Cybersecurity – Tips to protect your accountancy practice
- Repair systems in a timely fashion
- Restrict user access
- Change passwords regularly
- Segment networks
- Upgrade software to the current version – or at worst the last but one release
- Remove data you don’t need
Limit your liability but educate your client
In a world where accountants are advising clients on which accounting software to use, due to initiatives such as Making Tax Digital, it is vital that your firm also ensures your client understands the lack of liability when it comes to computer security issues.
Cybersecurity liability should be thoroughly explained within any service/client contract.
It is also good practice for the accountant to educate the client from day one, on the same basic security that they have in place in their own practice.
This can be informal/formal, a simple friendly chat over the phone, or an organised session at the accountant’s practice that several clients attend.
If you are informed by your software vendor that a particular software package must be patched, then sharing that information with your clients is unlikely to involve significant resources.
It provides that vital way to keep in touch with your client to reassure them that you have their interest at heart and potentially create an avenue for further client offerings moving forward.
Remove client data you don’t need
For accountants, it’s a particularly important point considering the extremely sensitive nature of the data you hold, which might have commercial value too.
Secure deletion of client data that you no longer have.
As it is not only an effective block for any cybersecurity breach, but it’s also legally mandated under the GDPR, which states that privacy must be implemented by design and default.
Once a client leaves your practice, you can’t keep hold of client data just in case it might be required in future. Nor can you keep hold of client data for your own purposes, such as for analytics.
Put simply, get rid of any data as soon as you can. It might feel counter-intuitive at the time but it could prove incredibly prescient should the worst happen.
Monitor information about products you and your clients rely upon
Part of the work of a modern day accountant is to be aware of information about security issues with software that they use.
This might be as simple as subscribing to the software vendor’s email for an accounting package.
To help with this, most firms regularly issue what they call Security Advisories – just google that in addition to the vendor’s name.
Don’t forget that it’s not just the accounting software that you’ll need to monitor. Nor is it simply tasks such as ensuring your operating system is patched as soon as possible. Anywhere the internet comes into your office will require attention.
Some photocopiers and printers, for example, are internet-connected nowadays – and you’ll need to remain on top of firmware updates for these too.
(If you’re wondering if it’s not just simpler to remove these devices from the network by unplugging the cable then, yes, this is often a simple solution if it doesn’t create usability issues for the business.)
Move your practice and clients to the cloud
Cloud software is automatically and invisibly updated to fix security issues. This is a powerful incentive for making the switch to the cloud if you and/or your clients haven’t already.
Similarly, if your client data is stored in the cloud then you no longer have to take care of the security of your own server, a task so important and time-consuming than it often involves hiring the proverbial “IT guy”.
Switching to the cloud is no excuse for being ignorant about computer security.
You’ll still need to know the basics of password security.
You’ll need to ensure your network and wi-fi are secure.
You and your staff will need to be educated about social engineering hacking too.
There is little doubt that using the cloud removes a significant amount of the traditional computer security requirements and removes the worries too.