Safer Internet Day - time to think about data security

Today is Safer Internet Day 2020, a great time to consider your internet security policies and how secure your data is.

Many of our clients are reluctant to transition onto a full-blown cloud-based accounting system for compliance, and their skepticism is understandable considering all the data breaches and hacks that we hear about in the news.

Having a cloud-based accounting system linked to your live bank account feels like a step too far for many people. However, there are steps that you can take to ensure that your data - and your money - are as secure as they can be.

We have therefore teamed up with cyber security specialist Stuart Green of Digital Armour Ltd to look at some simple steps that you can take to increase your internet security.

Of course, storing your data ‘in the cloud’ does come with risks but there are a number of steps that cloud providers have taken in order to provide you with reassurance, the mainstay of these steps being encryption.

Cloud services such as Xero and Quickbooks have implemented technology which encrypts your data ‘in transit’ (i.e. between your device and their servers) and ‘at rest’ (i.e. on the physical server that your data is stored on even when powered off) so that you have some assurance that your data is protected. Normally you’ll find this in a supplier’s privacy policy, but specific information to Xero can be found at https://www.xero.com/uk/about/security/ and for Quickbooks at https://quickbooks.intuit.com/uk/data-security/. Both go some way to give you that much-needed assurance.

Both platforms also have the ability to switch on two-stage authentication which not only requires your password but also a code which can be accessed from an app on your phone, giving an additional level of protection.

But it’s not all about the supplier. YOU have responsibilities too.

First of all, it is your responsibility to protect data as well. Protecting access to any of your online accounts is of paramount importance and we recommend the following steps:

1. Use a different password for every account. You will probably need to use a password manager to help you remember them (and create more complex ones too), but it’s well worth it for the extra peace of mind, in case your online service provider gets hacked.
2. Use two-factor or multi-factor authentication. As mentioned above, Quickbooks and Xero do provide this facility and although it sounds complicated, it really is quite simple. It usually involves an app on your smartphone taking a picture of a code on a screen and that provides you with a 6-digit number that changes every 30 seconds or so. This number is married to your account, so you’ve got to input the correct username and password (one factor) and then type in the number (the second factor) to gain access to your account. Even if your account details are leaked, access to your account is made much harder because the second factor is missing.
3. Ensure you’ve got a paid-for anti-virus installed on PCs, Laptops, Macs, MacBooks, Servers and Smartphones. Yes, on Smartphones too! Humans are often the weakest link and most of us use our phones for hours everyday, so we need to ensure that they are protected. Yes, it’s possible to defend against Ransomware so you need to ensure that you are protected against that too.
4. Ensure you’re using good quality perimeter and internal security appliances. Again, we’re in 2019 and the firewall is a defence from the 1990s. Modern firewalls do far more than the old firewalls did, so they need to be thought of as something different, hence the term “security appliances”. Using more than one also makes things more difficult for hackers to move around your network should you ever get compromised.
5. Get yourself certified to the Cyber Essentials or Cyber Essentials Plus standards. Created by the National Cyber Security Centre, Cyber Essentials will help you prevent most low-level cyber attacks. It’s a small step to becoming a stronger and more resilient organisation but it helps you understand the issues and take appropriate action in this new age of digital warfare. There’s a heap of information available at https://www.ncsc.gov.uk/scheme/cyber-essentials. Alternatively, you can speak to Stuart at the Armour Group about it as they are an experienced Certification Body who can help you through the process.

If you follow these five steps, you are going to be better protected and more resilient against cyber threats. If you would like to discuss cloud accounting our expert business advisers are available to help. Just drop us a line for a no obligation conversation.