Cloud Accounting Security: What You Need To Know
on 2 March 2022Ask any accounting professional about their top concerns and undoubtedly security will be near the top of the list. This shouldn’t be surprising given the sensitive nature of the information they consume and share every day.
Bank and credit card statements, transaction data, balance sheets, and other financial records should naturally be kept from unauthorized parties.
IT personnel typically focus on securing an organisation’s on-premise solutions. However, the business world has been trending toward cloud solutions for some years now, bringing up the issue of cloud accounting security. We reached out to several IT, cybersecurity, and finance experts to help answer some FAQs about this topic. Keep reading to see their insights.
Cloud Accounting: Security Issues
“Cloud-based accounting gives companies access to enhanced data gathering and storage, flexibility, and scalability,” says Kathleen Ahmmed, IT leader and co-founder of USCarJunker. “But as cloud computing continues to gain prominence, there is a growing risk of misconfiguration and the ever-present danger of cyber criminals to consider.”
Ahmmed says that failure to have an adequate security strategy in place to mitigate these risks is not only a poor organisational practice, but it may also result in severe consequences, negatively impacting finances, data privacy, and brand reputation. “In turn, this can damage future business growth.”
“Cybercrime is the quickest growing type of criminal activity,” says Dorothea Hudson, cybersecurity expert at Clearsurance. She adds that cyberattacks are moving down the food chain from larger corporations to small- and medium-sized businesses—and they’re evolving in complexity.
Hudson calls out a number of cyberattacks that compromise the security of cloud accounting having to do with passwords, malware, web, denial of service (DoS), malicious code, stolen devices, phishing, social engineering, and ransomware. She notes that the last three have evolved the most rapidly. “These techniques target the human layer of security because it is the weakest link in cyber defense. So it’s essential to prioritize protecting against these people-based attacks.”
Ahmmed says that the lack of physical access to cloud servers is a risk. “Lack of access equates to lack of security—at least from a control standpoint. You’re dependent upon the quality of your cloud provider’s security measures. This includes how they physically secure their data center (e.g., limited physical access) and digitally secure their servers (e.g., data redundancy, back up procedures, breach processes).”
Alex Bryce, co-founder of WeInvoice, calls out multi-tenancy as a risk of cloud-based accounting, noting that resources are usually pooled or shared on a single server. “What this means is that the data for your company is stored in a space that is also used by another client. In cases where hackers target a shared-space company, the hacker may also gain access to your company data.”
What should you look for in a provider to minimize these issues?
The security issues around cloud accounting have been debated since related solutions first entered the market. Cloud-based accounting is secure; however, how secure depends on the provider.
To ensure your data is safe, Dave Nelson, product manager at Claranet Cyber Security, recommends looking for evidence that your data is held by a cloud provider that takes security seriously and invests in specific certifications for a robust security posture. “You might look for ISO27001 or Cyber Essentials Plus as a starting point; however, I'd also verify whether they regularly check for vulnerabilities and perform penetration testing.”
Nate Tsang, CEO of WallStreetZen, adds that you should ask for third-party audit reports, such as an SOC 2 or SAS 70 Type II report, to confirm that the software provider's security measures are up to par. “Some companies have security measures that are pure marketing hype. But these types of audits will give you a realistic picture of their security. Also, be sure to review and verify the credibility of their backup and disaster recovery plans.”
How do you ensure cloud accounting security when working with clients? Keep their data safe with Glasscubes.
As accountants, information sharing and communication is inherent in your business. Therefore, one of the most pertinent tools your accounting firm can take advantage of is a secure client portal such as Glasscubes. Not only does it streamline collaboration internally and externally, it also organises and prioritises workloads and automates mundane administrative activities accountants deal with day to day.
Security is a prime concern at Glasscubes. While some cloud providers maintain all client data in a single data center, we synchronise and distribute data across a minimum of three different physical locations within the UK. This improves cloud accounting security and reduces the risk of data loss due to bad actors or natural disasters. In addition, access to our software uses the highest level of SSL encryption on data—while in transit and at rest.
Accounting departments and dedicated firms are increasingly using our platform to improve collaboration and foster great relationships with their clients because it enables them to:
- Control the flow of information between themselves and their clients
- Gather information from clients in a timely manner and automatically chase overdue or missing items
- Ensure information is acted on as it is received by replacing repetitive actions with a custom, automated workflow
If you’d like a demonstration or want to see how other accountancies are using Glasscubes, learn more here.