4 Ways Accountants Can Boost Data Security and Privacy
To find out accounting firms’ top technology initiatives, American Institute of CPAs (AICPA) and Chartered Professional Accountants of Canada (CICA) have surveyed more than 3,000 accounting professionals. According to the survey, U.S. accountants’ top technology priorities are securing the IT environment, managing and retaining data, and ensuring privacy.
It’s no surprise that accountants have put security at the top of their list because of the high profile security breaches. Security aren’t limited to computer hardware. It also includes mobile devices and technologies managed by vendors such as cloud services. In reference to managing and retaining data, accountants are concerned about privacy issues surrounding the storing and accessing of data.
The report explains the accountants’ privacy concerns:
“Clients expect their accountants to ensure the strict confidentiality of their personal information; an organization’s customers expect the same. In response, many firms have instituted formal privacy policies, which include robust controls on access to data, automated monitoring of access, and employee training that includes voluntary compliance with Generally Accepted Privacy Principles (GAPP).”
About 60 percent of U.S. respondents say they have privacy controls in place. The growing data points from the Internet of things is part of the reason why participants are concerned about their understanding privacy-related regulatory and compliance requirements.
What steps can accounting professionals take to ensure data security and privacy? Here are four things you can do.
1. Review the Generally Accepted Privacy Principles (GAPP)
AICPA provides a GAPP resource page to help firms develop and implement effective privacy guidelines, address privacy risks, and follow good business practices. GAPP provides a detailed chart of the 10 principles and their related criteria for designing, implementing, and managing a privacy program.
2. Use computer-based email
Gmail, iCloud, and Outlook.com all store information in the cloud. Unfortunately, they’re not always secure enough for accountants. For example, Gmail can be hacked with a 92 percent success rate. Outlook.com has been hacked. And a good password can’t prevent the hacking of an iCloud account.
Computer-based email software like Microsoft Outlook, Thunderbird, and Apple Mail save your emails and contacts on your computer’s harddrive. Granted, you won’t be able to access the information from other computers and devices, but that’s easily solved with third party software like AkrutoSync. (Try Akruto free.) It allows you to sync Outlook with phones and tablets. The Outlook sync software is direct, cloud-free, automatic, and private.
3. Be diligent about cloud services
2014 Wolters Kluwer, CCH — Accounting Firm Preparedness Survey reports that almost 80 percent of accounting firms say they will take a greater interest to digital mobility opportunities in upcoming years. Accessing data on-the-go — typically through cloud services — allows firms to increase customer service, cut capital costs, and boost employee productivity.
Still, they need to do their due diligence when investigating cloud services. If they’re working with a third party vendor, they’ll want to investigate that vendor’s security policies and processes. Furthermore, employees need training on how to protect their data assets. They need to learn how to properly use online file services when they sync Outlook and other data with the cloud.
Your firm will want to be aware of the top threats of cloud computing. Understanding these threats will help you be proactive in protecting itself from these threats.
Top threats of cloud computing
- Data breaches. People can come across private files. Even by accident. In studying its Google Analytics, one company saw links to confidential files.
- Data loss. Symantec surveyed about 3,200 organizations and found that more than 40 percent of respondents lost data in the cloud.
- Denial of service (DDoS). Because it sends thousands of automated requests at once, DDoS attacks can immobilize a cloud’s resources.
- Insecure application programming interface (APIs). Hackers who bypass the API can change user access in an application’s protected areas.
- Account or service traffic hijacking. Hackers who access someone’s login information could use it to track transactions and activities, and falsify data.
- Vengeful insiders. Disgruntled former employees and contractors may take advantage of their access to do damage to a company’s network.
- Cloud services abuse. According to the 2014 Data Breach Investigations Report, Verizon sees a trend of malware showing up in cloud services.
- Deficient due diligence. Some cloud services providers do a better job than others in implementing processes and procedures to protect the network. Ensure you pick the right one.
- Shared technology. If one thing is compromised, it could have a domino effect on the rest of the technology causing more compromises.
In creating a business continuity plan, write it with the assumption that your technology will be hacked. Thinking this way will increase your chances of minimizing damage from a hack or other IT threat.
4. Invest in an electronic signature tool
Accounting involves a lot of paperwork that requires signatures. The most secure way to do it is to drive to a client site to get a physical signature. But that drains time and gas money. An effective and secure way around this is to use e-signature and e-filing tools.
Taking these four actions will protect your clients’ information allow your accounting firm to be more productive.
What other ways can accounting firms secure their IT resources and increase privacy?