The face of data security has changed drastically. “20 years ago, you’d secure applications with firewalls and concentrate on securing the perimeter,” explains Dave North, Director, Technical Operations at Rewind, “but with the rise of cloud computing and SaaS services out there, where is the perimeter today?”
SaaS platforms have introduced convenience, but they also introduce new risks to the data they store on the cloud. James Ciesielski, CTO and Co-Founder at Rewind, states plainly “a data breach erodes trust. It can compromise the value of your intellectual property, and in extreme cases, it can come with huge financial impacts due to regulatory fines or worse, ransomware.”
Here’s how to protect client data stored in the cloud.
Interested in learning more? Register for the Key Trends and Changes in Cloud Security Webinar on February 23 at 2:00 p.m. Eastern Time to discover how to turn privacy and security into your competitive advantage.
Back Up Your Backups
Quickbooks Online backs up it’s platform, but it can’t restore your individual account files. Like many SaaS providers, QBO follows the Shared Responsibility Model. This means account level data (i.e. you and your client’s files) is the user’s responsibility to secure.
rewind security 1
When people say something is “saved on the cloud”, it sounds like “the cloud” is a singular location. In fact, “the cloud is not some nebulous entity”, Ciesielski explains. “The cloud is made up of an interconnected set of massive computing power that is managed by private and public cloud providers like AWS, Google, and Microsoft. That power is shared and it is used to run the online services that you, your neighbours, and your neighbours’ neighbours enjoy.”
Quickbooks Online backs up itself in case of an earthquake, power outage, or natural disaster. But there are plenty of other disasters that QBO doesn’t protect you against. Human error, third party apps, disgruntled employees, or even cybercrime can all wreak havoc on your files.
Ergo, you need to have a personal backup of your files to protect your practice (and your clients) against data security risks, especially if you’re storing sensitive information in the cloud (like on QBO or another SaaS provider).
Manage your Passwords
The old methods of creating sTr0ng P@$$w0rds just simply aren’t good enough anymore, thanks to advances in modern AI.
If hackers can gain access to your data simply by guessing your password, you’re probably toast in less than an hour. Sophisticated password-guessing AI has made non-random passwords obsolete. So what is a truly random password? Plainly, it’s a 12-24 character password not generated by a human that contains a mixture of numbers, letters, and symbols (but no words).
Unfortunately, remembering 24 character strings of random letters and numbers just isn’t realistic, especially if you’re using individual passwords for each account (which is highly recommended). Humans just aren’t designed to create or remember random strings of characters. Luckily, there are a variety of tools to keep data safe in the modern age.
Apps like 1Password, Dashlane, and Bitwarden create and store random passwords as well as usernames and other form information. This not only makes life simpler, but it increases the chance that you’ll actually use a random, unique, 24-character, impossible-to-remember, and secure password. With a strong master password in place, you’ll have easy access to your login info without sacrificing the security provided by strong passwords (and without having to rely on sticky notes).
Use Two-Factor Authentication
2FA or TFA stands for Two Factor Authentication. Simply put, a device or account with 2FA turned on will require you to authenticate yourself more than once. The key here is that the types of identification are different - entering two different passwords is not 2FA.
The first type of authentication is almost always a password. Then, 2FA uses either something you are (biometrics using your fingerprint, face, or retina) or something you have (such as a code found in a smartphone authenticator app) to authenticate your identity a second time. This makes it exponentially harder for any hackers to gain unauthorized access.
Audit your Apps
Third party apps can enhance your productivity and help you customize your Quickbooks Online account. However, each individual third party app introduces further security risks. Any installed app can read and write data in your files, meaning not only can the app access your files, it could also change or delete them. Each third party app is a potential security risk and should be screened as such. Just because apps have been approved by Intuit doesn’t mean they won’t cause problems in your account.
How to Screen Third Party Apps:
- Before installing an app, ask yourself these questions to determine its riskiness:
- Does the app have good reviews and ratings?
- Is the app developed by a single developer (high-risk) or a team of developers (low risk)?
- Does the company have a 1-800 number or help desk where you can reach them?
- If you’re still unsure about an app, try creating a test account to see how it integrates with QBO before installing it to your client files.
Talk About Security
“No longer is it just the IT department’s responsibility to implement cyber security measures, it’s everyone’s in an organization”, says North. “Having a good security awareness program is key and education is the best defence against the modern threat landscape”, he adds.
Everyone, not just managers or IT professionals, needs to follow basic security protocols to keep cloud data safe. “Your security posture is only as strong as your weakest security policy, practice, or person”, explains Ciesielski.
Make security training a recurring event, not a “one and done” box to check. Incorporating security practices into your employee training, client onboarding, and daily workflows will ensure that best data practices are being consistently followed across your practice. Communicate the steps you’ve taken to protect data integrity to potential customers with a blog post or page on your website.
Make Cloud Security your Competitive Advantage
Becoming an advocate for data security establishes you from the competition. Demonstrating to your clients that you take data integrity seriously can help establish you as a trusted advisor on cloud security. Confidently answer client questions about exactly how and where their sensitive financial data will be stored, and the steps you’ve taken to ensure its safety. With a dedicated backup service, you can assure clients that their files are always safe, secure, and accessible.
Interested in learning more? Register for the Key Trends and Changes in Cloud Security Webinar on February 23 at 2:00 p.m. Eastern Time to discover how to turn privacy and security into your competitive advantage.