10th April, 2025
No business owner wants to deal with the cost, data loss and disruption that can come with a cyber attack. For accounting practices, which rely on client trust and deal with sensitive financial data every day, cybersecurity is even more important.
In fact, with threats evolving, increasing use of AI, and rising client expectations, accounting practices need to get strategic about data security. It’s no longer a box-ticking exercise – data security must be woven into everything your practice does and supported at every level. This means building a culture around security awareness, implementing layers of technology to protect against varying threats, and keeping up with data security best practices.
The good news? Prioritising security in your practice doesn’t just protect you, it contributes to making cybercrime less appealing and – hopefully – less common in the long term.
Here’s what you need to know about weaving data security into your practice.
Without strong support from leadership, it’s almost impossible to change the wider culture of your practice – so data security initiatives need to start at the top.
Building a data security culture includes tangible actions, like writing a security strategy, implementing security technologies, and training employees. You also need to prioritise awareness and vigilance around cybersecurity, which could mean giving employees extra time for training and security processes, regularly retraining employees about cybersecurity, and sending reminders about risks or security red flags.
Why so much emphasis on people and training? Well, statistics show that 68% of data security breaches involve human error, so your employees are the first line of defence when it comes to cyber protection. By creating data security strategies that work with human nature, you’re more likely to keep your data, client information and reputation safe in the face of evolving threats.
When you’re running an accounting practice, you’re not just safeguarding your own business data – you’re also handling and storing sensitive financial data for your clients. This means your security setup needs to be doubly protective.
Great security practices reduce the risk of a data breach and help you maintain trust with your clients – crucial for accountants.
“Accounting firms know that trust is part of the reason people come to them,” explains Peter Wolski. “So, protecting your data and your systems as a whole is protecting the value of your business.”
What else is at stake for accounting practices? Financial loss is an obvious one, but compliance issues, data or system loss, and reputation damage are also potential risks.
A data breach can result in direct financial loss – the average cost of a breach in Australia is $4.26 million – and indirect costs. These include loss of clients, employee hours spent resolving the issue, and the cost of new security technology or support.
Australian accounting firms are required by law to protect personal client data and report any cybersecurity breaches that compromise that data. If you don’t have an effective way to store and protect client data, you could open yourself up to a fine or penalty.
Loss of data is another potential outcome of poor cybersecurity. A serious data breach or leak can lead to client information being exposed online or, less commonly, being lost altogether. Some cybercrime ends with businesses losing access to their data or systems, which can be hugely disruptive.
If client data is exposed or your employees have a careless approach to data handling, it could impact your clients’ trust in your practice and damage your reputation. In a sector that runs on trust, this can have a serious impact on future success.
Artificial intelligence (AI) in accounting isn’t inherently negative – but it could open your practice up to cyber threats and data loss. AI is emerging as a way for accountants to cut admin time, perform complex data analysis, and automate repetitive tasks. While it’s easy to see the potential, it’s important to use AI thoughtfully.
Many open-source AI programs have dubious data security practices, particularly around user data. A free platform may train its AI models on user data without being transparent about that fact. This means that if you plug sensitive user data into an AI program, it could be on-sold or reused without your knowledge. It’s a good idea to get advice from an expert before using open-source AI – they can help you pick the right program or anonymise your data for safer use.
Many platforms — including MYOB — use AI-powered tools in their product. This means, when you set up a workflow or use an analytics tool, AI could be working away behind the scenes. The difference? This type of AI is part of your wider software package, so it’s not exposing you to risk like open-source tools.
With high stakes, evolving threats and complex technology, cyber protection can feel like a major undertaking, particularly when you’re running a busy accounting practice. However, simple measures can make a real difference to your protection level — as long as you’re consistent.
It starts with a cybersecurity plan, a culture built around data protection and a commitment to training your team. Once you have these key elements in place, you can implement cybersecurity technology and set up processes to protect client data.
While strategy and culture are crucial pieces of the cybersecurity puzzle, technology has a role as well. Unfortunately, there’s no single tool or software system that can protect you against all cyber threats — instead, you need to choose core systems carefully and build layers of protection.
This means choosing a practice management platform with strong security features, using tools like password managers, multi-factor authentication, VPNs for secure employee access and regular audits and updates of your systems.
It’s about putting together a tech stack that works for your practice and protects your data at the same time.
Matt Cherry, Partner at Horizon Accounting Group, explains that his practice chose MYOB because it allowed simple, secure integration with other software, with benefits for staff and clients.
“Moving to cloud-based practice management is easier than ever with MYOB Practice Management. Your practice, your staff and your clients will notice the difference,” he says.
Here’s how to create your cybersecurity tech stack:
Security shouldn’t be a barrier to everyday work. An effective security system will include tools like password managers and VPNs (Virtual Private Networks), which help your employees access data and work systems without slowing them down. A password manager ensures that employees use unique passwords to log into secure systems but makes sure they don’t forget them. A VPN acts like a secure passage between your practice software and an employee’s home network, letting employees use work platforms and data remotely without exposing your practice to online threats.
Data encryption is a way of encoding text so it can be transmitted between networks safely. Choose a platform with strong data encryption standards – MYOB uses high-level encryption to safeguard sensitive data at every point, whether it’s being stored, shared, or transferred.
Multi-factor authentication (MFA), sometimes called two-factor authentication (2FA), lets you add a second layer of protection at the log-in stage. Instead of logging in with a password alone, an MFA tool sends a one-time code to the user via email, SMS or a dedicated MFA app. This makes it more difficult for hackers to access your systems, as they need both the user password and the code.
With MYOB, you can set up 2FA authentication easily, with a range of options for codes.
The more people accessing a file or platform, the more opportunities for an error that leads to a data breach. That’s why access permissions can be a useful security tool. With this technology, you grant access to different file types or even specific clients based on role or seniority. For example, if you have some clients with highly sensitive data, you may want to restrict access to just a few users.
In MYOB, it’s simple to add or remove access as needed — another way to protect client data.
Regular software updates and security audits are a key part of any data protection plan. Software updates ensure that your technology can keep up with fast-moving cyber threats — many data security systems constantly scan for new threats and update block lists based on new information. Audits have clear benefits — they help you see holes in your security system, assess any breaches or near misses, and fix potential issues before they have serious consequences.
Creating a strong data security culture is much simpler with the right technology. MYOB security features do just that — our accounting platforms come with high-level encryption, secure data storage, flexible access restrictions and usable log-in tools. Our security team is continually assessing and updating our security protocols to ensure that your data – and your clients’ data — is safe and accessible.
The goal is a system that works for your practice, giving you access to the tools and data you need without putting sensitive information at risk. As we’ve seen, data protection is about layering tools, tech and team effort – and MYOB is a great base to build on.
Information provided in this article is of a general nature and does not consider your personal situation. It does not constitute legal, financial, or other professional advice and should not be relied upon as a statement of law, policy or advice. You should consider whether this information is appropriate to your needs and, if necessary, seek independent advice. This information is only accurate at the time of publication. Although every effort has been made to verify the accuracy of the information contained on this webpage, MYOB disclaims, to the extent permitted by law, all liability for the information contained on this webpage or any loss or damage suffered by any person directly or indirectly through relying on this information.