BY MICHAEL BOCCARDI
How can the onslaught of headlines announcing yet another corporate data breach not compound the stress of preparing for another tax season? Thoughts of keeping a client’s sensitive personal information and financial records secure in the months leading up to “T-day” certainly weigh heavily on the minds of those who practice accounting. While firewalls and anti-virus software are starting points, they are no longer enough to ensure that financial data remain safe.
As illustrated by data security breaches at national retail and banking giants over the past year, it may be getting harder for consumers to trust any business entity with which they have relationship. Nobody is exempt from a cybersecurity breach. Whether information is mistakenly backed up to an unsecured server, an encryption flaw arises or an internal threat strikes, accountants and their clients can easily find their highly sensitive information exposed. This unfortunate scenario results not only in lost time, income and productivity for the business, but possibly irreparable damage to a heretofore stellar reputation. So, what steps do accountants need to take to ensure that client data remains secure?
Risk mitigation is critical. Part of mitigating risk lies is identifying what types of information need to be protected and where they will be stored. Interestingly, a 2013 survey by CPA2Biz, the American Institute of CPAs’ for-profit technology subsidiary, revealed that as cloud adoption rates across the industry continued to rise, 43 percent of firms surveyed were “somewhat confident” or “not confident at all” in cloud vendors’ ability to manage data breaches. That’s a 15 percent increase over 2012. So if you’re outsourcing your IT to a managed services provider, be sure they can meet both your cloud computing and your data security needs.
Depending on the size of your firm and the number of clients, you may elect to house your data in an off-site data center. For many financial services companies — banks, accounting firms, mortgage brokers — this approach offers the right blend of redundancy, resiliency and monitoring.
If you opt to use a data center, it is important to understand where your data will live and what is being done to protect it. On the physical side, this includes security guards, secure entry and 24/7 monitoring. On the virtual side, it involves intrusion detection, anti-virus applications, firewalls and data pathway security. Regarding physical structure, ask: Is the data center’s address publicly disclosed? Are there redundant power feeds? Is the data center built above the flood plain? Are there other tenants? How is access monitored?
For accounting firms transitioning from on-site to off-site data storage, the change can be nerve-wracking. Thus, it is critical to carefully screen prospective partners and choose the provider that can meet all of your current data storage, compliance and security needs and offer a scalable solution that will continue to meet your business needs well into the future.
If an off-site data center solution isn’t right for your firm, there is still plenty that can be done to keep data safe within your physical space. They key is careful planning — starting with “what will be done to keep data secure” and stemming to “how will we respond if a data breach occurs?”
Let’s start with the physical space: Where will your server live? Does the room have adequate cooling and backup power in place? How is the room secured? Next comes the pathway through which your data will travel: What has been done to secure the pathway? How will you ensure it remains secure? Who will monitor for intrusion? What is the process that will be followed if intrusion is detected? Lastly, in the era of “Bring Your Own Device,” consider how employees’ personal devices used for business will impact policies and processes.
Should a data breach be detected, it is important that, by protocol, clients are informed about the incident and its impact in a timely manner and educated about the corrective measures being taken.
Regardless of on-site or off-site data storage and security, having a comprehensive and up-to-date data security program in place is key to successful business continuity and sustained return on investment.
Michael Boccardi is president, CEO and a co-founder of Cervalis, a Norwalk-based provider of IT infrastructure and managed services solutions. Contact Cervalis at 203-602-2020.