The news is littered with stories of large corporation's databases being hacked, putting their business and their customer's financial security in danger. If it can happen to one of the "big guys," how is a small business and its accounting practices supposed to stay safe?
Is Cloud Accounting Safe?
The Cloud, (aka remote computing), refers to data storage on remote servers throughout the world, as opposed to keeping information stored on local hard drives.
There are a variety of accounting software options that store data and perform all application functions in the cloud instead of requiring you to install and maintain software on individual computers.
Let's examine the pros and cons of cloud accounting, keeping in mind that not all cloud service providers are created equal.
Pros
- Redundancy – Multiple copies of your information are stored on multiple computer systems, sometimes in different geographic locations. This minimizes the risk of losing your data due to equipment malfunction, power outages, or natural disasters.
- Automatic Backup – Your data is immediately and consistently backed-up with no effort on your part.
- Encryption – In order for your data to fly through cyberspace safely, it needs to be encrypted. This means that your information will be turned into a special code, undecipherable by someone without the proper authorization.
One of the most popular types, Secure Sockets Layer (SSL), allows your data to be transmitted safely from websites and browsers. This is a standard for accounting software and is frequently used by major banks.
Technical Support – Most cloud companies offer technical support and customer service to assist you with your cloud accounting needs. Their IT departments keep the software up to date, maintaining your data's safety at all times.
Cons
- Internet-based – Data stored on a hard drive is always accessible. Data stored on the cloud relies on an internet connection to transmit. If connectivity is lost on your side or the cloud provider's, you will not be able to access your information until the internet connection is restored.
- Denial of Service Attacks (DoS) and Distributed Denial of Service Attacks (DDoS) – A DoS occurs when an attacker crashes the provider's systems making it impossible for users to access their own data. A DDoS is more dangerous and involves attackers flooding the system with forged IP addresses. These can hold your data hostage for several days, wreaking havoc on your business.
- Legal Issues – Once your data has been uploaded to the cloud, it is subject to different laws than on your private hard drive. This means that the government doesn't need probable cause and a warrant to access your data, but can do it with a subpoena or court order. While quite uncommon, it is another factor to consider.
- Cyber crime – Placing your data in an online cloud service opens you up to the possibility for cyber attacks. Hackers may attempt to gain access to your financial documents and accounting data. Cloud service providers do their best to keep security as up to date as possible, however hackers can sometimes find a way to circumvent these security measures. The top accounting software companies, Xero and QuickBooks Online, have never been successfully hacked.
- Bank Feeds – This integrates your business bank account into your cloud accounting program so you don't have to do it manually. Before utilizing this service, you need to check the terms and conditions of your bank as you may be violating them by giving login details to the service provider.
How to Keep My Books Secure from Online Threats
There are certain steps that you can take to keep your data safe when using cloud accounting:
- Educate employees about Social engineering – In the most common cause of data breaches in small and medium size businesses, employees are asked to give information to someone posing as a trusted source.
- Train employees not to fall for phishing scams – Phishing scams try to trick users into providing personal information like credit card numbers or user credentials.
- Use strong passwords – Require employees to use passwords to access computers, smartphones, your network, and all accounts. Passwords should be changed quarterly, and should include a variety of characters. Employees should be instructed never to share passwords.
- Protect against malware (malicious software) – Malware can be installed on a computer allowing the hacker access to private information. Keep your antivirus and anti-spyware software up to date on all company devices to prevent malware from being able to be installed.
- Verify the security controls of third-party accounting software – Many businesses utilize third-party vendors such as credit card processing services or payroll companies. This exposes your business to potential security threats.
To minimize risk, ensure that these vendors maintain strong security procedures, backup their data regularly, require employees to complete data security training, and more. Before you switch over to the Cloud for your accounting needs, make sure you do your due diligence and determine if the benefits outweigh the risks for your business.
Larry L. Bertsch
Larry L. Bertsch, CPA & Associates, a top certified public accountants firm, has been offering quality accounting and tax preparation services to entire Las Vegas market since 2003.