Nearly every week, we read about another cyberattack in the news – big companies, small companies, individuals – and millions of hacked accounts.
How safe is your stuff, really?
Well, don’t unplug your network and break out the old paper ledger yet. By its very nature, accounting and bookkeeping software is secured with the same encryption security that bank and credit card accounts are protected by, so while your Facebook account might be subverted, chances are, your Cloud-based business, accounting, and bookkeeping software is safe.
Of course, it can always be safer, so here are some ways that you can make sure that your accounts stay protected from cyberattack.
- Understand what is actually important – For business, this is a relatively simple answer – financial accounts and intellectual property. Now, IP doesn’t usually end up in financial software, but by having a clear understanding of what “lives” where in the digital world, you can assess if any of it can be threatened. At the same time, the old concept that “good fences make good neighbors” might need to be revisited: why do certain individuals need access to certain accounts and can that access be logged when and if it occurs? Because that leads us to the next point-
- Interior threats – the sad fact is that most data breaches are internal. Individuals with an axe to grind or those who feel that certain pieces of information can be sold online make up the vast majority of data intrusion in business, so knowing who is accessing data – and when, and why – is critical to keeping your business safe. At the same time, remember that as soon as someone leaves your employment, or even before, you need to be able to limit what they can access, just in case. It’s one thing to trust your people, it’s another to have to deal with a potentially damning theft of digital information from an employee who just quit.
- Who needs to know? As you begin to document who needs to have access to financial and company information, it is also critical to set up the proper credentialing for those employees. Regulation through policy is a great idea, but utilizing a program to “lock out” certain levels of employee from critical data is really what needs to be done. There is very little reason why the collective whole of the management team should be able to see credit card information on customers, for example, so relying on one position to handle that component of your business can prevent unauthorized access from low-level employees and basic hackers.
- Remember that people are people – The sheer number of passwords that we are all required to remember is extensive and collectively, we are lazy. In most cases, people have one or two passwords they use for everything and if that is breached, then hackers can get into nearly anything that person has access to. In the case of a stolen laptop or smartphone, a thief now has a way into your business. A simple software plugin can require a new password be set by the employee after a certain period of time and will not allow reuse of older passwords and this is cheap insurance against data breaches for your own company.
I’m sure the last thing you want to work on is a system to prevent a security breach or a reactive methodology for what to do after the fact, but the odds of some sort of issue occurring are stacked against you. Act now to make sure you have put in sufficient protections in place to mitigate hacking if it should occur.
Of course, if you have concerns about your business data with respect to accounting and bookkeeping software, or you’re unsure how you might reasonably protect your business in case of a breach, the team and I are always here to discuss how the various systems can – and should -work.
Please get in touch with Legacy Tax Resolution at 855-829-4357.