How to protect your client data when outsourcing SMSF administration
Many mid-tier accounting and financial planning firms outsource their SMSF administration, whether it’s due to overhead costs, lack of time, or the current skills shortage.
Unfortunately, firms may unknowingly be putting their clients’ data at risk if they work with an outsourcing provider that doesn’t have its own data protection policy. And after some of Australia’s largest companies were successfully hacked in 2022, it’s become absolutely critical for accounting and financial planning firms of all sizes to protect their clients’ confidential information.
Not doing so risks heavy losses: the Australian Cyber Security Centre reported that between 2021 and 2022, each reported cybercrime cost a small business up to $40,000.
Are your current SMSF outsourcing practices putting your data at risk?
When companies outsource, they share their clients’ data with potential unknowns and create opportunities for that data to be misused or stolen.
Whether it’s software or people, below are some of the risk areas (and the questions firms should be asking their providers about them):
- Data sharing – how are you sharing data with your outsourced provider? Is it via email or a safer encrypted portal?
- Data access – who will be accessing your clients’ information, how will they be accessing it and where will it be saved?
- Data retention – what will happen to the data once the outsourcing job has been completed and how many copies of the data will then exist in the world?
- Data value – what information is and isn’t absolutely critical to send to the outsourcing provider? Is the data you’re sharing of interest to potential hackers?
How to protect your clients’ data when you outsource SMSF admin
Do these potential risks and vulnerabilities mean that you should stop outsourcing?
Definitely not; outsourcing can be vital to optimising your firm’s budget, productivity, and efficiency, and we’re not suggesting it should be left out of the business plan.
There are many outsourcing providers that do their due diligence to protect your data – it’s only a matter of identifying them.
Here are three things to look for when choosing your outsourcing provider:
- They only use secure data portals and servers to handle your information
- They have up-to-date protections and comply with local data protection laws – look out for SSL certification for 128-bit or 256-bit encryption, as well as an ISO 27001 framework
- Their employees are using secure devices and their software records every time an employee accesses your data
Want to know more about protecting critical data whilst outsourcing?
There’s always more to learn about protecting your data, and this blog covers only the tip of the iceberg.
As an outsourcing provider with over 10 years’ experience supporting firms with SMSF Administration, Business Services, Paraplanning Support, SMSF Audit, and Mortgage Processing Services, SuperRecords knows how to keep you and your data safe. To learn more about our services and see our data protection practices in action, book a demo.