5 Strategies to Maintain Control Of Your Files
Syncing files from a local computer or device to the cloud is a common business practice in today’s mobile-driven world—as common as the Internet, specialty coffee, the App Store, and all the other day-to-day “Can’t-Live-Withouts.” In fact, it is probably the best example of the consumerization of IT for the small business owner. Apps like Dropbox have had a transformative impact on the expectation for accessing digital content. Simply put, the new norm is “full access to all my data from the device of my choosing.”
Over the past few years, the practice of syncing business files to personal devices has evolved from a simple function to a mission-critical solution, required for working outside of a traditional office environment. This is not exactly a shocking transformation given that we live in an on-demand world where it is common for professionals to work remotely and from a variety of devices—laptops, tablets, and smartphones. The transition from brick-and-mortar offices and employer-owned hardware to virtual locations and BYOD (Bring Your Own Device) policy has forever changed how firms operate—for better … and for worse.
File syncing is a here-to-stay solution. Today’s on-the-move professionals demand it because it allows them to work from anywhere on their own local device and access and share files that have been synced to the cloud, even when the Internet is not available.
However, while file syncing offers immense value and many conveniences, it also creates its own set of issues—relative to security—that accountants need to consider in their business practice. It’s important to balance the value of syncing files with a firm’s business and compliance requirements. The core issue caused by syncing files to multiple devices is the loss of centralized control. The moment company files are synced to multiple devices, those files are subject to the personal security habits of that user or employee—regardless of whether an employee is working on their own device or one that was firm-issued. What happens if the employee’s device is sold, lost, or stolen? The answer is that company documents go with it…falling into the hands of, well, who knows?
Real Life Example
To better understand the risks that come with syncing, it’s always best to provide a real-world peer example. Recently, an accounting firm owner reached out to explain a problem she discovered regarding syncing of sensitive client files, and was seeking some advice on how to handle it. The owner had terminated an employee. The firm adhered to a BYOD work environment, meaning the employee had synced business files directly to her personal laptop and iPad … and once synced, always synced! The employer had not considered the possible issues of a BYOD policy and the impact of syncing client files on these devices. Once the employee was terminated, the firm owner realized that she had lost central control of her firm’s files. She also realized that she had no ability to wipe the files from the ex-staffer’s devices, and that meant office files could end up anywhere, in anyone’s hands.
Top 5 Sync Strategies
This real-life example is not uncommon. If an employee in a firm has files synced to his or her devices, what is the process for protecting those files after an employee is terminated, quits, or leaves after seasonal work is complete? As file syncing has gained in popularity, many businesses have felt the pain of losing control. Bottom line, as the guardian of clients’ financial documents, practitioners must establish policies for working with solutions that sync files automatically. The following are a few syncing strategies to help mitigate file security issues down the road.
- Encrypt Folders on Local Computers—If employees have the freedom to sync firm files to personal mobile devices, make sure all files are encrypted. This extends security to files sitting out on devices owned by staff. This ensures that in the event an employee’s device is lost or stolen, access to sensitive files will not be granted to the individual who recovers the device. Note: If a device is lost or stolen and you can demonstrate that no one can access the data, client notification is not required. Encrypting data (assuming the encryption key is not stored with the device) or a password change on the cloud device, if lost, are two approaches that will protect you from a security breach. See “Client Notification Requirements” below.
- Create Strong Passwords—For encrypted files, ensure that passwords are strong (i.e., do not make your password, ‘password’). This is an all-to-common issue in firms. With the variety of passwords that the typical individual has to track, it’s understandable to want to create simple, easy-to-remember pass codes. However, don’t cut corners when it comes to the safety of your files. There are solutions, like LastPass and PassPack, developed to help manage multiple passwords with ease.
- Sync Only as Needed—Don’t allow for a complete sync of your firm’s entire file directory. Instead, only allow staff to sync the files that are absolutely required. Sync on an as-needed basis only. You could also set up defined “Employee Share” folders and restrict file syncing to these folders only.
- Use “Remote Wipe” Function—This is a key feature in syncing solutions for business users. This feature allows the removal of all synchronized files from a computer, in the event of loss or theft. Some offerings also include the ability to transfer ownership of a computer.
- Go All-Cloud—The final (and only full-proof) sync strategy is to not sync at all. Advanced cloud file management applications provide easy, fast access to files and data anytime, from anywhere, and from any device. Firms that move to an all-cloud system and away from syncing files to personal devices altogether, eliminate the risk of files being distributed on various machines among multiple people. Using the cloud exclusively for file management is the best policy to maintaining full control of your files.
Take the Time to Think it Through
There is no question that file syncing can increase firm efficiency and staff productivity, but it’s important to understand the risks and potential compromises to data security. It’s time to think before you sync. For accountants, data security is a top priority, so if syncing files is part of the daily process, it may be time to develop new policies to safeguard sensitive and confidential financial information. Follow the five strategies offered in this article to protect yourself from losing control of your files.
Client Notification Requirements
Forty-six states now have laws in place regarding security breach notification. If a computer, smartphone, or tablet is lost or stolen and the device contains clients’ personal identifiable information (PII), you are required by law to notify all clients of the security breach. The definition of Personal Identifiable Information is an individual’s first name or first initial and last name and any one of the following: social security number, driver license number, government issued ID number, account number, or credit card number in combination with a security code or password that would permit access to an individual’s financial account.
It’s good practice to be familiar with your state’s notification requirements.