3 Steps to Start Protecting Your Data on the Cloud

Seven reasons why your business should use cloud accounting software
October 25, 2018
Sage launches Sage 50cloud Pastel with Microsoft Office 365
November 8, 2018

By Emma Pegg | Sep 4, 2018

As more and more businesses move to the cloud, the risks we once faced with paper have become digital.
How can you protect your firm from cybersecurity breaches? Here are 3 steps to start securing your data and
minimise the risk for your firm. Plus, here’s how to make cybersecurity an integral part of your value offering.

First, when you move to the cloud, you store data remotely – usually on servers and data centres managed
24/7. There are three tiers of cloud-based software:

  • Internet-connected public clouds e.g. Amazon, Microsoft and Google;
  • Consumer clouds e.g. Facebook, Linkedin, Twitter;
  • Individual company, or ‘private’ clouds.

Cloud-based computing is one of the most secure methods of data storage. If one computer crashes, the
operation will move to another part of the system. Plus, your data will be end-to-end encrypted. That said,
77% of IT pros believe their businesses will be hacked and almost half aren’t ready for it. Plus, according to this
report by Sophos, 42% of IT Pros report at least 1 phishing attempt daily.

Here are three steps you can take to help protect your firm today.

Step One: Train your team on the cyber security essentials.

This is an investment in your firm and employees’ futures. IBM estimated that 90% of all digital data evercreated was generated in the past two years. Much of that is being stored online. That means every time you get into work and open your laptop, or unlock your smartphone and check emails on your commute, you are
accessing and creating data.

If your team were driving cranes, you would make sure they have the correct training. It’s no different
navigating the digital landscape with your laptop and smartphone. If you haven’t already, establish a clear
and concise data security policy. After sharing the reasons behind putting it in place, be sure to onboard
your team from the start and put a strategic plan in place in case of a data breach.

Step Two: Use strong passwords.

Nearly one in five businesses have passwords that are weak or shared, according to a report from Preempt.

While passwords are not the perfect solution, they are often your first line of defense. In fact, Adam
Lovingood, Xero America’s Head of Legal, calls them the “green leafy vegetable of IT security – we knowthey’re good for us, but we don’t really like them”.

Here are six rules of thumb:

  • Avoid using words from the dictionary e.g. the dreaded ‘password’.
  • Use at least 8 characters and a mixture of lowercase, uppercase, numbers and punctuation
    characters.
  • Avoid security-sensitive information, such as dates of birth or your children’s names.
  • Use different passwords on different systems, so make sure your Receipt Bank password is different to
    your Xero password. Also make sure your company account password is different to your personal
    account. Consider using a password manager software such as Password Safe to help you remember
    and manage the multiple logins.
  • Do not write passwords down or send them through email or instant messaging services.
  • If you or your company already have processes in place to help you set up a password, try not to be
    too obvious when changing it – for instance, by changing Password01 to Password02.

Step Three: Do an internal audit of your software.

If you already use cloud-based solutions, make sure your vendors are prioritising security and have adequate
policies in place.

Here are some good questions to start with.

  • Where do they store data?
  • How do they handle breaches?
  • What is their notification process should a breach occur?
  • Do they have other customers in accounting, or highly regulated industries such as insurance?
  • How do their terms and privacy notices read?
  • Do they have a dedicated security officer or team?

Likewise, how would you answer these questions should one of your clients ask you this? Could you answer
each one confidently?

Rather than prioritising cyber security just out of fear of a breach or compliance, put it at the heart of your
services. By preparing yourself first, you can then share these learnings with your clients on cyber security and
data protection, thus add value to your consulting services.

The Original content was posted on ReceiptBank