Tips for using technology
- Dedicate budget to maintain and upgrade your IT systems
- Use workflow management to assess how technology can help you become more efficient
- Use data analytics to hone business performance
- Use automation to integrate your systems and processes
- Use flexible operating systems and online communication tools such as the cloud and Skype
- Consider using social media as part of your marketing strategy.
Cybersecurity and protecting your data
Our Managing cyber and data protection risks webinar, jointly provided with the Tax Practitioners Board (TPB), provides practical tips to improve your data security and help you protect your business data from cyber-attacks.
Some useful resources about cybersecurity
The Australian Taxation Office (ATO) and the TPB have developed security tips to ensure that you have sufficient IT controls in place to protect the security and confidentiality of your client records.
- ATO security tips for business
- ATO security tips for individuals
- TPB cyber aware webinar recording
- TPB frequently asked questions
- TPB minimum best practice guidance
Prevention is your best approach, but if you become the victim of a ransomware attack, you have three options:
- Use a recent, uncorrupted back-up to restore your data
- Try one of the decryption websites for information and decryption tools
- Pay the ransom.
Our members have access to a cyber liability insurance product tailored specifically for you.
EU General Data Protection Regulations
The European Union General Data Protection Regulations (GDPR) took effect on 25 May 2018.
Some Australian businesses covered by the Australian Privacy Act 1988 (Cth) may need to comply with the GDPR if they offer goods and services in the EU or monitor the behaviour of individuals in the EU.
If your business needs to comply with the GDPR you must ensure your personal data handling practices meet the regulation requirements.
The Office of the Australian Information Commissioner has a GDPR fact sheet for Australian businesses.
Notifiable data breaches scheme
The Privacy Amendment (Notifiable Data Breaches) Act 2017, makes it mandatory for businesses to report eligible data breaches from 22 February 2018.
Under the Notifiable Data Breaches (NDB) scheme, businesses need to notify individuals and the Office of the Australian Information Commissioner (OAIC) of eligible data breaches which are likely to result in serious harm to the individual.
Not all data breaches are eligible. For example, if an entity acts quickly to remediate a data breach, and as a result the breach is unlikely to result in serious harm, there is no notification requirement. If 20,000 people are affected by a data breach in a minor way, with no serious harm, this also would not be captured under the legislation.
The OAIC provides resources to guide you on what constitutes an eligible data breach and the notification process.
Introducing a cloud solution offers portability of systems and the convenience of a virtual office. When selecting a cloud provider ensure that the firm is reputable, well-funded and has standard security measures.
The TPB offers a guide for practitioners on their obligations under the Code of Professional Conduct regarding the use of cloud computing. More discussion on the advantages and disadvantages of cloud solutions can be found on our Cloud computing page.
Selecting an IT service provider
Not all businesses have the resources for their own dedicated IT support staff.
It’s important you understand what’s needed from your external service provider. You need to know what types of services can be done by a provider and what needs to be done in-house. You may also consider having more than one service provider.
A single service provider can easily be held accountable compared to multiple service providers. But this presents a risk if that provider fails.
When choosing an IT service provider you should consider their background, their ability to address your needs securely, how they will go about implementing the system as well as your own legal requirements.
You should also consider the service provider's "digital footprint" on social media in the same way that your clients evaluate your business. You can do this by searching online for reviews.
When selecting a service provider, you should have:
- a clear and enforceable service agreement
- clear scope and acceptable performance of services over the long term. For example, are software updates and hardware upgrades considered?
- a process for extension of the contract as well as variation of the services and service levels provided
- realistic pricing and fee structure without hidden costs for out-of-scope and unforeseen services
- payment terms that align the benefits with the costs of the agreement
- clear representations and warranties
- outline your respective obligations. For example, how will you address the need for interruptions to the working day and manage the ongoing relationship?
- determine their service availability. For example, can you contact them 24/7 if you are the subject of a cyber-attack?
Any contractual arrangement you put into place should aim to maintain a strong relationship with the service provider.
If the relationship deteriorates over time, problems can become much bigger if the relationship is not good to start with.
Our Guide to the cloud advises you proceed cautiously with your choices, considering the location of the service provider, and emphasising selecting a provider you can work with rather than just considering price alone. You should think about your clients' needs in terms of how you manage their data and your service provider's proposed disaster recovery arrangements and data backup approach.
Finally, you should keep a list of the key external service providers you use. Meet them regularly to discuss how the service is performing and whether improvements are needed. Remind yourself that your business could download its data and applications and move to another service provider easily if or when the relationship is no longer working.
Business Technology Report 2023: AI and cybersecurity
5 September 2023 | Do businesses that adopt AI outperform those that don’t?
Published on19 min read time
IRD pushes into data matching to tackle black economy
Six-monthly merchant transaction information needed from banks and other payment providers
Protect your small business from cyber criminals
17 October 2022 | What you need to know about data breaches, email phishing scams and the importance of cyber insurance
Published on15 min read time
FMA ups the ante on cyber security
How financial firms are bearing the brunt of escalating attacks by cybercriminals
Why small business needs to understand cybersecurity risks
17 September 2021 | Expert advice you can action today
Published on32 min read time
Discussing CPA Australia’s Business Technology Report 2022
22 August 2022 | The findings are good news for those investing in technology and upskilling
17 min read time