Ryan Pearcy, director at Scrutton Bland, looks at the safety of financial data held in cloud accounting systems.
As the world becomes increasingly digital, we are storing more and more personal data online. In business, the growing use of cloud accounting solutions has seen a high volume of corporate data hosted by software providers, interconnecting and spreading the data across various systems and multiplying it over many locations. There are many positives for businesses utilising these powerful cloud resources, but as the data is no longer in the control of the business owner there are understandable concerns about how it is being handled. Security and management of this information is paramount, especially with the growth of online fraud and the GDPR bringing potentially large fines. It is therefore important that business owners manage their hosted data and control who has access to it.
There are many different cloud accounting platforms and each approaches security differently. The market leaders generally use high level encryption protocols, similar to those used by banks, with multiple firewalls, so if one section is hacked the data is useless without the other. In-built alerts identify when a non-human user (such as a bot) has gained access and shut them out. They will also restrict access to your data from their own staff, only allowing access when you authorise it. There are pros and cons of utilising a centralised cloud accounting platform. Firstly, the security protocols are far higher than anything a small business could afford, meaning a targeted attack would be much less likely to penetrate it. Also, a successful attack on a centralised platform usually only obtains limited information, whereas on a localised system it often results in a total lock down and loss of all data. Conversely, the prominence of a centralised system may increase the likelihood of an attack occurring. Overall, as long as you are using a robust cloud accounting package, such as those used through sblive, it is far more secure than one you operate yourself.
Storage and backup
For speed of access and for backup protocols, cloud information is replicated automatically and stored in multiple locations. This means that if any one location goes down, the data is fully recoverable and the system operates as normal. It also means you can access your data from anywhere with an internet connection. These two aspects of cloud operations effectively remove downtime and provide valuable recovery systems for free.
Passwords and 2-step
The weakness of any cloud-based programme is nearly always the users themselves, with password security posing the greatest risk. People using numerous personal and business password-protected websites often have duplicate passwords across different programmes. Most large scale hackers aim to steal emails, names and passwords, which are then published on the dark web. This means that any replicated password will be tied to your name, and allows a hacker to access any programme that you use this password with. One business solution is to mandate the use of a password manager. The free ones can allow staff to create a random complicated password, making the password difficult to hack. Some of the paid ones allow your IT department to manage the passwords, enabling security to be managed centrally. An additional security feature is two step authentication, which requires a user to go through a second security procedure to access the data, usually a code sent by text message. This is a very strong system as it means anyone trying to hack the system would also need to have access to the user’s phone, which is very unlikely.
The collaborative aspect of cloud accounting makes working with your advisers easy, since they are enabled to see your finances as you work on them. The negative side of this is that as the number of users that have access to your details increases, so does the risk of a data hack. It is therefore important that you know who has access to your data, to manage this, and to only work with advisers who have suitably robust internal controls and procedures that limit use of your data.
The interconnectivity of cloud systems allows for the use of a far greater product range than was previously available. These products are owned separately and so share different data, with different risk levels attached. For example, a purchasing system that holds information on your suppliers is a different risk to a debt chasing system that holds financial data on your customers. Each app should be reviewed for its related risk level and whether its security protocols are suitable for this risk. This can be a laborious task if your business uses multiple apps, so it is advisable that you partner with a business adviser that has already done this and can provide you with the relevant support.
Cloud software can provide many benefits for business, but ensuring that you use the best software and the right security measures is paramount to protecting you and your customers’ data and complying with the GDPR. Security regarding cloud accounting can be complicated and time consuming it is therefore advisable that businesses partner with an adviser that can handle parts of this for them.
At sblive we review the security of our software partners and adopt internal policies and procedures to maximise the security of our clients’ data.