Save content
Have you found this content useful? Use the button above to save it to your profile.
AIA

Outsourcing: how to minimise security risks

by
1st Jun 2010
Save content
Have you found this content useful? Use the button above to save it to your profile.

Accountants have often been early adopters of technology, for example in embracing remote and home working. But the profession’s enthusiasm for new ways of working has to be balanced by the need to protect client confidentiality, creating the need for robust and secure IT infrastructures.

With the economic downturn, more accountants have towards outsourcing for both IT and common practice processes such as accounts production and tax work.

Richard Anning of the ICAEW’s IT Faculty commented on the rise of technology outsourcing: “There is definitely a benefit to outsourcing IT. With the growing capabilities of the internet and Cloud computing, accounting practices are now able to outsource their IT services and software. Outsourcing is cheaper and more flexible, as you can turn it on and off when you need to.”

Choosing the right supplier who understands your company’s needs and ways of working is crucial, Anning explained: “It is definitely an advantage if your supplier understands accounting practices, so they can identify the best systems for your business needs.

“Your IT supplier is an extension of your business and you need to put in place the same controls that you would have with an in-house function. Your company is responsible for clients’ information, even when it is handled externally. You need to make sure your data is adequately secured and that IT suppliers adhere to the principles of good data handling.”

Top 60 firm SRLV made the decision to employ external expertise and the 100-strong firm has outsourced all its IT functions – hardware, software and consultancy – for 10 years.

SRLV managing partner Laurence Finger explained: “The biggest advantage is that our supplier remains up-to-date on technology and can be pro-active, always suggesting systems or hardware that can improve the way we do business. It’s also an added advantage that the company we use has worked in the financial services world and understands how we operate. It saves us time having to explain how we do business.”

The recent annual conference of the MGI accountancy network saw more than 80 national and international firms grapple with the role of leading edge technology in accountancy. The topics covered subjects ranged from mobile technology and remote working, to online accounting systems and virtual client relationships.

A key theme at the conference was data security and how technology can be used to safeguard business. However firms manage IT, they need to work in partnership with their suppliers to maximise efficiencies and minimise risks. The following practical tips can make a big difference to how you achieve this:

1. Awareness
Keep yourself up to speed on what’s happening in the IT world. Monitor the news so you know about recent breaches and threats. Also make sure you’re aware of what’s happening in your own organisation and amongst your employees.  With mobile communications, staff may be carrying confidential company data (such as emails, contact details) on a smartphone in their pocket.

2. Identify critical systems
Companies need to identify the IT systems that are crucial to their business, so they can put in place a recovery to retrieve information in emergency situations. What is the critical data that you need to keep operating, should a disaster happen? This can cover anything from accountancy software packages, through to contact details for staff and suppliers. This critical data needs to be stored in a central location that can be accessed quickly – there’s no point holding it on a server or USB disk if no-one can get to this in an emergency.

3. Know the risks
The obvious risks are accidental, for example hardware failure or damage from flood, fire and theft. Hackers are also a threat, due to the nature of the data handled by accounting practices and high profile clients they may represent. A firm can be at risk from its own employees, often unintentionally. Your corporate reputation could be damaged by inappropriate employee emails or under the new Digital Economy Act you could find your internet services suspended if someone uses your equipment to illegally download material.

Flexible working blurs the divide between home and office, so accountants could be using a shared family PC that does not have the same IT safeguards in place as a work computer. Even systems designed to secure information can be vulnerable to security lapses – for example, passwords are often written down by employers and left in unsafe places. Workers out on the road often carry highly confidential information on their laptops and PDAs that can be misplaced or stolen. According to Dell, nearly 1,000 business laptops go missing at Heathrow airport every week and only half of these are recovered.

4. Establish a recovery path
You need to plan your recovery scenario, should there be a malfunction in your IT systems. The crucial question to ask is: “How long will recovery take so we can get our business up and running?” Plan for all potential emergency situations and consider different options for backing up your critical system data. Many practices are now choosing to back-up certain data online, as opposed to using back-up tapes.

5    IT security policy

Companies underestimate the importance of the IT policy, often thinking its sole purpose is for use during disciplinary processes. An IT policy should be a set of guidelines that all staff understand and buy into. Your policy must be concise - a couple of pages are sufficient, as even the most diligent of employees is unlikely to read a lengthy tomb of text.

About the author
Daniel Mitchell is a founder and director of Lifeline IT, a network support company specialising in managing IT services for the accountancy profession. With a financial services background, Daniel has specialist interest in global cyber security and data protection.

Further reading
IT security articles and advice on AccountingWEB.co.uk

IT Zone library: Information security

 

Tags:

Replies (0)

Please login or register to join the discussion.

There are currently no replies, be the first to post a reply.