Back in 2012, Dropbox announced a security breach in their cloud storage service. Four years later in 2016, users finally understood the scale of the breach; 68 million accounts, and almost 5GB of data including passwords and email addresses made their way to the dark web. There, they were reportedly sold for bitcoins for the equivalent of $1,141.

Apple experienced a huge data breach in 2014, with weak security resulting in a leak of private images and other data of various high-profile celebrities.

These are just two of the many leaks that have occurred since the cloud was introduced as a service to the public. The cloud offers powerful, innovative, and efficient ways of storing and accessing your accounting firm’s data, but at what cost?

Does it mean giving up your data to potential risks like those above? Are shady privacy policies meaning your data is no longer private to you? What is your business giving away in exchange for convenience?

 

Control Your Data: How Your Accounting Firm Can Take Steps to Protect Sensitive Data

It’s not just your personal company data that’s potentially at risk; you may be storing sensitive client data as well. You might be wondering what you can do to protect your businesses’ data, and that of your clients. The best step to take is prevention; which means looking for a cloud provider that will take every precaution to protect your firm’s data.

The first step is to look at privacy policies, user agreements, and similar documentation that each cloud provider offers. The privacy policy displayed by each provider should be clear, easy to navigate, and most importantly, easy to understand.

While there is jargon used in all technical areas of business, the privacy policy should enable you to clearly understand what the company’s stance is on protecting your data, and how your data will be handled.

Any good privacy policy should cover the following:

  • What personal data is collected
  • How the provider secures your company information
  • What laws and legal entities the company answers or is subject to
  • Where your data is stored
  • How your personal data is used
  • Examples of how they collect data and how it’s used

The privacy policy should be easy to find as well; you shouldn’t need to dig through pages and pages just to access it.

The next thing to consider is how easy it will be to extract your data should you want to leave. You don’t want any nasty surprises popping up when you decide to leave; if you already use a cloud provider, find out how easy it is to take your data with you when you leave.

Is it an easy process? Will your sensitive company data be completely erased from the cloud provider’s servers once your contract with them is over? Make sure to have these questions answered. You should be able to find answers to these questions in the provider’s privacy policy or similar documentation. Failing that, you should be able to talk to someone at the company directly, who should point you to their policy on data management.

Your next step should be to check the provider’s policy on how data is transferred and received. Any cloud provider worth their salt should ensure that data is encrypted and secure when it’s being sent, as well as received. Your data shouldn’t be risked during transit, so check how your chosen provider secures your accounting firm’s data while it’s being accessed.

Finally, consider what type of cloud service your firm is or should be using.

Public clouds are managed by a third party (the provider themselves), while a private cloud will be managed by you. This eliminates much of the risk associated with a public cloud solution, but poses equal risk; after all, it’s now your company who has to ensure aspects like security and adequate encryption are enforced and maintained.

One option is to deploy a private cloud for your most sensitive/vital data, and use public cloud for everything else. Do some research on the benefits of both types, and figure out which cloud type is right for you, or whether a mix of both cloud types would suit your accounting firm best.