide to reveal how the accounting landscape is changing. Discover how your fellow accountants are preparing for the next decade and learn what you can do now to keep your practice successful.
How can I strengthen data security in my practice?
Here are five critical measures you should take as soon as possible:
1. Ensure you have intrusion detection systems in place
Hackers are constantly evolving their tactics to outsmart intrusion detection systems like anti-virus programs and malicious software scanners. It’s therefore critical to ensure your operating systems, anti-virus programs and firewalls are always up-to-date with the latest security updates.
It’s also a good idea to prohibit staff from accessing client data on their personal computers or when connected to external Wi-Fi networks, as there is no guarantee they will be secure.
2. Use two-factor authentication
Applications that offer this form of security not only require a username and password to log in, but also a code that is sent to your phone. This means that without your phone, your account can’t be accessed by hackers.
If two-factor authentication is not available, ensure you require your staff to regularly change their passwords – a critical measure only 43 percent of Australian practices enforce.¹
3. Educate staff about data breach risksTraining staff about the cunning methods hackers employ will help them know what to look for to prevent cyber attacks.
An increasingly common and insidious method is a form of email-borne attack known as “spear-phishing”. Often disguised as a legitimate email, these attacks encourage the recipient to open an attachment or link infected with malware. In some cases, the malware can encrypt all your data until a ransom is paid.
As they typically mimic emails you would expect to receive, spear-phishing can easily fool those unware of this kind of attack. Encourage staff to look out for these attacks by always checking the sender’s email address and being wary of attachments or links from external emails.
4. Control data access in your practiceControlling who in your practice can access what data can help prevent data leaks. Ensure you entrust data access rights only to those who need it.
Sage HandiSecurity allows you to control who can access client data and perform specific operations. For example, you may decide only partners have permission to delete clients from your database, or that only partners may view their own returns.
5. Back up your data
Given today’s increasingly perilous cybersecurity landscape, you’re running a huge risk if you don’t back up your practice data regularly.
Sage DataSecure is an online backup system that allows you to store your Sage HandiSoft data securely in the cloud. Automatic daily backups and data encryption ensure all your critical data is up to date, secure, and recoverable.
1. 2017 ATSA Technology Survey, Smithink