Are hackers the only data security threat to my practice?
Accidental data breaches caused by practice staff can be just as disastrous as cyberattacks. Sensitive client data ending up in the wrong hands, whether by emailing it to the wrong person, unwittingly posting it online, or misplacing a USB stick, could incur hefty fines under the NDB Scheme.
Know your obligations under the NDB Scheme
Introduced in 2018, the NDB scheme requires businesses to notify individuals when the loss of their information is likely to result in serious harm.
It’s imperative to familiarise yourself with the scheme to see if your practice needs to comply, and if so, ensure you can meet its obligations in the event of a data breach.
How can I strengthen data security in my practice?
Here are five critical measures you should take as soon as possible:
1. Ensure you have intrusion detection systems in place
Hackers are constantly evolving their tactics to outsmart intrusion detection systems like anti-virus programs and malicious software scanners. It’s therefore critical to ensure your operating systems, anti-virus programs and firewalls are always up-to-date with the latest security updates.
It’s also a good idea to prohibit staff from accessing client data on their personal computers or when connected to external Wi-Fi networks, as there is no guarantee they will be secure.
2. Use two-factor authentication
Applications that offer this form of security require not only a username and password to log in, but also a code that is sent to your phone. This means that without your phone, your account can’t be accessed by hackers.
If two-factor authentication is unavailable, ensure you require your staff to change their passwords regularly.
3. Educate staff about data breach risks
Training staff about hackers' cunning methods will help them know what to look for to prevent cyber-attacks.
An increasingly common and insidious method is a form of email-borne attack known as “spear-phishing”. Often disguised as a legitimate email, these attacks encourage the recipient to open an attachment or link infected with malware. In some cases, the malware can encrypt all your data until a ransom is paid.
As they typically mimic emails you would expect to receive, spear-phishing can easily fool those unaware of this kind of attack. Encourage staff to look out for these attacks by always checking the sender’s email address and being wary of attachments or links from external emails.
4. Control data access in your practice
Controlling who in your practice can access what data can help prevent data leaks. Ensure you entrust data access rights only to those who need it.
Access software for accountants allows you to control who can access client data and perform specific operations. For example, you may decide only partners have permission to delete clients from your database, or that only partners may view their own returns.
5. Back up your data
Given today’s increasingly perilous cybersecurity landscape, you’re running a huge risk if you don’t back up your practice data regularly.
Access Handisoft Cloud contains an online backup system allowing you to securely store your data in the cloud. Automatic daily backups and data encryption ensure all your critical data is up to date, secure, and recoverable.