Tax Practitioners Board (TPB) Practice Note on Cloud Computing
The TPB issued a Practice Note called TPB(PN) 01/2017 Cloud computing and the Code of Professional Conduct on 25 January 2017.
The note outlines how accounting firms will be liable for how their client’s data is treated and stored. It has ramifications for your communication with your clients (including engagement letters) and how you deal with cloud providers. It revolves around confidentiality and privacy matters.
If you have not already done so I’d recommend you have the relevant person in your firm review this document and make sure you are in compliance with what the TPB requires. If there is noncompliance the TPB has the ability to cancel your registration. Ouch!
You can access the Practice Note here : https://www.tpb.gov.au/practice-notes
HTTPS and your website
One of the messages that has been delivered to me from a few sources is that Google is now putting more emphasis on the importance of secured websites. This means they want to see sites providing an HTTPS connection for users and not the default of HTTP.
As I understand it, HTTPS is essentially an encryption layer, and more secure method of communication that sits on top of HTTP. HTTPS communications are securely encrypted and cannot be intercepted or corrupted. This is important if you are collecting data via forms on your website.
I’m told Google is now giving a bit of weight to HTTPS in its search algorithms and if a user is browsing with Chrome “insecure” messages are starting to be displayed if a site is not HTTPS. As part of moving to HTTPS you will need what is called an SSL certificate. SSL Certificates are digital certificates that link a domain name to an organisational identity and location. SSL Certificates are required for users to connect to a website via HTTPS.
I know this all sounds a bit technical! Check with your IT / website expert to see if they are already on to this. I’m in the process of migrating the Planet Consulting website to HTTPS, as I believe it will be expected as the norm and if a site does not have it there may be credibility issues.
iPhone security issue to be aware of
I don’t own an iPhone but I know many of you do. I’ve been told by an IT company that if someone finds your phone and you have not disabled Siri from the lock screen that person can ask Siri questions to get quite a few of your personal details, including where you live.
If you have an iPhone and want to disable Siri from the lock screen, go to Settings>Touch ID>Passcode and under “Allow access when locked” turn off Siri, Todays View and Notifications View.
Regardless of what sort of phone you have I would expect you’d have a password or code on the lock screen so if it gets lost there is some protection from prying eyes. You may also want to consider setting up the ability to remotely wipe your phone. The Trend Micro security software I use on all my computers and mobile devices has this capability and there are no doubt plenty of other options.