How can accountancy firms limit the risks to confidential data?

Accountancy firms of all sizes handle sensitive client data and should look to employ a security strategy that protects this information at all costs, without being a burden on IT resources.

All confidential client information needs to be protected from malware, viruses and a whole host of external cyber threats, as well as remaining secure and confidential. However, it is also vital to consider the types of threats that can be posed by internal forces, not just external.

IT security is not something that comes as part of the job description for an accountant, but many firms have no designated IT specialist. To ensure firms remain protected, a few basic rules suffice in gaining IT protection.

Continued...

» Register now

The full article is available to registered AccountingWEB members only. To read the rest of this article you’ll need to login or register.

Registration is FREE and allows you to view all content, ask questions, comment and much more.

Comments

How can accountancy firms limit the risks to confidential data?

ClintonW | | Permalink

Following on the previous thread David Emm at Kaspersky Lab made...

The following are two other important elements of security which limits the risk to confidentiality of data.  Of course there are a whole raft of other areas that could be covered but I will focus on these two: Security Awareness Training and Business Continuity.

Security Awareness Training

One of the most important aspects of security that enhances the safeguarding of such confidential data is AWARENESS.  If employees are not aware of their responsibilities and educated about security in a holistic manner; there will be inevitable casualties with data breach!  There are plenty research material to support this point whereby a lot of accidental loss and theft of data is due to employee's lack of awareness.   Providing awareness to employees can take many forms. i.e. workshop, e-Learning and culture changing through various mediums such as posters and key messages throughout the company form senior management.

Along with all the fancy tools and gadgets used to process transactions and fulfil the client's requirements, the employee will need to know of the risks associated with these tools.  I work with accountants and other clients regularly and in some cases these people know what to do but their view of it is that, 'It will not happen to us'!  Well, think again. Who is immune?  There is no silver bullet and there is no absolute security.  All that needs to be done is to be proactive and conduct regular reviews on your infrastructure.

Business Continuity

Another area of concern is business continuity.  When I speak to clients one of the questions I ask is... How would you cope if you turn up to work and the whole building is flooded or burnt to the ground?  Sometimes the answer is...We will let the insurance company look after it.  That answer is not the best answer!  A lot of companies do not have a business continuity plan in place let alone a disaster recovery plan.  This in itself is also a key part in the chain of data security and compliance.  Accountancy firms and other businesses need to ensure that they take all the necessary precautions there are to limit the likelihood of a breach of confidentiality and privacy.