Smithink’s ATSA 2017 technology survey found that 14 per cent of firms had reported being hacked, with cyber criminals targeting accounting systems to steal employee details for identity theft, alongside obtaining tax return data, and “lodging employee tax returns to steal PAYG”.
According to Smithink director David Smith, accounting firms are a “very attractive target” for cyber criminals because of the amount of sensitive financial and private client data held on their systems.
“Much, if not all, the information needed to successfully steal an identity can be found in client data,” Mr Smith said.
“While nothing is 100 per cent secure and a crook with enough determination, talent and time can still probably get past your security, there’s a lot you can do to slow the crooks down so much that they may find it easier to hack someone else than waste time trying to get past your defences.”
Mr Smith also pointed to the incoming Notifiable Data Breaches scheme set to commence on 22 February 2018 as a reminder to treat cyber security as a present priority.
“Time is not your friend,” added Mr Smith.
“You’d need to notify anyone impacted as soon as the breach occurs to minimise any damage to them.”
While the data around cyber breaches have not been positive, several practitioners have come to the defence of moving to technology-based solutions, believing that there will be risks involved in any method adopted by accountants.
Speaking on Accountants Daily Live, Kevin San & Associates director Kevin San said the benefits presented by technology outweighed the risks involved.
“With any solution, whether the old-school solution or the cloud solution, there’s pros and cons,” said Mr San.
“Nowadays where we’ve got a lot of identity theft, is it really that safe to email a PDF to a client which has a tax file number on it? Is it really safe to mail them something to their letterbox where people might steal your mail to get your details and steal your identity?
“There are downsides to every form of technology — low-tech or high-tech. To me, it’s not really about which one is better, it’s about having workarounds which mitigate the risks as best you can and maximising the potential of the benefits.”
Likewise, My Accounts managing director Noel Tiufino believes that while there are risks associated with adopting technological advancements, it is imperative to have an open discussion with clients to show them the flipside.
I think it’s very important to acknowledge concern but just have a very respectful discussion and show them the alternatives, saying, ‘ok we can do it this way, here’s the output we can deliver, here’s why the cost will be higher’,” said Mr Tiufino.
“It’s not saying to them you’re wrong to feel that way but here are all the advantages of doing this. Is that not worth the move?”