The need for employing stringent security measures cannot be overstated – especially if you are an accounting firm handling hyper-sensitive financial and legal data of clients. Even a small security incident can cost you dearly, making you lose not just clients’ data but also their trust, goodwill and your reputation.
And though all businesses know that, small and medium firms are unable to employ the same stringent security measures as their larger counterparts. Lack of expertise and of disposable funds being the two most common reasons. But don’t let either stop you from securing your data. Here are five measures you can take (that will not cost you a bomb) to effectively minimize security risks at your firm:
(Get or) Update security software
This measure is not as trivial as it appears. Too many firms fail to understand the importance of quality security software such as firewalls, antivirus and anti-malware applications. Evaluate your current security software to check whether – 1) all devices (that includes any mobile devices you, your accountants and support staff use) are protected with dedicated, licensed security applications, and 2) all applications are current on their subscription and up-to-date with the latest features.
When it comes to updating, ensure all point-of-sale (POS) systems are secure and up-to-date as well. At the very least, you want to ensure that all POS systems are compatible with EMV technology – a standard that protects you against payment fraud and your clients against the use of stolen cards. Replace systems that are too old to be updated to EMV and the latest security standards.
Secure all computer networks
Just like devices, all (wired and wireless) networks within your firm must be protected using quality firewalls, antivirus and anti-malware software. The networks should also be protected using robust passwords that are shared only with authorized personnel. It is a good idea to customize router settings such that your network’s name does not get broadcast automatically. This will prevent hackers and other people with malicious intent from gaining unauthorized access to your network, and ultimately all devices within the network.
Migrate to the cloud
Storing data in the cloud is a great way to reduce security risks to an absolute minimum. There are other advantages as well. By migrating to the cloud and having a trusted vendor store and host all business data on and from the central cloud, you cut costs (associated with storing data on premise and protecting it from unauthorized access and attack), enjoy flexibility (access data securely from anywhere, using any device), scalability (increase or decrease storage space and amount as per your needs) and convenience (your cloud vendor takes care of security, updates and other maintenance tasks). Cloud also provides comprehensive data backup, so that you can quickly return to business as usual, in the event of a disaster.
Ensure PCI compliance
PCI compliance is another very basic measure for businesses that accept online or POS transactions. The best thing about ensuring PCI compliance is updating your own defenses against security threats, because PCI DSS keeps evolving and to remain compliant to it, your measures will have to evolve as well.
No, really. This is a very effective method of reducing security threats. You know why? Because your greatest threat are not just the hackers, but the otherwise well-meaning employees who are either unaware or negligent about security and data protection. Educate them on the need to follow internet safety measures, such as not downloading external files, browsing securely and not sharing office passwords. Conduct seminars, training sessions and drills to ensure everyone understands their role toward cyber security and data protection.
Iain Enticott, Director, Technology for Accountants. www.technologyforaccountants.com.au
For further information, Ph 1300 765 014