POPI Act shines spotlight on cybersecurity

Since many accountants handle the financial data of multiple businesses, they are prime targets for cyberattacks. With the Protection of Personal Information Act (POPIA) coming into effect from 1 July 2021, companies that have access to their clients’ sensitive information must take measures to protect this information. Gary Epstein, MD of EasyBiz Technologies the QuickBooks Online Accounting partner in South Africa, outlines how accountants can maximise their cyber-security and stay on the right side of the POPI Act.

Houston, we have a problem
As businesses migrate to online platforms, digital advancement helps them improve their productivity; however, it also increases the likelihood of cyber threats. Most cyberattacks are aimed at extracting money – these are ransomware attacks, which would be of particular concern to accountants who handle other people’s money. A data breach is expensive and can result in substantial financial losses. In addition, you could lose clients and struggle to get new ones as clients lose trust after such an event.

No DIY!
Checking your level of security is not a weekend project for your tech-savvy son or daughter. To ensure that you are adequately protected, consult cybersecurity firms to assess your data security level and test the vulnerabilities. Just as important is that your company’s software protects you from cyberattacks.

Make sure that you do business with companies that have high levels of security protocols. Also, ensure you request the security protocols from these businesses.

Reading something like Cyber-security for Dummies isn’t going to cut it. What is needed is advanced, industry-recognised security safeguards to keep financial data private and protected, with password-protected login, multi-factor authentication, firewall-protected servers and state-of-the-art encryption technology for data at rest and in transit.

For your eyes only
You don’t want your clients to feel as though they’re on an episode of Big Brother, so data protection of personal information is also essential. It is concerned with the processing of personal data, which carries particular risks in terms of how it is collected, stored and disseminated. Personal data can reveal who a person is, their financial details, and more (it’s the ‘more’ that most people worry about). Its processing can therefore pose serious risks to a person’s basic rights.

A basic human right
Businesses have more responsibility than ever to use data ethically, compliantly and securely. The goal of the POPIA is to ensure the lawful processing of personal information. The intentions of the Act are two-fold: firstly, it will facilitate everyone’s right to privacy as enshrined in South Africa’s constitution, and secondly, from an economic standpoint, the Act ensures that adequate internationally recognised data protection legislation is in place for when South African entities trade with international partners.

Here today, here tomorrow
If you don’t want your data to vaporise, then data backup is a crucial consideration. Software should have automatic offset storage so that you don’t have to create physical backup copies yourself. Should your computer be hacked, all of your data must still be accessible to you from any computer connected to the Internet.

Keeping up with the criminals
Hacking methods are continually evolving as fraudsters find new ways to execute attacks. No matter how secure your accounting firm is, there will always be the possibility of a data breach, as a new method could penetrate your company’s security system. Accounting firms, therefore, need to evolve their security parameters over time to tackle the newer methods of attacks and avoid that code red alert.

All aboard
There’s no point in only having your IT guy know what’s potting – every employee must be aware of the threat and follow protocols outlined by the software provider and your IT team. You can promote awareness about cybersecurity and best practices among your employees, hire a security architect (think a geeky Rambo), strategise a response plan, and leverage the cloud for better data security.

With QuickBooks, you control who accesses your financial data and what they can see and do with it. Only people you invite can access your data – not just any old Tom, Dick or Prince Harry. Each person you invite must create their own unique password. QuickBooks offers multiple permission levels that let you limit the access privileges of each user.

The Terminator on your payroll
QuickBooks monitors service and security performance for problems 24 hours a day, seven days a week. Its equipment is housed in both Intuit-operated and Amazon Web Services (AWS) data centres with 24×7 physical security, full-time security guards, video surveillance, and alarms to prevent high-tech breaches. All of these data centres have uninterruptible power supplies and backup generators for use in case of a power outage and complex smoke and flood detection and fire suppression systems.

Which came first – the chicken or the egg?
While technology becomes more sophisticated, cyberattacks become more sophisticated, too. However, the solution also lies in using technology to avoid these attacks. Accounting professionals are at particular risk, but with advances in online software security, you can ensure that your accounting business is getting the best protection possible.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Please fill out the form below to receive the trail demo link

Personal Information
Where a party receives any personal information (“PI”) related to the other party, the party who receives the PI, will comply with and have adequate measures in place to ensure that its employees, agents, subsidiaries and representatives comply with the provisions and obligations contained in the Protection of Personal Information Act, No. 4 of 2013. Any PI pertaining to one party which is required by the other party, will only be used by that other party for the purposes of this contract and will not be further processed or disclosed without the written consent of the latter and the recipient of that PI will take all reasonable precautions to preserve the integrity and prevent any corruption or loss, damage or destruction of the PI. If and when the contract is terminated, each party will, save to the extent that it is required to do otherwise by any applicable law, erase or cause to be erased, all PI and all copies of any part of the PI relating to the other party”.

Please fill out the form below to receive the trail demo link

Personal Information
Where a party receives any personal information (“PI”) related to the other party, the party who receives the PI, will comply with and have adequate measures in place to ensure that its employees, agents, subsidiaries and representatives comply with the provisions and obligations contained in the Protection of Personal Information Act, No. 4 of 2013. Any PI pertaining to one party which is required by the other party, will only be used by that other party for the purposes of this contract and will not be further processed or disclosed without the written consent of the latter and the recipient of that PI will take all reasonable precautions to preserve the integrity and prevent any corruption or loss, damage or destruction of the PI. If and when the contract is terminated, each party will, save to the extent that it is required to do otherwise by any applicable law, erase or cause to be erased, all PI and all copies of any part of the PI relating to the other party”.