With the grace period for compliance with the Protection of Personal Information (POPI) Act coming to an end, it is critical for organisations to ensure security measures are taken to protect and secure the integrity and confidentiality of clients' personal information in its possession or under its control. This is especially true for accountants who handle financial data for multiple clients, making them prime targets for cyberattacks
As businesses migrate to online platforms, digital advancement helps them improve their productivity; however, it also increases the likelihood of cyber threats. Most cyberattacks are aimed at extracting money, which would be of particular concern to accountants who handle other people’s money.
A data breach is expensive and can result in substantial financial losses. In addition, businesses could lose clients and struggle to get new ones as clients lose trust after such an event. The following precautions can help accounting practices safeguard their business and their clients:
- Consult the experts – One way to ensure that a business is adequately protected is to consult cybersecurity firms to assess its data security level and test the vulnerabilities. Just as important is that the company’s software protects it from cyberattacks. The vendor should be consulted about its software security protocols, too.
- Spend to save – Advanced, industry-recognised security safeguards are needed to keep financial data private and protected, with password-protected login, multi-factor authentication, firewall-protected servers, and state-of-the-art encryption technology for data at rest and in transit.
- Protect your clients – Data protection of personal information is concerned with the processing of such information, which carries particular risks in terms of how it is collected, stored and disseminated. Personal information can reveal who a person is, their financial details, and more. Its processing can therefore pose serious risks to a person’s basic rights.
- Prioritise data backup – Software should have automatic offset storage so that companies don’t have to create physical backup copies themselves. Should a company’s computers be hacked, all of the data must still be accessible to users from any computer connected to the Internet.
- Stay ahead of the bad guys – Hacking methods are continually evolving as fraudsters find new ways to execute attacks. No matter how secure an accounting firm is, there will always be the possibility of a data breach, as a new method could penetrate a company’s security system. Accounting firms therefore need to evolve their security parameters over time to tackle the newer methods of attacks.
- It’s a team effort – Every employee must be aware of the threat and follow protocols outlined by the software provider and the company’s IT team. One can promote awareness about cybersecurity and best practices among one’s employees, hire a security architect, strategise a response plan, and leverage the cloud for better data security.
Every business needs to have control over who accesses its financial data and what they can see and do with it. Only people that have been invited should have access to a company’s data and each person invited must create their own unique password. Choose software that features multiple permission levels that limit the access privileges of each user.
Businesses have more responsibility than ever to use data ethically, compliantly and securely. The goal of the POPI Act is to ensure the lawful processing of personal information. The intentions of the Act are two-fold: first, it will facilitate everyone’s right to privacy as enshrined in South Africa’s constitution, and second, from an economic standpoint, the Act ensures that adequate internationally recognised data protection legislation is in place for when South African entities trade with international partners.
And while technology is becoming more sophisticated, it brings with it more sophisticated cyberattacks, but the solution also lies in using technology to avoid these attacks. Accounting professionals are at particular risk, but with advances in online software security, businesses can ensure that they are getting the best protection possible.
Gary Epstein, Managing Director of EasyBiz Technologies, partner for QuickBooks