Safeguarding your cloud based accounting

Today is #SaferInternetDay2019, so as we head full steam into Making Tax Digital (MTD), our specialist cloud and MTD accounting advisors focus not only on ensuring you are compliant ready for the April 1 launch, but whether you have considered your internet security policies and how secure your data is?

We have heard from a number of clients who were very reluctant to transition onto a full blown cloud based accounting system for compliance. Their scepticism with the security of the internet and cloud platforms is understandable considering all the data breaches and hacks that we hear about in the news. Having a cloud based accounting system linked to your live bank account for many people feels like a step too far. There are however steps that you can take to ensure that your data, and your money, are as secure as they can be.

We have therefore teamed up with cyber security specialist Stuart Green of SJG Digital to look at some simple steps that you can take to increase your internet security.

Of course, storing your data “in the cloud” does come with risks but there are a number of steps that cloud providers have taken in order to provide you with reassurance, the mainstay of these steps being encryption.

With cloud services such as Xero and Quickbooks, they have implemented technology which encrypts your data “in transit” (i.e. between your device and their servers) and “at rest” (i.e. on the physical server that your data is stored on even when powered off) so that you have some assurance that your data is protected. Normally you’ll find this in a supplier’s privacy policy but specific information to Xero can be found here and for Quickbooks here - both go some way to give you that assurance.

Both platforms also have the ability to switch on two-stage authentication which not only requires your password but also a code which can be accessed from an app on your phone giving an additional level of protection.

But it’s not all about the supplier. YOU have responsibilities too.

First of all, it is YOUR responsibility to protect data as well. Protecting access to ANY of your online accounts is of paramount importance and we recommend the following steps:

1. Use a different password for EVERY account. Yes it’s a pain and you might need to use a password manager of some kind to help you remember them, however we strongly recommend this because online service providers have been hacked in the past and have leaked out passwords.
2. Use Two-Factor or Multi-Factor Authentication. As mentioned above, Quickbooks and Xero do provide this facility and although it sounds complicated, it really is quite simple. It usually involves an app on your smartphone taking a picture of a code on a screen and that provides you with a 6-digit number that changes every 30 seconds or so. This number is married to your account so you’ve got to input the correct username and password (one factor) and then type in the number (the second factor) to gain access to your account. Even if your account details are leaked, access to your account is made much harder because the second factor is missing.
3. Ensure you’ve got a paid-for anti-virus installed on PCs, Laptops, Macs, MacBooks, Servers and Smartphones. Yes, on Smartphones too! These devices are your gateway into the network for bad guys as it’s us humans, the weakest links, who can be the cause of an infection and they need to be protected in a relationship where you have got some support if an infection breaks out. Yes, it’s possible to defend against Ransomware too so you need to ensure that defence is there too.
4. Ensure you’re using good quality perimeter and internal security appliances. Again, we’re in 2019 and the firewall is a defence from the 1990s. Modern firewalls do waaaaaaaay more than the old firewalls did so they need to be thought of as something different, hence the term “security appliances”. Using more than one also makes things more difficult for bad guys to move around your network should you ever get compromised.
5. Get yourself certified to the Cyber Essentials or Cyber Essentials Plus standards. Owned by the National Cyber Security Centre, Cyber Essentials will help you prevent most low-level cyber attacks. It’s a small step to becoming a stronger and more resilient organisation but it helps you understand the issues and take appropriate action in this new age of digital warfare. There’s a heap of information available here or you can speak to Stuart at SJG Digital about it as they are an experienced Certification Body who can help you through the process.

It may only be 5 steps but if you follow these, you’re going to be better protected, more resilient and ready to embrace MTD! If you would like to discuss cloud accounting or Making Tax Digital, our expert business advisors are available to help, speak to one of our specialist advisors at Forrester Boyd to find out more by emailing MTD@forrester-boyd.co.uk.