See also APES 305 Terms of Engagement disclosure requirement (from 1 July 2021) (Australia only)
We use industry-standard internet security measures to protect the information that's sent between your practice server and the MYOB Practice server, including:
TLS 1.2 encryption
oAuth authentication
security tokens
security is provided by Amazon Web Services.
The data request is initiated via MYOB Portal's API, which creates a secure path to your server to access the on-premise data, and then closes this path upon completion of the request. Requests are sent using the TLS 1.2 protocol, through port 443. RSA 2048 bit encryption is used.
Data storage
When you're using MYOB Practice, your desktop data stays exactly where it is now - in your practice or at your currently hosted location.
All data created and copied to the cloud is stored at Amazon Web Services Sydney region data centres. Security information is available regarding Amazon Web Services data centres. For specifics regarding data surrender to authorities, see the government rights of access section of Amazon Web Services.
For now, data flow between MYOB Practice and your practice server is one way. The MYOB Practice server simply views/reads the data directly from your practice server. No data is written back to your practice server.
Privacy Act considerations
MYOB has reviewed the ways in which it collects and handles personal information as a result of changes to the Privacy Act in Australia, to ensure that it continues to comply with its privacy obligations. Similarly in New Zealand, MYOB collects and handles personal information in accordance with the Privacy Act.
Two-factor authentication
For increased user security, two-factor authentication (2FA) when logging in is available. 2FA requires two things to log in:
Something you know (your password)
Something you have (your phone).
This prevents unauthorised users from logging into your account using a stolen password.
Note that implementing two-factor authentication will not affect access to:
-
your Accountants Enterprise or Accountants Office Suite, or
-
your online practice functions, such as MYOB Practice, dashboard and online tax features via the AE/AO Live icon.
If you are interested in using 2FA in your practice, there are some important details you should consider before implementing 2FA. See Two-factor authentication for accountants and bookkeepers for more details.
You can learn more about 2FA in The cheat's guide to two-factor authentication. For more information on setting up 2FA, see 2-factor authentication in the online help.
What can I do in MYOB Practice?
You can restrict access to your staff members by giving them permission to particular features in MYOB Practice.
If an employee's MYOB Login credentials are recorded in your practice database then that employee will have the ability to access MYOB Practice.
If you use MYOB AE, or MYOB AO (NZ only), any team security settings that you have applied in your practice database will still apply to this employee. Once your employees access MYOB Practice, they will only be able to see documents and tasks associated with the clients they have access to in their desktop software.
See also Restrict access to MYOB Practice (MYOB AE/AO users only).