How to Prevent Hackers From Stealing Accounting Information
The age of the “untethered accountant” is here.
Technology enhancements and innovations are changing the way we live, communicate, shop, listen to music and, certainly, the way we work. The Accounting profession is no different, and the ways in which “the cloud” – hosted, Software-as-a-Service and mobile solutions – are changing the relationship between accounting professionals and their small business clients is significant and dramatic.
Virtual offices are springing up at local Starbucks, in parks, on trains and anywhere there is Wi-Fi signal (and there are 65,000 free U.S. Wi-Fi spots). More powerful phones and tablets are leading big companies and third-party developers to increase their focus on developing cloud and mobile solutions.
While the cloud helps save time and be more efficient, enables greater collaboration and gives accountants the ability to respond to client needs anytime from anywhere, firms that don’t have basic security, and privacy policies and processes in place, run the risk of compromising the security of the data stored on remote servers – and worse, their firms’ reputation with customers and the marketplace.
One of the greatest benefits of cloud computing is the collaboration enabling firm employees and clients to access data and documents at the same time. It also means you need to include your clients in your security processes to protect sensitive data. Here are a few security recommendations every firm should implement as they expand their solutions and services into the cloud.
Choose Wisely. Choose your cloud partners carefully and only trust proven vendors. There are many great, even free, applications in the cloud, but before you enter your or your client’s sensitive private data, be sure you are dealing with a reputable company you trust. Make sure they employ the same rigorous measures to protect your data that you would.
Define Password Policies. Use strong passwords in your cloud applications and change them regularly. Never share logins and passwords with employees or clients. It always sounds like a great idea to pay for one user instead of three until something bad happens. Make sure employees and clients are familiar with, and are following, the firm’s policies to protect access.
Secure the Entry Points. It used to be easy to require a password to protect office computers and networks. Today, users access sensitive data from home computers, laptops, mobile phones and other devices. The mobile nature of phones and laptops make them prone to loss and theft. Make sure users lock phones and other remote devices with strong passwords. Since apps and browsers often save the username and password of the application, it is important to secure the device so that, if lost, sensitive data is not accessible.
Surf Securely. Open Wi-Fi networks are convenient to check email and news, but nosy hackers can see data passing over open networks, just like they were looking over your shoulder. There are two common ways to secure data with open networks:
- Use a VPN (virtual private network) to access a network server, such as to download email.
- Use a secure site, designated with the ‘s’ added to the https:// URL address. Online banking sites and most other sites that require user login will use a secure site that encrypts the data as it passes over the network. If you’re entering sensitive personal information on a page, look for a lock icon to the left of the site’s URL in the address bar to see if the site uses Secure Sockets Layer or SSL, a protocol that provides an encrypted tunnel between your computer and the site you’re viewing.
Stay Healthy. Keep your virus and malware protection current for all firm users. Once malware takes over a browser or device, it can be painful and expensive to remove. Prevention is the best medicine to stay productive and avoid embarrassing spam emails going to your contact list.
Just as security measures continue to improve, so do the tricks hackers use. Review your firm’s policies at least annually and make it a point to cascade those policies to clients. By making security a regular part of your firm’s processes, you can enjoy all the advantages of the cloud, with peace of mind!