8 ways cyber security keeps your firm from becoming another Optus
Content Summary
- Practice management
This article was current at the time of publication.
A breach of customer data held by Optus has not only shocked customers but increased concern about cyber security among small and medium businesses.
Cyber security expert Tyler Wise CPA says accountants, as well as business owners, are on the frontline of cybercrime.
With access to client financial data, including links to government agencies such as the Australian Taxation Office, it’s vital to have cyber security measures in place.
1. Ensure you use multi-factor authentication (MFA)
Every accountancy business should deploy MFA to protect valuable information.
“This is probably the simplest account protection anyone can utilise,” says Wise.
“Ideally you want two out of two or three identification factors.
“This should include a password, an authentication code and a thumb print or some kind of biorecognition (biometrics).
“Even if a hacker was to obtain a password, they couldn’t do anything with it if they didn’t have the identification code, unless they were to perform some sophisticated social engineering.”
Learn more about turning on MFA.
2. Never open suspicious emails
Phishing attacks are the most likely cyberattack that accountants face, says Wise.
It occurs when a hacker, pretending to be a trusted contact or source, tricks a victim into opening an email, text or instant message.
By clicking on a malicious link, CPAs open the door to malware, a ransomware attack where the hacker encrypts data and demands payment to decrypt or unlock it, or the revealing of sensitive information.
Wise says emails that communicate a sense of urgency, ask you to take an action, or suggest you have won something should be treated with the utmost caution.
Ensure you have email security through Office 365 or a separate tool.
Complimentary cyber security resources
CPA Australia has a host of resources to combat data thieves, housed in our Cyber Security Hub. Also check out the below webinar and cyber strategy course.
3. Keep software, including antivirus protection, updated
By updating software, you are eliminating vulnerabilities, says Wise. That’s because updates for products aim to fix security concerns.
You can adjust the settings to have software, and anti-virus and anti-malware, updated automatically.
4. Make cyber security everyone’s responsibility
“In notifiable data breaches that impact accountants 41 per cent are the result of human error,” says Wise.
However, depending on the size of the business and the risk exposure, substantial cyber security investment can be a financial burden.
“The best thing to do is make sure all staff gain knowledge about cyberattacks and are a bit more suspicious about their possibility.”
In other words, create a “human firewall”.
Changing strong passwords frequently, avoiding public wi-fi networks, using secure work equipment and querying payment and order requests that seem unusual are some of the actions staff can take.
Backing up data and having at least one copy accessible offline or in a different location can also be a lifesaver. Take regular copies of your important files and store them on a portable device, such as an external hard drive or USB.
CPA Australia has tips about how to create a cyber security conscious culture.
5. Be careful with whom who you do business
Your data may be breached through a third party in your supply chain without adequate cyber security measures.
If you outsource work, discuss cyber security measures in place.
6. Use a Virtual Private Network
With more staff working from home, virtual private networks (VPNs) are a vital privacy tool.
They encrypt internet traffic in real time and disguise online identity. This makes it harder for cyber criminals to track your activities online and steal your data.
All devices, including mobile phones, should be protected with a VPN. Many VPNs can be purchased by subscription.
7. Launch damage control if you are attacked
Your first steps when you realise your data system has been infiltrated should be to contact your IT department, or a cyber security expert, and reach out to the Australian Cyber Security Centre (ACSC) or New Zealand’s National Cyber Security Centre.
“It’s important to try to find out what the breach has stemmed from and what the implications are,” says Wise.
“You don’t want to pull the plug from your online business entirely, but it should be a priority.”
8. Take out cyber insurance
Cyber liability insurance can offer coverage for third party cyber liability, first party hacker damage, cyber extortion, public relations expenses, business interruption and data breach notification.
In the event of a cyber attack, the insurance company will have consultants from legal, IT and PR firms to assist you and lessen the impact and aid your recovery.
Discover more
Helping accountants by becoming an external assessor
UPDATED JUNE 2024: Learn why getting involved in the CPA Australia Best Practice Program can reap dividends
- Practice management
article·Published onCalling on early-career, progressive public practitioners
Be nominated or self-nominate for an award recognising innovation and a progressive mindset
- Practice management
article·Published onThink outside the square on the accounting skills shortage
Here’s how some New Zealand and Australian public practitioners deal with the scarcity of staff
- Practice management
article·Published onMY FIRM. MY FUTURE.
Supporting your business through strategic planning, skills development, business recovery and cybersecurity
- Practice management
Starting your practice
Before starting your own practice there are some key considerations and obligations to take into account
- Practice management
Practice management
Resources for the day to day of practice management, including growth and benchmarking
- Practice management