Technology and cybersecurity

Tips for using technology

  • Dedicate budget to maintain and upgrade your IT systems
  • Use workflow management to assess how technology can help you become more efficient
  • Use data analytics to hone business performance
  • Use automation to integrate your systems and processes
  • Use flexible operating systems and online communication tools such as the cloud and Skype
  • Consider using social media as part of your marketing strategy.

Our IT checklist for small business will help you consider your requirements for remote working, cybersecurity, cloud computing, social media, mobile devices and business compliance.

IT risk management tips for small business

Cybersecurity and protecting your data

Our Managing cyber and data protection risks webinar, jointly provided with the Tax Practitioners Board (TPB), provides practical tips to improve your data security and help you protect your business data from cyber-attacks.

Some useful resources about cybersecurity

The Australian Taxation Office (ATO) and the TPB have developed security tips to ensure that you have sufficient IT controls in place to protect the security and confidentiality of your client records.

Ransomware attacks

Prevention is your best approach, but if you become the victim of a ransomware attack, you have three options:

  1. Use a recent, uncorrupted back-up to restore your data
  2. Try one of the decryption websites for information and decryption tools
  3. Pay the ransom.

Our members have access to a cyber liability insurance product tailored specifically for you.

EU General Data Protection Regulations

The European Union General Data Protection Regulations (GDPR) took effect on 25 May 2018.

Some Australian businesses covered by the Australian Privacy Act 1988 (Cth) may need to comply with the GDPR if they offer goods and services in the EU or monitor the behaviour of individuals in the EU.

If your business needs to comply with the GDPR you must ensure your personal data handling practices meet the regulation requirements.

The Office of the Australian Information Commissioner has a GDPR fact sheet for Australian businesses.

Notifiable data breaches scheme

The Privacy Amendment (Notifiable Data Breaches) Act 2017, makes it mandatory for businesses to report eligible data breaches from 22 February 2018.

Under the Notifiable Data Breaches (NDB) scheme, businesses need to notify individuals and the Office of the Australian Information Commissioner (OAIC) of eligible data breaches which are likely to result in serious harm to the individual.

Not all data breaches are eligible. For example, if an entity acts quickly to remediate a data breach, and as a result the breach is unlikely to result in serious harm, there is no notification requirement. If 20,000 people are affected by a data breach in a minor way, with no serious harm, this also would not be captured under the legislation.

The OAIC provides resources to guide you on what constitutes an eligible data breach and the notification process.

Cloud computing

Introducing a cloud solution offers portability of systems and the convenience of a virtual office. When selecting a cloud provider ensure that the firm is reputable, well-funded and has standard security measures.

The TPB offers a guide for practitioners on their obligations under the Code of Professional Conduct regarding the use of cloud computing. More discussion on the advantages and disadvantages of cloud solutions can be found on our Cloud computing page.

Selecting an IT service provider

Not all businesses have the resources for their own dedicated IT support staff.

It’s important you understand what’s needed from your external service provider. You need to know what types of services can be done by a provider and what needs to be done in-house. You may also consider having more than one service provider.

A single service provider can easily be held accountable compared to multiple service providers. But this presents a risk if that provider fails.

When choosing an IT service provider you should consider their background, their ability to address your needs securely, how they will go about implementing the system as well as your own legal requirements.

You should also consider the service provider's "digital footprint" on social media in the same way that your clients evaluate your business. You can do this by searching online for reviews.

When selecting a service provider, you should have:

  • a clear and enforceable service agreement
  • clear scope and acceptable performance of services over the long term. For example, are software updates and hardware upgrades considered?
  • a process for extension of the contract as well as variation of the services and service levels provided
  • realistic pricing and fee structure without hidden costs for out-of-scope and unforeseen services
  • payment terms that align the benefits with the costs of the agreement
  • clear representations and warranties
  • outline your respective obligations. For example, how will you address the need for interruptions to the working day and manage the ongoing relationship?
  • determine their service availability. For example, can you contact them 24/7 if you are the subject of a cyber-attack?

Any contractual arrangement you put into place should aim to maintain a strong relationship with the service provider.

If the relationship deteriorates over time, problems can become much bigger if the relationship is not good to start with.

Our Guide to the cloud advises you proceed cautiously with your choices, considering the location of the service provider, and emphasising selecting a provider you can work with rather than just considering price alone. You should think about your clients' needs in terms of how you manage their data and your service provider's proposed disaster recovery arrangements and data backup approach.

Finally, you should keep a list of the key external service providers you use. Meet them regularly to discuss how the service is performing and whether improvements are needed. Remind yourself that your business could download its data and applications and move to another service provider easily if or when the relationship is no longer working.

Accounting software and hardware ebook