Cyber Security

Cyber Security

Cyber security

How seriously are you taking cyber security? If you have a tub full of cash, you’ll take measures to protect it, right? You should equally protect your business information. Here are our top cyber security considerations.

Backup of Computers and all Data

Backup is essential. Offsite, remote or cloud backup is the best option; you can “set and forget”, and it then happens automatically in the background.

Alternatively use an external drive and schedule regular backups, e.g. at the end of each work day.

Electronic Document Storage

Electronic storage of business records is great but you must still have a secure process for backup and access in place. You should keep records of who has access and at what level. As these are your legal business records, care must be taken to maintain integrity and security of these records.

Learn more: Paperless office – what are the benefits?

Passwords and User Access

Keep a log of who has access to what application. It is easy to forget who you have given access to for what software or applications. Make sure that when a staff member leaves, you also rescind their access to your software, banking, supplier and customer information and any other applications.

Regularly update and change your passwords. You should be using a secure password generator as well and consider using a password vault or manager such as 1Password or LastPass to keep all your logins secure. Using a password vault means you only have to remember one password – you can then log in to all your other applications from within the vault.

Cyber and Email Security

At a minimum, you should have anti-malware and anti-virus protection on all devices. For best security, you should also have an email security gateway to act as an intermediary between the internet and your email inbox. This will reduce the amount of spam emails you receive.

Settings and Preferences

All of your devices and all applications and programs that you use have setting and preferences that you are able to customise for the greatest level of security. We recommend you always choose the highest level of security available.

Accounting Software

Regularly check the registered users of your accounting software and their level of access, to ensure there have not been any unauthorised users added to your account. Conduct audits of the system to look for duplicated bank accounts, supplier names you are not familiar with or any unusual activity. If you use online payment gateways to send or receive payments, check their security options.

Two Factor Authentication (2FA)

Two Factor Authentication adds a second level of authentication to a login process. Entering a username and password is considered a single-factor authentication. 2FA requires the user to have more credentials to log into an account. It has been around for many years and we are used to using it for banking and interacting with government departments.

For any service or application that offers two-factor authentication, enable it right now for every sign-in. If you are using software or other applications that do not currently offer two-step verification, get on their forums or feedback areas to request this feature.

Learn more: Two Factor Authentication and why it’s important

Scamwatch

Scammers are becoming increasingly sophisticated and creative. Always be on the lookout for potential scams. Sign up for Scamwatch newsletters to stay abreast of current scams. Also check the ATO scam webpage for information relating to tax scams.

Identity of Software Company Representatives

If a representative of your software company contacts you, always check their identity and ask for a means of verifying them. If you have a dedicated account manager, always check with them if it is feasible to do so, or even raise all issues through them if possible. Be particularly watchful if a software rep wants to access your file. If they take over your computer through Team Viewer or similar, always watch what they are doing and if you are suspicious, end the session immediately. Do not leave the computer while they are working on it. Make sure they are only accessing areas that are relevant to that software company.

Legitimacy of Cold Calls and Emails

If you have not placed a call, logged an issue with their online system or otherwise initiated contact, be suspicious of anyone calling you claiming to be a representative from a company, even if it is one you regularly deal with, and even if their claim sounds plausible.

If you are interested in what they are offering or asking, always ask for their identification and a means of verifying that they work for the company they claim to be working for. Do not give out personal information unless you are sure of who you are speaking to.

If you receive emails claiming to be from someone you know but there is anything suspicious, check the actual email address being used by the contact. Foreign email addresses can masquerade as another email address. Before replying, check the actual email address being used, not just the contact name.

If they are bullying you to prove something, when you haven’t initiated any matters or issues, do not disclose or provide any information. Ask them to prove their case and then check the veracity of the claim.

Mobile Phone Security

Always choose the highest level of security available on your mobile phone. Enable fingerprint identification if available; at the very least enable password sign-in. Consider a remote access backup so that if your phone is stolen you can remotely log in and disable the phone.

Privacy Laws

Australian privacy laws prevent businesses from releasing personal information and misusing it. Before you share any private or personal information, be certain of who it is you are giving the details to. Do not disclose your tax file number, bank account, passwords or other sensitive information.

Digital Signature

Authenticated digital signatures are allowable as an alternative to a hand-written signature. Not all electronic or digital signatures are authenticated – make sure the option you choose has a valid authentication process.

Learn more: Advantages of digital signing

Employees

Educate your team on the importance of cyber security. Make sure all employees follow your standards and procedures. Make your team aware of internal policies you have regarding cyber and email security, internet use, downloads and so on.

You should have internal security procedures documented. For example, this may outline the process for double authorisation of all payments.

All staff should have individual logins and email addresses.

Consider installing computer monitoring software on employee computers.

When staff leave the business, remove access to all internal websites, accounting software, banks, supplier information and so on.

Final thoughts on Cyber Security

And there you have it – our top tips on cyber security. It’s as important to secure your digital data as it is to secure your cash.

 


PS. Whenever you’re ready, here are 3 ways we can help you eradicate financial stress in your accounting firm or professional services business – faster …

  1. Sign up to our LinkedIn newsletter, published weekly. You can sign up here: Eradicating Financial Stress

  2. Get our book “Wow – I’m in Business! Your journey from overwhelmed to organised.” It’s full of insights, solutions and downloadable resources you can implement into your business immediately. Click here for your copy: Wow … I’m in Business! – Miss Efficiency

  3. Book a time with me privately and we’ll do a deep dive into your Xero file to help you optimise for cash flow, efficiency and growth. Click here to book: Book a time with Sarah

Related Posts

member-img

Do you use a password manager?

Cloud computing and web-based apps have undoubtedly improved business efficiency. But once you and y

Read More
member-img

Record keeping

Record keeping is essential for your business! Good record keeping can help you protect your busine

Read More
member-img

Client Referral System

How highly do you value leads in your business? For any small or medium business, leads

Read More