The threat of cyber fraud is growing. In 2017, there have been 398 reported scams each day. That is a significant increase from the 197 cases in 2016. Furthermore, there’s a 35% increase in reported breaches each year and what’s interesting is that small businesses with less than 20 staff are the most likely victims.
Many organisations are ramping up their cybersecurity measures to avoid falling prey to data breaches. The question is how is it done?
Mandatory Breach Legislation
In February, the government has made effective the Mandatory Breach Reporting Legislation, which aims to make accounting firms (also called custodians of data) accountable for client data. This mandates firms to report any instance of data breach to the Privacy Commissioner and their clients through writing.
The law will definitely push firms to strengthen their cybersecurity measures because the idea of having to tell your client that you’ve been compromised is embarrassing. Falling victim to hackers will have a negative impact on your reputation; it’s not going to look good on your firm.
No one wants to entrust their data to a firm that cannot protect itself from cyber hacks.
What Puts You At Risk?
It might come as a surprise but the risks for cyber hacks do not stem from I.T. issues. In fact, they are more rooted from firm policies.
- Maintaining many accounts with different passwords makes people more likely to use passwords that are easier to remember—and hack.
- Saving passwords on browsers is risky because anyone who knows how to configure the settings of each browser will be able to retrieve your password.
- Using several devices that synchronize your passwords increases the chance of getting hacked.
- Accessing unsecure websites and accessing the internet through public, and often unsecured, connections.
The biggest risk is not having any idea how serious the threat is. Nick Sinclair, Chairman of The Outsourced Accountant, explains:
“I don’t think people understand how simple it is to be breached and the implications if you do have a data breach. We understand that most of our clients don’t give this too much time and that’s probably where the biggest risk is.”
Tighter Security Controls
There’s definitely room for improvement when it comes to security controls firms implement to protect client data.
Practice Protect’s Jamie Beresford offers some insights on ensuring data security:
- Using a single sign-on system (SSO) to strengthen password protection. This s will ensure that all staff will not have only one password to access different platforms used in the firm.
- Implement systems that will allow you the option to lock specific locations by IP address.
- Provide additional layers of protection for shared computers.
- Have the capability to lock a team member out of all applications.
- Track the list of people who were given access to all accounts.
“It’s really important that you have that log in from a compliance perspective and from a due diligence perspective.”
Other security measures your firm can implement include:
- The simplest way to protect your data is to use strong passwords. Algorithms will have a difficult time cracking 15-digit passwords. Use a combination that you know instead of a random combination of letters and numbers.
- Check your current network systems. Check for sensitive information and see who has access to it. Set control measures.
- Perform periodic checks to identify areas that might be at risk of hacking.
- Be conscientious of your computer habits; make sure to teach your staff as well.
As accountants, you’re also responsible for ensuring the protection of your client’s data. You are considered the custodian of data so make sure that you implement tight security measures.
Aside from putting in place proper computer habits, your firm also needs to utilise the right accounting technologies, like Practice Protect, that can manage your accounts without compromising security.
The Outsourced Accountant helps accounting firms from all over the world grow their capacity, margins and profits through global outsourcing. Contact us to find out more about how we can help your firm.