Best-practice cyber-security for accounting firms in Australia

Why is cybersecurity so important for accounting firms right now?

Cybersecurity is really important for many industries, but given accountants hold so much personal and sensitive information, you don’t want that to get in the wrong hands.

Further, public accountants are bound by the Privacy Act so you have to be very careful with disclosure of information and even just an innocent email to a wrong person can run afoul of the legislation requirements. At the same time, the threat of attacks is also increasing. It’s easy to fall into a false sense of security, in that it’s only big companies that are being attacked, or that as a smaller business, the impacts are less dire, but it’s not really the case. Generally, it’s small to medium businesses that will have to spend more to recover from a cyber-crime than anyone else. So, it’s important to be aware of that and take responsibility for cyber-security measures.

Key stats:

• Accounting firms hold sensitive personal client information and are bound by the Privacy Act.
• Reports of 13% increase of cyber attacks from 2021 to 2022, with 2023 anticipated to be up again.
• Average cost of each cyber crime incident is between $39,000 and $88,000.

What are your top cyber-security tips for accounting firms?

Firstly, it’s a lot more achievable and easier than it may seem! Increasing knowledge, awareness and education amongst your firm and staff is the first step. You can do this by attending sessions such as the recent webinar with Wolters Kluwer/CCH iFirm, or the sessions with CCH Learning, or if you're in Australia, you can access great resources from cyber.gov.au which has many free tools and tips to help you navigate your cyber-security journey.

With greater awareness, it means you and your team will be less susceptible to phishing emails -which is still the biggest attack for small to medium businesses. Human error is responsible for a lot of cyber-attacks and cyber-crimes for accounting firms.

Taking basic precautions can go a long way; such as multi-factor authentication, password managers – these low barrier to entry tools can really help accounting firms and any small business.

Ensuring compliance with the Privacy Act and having a thorough understanding of the Notifiable Data Breach regime is also critical. The latest reports show that accountants and finance professionals are still in the top five of the industries that suffer from notifiable data breaches – so we do have the data they want.

What you’re looking to achieve is to be a little more safe than the person next to you, so to speak. Remember, cyber-criminals are still fairly ‘lazy’ and if they can move on to someone else, they will!

Key tips:

• Reducing the cybersecurity knowledge gap – awareness and education
• Understanding obligations under the privacy act and notifiable data breach regime
• Basic precautions can be sufficient to see on your cybersecurity journey

What are the critical security requirements to look for when choosing a cloud service provider?

I like to boil it down to some key points to answer:

1. Make sure you know where the data is stored and data storage is as localised as possible
2. Make sure the data is encrypted in transit and at rest
3. Can you gain access to a backup of that data if you need to
4. Does the software provider have the right accreditations, such as ISO27001

Make sure the solution providor you are talking to is able to answer these questions easily!

How does CCH iFirm meet your security requirements?

I’ve been using CCH iFirm for 12 years now; I still use the software for a small amount of accounting work that I still do. I asked a lot of questions initially – and was probably very annoying. But I was always met with transparency, which was a really, really positive step, for me, knowing where my data was stored, how I could easily get it. And that was always explained at the outset. So I really value that from an end user point of view.

But then also, there is the added security from knowing what was happening behind the scenes and what Wolters Kluwer is doing to stay abreast of these cyber security movements. There’s a lot of a lot of security and comfort around that.

CCH iFirm has credentials such as ISO 27001, which is a must-have, but other things like a dedicated security operations centre is something that smaller providers can’t provide. So it’s like having a security team for my data, protecting it. Wolters Kluwer CCH is doing all these things I can’t afford to do or wouldn’t know how to do as an accountant. If a breach were to occur at least you know there’s really not much more you could have done about it, as there were so many precautions and risk mitigations in place.

Ultimately, I think people feel like they’re fighting a losing battle with cyber-security but it’s really not the case. Gaining awareness and education, asking the right questions, having the right cloud software solutions in place and taking basic precautions will go a long way.

About CCH iFirm

CCH iFirm is a well established, full cloud solution hosted on the best of breed Microsoft Azure cloud servers in ANZ or SEA (depending on your firm’s location). The software has ISO 27001 certification, includes mandatory MFA, is tested regularly against evolving key threats and is backed by Wolters Kluwer global security processes and framework including risk management and training of Wolters Kluwer staff.

Within the software itself there are many features which help promote better security practices, such as permissions to ensure access is given only to authorised personnel and help avoid any data breaches. With CCH Document Vault, our cloud document storage system, you can save multiple versions of the documents. So, you have an audit trail. Documents are encrypted at rest or in transit. And we also have antivirus software scanning those documents. With an integrated client portal solution, you can exchange documents more securely than simply e-mailing those documents.

Visit our website for more information about CCH iFirm.

About Tyler Wise, Director, CyberWise

Tyler Wise made the shift from successful accounting business operator, where he received several state and national recognition awards, including Partner of the Year, Firm of the Year, and multiple nominations for Thought Leader of the Year, to cybersecurity to help bridge the gap between accounting and cybersecurity. Aware of the mental inertia that can exist when dealing with cybersecurity, as well as an appreciation of where cybersecurity sits in an overall business model Tyler strives to provide education and awareness on the topic, introduce security measures for his peers, all while ensuring business efficiencies are not compromised. Tyler possesses a strong technical background in cybersecurity, specialising in online privacy, security and anonymity, and striving to ensure businesses and individuals remain digitally safe and secure and is a constant voice nationally on the importance of cybersecurity.