We use industry-standard internet security measures to protect the information that's sent between your practice server and the Practice Compliance server, including:
TLS 1.2 encryption
oAuth authentication
security tokens
security is provided by Amazon Web Services.
The data request is initiated via MYOB Portal's API, which creates a secure path to your server to access the on-premise data, and then closes this path upon completion of the request. Requests are sent using the TLS 1.2 protocol, through port 443. RSA 2048 bit encryption is used.
Data storage
When you're using Practice Compliance, your desktop data stays exactly where it is now - in your practice or at your currently hosted location.
All data created and copied to the cloud is stored at Amazon Web Services Sydney region data centres. Security information is available regarding Amazon Web Services data centres. For specifics regarding data surrender to authorities, see the government rights of access section of Amazon Web Services.
For now, data flow between Practice Compliance and your practice server is one way. The Practice Compliance server simply views/reads the data directly from your practice server. No data is written back to your practice server.
Privacy Act considerations
MYOB has reviewed the ways in which it collects and handles personal information as a result of changes to the Privacy Act in Australia, to ensure that it continues to comply with its privacy obligations. Similarly in New Zealand, MYOB collects and handles personal information in accordance with the Privacy Act.
Two-factor authentication
For increased user security, two-factor authentication (2FA) when logging in is available. 2FA requires two things to log in:
Something you know (your password)
Something you have (your phone).
This prevents unauthorised users from logging into your account using a stolen password.
Note that implementing two-factor authentication will not affect access to:
-
MYOB Accountants Enterprise or Accountants Office (AE/AO)
-
MYOB Practice Compliance via the MYOB AE/AO cloud icon.
If you are interested in using 2FA in your practice, there are some important details you should consider before implementing 2FA. See Two-factor authentication for accountants and bookkeepers for more details.
You can learn more about 2FA in The cheat's guide to two-factor authentication. For more information on setting up 2FA, see 2-factor authentication in the online help.
What can I do in MYOB Practice Compliance?
You can restrict access to your staff members by giving them permission to particular features in Practice Compliance.
If an employee's MYOB login credentials are recorded in your practice database then that employee will have the ability to access Practice Compliance.
If you use MYOB AE, or MYOB AO (NZ only), any team security settings that you have applied in your practice database will still apply to this employee. Once your employees access MYOB Practice, they will only be able to see documents and tasks associated with the clients they have access to in their desktop software.
See also Restrict access to MYOB Practice Compliance (MYOB AE/AO users only).