Securing your business data and reducing human error
We’re talking about security. Too many times it’s something that is only considered when things go wrong. And many business owners often overlook the biggest threat to their business… their employees.
We’ve joined forces with Darren Strong from Focus Technology - who provide dedicated IT support for accountancy firms - to look at how accountants can reduce the risk of a painful data breach.
Remote working has changed everything in the last twelve months. Accountants and bookkeepers have been quick to embrace the technology to work virtually, but have we inadvertently increased the risk to our business and client’s data? Unfortunately, business owners often overlook the biggest threat to their business… their employees. Whilst good employees are a great asset to a business, they can alter data incorrectly via human error. It’s also important to consider the worst-case scenario of an employee leaving on bad terms and causing a problem.
But good data security practices also protect your employees. A clear audit trail means full accountability and transparency if a problem should arise. It’s worth noting that you can pull a complete audit trail from Senta. This displays a log of what changes have been made to clients when they were enacted and the user who performed the update. We’ve pulled together some points to consider in order to minimise your businesses’ risk:
How do your employees log in to access the company’s network? As a business owner, controlling how accounts are logged into is vital and this can be centralised using Single Sign On (SSO), managing and logging all actions from one location. In Senta, practice managers can set up two-factor authentication to make access even more secure.
Enforce password compliance and keep a record of log-on/log-off activity with dates and times.
1. Two-factor authentication (2FA)
2FA strengthens access security by requiring two methods to verify identity. These factors can include a password plus a constantly changing code.
2. Conditional access
Check the device being used matches your compliance policy and make sure items like Microsoft Windows patching and antivirus software is up to date. You can also restrict what staff can do with the business data, for example, editing or printing.
Senta supports this with the ability to restrict users in terms of the ability to export data and restricting access to certain clients or even specific data fields. There’s even an option to restrict access to a specific IP address. Practice managers retain complete control.
Storing all data and applications securely
Ensuring your current processes and policies are fit for purpose is essential, especially during recent times as working dynamics have changed. Staff storing data in an unsuitable location ie. their local workstation or on an unprotected USB poses a great risk to businesses. Make sure your internal policies state where data is to be stored.
Enforcing where data can be stored securely and backed up using technology is the only way to know this is being applied 100% to ensure compliance. Practices using Senta can restrict who can bulk download documents from Senta.
What access does an employee need to be successful in their role?
As a business owner, do you set up your shared data and applications with more access than is required? The more access an employee has to the company’s data, the greater the risk of breach or misuse, and the higher the impact on the business and its clients.
Setting up access to shared data and applications should be tiered, matching the requirements of their day-to-day role. You should be able to do this through your practice management software. Analysing and configuring your systems to meet the needs of the individual employee reduces risk and the impact to operations time to recover from a breach.
Backup and Continuity – Last line of defence
Ensure your data and applications are 100% backed up to match your recovery point (the time and date before the incident/issue do you need to recover from) and your recovery time (how long it takes to recover back to normal operations). This is essential to any firm and often is only questioned after a serious event or downtime has taken place.
Have you reviewed your backup and continuity service/plan since lockdown? Does this match your current needs as a business? Also bear in mind your duty to your clients as you hold their personal data too.
Completing the above steps will help to reduce the security risk to your business data. Reviewing your technology setup and security when changing the way your business works is always strongly recommended.
What to talk more?
You can book a discovery meeting to discuss this topic in more detail with Darren Strong HERE.
With over 20 years of experience within outsourced IT services, Darren founded Focus Technology Solutions Ltd which is an IT service provider specifically for accountancy firms. He strongly believes an IT partner should provide proactive IT support with the most robust cyber security and latest technology.
Find out more about Senta at senta.co