Back in 2012, Dropbox announced a security breach in their cloud storage service. Four years later in 2016, users finally understood the scale of the breach; 68 million accounts, and almost 5GB of data including passwords and email addresses made their way to the dark web. There, they were reportedly sold for bitcoins for the equivalent of $1,141.
Apple experienced a huge data breach in 2014, with weak security resulting in a leak of private images and other data of various high-profile celebrities.
These are just two of the many leaks that have occurred since the cloud was introduced as a service to the public. The cloud offers powerful, innovative, and efficient ways of storing and accessing your accounting firm’s data, but at what cost?
Does it mean giving up your data to potential risks like those above? Are shady privacy policies meaning your data is no longer private to you? What is your business giving away in exchange for convenience?
Control Your Data: How Your Accounting Firm Can Take Steps to Protect Sensitive Data
It’s not just your personal company data that’s potentially at risk; you may be storing sensitive client data as well. You might be wondering what you can do to protect your businesses’ data, and that of your clients. The best step to take is prevention; which means looking for a cloud provider that will take every precaution to protect your firm’s data.
- What personal data is collected
- How the provider secures your company information
- What laws and legal entities the company answers or is subject to
- Where your data is stored
- How your personal data is used
- Examples of how they collect data and how it’s used
The next thing to consider is how easy it will be to extract your data should you want to leave. You don’t want any nasty surprises popping up when you decide to leave; if you already use a cloud provider, find out how easy it is to take your data with you when you leave.
Your next step should be to check the provider’s policy on how data is transferred and received. Any cloud provider worth their salt should ensure that data is encrypted and secure when it’s being sent, as well as received. Your data shouldn’t be risked during transit, so check how your chosen provider secures your accounting firm’s data while it’s being accessed.
Finally, consider what type of cloud service your firm is or should be using.
Public clouds are managed by a third party (the provider themselves), while a private cloud will be managed by you. This eliminates much of the risk associated with a public cloud solution, but poses equal risk; after all, it’s now your company who has to ensure aspects like security and adequate encryption are enforced and maintained.
One option is to deploy a private cloud for your most sensitive/vital data, and use public cloud for everything else. Do some research on the benefits of both types, and figure out which cloud type is right for you, or whether a mix of both cloud types would suit your accounting firm best.