Accounting firms of all sizes need to be absolutely certain that they can retrieve and protect sensitive customer information, and be back up and running quickly in the event of an unforeseen business interruption or even a major disaster.
On a daily basis and especially in the event of a crisis, a common challenge among accounting firms is maintaining remote access to e-mail, corporate files, customer information, accounting applications and financial data because many accountants work offsite or at customer locations. In addition, protecting sensitive customer data is a top concern.
When the unexpected happens, firms can minimize business interruptions and ensure that customer data remains unaffected by focusing on three steps. The three Cs of practical business continuity are Communications, Connectivity and Control.
Communications
First and foremost, firms need to maintain contact with their clients during a crisis. As an initial step in the business continuity planning process, firms should determine the criteria that warrant the activation of a communications plan:
· Assess whether the problem is localized or widespread;
· Evaluate how long the business interruption might be; and,
· Determine to what degree employees, customers and partners, including those working offsite, will be affected.
Next, firms should identify the key internal participants and assign responsibilities to implement the business continuity communications plan. Questions to consider include: Who activates the communications plan? Who has responsibility for media calls, facilities issues and HR? How often is the BC plan reviewed and updated?
Firms need to identify key audiences and determine the best way to reach them. Perhaps the most important audience initially is the firms employees and the need to help them deal with any IT issues such as remote access. Then, the firms CPAs and other professionals can communicate with their clients to help quell any concerns about their ability to service the clients and protect or restore any sensitive information.
Without defining the most reliable communications vehicles to use in a business crisis situation, communication may as well not happen at all. It is critical that firms consider how information will be most effectively communicated by considering all options: intranet, e-mail, text message, Web and phone.
Once the organization has thought through its preparation for communications to ensure BC in a crisis, the firm should document all aspects of the BC process, train members of the BC team and test the plan regularly by playing out likely scenarios in real time.
Connectivity
Should disaster strike, it is critical that professionals remain connected to access the firms and customers information. When conducting business continuity planning, determine in advance what is required for each person to stay connected. For example, e-mail may be more important to some, while phone and voice mail accessibility will be critical to others.
E-mail Access
Who hasnt experienced even a momentary system or computer breakdown when e-mail was unavailable? Most never want to experience that lost, disorienting feeling again. Fortunately, the Internet makes ongoing, uninterrupted access feasible.
When access to the Microsoft Outlook desktop application is unavailable, Outlook Web Access allows users to access e-mail, calendars, contacts, tasks and other mailbox content anytime via the Web. Particularly in a professional service business, it is imperative that consultants maintain e-mail accessibility at all times in order to provide their customers with the highest level of service. With the use of OWA, maintaining consistent connectivity becomes a reality, enabling consultants and their customers to avoid experiencing a business interruption.
Remote Access
During a crisis, consultants may not be able to be physically located either in their own office or alternatively at their clients location. In this case, they need to connect to their desktop remotely in order to maintain business as usual.
Remote Desktop Services is one of the components of Microsoft Windows that allows users to access applications, data and even their entire desktop on a remote computer over a network. This type of all-inclusive connectivity would enable consultants to provide their clients with seamless service even in the event of a crisis.
Phone Access
Increasingly, clients do not like leaving voice mails and waiting for a call back. Instead, clients want instant access to their accountants and instant responses.
Voice over IP is a good solution for connectivity in general and especially during crisis situations because individuals can access voice mail and place and receive calls from anywhere even if theyre not in their offices. The use of VoIP can offer accounting firms, which often have multiple offices and consultants spread across the country, access to a single voice mail system and rich features that can help create a one organization culture.
In addition, VoIP offers a feature called simultaneous ring that enables anyone to call consultants and reach them using any of their phone numbers (i.e., cell, work or home), thus providing fewer delays in reaching them. Also, if a consultant is traveling or out of the office, VoIP can enable outgoing calls from any phone to appear as if they are coming from the consultants office location via caller ID. How many times do people let a call go to voice mail because they dont recognize the phone number? This feature avoids this issue with clients and offers consistent, uninterrupted connectivity.
Control
A good BC plan will make sure that the accounting firm and its consultants maintain control of and protect the IT infrastructure to ensure the security of sensitive firm and client financial data. Networks, servers, software applications, data backup and voice access are all critical in keeping the organization running for both consultants and their clients.
Data Backup and Storage
Any catastrophe that threatens to seriously impact a firms business is likely to make access to on-site data backup impossible. The primary concerns for data backup are security during a crisis and accessibility following a crisis. There is no benefit to creating a backup file of valuable financial data if, for example, this information is not transferred via a secure method and stored in an offsite data storage center with foolproof protection.
As part of establishing a backup data solution, every firm needs to determine its recovery point objective the time between the last available backup and when a disruption could potentially occur. The RPO is based on tolerance for loss of data or reentering of data. Every company should back up its data at least once daily, typically overnight, but should strongly consider more frequent backup or continuous data protection if warranted.
Virtualization Solutions
As another way to effectively protect sensitive client and firm data, organizations can deploy a server virtualization model. Server virtualization allows organizations to efficiently and securely consolidate multiple server functions on one host server. In addition, using a virtualization-as-a service solution provides deployment, management and support for virtualized server architectures as well as a comprehensive data replication capability to maintain business continuity.
Backup for Laptops and Desktops
Although many consulting firms have policies requiring consultants to store all data on the organizations network, it is not prudent to assume that the policy is being followed. Users often store important files on local systems for a host of reasons, including the desire to work on files while traveling and the need to protect sensitive data from the eyes of even the IT staff. Backing up laptops and desktops protects this critical data in the event of a lost, stolen or damaged workstation. Using an automatic desktop and laptop data protection and recovery solution accomplished via a managed services provider or by using such solutions as Iron Mountain's Connected Backup is ideal.
Laptop Data Protection
Market research firm IDC has reported that more than 70 percent of the total workforce in the U.S. is considered mobile workers in 2009. This fact is particularly apparent in the accounting industry. Accordingly, laptops are increasingly replacing traditional desktop PCs. Unlike desktops, however, laptops are more easily misplaced or stolen, thus causing organizations to secure data deletion and theft recovery options for their users laptops. Laptop theft recovery solutions can locate, recover and return lost or stolen computers, while data delete options can enable companies to delete data remotely from lost or stolen computers, thereby preventing the release of sensitive information.
Data Encryption
Data encryption, which minimizes the likelihood of an information breach, has become a requirement for firms of all sizes. The concept behind data encryption is quite simple make the data illegible for everyone except those who are authorized to access it. It ensures that all client and firm information is secure and protected, even if it falls into the wrong hands.
Data breaches can cause significant damage to a firms brand and bottom line. Using a data encryption solution provides several benefits to firms, including:
· Data security guarantees protection against data breaches of sensitive financial and other information.
· Confidentiality ensures that only legitimate users can access specific data.
· Data integrity ensures that data cannot be modified as it is transmitted (e.g., e-mail messages).
· Reputation preservation retains the confidence of clients and avoids tarnishing the firms brand.
While it may not be realistic for an accounting firm and its professionals to have the level of redundancy and disaster recovery capabilities of large enterprises, it is possible to ensure operations continue by implementing a three-step practical business continuity plan that covers the basic 3 Cs: communications, connectivity and control.
Paul Chisholm is chairman and chief executive officer of mindSHIFT Technologies, an IT infrastructure and technology services provider. He can be contacted at
