Security in the cloud for accountants
Cloud computing has become part of the general vernacular in recent years. Yet while many small and midsized CPA firms recognize the convenience offered by the technology, the enhanced level of security offered is often under-appreciated. And for any business in general, but CPA firms in particular, ensuring that the best security is in place is crucial given the amount of personal and financial information handled on a daily basis.
In brief, cloud computing refers to any service that allows an organization the ability to store, access and edit data in a remote and virtual environment, as opposed to an office location. Cloud integration gives businesses the power to collaborate through use of the internet and intranet in or out of the office and permits office personnel the ability to share, edit and publish documents in a unified system while improving communication, increasing marketing abilities and in general enhancing day-to-day business processes.
The primary advantage of cloud storage is its constant availability. Downtime is virtually non-existent, since cloud computing providers utilize massive server farms with redundant hardware to guarantee continual accessibility – even during power outages or severe weather. Another positive aspect is cloud technology’s scalablity; as a business grows, so does its available space and resources on the cloud.
The technology’s built-in off-site data storage works as disaster prevention, a must should a fire or natural disaster happen in the office or if a laptop is stolen. As long as access to the internet is available – through any computer or mobile device – the ability to conduct business can move forward.
Cyberprotection is not only crucial for CPA firms when mandated by compliance (which it almost always is, in one form or another), it’s the law, and aside from the long-term damage any kind of hack could cause, every single incident also comes with a hefty fine. The need for a secure password is the highest of priorities. Hackers can crack a password in mere seconds, so while an easy-to-remember password may seem attractive, going that extra security mile with something more convoluted can help to ensure the safety of a CPA firm’s recorded information. Random words with many letters and symbols are the way to go – avoid using anything that even hints of your account being related to the CPA industry. Hackers are constantly on the prowl for accounts rife with sensitive financial material, and a CPA firm is a treasure trove.
Since cloud computing can also enable social media platforms, it’s important to have a strong and different password for each social media account activated by your firm. Facebook, LinkedIn, Instagram and Twitter can certainly provide outreach opportunities to current and prospective clients, but one slip in security can irreparably damage a firm’s reputation.
Cloud technology also offers a CPA firm reduced software and hardware costs, freed-up internal storage space, and the ability for firms to access files from anywhere through the use of virtually any mobile device. The cloud additionally allows multiple personnel the capability to work on documents, spreadsheets, or presentations simultaneously, even while in different physical locations.
What must be underscored is the need to work with a cloud provider who conducts scheduled external security assessments. This essential practice will help ensure ongoing compliance with agreed-upon data accessibility parameters. It is also important to limit unauthorized access to data and applications by establishing a thorough data protection strategy.
Today, cybercrime is an active and destructive industry, and all companies – and in particular CPA firms – must be vigilant in their cybersecurity efforts. To hackers, the data compiled by CPAs are a literal goldmine. CPA firms understand that compliance is a mandate; as such the imperative is to employ the best practices when it comes to cyber protection. Cloud technology has come some distance since it first appeared on the security horizon, with certain technology solution providers now offering advanced levels of data security.
In fact, partnering with a provider that can offer both the technical security of something like a Tier 4 data security center, combined with the ability to offer and/or encourage the type of training and education necessary, will ensure that a CPA firm is best positioned for long, trusted client relationships.
Ultimately, the key to calculating whether cloud computing is a sound option for your CPA practice is knowledge, not only about the capabilities of the technology, but just as importantly about the service provider retained. Key elements to look for when selecting a cloud service provider include:
- A sense of mutual trust;
- Proficiency in technology combined with an understanding of your business;
- Proof of third-party compliance audit; this certification process ensures that a service provider complies with control objectives;
- Change management certification that demonstrates the provider has documented change management policies and procedures to make changes to information systems;
- Data integrity, or proof the provider has appropriate information security policies and procedures in place;
- Verified references; and,
- Stable financial status.
CPA firms are at high risk for cyberattacks as they possess information thieves are looking for; therefore, it makes sense that these practices fortify their security with the most up-to-date technology – in the cloud.