How to Keep Accounting Data Secure When Working From Home
What do you get when you cross work-from-home orders and highly confidential accounting data? An opportunity to properly secure your sensitive accounting data from anywhere. The best part? It’s much easier (and cheaper!) than you might think.
Read this to learn easy tips you can put in place today to keep your accounting data safe and secure while employees are working from home.
How Secure is My Data?
It’s good to get this out of the way: your data can never be 100% secure. However, that’s no reason to panic and give up the fight! The point of creating a secure environment isn’t to completely eliminate all threats of data breaches.
Instead, creating security over your data helps make a hacker’s job difficult. If it’s too difficult to get into your software and the potential reward isn’t enough to justify all the effort, they’ll give up and move on. When hackers are already in, the second step in securing your data is to limit the damage done
The third option is simply to get yourself insured so potential damages can be covered. However this option sounds the easiest, some damage can never be recovered, like reputation loss or data that you have been collecting for years is now gone and you have to collect it again, which is sometimes simply impossible for various reasons.
In short, data security has 3 layers from which the most important is meant to tire out hackers and make them give up their efforts of breaching your systems. Thankfully, we have several tips that can help you do just that.
Protect Data When Using Non-Company Devices
Using a device provided by your company is ideal. Likely, the device already has proper security measures setup with password-protection and timeout rules.
However, when you’re working from home, you might not have the option. Instead, you can work to make your personal devices more company-friendly. Use a firewall and high-quality anti-virus software to protect against threats when accessing your accounting data from home. Just make sure you’re not installing any illegal software of software from an untrusted source. It’s best to ask your IT professionals what your computer needs in order to be safe and secure.
Some of the common risks you are exposed to when using unlicensed software include credit card and banking info theft, identity theft, ransomware (being locked out of your system until you pay the ransom), ad fraud and even risk the quality of your work being compromised.
If you don’t have a device at home and you can’t go to your office, you could be tempted to use a public device. That may mean a computer at a library or school of some kind. Avoid using public computers! Public computers are at a higher risk of keylogging software, which can record your passwords and login information as you’re typing it.
Password and Login Protection
It’s best if other family members aren’t allowed to use the devices that you’re using for your work. If that’s not possible, have a separate login for yourself. When you finish your work, make sure you’re logging out completely. As a rule, you should be logging out of any computer you use each time you’ve finished working.
When creating a login for yourself, create a strong password. Try not to use any personal details in your password and always mix in some special characters. Then, change your password regularly to keep it secure!
The technology behind this technique is simple. There are two independent sources from which each will validate your login based on independent information they hold about your person.
For instance, login will require a password that is stored (hopefully) in your head only, and of an SMS code or in-app Push message with code that will react to the device, you are not logging onto to be really sure it is really you. The second step can be simpler, such as scanning your retina or your fingerprint which requires much less effort and is more secure than typing in verification code. It's also more convenient as it normally takes just a second.
Creating a two-step verification, or two-factor identification can help prevent unauthorized people from accessing your account. When you set it up, you’ll receive a text message each time someone tries to log into your account.
If you’re the one logging in, you can simply enter the code that you received via text message. However, if you didn’t request the code, you’ll need to change your password immediately.
Hint: Another great way to secure your data is to avoid storing or saving company passwords on your devices, just in case someone gains access to your device.
Learn more about two-step verification and how to set it in this article by The Verge.
Secure Your Workspace
Do you have a designated home office space? If so, make sure it stays as secure as possible. At the end of your workday, close and lock the door. That’s especially important if you live with others, like roommates or children.
If you’re working from a public remote space or near a window, be cautious of your screen. Make sure your screen is facing away from where others may view your data.
Learn more about creating a secure home office here.
Use Caution with Emails and Texts
Personal email accounts and cellphones aren’t as secure as what your company provides. Avoid forwarding any sensitive company accounting or financial data to your personal email account or texting sensitive financial information to others.
Instead, you can use company chat software or video conferencing software that has been approved by your IT team.
Learn more about emailing and texting securely here.
Email Phishing and Spoofing
Emails are a great way for hackers to get your sensitive data. Often, these emails look like they are from trusted sources. The email may state that your account needs to be updated, that you requested a password, or even that your account has been hacked!
Usually, there is a clickable link that will guide you to a website that appears legitimate. However, the website is really just recording the information as you’re typing, like your login credentials. Then, the hacker has everything they need in order to access your account.
Key tip: Don’t click links in emails that take you to a website and ask for credentials, even if the email looks like it’s from a business that you use. Instead, access the official website directly. If you’re unsure, contact the business directly using their phone number and ask if they sent the email.
Rely on Cloud Solutions
Cloud-based accounting software and cloud-based storage options can keep your data more secure. Using a cloud solution for data storage and accounting keeps confidential data off personal and local devices where they may be compromised. Instead, the information is stored securely in the cloud.
Learn more about who are five important cloud accounting companies on the market.
Cloud software is encrypted, meaning it’s very difficult for hackers to break into. Plus, you won’t have to worry about backing up the data or maintaining expensive firewalls and other high-cost security systems. Instead, you can lean on the security already provided by the software.
But that's not all. Cloud often provides multi-layered security that manages your data both physically and digitally. What are these super cool features cloud companies use to protect your data?
- Advanced firewalls. Not just any firewall, but advanced systems checking for data packets, examine the source and destination data and also verify packet integrity.
- Intrusion detection. It can happen - intruder breaks through first lines of defence and gets into the system. That is why there are in place intrusion detection systems, which identify when someone is trying to break in and tracks odd user behaviour that might be an intruder. When a user is evaluated as a treat, he is either evicted or put into Cloud Prison, where he waits till he is properly verified as an actual real user.
- Event logging. In case it is already too late to stop the intruder, it is important to proceed with the analysis of the system, see what happened, how did it happen, and to release safety patch to patch the path. This seems like a far-too-late solution, but it happens quite often that intruder chooses for his first attack so-called poking attack. This attack is meant only to poke defence systems to see whether a full-scale attack would be possible or not. Even logging also serves as a database of all odd user behaviour, the user needs and helps improving security systems by evaluating user behaviour patterns.
- Internal firewalls. In the cloud, similar to other systems, are layers of access, where some accounts may access and some not. Since some attacks manage to penetrate the first less secure level, the internal firewall is meant to prevent the attacker from getting deeper into the system causing more damage.
- Encryption. Encryption is fancy applied math applied to a secure system. Encryption works in a way that every user gets generated (literally calculated) key. This key is then applied to open up the file by calculating its way through the encrypted file. When an attacker steals file that has been encrypted, and couldn't steal pattern, formula which would calculate the file data, he will end up with worthless mesh of characters. Encryption complexity rapidly increases, and as of now, there is standard encryption of 256-bits. The most advanced being AES encryption system. To break this system (to calculate all possible outcomes) it would take, to the most powerful supercomputer in the world (MilkyWay-2) a couple of million years.
- Physical security. Every modern data centre is being monitored by a surveillance system and has on-spot guards to take care of possible in-person intruders, secure data in case of a natural catastrophe or during unexpected events, like a fire attack.
- Insurance. It can happen that this all will fail. What then? In most of the developed world data, centres must be insured. So when there is already data breach, you should be compensated for every misfortune this brings.
Read more about what is the cloud, how does it work, who owns it and how secure it is in this guide by ZarMoney.
Trust No One When It Comes To Sensitive Information
Most often it is not the system that cracks under pressure, it is not encryption that gets decoded, and it isn't some computer wizard that can make your computer spit all its secrets that mismanages your security. In most cases, it is us, people, who give hackers our information freely, mostly unknowingly.
After all, it is said: The simplest way to get your personal information is to simply ask for it.
And the reality is very close to the story. A recent survey by the Bureau of Justice found out that there are 17.6 million Americans are victims of identity theft every year. Now you may say: Yes, that is identity theft, we aren't talking such severe cases here. In fact, as identity theft is being counted anything that is unauthorised under name of someone who isn't us, getting into your database and stealing all your data from your employee's account is a form of identity theft.
What can you do to protect yourself and your data from being stolen?
As this is topic on its own we won't go too much into details here. In a nutshell:
- When someone calls you pretending to be from your school, bank, credit union or governmental institution, don't share your personal information until it is clear that the person is who they claim to be. For instance, ask them to provide you with the official phone number you can call back, wherein most of the cases will be an official person you can ask to connect you back to the agent. Don't forget to check the phone number to be the official number of the institution. Every institution will have the number listed on their websites to prevent such scams.
- Check often accounts where you store your finances and important information, like your accounting, and view the activity log, if your the account allows it. See every transaction, every information copying and deleting and try to remember if it was you who did the action. Should you see actions that look off, immediately contact your system administrator, who will mostly have a tool ready to help you and change your password right away if this is an option.
- Trust nobody when it comes to personal and sensitive information. Sharing your password with a friend on a party can be harmless, but it can be also easily shared furthermore as another harmless joke leading potentially to disaster.
- And other steps mentioned in this article.
Learn more about identity theft in this video by Two Cents.
Be Cautious with Physical Documents
Printed documents are a work-from-home security nightmare - especially for accounting data! Most companies provide on-site paper shredders or confidential bins to protect sensitive information and encourage proper disposal. However, working from home doesn’t necessarily come with that luxury.
First, limit the number of documents you print. Make sure you truly need the document printed before putting it in physical form. Any printed documents with sensitive accounting data on them should be shredded immediately after use and should never be left lying around in an unsecured area.
If you don’t have access to a shredder, hold on to the documents in a secure place until you can dispose of them properly. That may mean taking them into work with you when you finally return and using the paper shredder or confidential bins.
Or simply ask your company to buy you a personal shredder. If you work regularly with sensitive data the investment of $50 will pay off by itself quickly in the peace of mind of your management, yours and a person whose data you're handling.
For instance check out these shredders on Amazon, for as little as $30.
Limit Access to Sensitive Data
Consider limiting your users’ access to financial data. With cloud-based accounting software, it’s easy to assign roles and responsibilities to each team member. Then, you can choose which functions they can perform and what kind of data they can see or change.
You can also consider restricting printing access. Instead, you can make documents with a lot of confidential information read-only and disallow some users from making changes or printing.
This feature doesn't come on all of your software, but should it come to your accounting, companies like ZarMoney provide this feature. Check it out in the feature list.
Consider Remote Privacy Training
During this time, working from home is essential to keeping businesses moving forward. Consider offering a quick training program for your remote employees to help with security. Providing a refresher on how to keep accounting and other confidential data safe during this time can set your business up for success.
Consider addressing these points:
- Refresher on company data security policy
- Personal device policy updates: expectations around using personal devices
- Suspicious behavior reporting procedures and expectations
- Designate a company-wide data storage solution and procedure
- Remind employees not to store passwords or other sensitive information
- Enforce time-outs and encourage employees to sign-out of programs immediately after use
Many of us are longing to the days we get to gather around the water cooler again and talk about our kids’ weekend baseball games. But some people may continue working from home on a regular or semi-regular basis going forward.
Work-from-home orders don’t have to put your accounting data at risk. With these few tips, you can help keep your data secure and keep your business thriving as we move into a new normal. After all, adapting to an ever-changing environment is what business-ownership is all about!
Ready to move to a safer accounting system? Get a FREE trial with ZarMoney today!
We make it easy for you to switch to our cloud-based accounting software.