Data Security for Cloud Accounting is No Longer a “Nice to Have”
Although risks and threats are increasing along with the use of cloud accounting, the best practices around data protection are still sound and fairly straightforward to implement.
Last year, one of the world's largest tax and accounting software providers, Wolters Kluwer, was hit by a massive cyberattack. As a result, some clients lost their entire infrastructure for processing payments, others lost over a week of productivity in mere seconds.
Companies that had backups of their files were able to recover more quickly. But that was only a select few and the criminals were strategic in their attack; users were hit just seven days before tax deadlines.
If you thought small- to medium-sized businesses were immune to these types of activities, think again. Cyber criminals are moving down the food chain. In 2019, over 70 percent of small businesses were attacked by cybercriminals. That’s a staggering amount when you take a moment to digest it.
Cases of ransomware spiked 500 percent in 2018 and that number is only likely to go up. Cybercrime is the fastest growing form of criminal activity.
Cybercrime is also evolving. It’s becoming more complex with increasing ways a business can be compromised. According to the 2019 Cost of Cyber Crime study by Accenture, there are more than a half dozen strategies criminals utilize to comprise or delete data:
The crimes that target individuals are becoming the most prevalent as people tend to be the weakest link from a data security perspective.
Protecting Your Data, Your Clients and Your Business
The good news: There are simple steps you can take to shore up security gaps. However, there is no foolproof method or strategy to mitigate 100 percent of your risk.
Nonetheless, you can significantly reduce your chances of a data disaster by following these four strategies:
1. Create unique passwords for EVERY user. It’s a common sense approach, but most businesses are guilty of not following through. Using a complex, difficult-to-remember phrase is the best approach.
Businesses of all kinds often forgo this data protection strategy for one reason: The pain of saving and tracking multiple passwords. To overcome this road block, tools like 1Password or LastPass can help immensely.
And DO NOT save any passwords within any web browser. It leaves you at risk and essentially negates all the work you have put in place to keep passwords under lock and key.
2. Use two-factor authentication. The majority of online accounting applications offer “two-factor” or “two-step” authentication of a user’s identity. It works by sending a unique code via text or using what's called an Authenticator App on your mobile device. Think of it as showing two forms of identification.
3. Audit third-party applications. Online platforms like QuickBooks have hundreds of third-party applications, which help businesses in a variety of ways. It’s important to understand how these apps are interacting with your account and the types of data they’re accessing. Some even have the authorization to make changes or delete data.
Now before you start deleting apps connected to your account, keep in mind they have been reviewed to ensure they pass a minimum threshold of security. A good rule of thumb: If you are uncomfortable with any access an app has, look for an alternative or consider removing it altogether.
In addition to reviewing their level of access, here are other things to keep in mind: Check the app’s reviews and ratings. How positive (or negative) are they? Was it created by a reputable company with a significant digital footprint or an individual with limited background information? Does the developer have contact information, including an 800 number?
As you would when evaluating any other business relationship, use companies that seem credible and have a strong history of happy customers and well-liked products.
4. Use a VPN. Remote and virtual work has become common in today's corporate world. But when you are working from outside of the office, you lose the security measures of its private network. Using a Virtual Private Network (VPN) will help keep your data protected whether you’re working from a hotel room or coffee shop. In the simplest of terms, VPNs accomplish this by encrypting data and hiding your identity.
When choosing a VPN provider, there are five things to evaluate. Review its safety and security policies and make sure you are comfortable with the terms and conditions.
Ensure the product is compatible with your laptop and mobile device. If you work abroad, don’t forget to research any geographical limitations. For those who are not technically savvy, VPNs with good customer support will help you stay up and running. And finally, some VPNs are faster than others.
Backups are Your Last Line of Defense
Desktop software is quickly going the way of the dinosaur. Cloud computing platforms, like QuickBooks Online, have become the standard in today’s working environment. However, there is a common misconception about using cloud applications. You know the expression “it’s in the cloud” is only partly true. The reality is that only some of your data is saved to the cloud.
Platforms like QuickBooks Online will provide users with a “disaster recovery backup”. If anything happens to Intuit's platform or its servers, the company will try to recover everyone’s data to the last backup. This is called a platform-level backup.
However, as a user, you don’t have access to this backup in order to restore your own data. And as we have seen above, there are many scenarios that can compromise or delete data permanently. A third-party app may have caused problems, you may need to unroll a series of changes, a client may have made changes or somebody unintentionally (or maliciously) deleted data. In all of these scenarios, QuickBooks Online will not be able to help you restore any data to a previous point in time.
In other words, if any of your initial security measures fail, your account-level data is at risk. And you have no way of restoring it should things go wrong. Fortunately there are three ways to combat this. The first is to download physical backups to your servers.
It’s the most straightforward method, but it is time consuming as you may need to download and organize hundreds of files. And every time you make a change, you will need a new backup.
There are two other methods using software to backup account-level data. The first involves building your own custom backup application. This is an automated program that makes digital copies of your data and saves the headaches of a manual strategy.
This option isn’t cheap though. You will need to outsource software developers. Furthermore, platforms are constantly making updates, so you will also need these developers to constantly audit and update your solution to ensure it doesn’t suddenly (or worse, unknowingly) stop working and put you right back at square one.
The other solution is an off-the-shelf, third-party solution, which can best of both worlds – no manual labor, no high costs. But as we stressed above, you will want to do your homework when it comes to third-party integrations and the vendor’s credibility.
Data Security: Your Competitive Advantage
Sleeping soundly at night because your data is protected is well and good. However, there is also an opportunity to showcase how you differentiate yourself for clients. If they are also sleeping soundly, that is an increased value you are bringing to the business relationship. The best way to communicate this is a living document that clearly outlines your data security policies.
A security policy document should include a few things. It should include the best practices and apps you will be using to protect their data. It also should outline, in very plain, non-technical language, why these are important.
Have a generalized, public version on your website (here is an example from Calm Waters Bookkeeping), and continually update this policy and communicate any changes to clients -- no matter how insignificant they may seem.
Create a Data Security Strategy for 2020 and Beyond
As cloud computing becomes more prevalent, so will the ways people try to access your data. Not having a strategy in place to mitigate risks is not only a poor practice, but it may also stand in your way of landing new business or clients.
Take the steps to keep out nefarious elements, create a process to continually backup your data and communicate the broad strokes of this strategy to current and future clients. Firms that don’t take these steps will be putting their data and bottom line at risk.
You might also be interested in
Mike Potter is the co-founder and CEO of Rewind, a backup provider for ecommerce stores. Rewind also has a backup for QuickBooks Online and other online accounting software. A veteran entrepreneur, Mike has over 25 years of experience building solutions for the software, cloud and...