With the Protection of Personal Information Act (POPIA) coming into effect from 1 July 2021, it is critical for organisations that have access to their clients’ sensitive information to ensure measures are taken to protect them.
This is especially true for accountants who handle financial data for multiple clients, making them prime targets for cyberattacks.
As businesses migrate to online platforms, digital advancement helps them improve their productivity; however, it also increases the likelihood of cyber threats. Most cyberattacks are aimed at extracting money – these are ransomware attacks, which would be of particular concern to accountants who handle other people’s money. “A data breach is expensive and can result in substantial financial losses,” says Gary Epstein, MD of EasyBiz Technologies. “In addition, you could lose clients and struggle to get new ones as clients lose trust after such an event.”
One way to ensure that you are adequately protected is to consult cybersecurity firms to assess your data security level and test the vulnerabilities. “Just as important is that your company’s software protects you from cyberattacks. Make sure that you ask the vendor for their software security protocols,” says Epstein.
What is needed is advanced, industry-recognised security safeguards to keep financial data private and protected, with password-protected login, multi-factor authentication, firewall-protected servers and state-of-the-art encryption technology for data at rest and in transit.
Data protection of personal information is also essential. It is concerned with the processing of personal data, which carries particular risks in terms of how it is collected, stored and disseminated. Personal data can reveal who a person is, their financial details, and more. Its processing can therefore pose serious risks to a person’s basic rights.
Businesses have more responsibility than ever to use data ethically, compliantly and securely. The goal of the POPIA is to ensure the lawful processing of personal information. The intentions of the Act are two-fold: firstly, it will facilitate everyone’s right to privacy as enshrined in South Africa’s constitution, and secondly, from an economic standpoint, the Act ensures that adequate internationally-recognised data protection legislation is in place for when South African entities trade with international partners.
Data back-up is another crucial consideration. Software should have automatic offset storage so that you don’t have to create physical backup copies yourself. Should your computer be hacked, all of your data must still be accessible to you from any computer connected to the Internet.
Hacking methods are continually evolving as fraudsters find new ways to execute attacks. No matter how secure your accounting firm is, there will always be the possibility of a data breach, as a new method could penetrate your company’s security system. Accounting firms therefore need to evolve their security parameters over time to tackle the newer methods of attacks.
“You need to have software that protects your business, and every employee must be aware of the threat and follow protocols outlined by the software provider and your IT team,” says Epstein. “You can promote awareness about cybersecurity and best practices among your employees, hire a security architect, strategise a response plan, and leverage the cloud for better data security.”
While technology becomes more sophisticated, it brings with it more sophisticated cyberattacks, but the solution also lies in using technology to avoid these attacks. Accounting professionals are at particular risk, but with advances in online software security, you can ensure that your accounting business is getting the best protection possible.