Top 10 tips for accountants for keeping your data safe

While it can feel like the focus of GDPR is on permission and marketing, in reality the heart of GPDR is keeping personal data safe.

This is really important for accountants, as we hold a lot of data about clients and this is attractive for hackers to steal and sell, or to lock up with ransomware and force us to pay to release.

In his recent webinar (Cyber Attacks and How to Protect your Firm and Clients) Paul Newton reminded us to remain vigilant and have a culture that allowed everyone to question things that looked “unusual” and that is a great tip that we all need to remember.

For 10 more useful tips, please see the list below!

If you are an accountant in practice or industry and would like more information about becoming a 20:20 Innovation member, why not book a free 30-minute demo with our team today.

1. Back up your data

You should back up your data regularly. If you’re using an external storage device, keep it somewhere other than your main workplace – encrypt it, and lock it away if possible. That way, if there’s a break-in, fire or flood, you’ll minimise the risk of losing all your data.

Make sure no-one is saving data to locations / folders that are not part of the backup routine.

Check your back-up. You don’t want to find out it’s not worked when you need it most. Make sure your back-up isn’t connected to your live data source, so that any malicious activity doesn’t reach it.

2. Use strong passwords and multi-factor authentication

Make sure you use strong passwords on smartphones, laptops, tablets, email accounts and any other devices or accounts where personal information is stored. They must be difficult to guess. The National Cyber Security Centre (NCSC) recommends using three random words.

Where possible, you should consider using multi-factor authentication. Multi-factor authentication is a security measure to make sure the right person is accessing the data. It requires at least two separate forms of identification before access is granted. For example, you use a password and a one-time code which is sent by text message.

3. Be aware of your surroundings

For example, if you’re on a train or in a shared workspace, other people may be able to see your screen. A privacy screen might help you keep your screen blocked to prying eyes.

4. Be wary of suspicious emails

You and your staff need to know how to spot suspicious emails. Look out for signs such as bad grammar, demands for you to act urgently and requests for payment. New technologies mean that email attacks are becoming more sophisticated. A phishing email could appear to come from a source you recognise. If you’re not sure, speak to the sender. NCSC provide useful training materials to help you and your staff recognise suspicious emails.

5. Install anti-virus and malware protection

And keep it up-to-date.

You must make sure the devices you and your employees use at home, or when you’re working away, are secure. Anti-virus software can help protect your device against malware sent through a phishing attack.

Lock your screen when you’re temporarily away from your desk to prevent someone else accessing your computer. If you do need to leave your device for longer, put it in a secure place, out of sight.

If you are using mobile devices, then make sure they have a lock on them and ideally don’t leave them unattended, as they are very easy to steal!

7. Make sure your Wi-Fi connection is secure

Using public Wi-Fi, or an insecure connection, could put personal data at risk. You should make sure you always use a secure connection when connecting to the internet. If you’re using a public network, consider using a secure Virtual Private Network (VPN).

8. Limit access to those who need it

Different workers may need to use different types of information. Put access controls in place to make sure people can only see the information they need. For example, payroll or HR may need to see workers’ personal information, but your sales staff won’t.

If someone leaves your company, or if they’re absent for a long period of time, suspend their access to your systems.

9. Take care when sharing your screen

Sharing your screen in a virtual meeting may show your device to others exactly as you see it, including any open tabs or documents. Before sharing your screen, you should close anything you don’t need and make sure your notifications and pop-up alerts are switched off.

10. Don’t keep data for longer than you need it

Getting rid of data you no longer need will free up storage space. This also means you have less personal information at risk if you suffer a cyber-attack or personal data breach. The firm should have a data retention policy and by following this you will be able to have enough information to show compliance with AML regulations and defend against future tax enquiries, but also minimise the risk of keeping old data.

Keep in mind that clients can submit a Subject Access Request and require you to send them details of every piece you data you hold about them – the less you have to go through to deal with this kind of request, the better.

For more detail on GDPR and data security, Andy Larkum is running a series of webinar for us:

Data Protection - What Does Good Look Like in 2024?… | 2020 Innovation

Cyber Security for Accountancy Practices; The… | 2020 Innovation

GDPR - Identifying and Reporting Breaches - 8th… | 2020 Innovation

If you would like more information about joining 20:20 Innovation why not book a free 30-minute demo with our team today or call us on +44 (0) 121 314 2020.