With the Protection of Personal Information Act (POPIA) coming into effect from 1 July 2021, it is critical for organisations that have access to their clients’ sensitive information to ensure measures are taken to protect them. This is especially true for accountants who handle financial data for multiple clients, making them prime targets for cyberattacks.
As businesses migrate to online platforms, digital advancement helps them improve their productivity; however, it also increases the likelihood of cyber threats. Most cyberattacks are aimed at extracting money – these are ransomware attacks, which would be of particular concern to accountants who handle other people’s money.
“A data breach is expensive and can result in substantial financial losses,” says Gary Epstein, managing director of EasyBiz Technologies. “In addition, you could lose clients and struggle to get new ones as clients lose trust after such an event.”
One way to ensure that you are adequately protected is to consult cybersecurity firms to assess your data security level and test the vulnerabilities.
“Just as important is that your company’s software protects you from cyberattacks. Make sure that you ask the vendor for their software security protocols.”
What is needed, he says, is advanced, industry-recognised security safeguards to keep financial data private and protected, with password-protected login, multi-factor authentication, firewall-protected servers and state-of-the-art encryption technology for data at rest and in transit.
Data protection of personal information is also essential. It is concerned with the processing of personal data, which carries particular risks in terms of how it is collected, stored and disseminated. Personal data can reveal who a person is, along with their financial details. Its processing can therefore pose serious risks to a person’s basic rights. As a result, businesses have more responsibility than ever to use data ethically, compliantly and securely.
The goal of the POPIA is to ensure the lawful processing of personal information. The intentions of the Act are two-fold: firstly, it will facilitate everyone’s right to privacy as enshrined in South Africa’s constitution; and, secondly, from an economic standpoint, the Act ensures that adequate internationally-recognised data protection legislation is in place for when South African entities trade with international partners.
Data back-up is another crucial consideration. Software should have automatic offset storage so that you don’t have to create physical backup copies yourself. Should your computer be hacked, all of your data must still be accessible to you from any computer connected to the Internet.
Hacking methods are continually evolving as fraudsters find new ways to execute attacks. No matter how secure your accounting firm is, there will always be the possibility of a data breach, as a new method could penetrate your company’s security system. Accounting firms therefore need to evolve their security parameters over time to tackle the newer methods of attacks.
“You need to have software that protects your business, and every employee must be aware of the threat and follow protocols outlined by the software provider and your IT team,” says Epstein. “You can promote awareness about cybersecurity and best practices among your employees, hire a security architect, strategise a response plan, and leverage the cloud for better data security.”
An example, he says, is QuickBooks, with which one can control not only who accesses financial data, but also what they can see and do with it. Only people you invite can access your data. Each person you invite must create their own unique password. QuickBooks offers multiple permission levels that let you limit the access privileges of each user.
Epstein points out that QuickBooks continually monitors service and security performance for problems. Its equipment is housed in both Intuit-operated and Amazon Web Services (AWS) data centres, with 24×7 physical security, full-time security guards, video surveillance, and alarms to prevent high-tech breaches. All of these data centres have uninterruptible power supplies and backup generators for use in case of a power outage and complex smoke and flood detection and fire suppression systems.
While technology becomes more sophisticated, it brings with it more sophisticated cyberattacks, but the solution also lies in using technology to avoid these attacks. Accounting professionals are at particular risk but, with advances in online software security, they can ensure that their accounting business is protected.