By all standards, accountants are required to utilize technology in a manner that keeps them in line with others in the profession so that they are meeting common expectations of competency and service. This means then that they must also be alert to the risks that technology can pose and consider how to address those risks to help protect against harm to their practices and to their clients.
One of the biggest of those risks is loss or compromise of client information when your system is infiltrated by an outsider. This can happen because a hacker broke into your system, or through loss or theft of a device on which the information is stored.
So, what can be done to manage the risk?
One of the greatest points of vulnerability to your systems is during remote access of data. When you use your smart phone, laptop, or other device to access your office computer network from your home, the airport, or a local coffee shop, you’re cracking open the door for hackers. To help keep them from walking through that door:
- Don’t use public wifi when logging in remotely. Set up a private network and use a personal hotspot to connect to it. For extra protection, use a hardwired connection if available (many hotels still have cable or ethernet connections available, for instance).
- Set up two-step security authentication for remote access, so that any hacker must pass through at least two sets of doors to get through.
- As part of building this barrier, use strong passwords. Conventional thinking is moving away from the protocol of changing your password on a regular basis and moving toward the use of more sophisticated passwords. Passwords that include a mix of fonts, cases, numbers, and symbols are strongest. But don’t use the same password—or password pattern—for every system or device. If you have trouble remembering your various passwords, look into any one of the available password keeper software programs and apps now available. Better yet, write them down and keep them physically locked away somewhere, separate from where you keep your computer. Hackers can’t hack into physical notebooks stored in a locked drawer.
Protect against access to the data even if your system is breached
The last measure of protection against infiltrated systems is to make the hackers’ efforts fruitless by making the data they may acquire inaccessible:
- Consider subscribing to a service that can remotely wipe a device clean should it be lost or stolen.
- Encrypt data when it is sent and when it is stored.
- Store encrypted back-ups somewhere that is not directly connected to your network. This could be as simple as regularly backing up to a stand-alone hard drive that you unplug from the system once you’ve completed the backup. Cloud storage is also useful, although susceptible to hacking in its own right. Note that you should occasionally test to make sure you can access your stored data, especially if you upgrade your hardware or software: you don’t want to find that your storage device or its software cannot be accessed by your new system.