Cloud-based accounting software has revolutionised the accountancy industry.
A survey by Sage found that 67% of accountants found their role easier as a result of cloud technology. It also found that 53% have now adopted a cloud-based practice management solution. It’s easy to see why – cloud-based accounting firms add more clients than traditional ones. Xero found this to be five times as many in a recent study.
That’s a lot of extra business.
Cloud-based software also claims to be more secure than traditional methods. There’s sound logic for such beliefs too. Software providers can dedicate more time and resources to security than their users. They provide built-in security features and often free updates as standard.
There’s still one glaring weakness though – bad passwords, coupled with complacency.
Whilst it sounds obvious it’s worth making a simple point. Even sophisticated security features are going to struggle if somebody has your password.
Security features on offer from software providers are commendable. It’s good to see the accounting industry take responsibility for securing the data of users. Nonetheless, end-users must still take responsibility for their own security. They cannot rely upon the provider.
How to Minimise the Risk of a Password-Related Breach
Enforce good password practice company-wide and provide password management software.
There’s a big difference between what people know about passwords and how they behave.
LastPass, a password management company, discovered this in a recent survey. They found that 92% of people said that password security was a “serious matter”. Yet 61% of these people wouldn’t change a password after a security breach.
This is worrying.
There’s a strong chance some of your staff are accessing client data with a password they use elsewhere. It could be a password they use for personal emails or social media accounts. If they lose this password, they lose a password that opens your accounting software. This isn’t good.
This is why you should provide password management software for your employees. Password management software will create strong, unique passwords for every service you use. It will store the passwords in a secure fashion and means your staff don’t need to remember them. Nor will they need to write them down.
If you want help creating secure passwords, check out this handy resource: Five Tips for Creating Secure Passwords.
Always use two-factor authentication (2FA).
Two-factor authentication (2FA) is an extra security step after a username and password.
It requires something that only the user would have access to. Usually, the user will need to provide a character key from the second source. This could be an email address or a mobile phone app. It could be something physical like your online banking card reader.
Even with password management software in place, passwords can still be lost or stolen. If this happens whilst 2FA is in place though, access is still restricted.
Quickbooks, Sage and Xero all offer different multi-factor authentication methods. Make sure you are using them for each of your users – without exception. If you can use more than two factors, the more secure you’ll be.
Don’t allow, or encourage, the sharing of login credentials.
It can be tempting to share login credentials for online software.
In cases where costs could escalate beyond the means of the business, it may be the only viable option. This is most common when billed on a per-user basis.
Where possible though you should not allow the sharing of login credentials. If you need to share credentials you should always use a password manager to do it for you.
Shared credentials can cause all sorts of logistical headaches. They also make it difficult to unravel problems in the event of malicious activity.
If someone who shouldn’t access your account does, it’s valuable to know how and when. Once you share credentials this becomes very difficult, if not impossible. Audit trails no longer allow you to identify which account has done what.
It’s always important after a breach to try and identify what went on so you can learn from it. This allows you to make things more secure in the future. Don’t remove an opportunity to do this, by sharing one user account. It could prevent a future breach.