All client data key for cybersecurity

A cybersecurity executive has warned SMSF practitioners of the need to include all client information on hand in the cybersecurity procedures no matter how insignificant the data may be considered.

“Where people miss what’s important in protecting a [client] file [from a cyberattack] is if you look at the information you may hold about an individual, you will likely know the names of their children, places that they live or work, details about their lives that might not be stored in a structured sense in terms of the information you’ll find in your systems and software [applications], but it’s the information that will be in file notes,” Priority Networking business development manager Caillin Goss told attendees of an Accurium webinar today.

“[However], that information is what drives a lot of people’s decision-making process. It’s what drives a lot of people’s, fortunately or unfortunately, password practices. It’s what drives how they structure certain systems, who has access to certain accounts, who has access to certain information about these people.”

Goss pointed out advisers and accountants need to be cognisant details about a person’s bank account and where funds are held is not the only information cyberattackers look for as their focus is also drawn towards an individual’s generic data.

To this end, she indicated practitioners needed to be aware of how this generic information is stored too.

“[It is really important to consider] is that [data] just stored in plain text in a system that anyone can access [or] is it stored in sensitive places [where] we would expect a tax file number to be stored,” she said.

According to Goss, recognising the importance of this type of information is critical to allow practitioners the ability to properly identify gaps in their cybersecurity procedures and address them in an appropriate manner.