7 tips for keeping your website and your practice secure

Follow these simple steps to help protect your firm.

Can you imagine if your clients personal and financial details were leaked? It's not a pleasant scenario to consider. But cybersecurity hacks are very real and very damaging, with cyber-crime growing 35% year-on-year since 2015. 

Use Practice Protect

Our recommended security partner is Practice Protect who also only work with accounting firms. The Practice Protect software platform gives your teams 1 portal and 1 password for all applications. They also offer training for your team, CPD training and legal compliance packs. Plus, we help Practice Protect partners promote their bulletproof cybersecurity protocols with landing pages, blogs and emails written for you. 

The following tips are inspired by Practice Protect's recommendations found here

Use strong passwords or passphrases

Everyone has heard this one before, but not everyone follows it. In fact, most data breaches occur due to bad password management habits, rather than technical hacking through firewalls or servers.

Strong passwords are long and contain a mixture of letters, numbers, capital letters and symbols. The longer the password is, the more difficult it is to crack, even with brute force. Another option is to use a passphrase or sentence that's personal to you and unguessable to others. Here are three examples from Practice Protect:

  • Xero – Myfavouritecolourisblue
  • Email – Iliketalkingtomyclients
  • Facebook – Idontliketalkinginperson

Set up 2-factor authentication

Sometimes called multi-factor authentication or 2FA,  this system means the user has to provide two different types of information in order to log in. Usually, this is something you know (a password or passphrase) and something you have (eg. a 6 digit verification code). 

Train your team

Many hacks occur because staff members aren't adequately trained. As we mentioned above, most data breaches occur due to human issues, like weak passwords. Practice Protect offers team training so your staff understand cyber-crime including common mistakes, how to identify and avoid common scams and password management practices, including where not to store passwords. 

Website usernames

We recommend your website login username should not simply be your company name or domain eg Bizink or ABC Accounting. These usernames are very easy to guess. 

Limit access

We recommend limiting the numbder of users and only giving usernames and passwords to those people who will be regularly using the website, to reduce the risk of vulnerabilities. 

Run/install the latest versions of software

Malware exploits and hacks systems by breaking through vulnerabilities in different versions of Windows and other Operating systems. If you’re running the latest version of Windows with up to date antivirus, you’ll be protected against the majority of known malwares.

This is by no means an exhaustive list, but they are common ways breaches occur.

If you are interested in chatting with Practice Protect, please feel free to drop Anthea a line and she will personally connect you with their team.