While most accounting work has migrated, in some form or another, to the cloud, plenty of accountants and their clients remain on software like QuickBooks Desktop and other, on-premises applications. As such, security concerns remain at a high level as firms don't always make the best decisions when it comes to locking down the data that resides in these applications.
It's not for lack of concern: Despite living in a world increasingly threatened by hackers and malware, accountants and their clients still have to function with what they have and are comfortable working in. Through my conversations with practitioners and accounting technology experts alike, I've narrowed down three of the most prevalent missteps that accounting firms tend to make when it comes to cybersecurity. Hopefully, throwing a spotlight on these key issues will offer a modicum of prevention.
1. Use of local hosting providers
Small firms, in particular, are often on a budget and may have been given some preferential pricing or a "deal" from a local provider. There's also the promise of faster load times and reduced latency.
It's easy to understand why a small firm would choose a local service. However, the main downside of local hosting is that it can ultimately be more expensive than offshore hosting, in addition to not being as secure. This is because you have to pay for the physical infrastructure as well as the staff to manage it, according to a
Then there are other downsides and concerns, such as:
- Security: You may need specialist security expertise to maintain the security of your infrastructure.
- Hardware upkeep and software upgrades: Companies are responsible for hardware upkeep and software upgrades.
- Support: You need resources to provide round-the-clock support for the infrastructure.
- Data recovery: If the server is damaged, the data will also be damaged.
- Data backup and maintenance: Local server backups can be easily lost or destroyed. Updates must be done manually to avoid system failures.
Which brings me to my next point…
2. Too much to do on your own
The whole promise of cloud when it comes to cybersecurity in particular is that certified cloud hosting providers, such as you would find with the likes of
The fact that there are still firms doing this is not only unsafe, but irresponsible and potentially costly if there is any kind of a data breach or file corruption. Firewalls and security programs are just table stakes these days, but considering all of the above, not to mention the sophistication of hacker programs and malware, "going it alone" should not be even a thought.
3. Lack of procedures
Finally, the most common misstep made by firms when it comes to cybersecurity is plain old lack of training or processes for what to do to keep data safe. Again, firewalls and security software are just table stakes. Even in the best hosted environment you can find, if you aren't teaching your staff the basics in prevention, you are doing them a disservice and risk your firm's and your clients' data in the process.
These procedures aren't difficult, but they do require diligence and repetition, such as not accepting attachments, not clicking on any link from an outside source, doing regular backups and so forth. Making sure staff understand what the latest malware is can also be a bonus.
Conclusion
Ultimately, we know prevention is never going to be 100%, but proper cybersecurity tools, services and procedures should be a priority for firms of any size. In the end, you can't afford not to, so don't put a price on prevention. Talk to your colleagues about who they use as a trusted hosting provider. Do some research and know what services are available to you and your firm.