INTHEBLACK December - January 2022 - Magazine - Page 33
SPECIAL ADVERTISING FEATURE
9 SIMPLE WAYS TO PROTECT YOUR
PRACTICE – AND YOUR CLIENTS –
FROM A CYBER ATTACK
With data breaches, ransomware attacks and various
other forms of cybercrime on the rise, it has never
been more important to prioritise cybersecurity.
D
uring the 2020-2021 financial year,
the Australian Cyber Security
Centre (ACSC) received more than
67,500 cybercrime reports, the equivalent
of one attack every eight minutes. This
was almost 13 per cent higher than the
previous year, in large part due to the
increased number of people relying on
the internet to work, communicate and
access services remotely.
Accountants are particularly attractive
prey to cyber criminals, given the high
amount of sensitive client data they
keep on file, such as bank account
details and tax file numbers.
Unsurprisingly, the finance sector
consistently ranks as one of the highest
reporting industry sectors under the
Notifiable Data Breaches (NDB) scheme.
For this reason, accounting practices
have a responsibility to put in place
some basic, but important, cybersecurity
safety measures – both to safeguard
their clients’ data and also protect their
business from the reputational and
financial fallout of a breach, explains
Drew Fenton CPA at Fenton Green.
“In my view, this is the biggest risk
any business is facing now,” he says.
“We have a cohort of bad people trying
to steal your data for profit, so my
strongest recommendation is to get
yourself a good IT consultant to advise
you and then, as a back-up, take
out cyber insurance.”
SIMPLE STEPS TO STRENGTHEN
YOUR DEFENCE
Aside from transferring exposure via
cyber liability insurance – and
outsourcing IT to a “reputable,
well-resourced tech firm” – Fenton
urges practices to rigorously enforce
the ACSC’s “Essential Eight Maturity
Model” to enhance their cyber
resilience. In particular, he suggests
focusing on the following measures:
• Install a firewall and ensure all
•
•
•
•
•
devices are equipped with the latest
anti-virus protections.
Keep all systems and software up to
date and install patches as soon as
they become available.
B
ack-up data regularly (daily if
possible), store copies offline (so the
network can be restored after an
attack with minimal disruption) and
test back-ups regularly.
Enable multi-factor authentication
on all staff devices to prevent
unauthorised access.
T
rain employees on cybersecurity,
breaches and scams.
Use a password management system
to create long, complex passwords,
and change them regularly.
Find out more about cyber
insurance from Fenton Green
• Encrypt personally identifiable
•
•
information.
E
stablish protocols around the use
of business computers (stipulating,
for example, that they should only
be used by employees); likewise,
limit system access only to people
who need it.
Prepare a cyber incident response
plan, outlining staff members’ roles
in the event of a breach, including
all legal and regulatory obligations.
With self-reported losses from
cybercrime in Australia totalling more than
A$33 billion in the last financial year – and
business email compromise alone costing
on average A$50,600 per event – Fenton
encourages practices to maintain a regular
line of communication with their insurer to
minimise the impact of what
he believes to be an “inevitable” attack.
Not only can specialist cyber insurers
share valuable insights regarding the latest
scams and how to avoid them, but they
can also ensure firms are complying with
the terms of their cyber liability policy,
which may include using specific anti-virus
software, or implementing certain security
measures.
Fenton adds, “Without question, insurers
have a significant wealth of knowledge in
this area, and our recommendation is
always to go back and ask your broker or
insurer for advice.”
33
DEC 2022
JAN 2023
intheblack.cpaaustralia.com.au
