As you read this, people around the world are using the cloud to easily access everything from email to family photos (e.g., Facebook and Instagram) to their favorite playlists (e.g., Spotify). You’re probably one of them. You’re probably one of them. But, it’s not just individuals who reap the benefits of seamless integration and real-time backups.
According to a 2018 cloud computing survey by IDG, 73 percent of organizations have at least one application or a portion of their enterprise computing infrastructure in the cloud. What’s more, enterprise organizations predicted that they would invest, on average, $3.5 million into cloud apps, platforms, and services within the year. Growing and complex businesses followed suit at $889,000 (which is up from $286,000 in 2016).
There’s no doubt about it: The cloud is shifting the paradigm of software solutions for growing businesses, but this raises an important question: Should you trust the cloud to securely store your business’s sensitive data?
If you’re looking to learn more about cloud security, the following insights will enable you to make a more informed decision.
Is your financial data secure with cloud accounting?
Stories about hackers and data breaches might have you wondering: Is cloud accounting really as safe as everyone says it is?
Before we answer that question, let’s consider the alternative to cloud accounting: self-hosted accounting software. Data stored on a server at your office or business may seem secure and convenient, but if there’s a fire, flood, or a coffee spill, all of your files could be lost in an instant (which nearly happened to businesses like Absolute Drywall and Southern Services & Equipment). Not to mention, data stored on a computer is still vulnerable to viruses and ransomware.
Fortunately, you can mitigate these risks with cloud-based software. From backups and encryption to 24/7 onsite security, cloud-based accounting software offers a defense for threats to your information.
No system is 100 percent foolproof, but it’s safe to say cloud-based software is safer than traditional options. In fact, Microsoft reports that 91 percent of growing and complex business owners said the security of their organization was positively impacted after switching to the cloud.
Wondering how, exactly, all of this works? We’re glad you asked.
How is your data protected in the cloud?
You might envision “the cloud” as bits of data floating around cyberspace, waiting for an app or service to call them into use. The reality is slightly less sci-fi, but far more secure.
Let’s take a look at four factors that ensure optimal security for cloud-based accounting.
Cloud data is stored on physical servers, typically lined up in large rooms or warehouses, that are connected to the internet. Vendors often have servers in several states or even different continents to ensure data doesn’t reside in a single place.
For example, Intuit’s servers are stationed in multiple data centers for redundancy. This means that multiple copies of your information are stored to essentially eliminate the risk of destruction of your information due to equipment malfunctions, power outages, or a natural disaster.
On top of that, Intuit’s data centers and offices maintain 24/7 onsite security.
Did you remember to save last month’s expense reports? Did you make a copy of those invoices? You can spare yourself these questions (and countless more) with cloud-based accounting.
QuickBooks Online Advanced also offers online backup and restore, which automatically backs up your data every few minutes and allows users to restore previous versions from a specific point in time. Think of it as an “auto-save” function for bookkeeping.
We’re not just talking about one backup file, though. Multiple copies of your data are stored in several locations to ensure that your information is never lost. You get the convenience of automatic offsite storage without the extra effort and cost of creating and managing physical backup copies on your own.
And, should the unexpected ever happen to your system, all of your data will still be instantly accessible to you from any computer connected to the internet—all with little to no effort on your part.
(Digital) Paper Trails
Advanced uses unique always-on activity log and audit trail features, both of which record every login to the service as well as any changes made to every financial transaction. These features cannot be turned off by a user.
The always-on activity log is a complete record of activities, while the audit trail is an easy-to-read history of all changes to a specific transaction. That means nothing can happen to your records without you or your accountant knowing all about it. Plus, you’ll always have a paper trail should you need to trace a transaction back to its source.
Cloud-based accounting software uses encryption to move and store data. In other words, your information is rewritten into a code. For example, Advanced utilizes 128-bit SSL encryption, which is the same technology used by some of the world’s top banking institutions.
Advanced is a VeriSign Secured product. VeriSign is the leading secure sockets layer (SSL) Certificate Authority.
Best practices for keeping data safe in the cloud?
According to McAfee’s 2019 Cloud Adoption & Risk Report, 89.6 percent of organizations experience at least one insider threat incident each month. This can be due to malicious activity, but usually involves instances where sensitive information goes to the wrong people.
Cloud service vendors go to great lengths to keep data safe, but you have an important role in the process, too. Here are three important steps you can take to maximize your cloud security.
Define Your User Permissions
First things first: Put the right information in the right hands. Fortunately, QuickBooks Online Advanced makes that simple with custom roles and user permissions, which let you delegate work and manage access to sensitive data.
Each person you invite to use Advanced must create a unique password that nobody else can see. You’ll also get multiple permission levels that let you limit the access privileges of each user.
For example, you might grant a sales rep access to sales transactions like invoices and estimates, but nothing else.
Change Passwords Regularly
Switching up your team members’ passwords is one of the easiest in-house methods to bolster your security in the cloud. Ideally, passwords should be changed every 30 days. Just make sure they’re long and utilize numbers and special characters.
If you want to add a second layer of security, consider multi-factor authentication.
Stay On Alert for Fraud
Fraud prevention is one of the biggest challenges facing small business owners today. Data protection can seem like a complicated responsibility, especially if you have limited resources. That said, following these three tips can help you identify and prevent fraud:
- Only work with companies and individuals you have vetted and trust. Be sure to verify all unsolicited contact with external parties.
- Be wary of malware. Clicking on ads, links, or opening attachments from outside organizations may compromise your information.
- Train your employees to stay aware of potential scams. Your employees are your first line of defense, so be sure they understand what to do if they encounter any red flags.
Legal best practices (read the fine print)
When you transition to cloud-based accounting, there are a few legal matters to consider:
- The American Institute of CPAs (AICPA) reminds accountants they are legally and ethically bound to protect their clients’ sensitive and confidential information. When it comes to choosing a cloud vendor, the AICPA recommends that businesses should write a clause directly into the service contract requiring the vendor to “assume responsibility and legal liability for confidentiality of data.”
- In the event that law enforcement would ever request data from your business, you’ll want to comply without compromising the security of your data. This can be accomplished with a zero-knowledge cloud provision. This puts the only decryption key to your data in your hands, which means law enforcement must speak to you directly instead of going through your cloud provider.
- Your cloud provider can help you avoid commonplace legal issues by working with you to craft a service-level agreement (SLA). This might include a “force majeure” clause that covers unforeseen circumstances.
As a rule of thumb, the more you have in writing, the better.
Ready to Make the Switch?
Does transitioning to cloud-based accounting sound like the right move for your business?
With expanded productivity tools, deeper insights, and premium care, QuickBooks Online Advanced is ideal for growing businesses with complex workflows. Not to mention, Advanced sets the industry standard for security.
To recap: Cloud accounting is quickly becoming the go-to solution for growing businesses, primarily because of enhanced security and ease of use. To maximize your security in the cloud, be sure to define what permissions your employees have and be on the lookout for suspicious activity. Lastly, don’t forget to cover your bases when it comes to the legal fine print.