The threat from cybercrime on the global economy is on the rise, with cyberattacks growing in number and sophistication. While any business in any industry should be mindful of the risk, accountants and financial firms in particular need a data protection plan in action. With a wealth of sensitive client information, such as valuable financial data, it’s their responsibility to make sure client data is protected and secure.
Learn how to keep your clients’ data secure and your business safe with these critical actions.
1. Protect against malware
Malware includes viruses and ransomware, which blocks access to or encrypts a victim’s data while the perpetrator demands a ransom to restore access. A major threat to small business owners, malware can infect your email, web, and server applications through any device, including tablets and smartphones.
The Australian Cyber Security Centre (ACSC), the country’s official cybersecurity protection agency, warned in its 2017 Threat Report that ransomware and sophisticated, personalised phishing attacks are on the rise.
To protect your business from malware attacks, equip all computer devices, including portables, with basic security protection, including firewalls and up-to-date anti-virus protection. And it doesn’t end there – make sure all devices have the latest software and app upgrades to fight off the most recent malware. If you use USBs to share data, make sure they come from a secure source, and only log on to a secure Wi-Fi connection.
2. Encrypt your records
Encryption software will scramble confidential customer information, making it unreadable to anybody without the decryption password. This not only provides another layer of security in case of a breach, but reduces the risk of potential threats from inside your organisation by limiting password access to particular employees.
3. Make passwords strong and secure
Password-protect all office computers and devices, and limit access to the people who use that device. Remember, weak passwords are easy for criminals to guess, so make sure they have a mix of upper- and lower-case letters, numbers and symbols, and change them regularly. Make sure passwords are updated when an employee leaves the business, to protect against theft or other harmful activities by unhappy ex-employees.
4. Set up two-factor authentication
To access most servers and networks you need a username and password. Two-factor authentication adds another form of verification, like a unique code sent to another device that you need to input to allow access. The technology is straightforward to implement and, with this added layer of security, knowing a victim’s password alone isn’t enough for a cyberattack. Some accounting software, like QuickBooks Online, use three levels of permissions to help manage who can access sensitive information.
5. Have a clear data security policy
Do your employees know your data security policy? Clear rules should be established for using IT systems aligned with your organisation’s security settings. These would specify prohibited activities, such as sharing passwords, and what can and can’t be said or shared on corporate social media accounts.
6. Create a data breach response plan
Having a formalised and up-to-date data breach response plan outlining the roles and responsibilities when responding to a cyberattack could mitigate the fallout. The Office of the Australian Information Commissioner (OAIC) offers a guide on what to include in your plan. Taking out an insurance policy against cybercrime could also help minimise the cost of a hack.
Advisory businesses are entirely built on trust, and just one instance of compromised information could damage your reputation and your relationship with clients. So make sure you take cybersecurity seriously, starting with these simple steps today.
For more advice for accountants, check out these resources.