Earlier this year, we were approached by a company called Practice Protect which is a platform that provides accountants and bookkeepers with 24/7 cloud data security. I had been concerned/worried about data security (mainly client data) for some time and when Practice Protect called me, I immediately became interested. Here was a ready-made program on offer that gives accounting professionals the opportunity to protect their clients’ data (and their own) via an easy-to-use app. Needless-to-say, I did end up adopting this app and we now use it in our practice. After some training and set up procedures, I am proud to say that we are a Practice Protect Cloud Best Practice. But why did we do this and how does it work exactly?
Privacy Amendment (Notifiable Data Breaches) Bill 2016
So why have we adopted Practice Protect into our practice? The simple answer is that being 100% cloud-based, our client’s data is at risk every day of being stolen or compromised in some way despite our best efforts to shield it. Further to this, our employees work remotely and so I felt that I didn’t have proper control over their data security (or lack thereof) – how can you when they are living in different states?! With cybercrime on the rise and criminals getting cleverer in terms of finding ways to steal data, I felt that using some sort of protection app to assist our practice was a no-brainer. The security of my client’s data has been worrying me for some time so to have this added protection available to us 24/7 is such a relief. Let’s face it, when you’re online, you’re at risk – it’s a very difficult thing to control at the best of times!
So that was the main reason for using Practice Protect – because I have a duty of care to keep our clients’ data protected at all times, but there is another reason too – the recently announced Mandatory Breach Reporting Legislation. This legislation came into effect on 22nd February 2018 and affects many businesses, not just accounting professionals like us. Basically, under the new law, if an organisation determines that their data has been breached/lost/stolen, it is required to report the incident to the Privacy Commissioner AND to all affected clients. While the law mainly applies to organisations with an annual turnover of more than $3 Million, the law does apply to some businesses with a lower turnover, particularly those who handle credit reporting information, tax file numbers and health records. As our practice does handle and store the tax file number data for several clients, this law applies directly to our practice. While I realise that a data breach can happen at any time and for a number of reasons, I do now feel better about our situation given our association with Practice Protect. Practice Protect has provided us with the right tools should a data breach occur and a plan to follow etc. I hope we never have to use it but if we do, I know we will have their support and assistance.
The second layer of protection is found in the control of users and their daily online activity. The administrator can track a user’s activity in real-time and see which apps were accessed and by whom – a necessity should a breach occur and reporting required! It is also possible to grant or revoke staff access to particular apps allowing practice owners full control over what their staff see or use. Also, it is possible within the app to restrict staff access geographically (i.e. only grant access from inside Australia or from certain countries). The protection extends to all devices used by all users including smartphones. Via initial set up, user-initiated cloud password resets are diverted to the administrator/practice owner meaning staff/users cannot attempt to change any passwords. Practice Protect also allows for two-factor authentication as an extra security layer.
Lastly, Practice Protect provides users with thorough training both in regards to the use of the app and cybersecurity for your practice. Practice owners are provided with a full set of policy document templates that can be adapted for their own use which I have found particularly beneficial. Also provided is a data breach response plan and access to an emergency breach response hotline. We have done the training and as such, e-BAS Accounts is now a Cloud Best Practice firm! We use Practice Protect to keep your data safe.
Using Practice Protect has given me peace of mind – I still worry about cybersecurity but not as much. I feel like I am doing all that I can to protect our clients and their data. Previously I felt like I was not honouring my duty of care to clients re cybersecurity, particularly regarding the use of remote staff and not having any control over their digital activity. If the worst happens and I do end up having a data breach, I know that the practice is more prepared now and with a plan in place, will be better able to handle the situation.