Keeping Your Data Secure

Information security is a hot topic at the moment. Following some huge Australian data breaches in 2022, including Optus and Medibank, Aussies are rightly concerned about trusting their personal and business data to third parties.

Here at Easy Business App, we're used to handling sensitive data on behalf of our users. And information security is absolutely key to everything that we do. We're an ATO-approved Digital Service Provider, which means we have to adhere to strict security standards.

And we're delighted to announce that we are now ISO 27001 Certified. ISO 27001 is the international standard in information security, achieved through a rigorous third-party audit of our systems and processes. This ensures organisation-wide protection, including increased resilience against cyber attacks.

Does an ISO 27001 Certification Matter?

Yes. As a small business owner, you hold a lot of sensitive data about your own activities, your business activities and, if you have employees, their activities too. You have a duty of care under Australian data protection laws to securely handle and store that information.

So, whenever you are assessing a software tool to use, you should make sure that it meets the strongest security standards.

Unfortunately, not all companies treat your data the way they should. The Apple and Android app stores in particular are a real "wild west" when it comes to data security; many companies are not based in Australia, do not comply with Australian data protection laws and are not independently certified by any recognised body.

And you'll often see companies say things like "we use third-parties who are ISO 27001 certified"... which is a bit like saying:

"I got a contractor to install great locks on my house, but sometimes I just leave the door wide open".

How We Keep Your Data Secure

Here are just some of the key things we do here at Easy Business App to keep your data secure:

• All our servers are located in Australia, so all your data is stored and processed right here. Our primary cloud service provider is AWS.
• All of your data is encrypted with best-in-class 256-bit encryption, 'at-rest' (which means it is encrypted in our databases) and 'in-transit' (which means when it is sent to and from you when using the app).
• We mandate multi-factor authentication for the most sensitive parts of our application (for example lodging Single Touch Payroll). Multi-factor authentication is available for all our users (using SMS, email or authenticator apps), with biometric security coming soon.
• We offer enterprise-grade user access controls — which means when you invite other users (like your accountant, or an employee) to access your account, you control exactly what information they can access.
• We hold monthly information security management meetings to discuss arising global security threats, and perform regular audits of every aspect of our infrastructure.

How To Stay Secure as a Small Business

Here are a few simple things you can do today to keep your data secure as a small business in Australia:

1. Only use software providers that are approved ATO Digitial Service Providers and hold their own ISO 27001 certification. Hint: like us 😀
2. Secure all your mobile devices with biometric unlock. And add a proper password to your laptop. Yes, we know it's quick to type 1234 to unlock it, but it's not secure.
3. Enable encryption on your laptop/desktop hard disk — on Mac this is called "FileVault" on Windows "Device Encryption". It's usually just a check-box, and you're all set.
4. Enable multi-factor authentication for all your software. Don't always have mobile reception? Use an authenticator app like Authy or Google Authenticator and you'll be sweet even if you're out and about.

Here is our ISO 27001 Certifcate.