Is your accountant cyber security savvy?

Is your accountant cyber security savvy?

Protecting your data, privacy and wealth depends on it. Every Australian business has cyber security on their mind. Get across the cyber security standards and strategies to protect your business. 

A growing threat 

ASD’s Australian Cyber Security Centre received more than 76,000 cybercrime reports in 2021-22 – an average of one every seven minutes.  

These threats impose an increasingly heavy cost: the average loss for small businesses is $39,000, or $62,000 for large businesses, and that’s before the cost of damage to their brand and reputation. If your business falls victim to a cyber-attack, you could be faced with: 

• Business interruption losses  
• System restoration costs 
• Extortion costs 
• Reputational damage  
• Customer churn
• Fines imposed by regulators such as OAIC 

Cyber and data security form a significant piece of a business life cycle, and your accountant has an important role to play. A data breach can have a tremendous impact on your business – and theirs. To ensure your data and privacy are protected, check that your accountant is across:  

• Key cyber security standards  
• Key protection and mitigation strategies 

The key cyber security standards

 As a business owner, you rely on your accountant to stay on top of the key cyber security standards and their obligations.  

Key obligations for accountants and tax practitioners include: 

• Non-disclosure of information relating to a client's affairs to a third party without the client's permission or a legal duty to do so. 
• Reviewing their practices, procedures and systems regularly to ensure they are adequate, up to date and personal information is protected. 
• Developing their own procedures for assessing suspected data breaches. 
• After a confirmed breach, organisations must have a data breach response plan and staff trained to action that plan 

• As part of that plan, organisations must notify any impacted individuals with recommendations about the steps they should take in response to the data breach. 

The Notifiable Data Breaches (NDB) scheme mandates reporting and notification to the Office of the Australian Information Commissioner (OAIC) in the event of a data breach. Your accountants must comply with the NDB scheme.  

If a practitioner is found to be incompetent or reckless resulting in a breach of confidentiality, the Tax Practitioners Board (TPB) may impose administrative sanctions for breach of the code. 

Accountants are also required to adhere to the TPB’s Code of Professional Conduct regarding the use of cloud computing. While cloud solutions provide system portability and virtual office convenience, they also pose a raft of security risks. The code provides guidance to practitioners on how to manage and maintain security over cloud-based software.  

Understand the risk  

When it comes to cyber and data security, there’s no such thing as zero risk. Determining an acceptable level of risk is an ongoing activity and should be revisited whenever significant business or environmental changes occur. The overarching goal? Striking the right balance between risk, security and usability. 

The protection strategies part of the cyber security toolkit 

• Secure Sockets Layer (SSL) is a standard security technology for establishing an encrypted link between a server and a client – preventing others from eavesdropping or intercepting your communication. Look for ‘https’ in the URL and a little lock near your browser’s location field to know you’re protected.  
• Zero Trust Network Access (ZTNA) provides secure remote access (crucial for today’s remote workforce) to an organisation’s applications, data and services based on clearly defined access controls.  
• Internal encryption transforms digital information in a way that it becomes unreadable (and unusable), creating a threshold that prevents breaches by unauthorised users. Methods include hashing, symmetric and asymmetric encryption.  
• A Data Breach Response Plan equips organisations to contain, assess and respond to data breaches quickly – mitigating the harm to affected individuals. It forms a key component of the NDB scheme.  
• Phishing scam prevention aims to protect your organisation against phishing by educating staff and clients to verify their identity and avoid fraudulent messages. Common red flags include: offers that are too good to be true, an engineered sense of urgency, hyperlinks that don’t add up, questionable attachments and unfamiliar senders.   

Partner for peace of mind  

Protecting your business against cyber attacks is serious business with significant consequences. Prevention is better than cure, so make sure your accountant is across the latest in cyber security and compliant with regulatory schemes for peace of mind.  

Make sure your data and privacy are protected by the right accounting professionals.     

Disclaimer: 
The information is general in nature and is not personal advice. It does not take into account your needs, objectives or financial situation. You should seek independent advice suitable to your circumstances.