Many businesses are increasingly moving to cloud based accounting solutions but what does this actually mean for your business and your customers? How can you make sure your data is safe? Here are some useful facts about cloud security.
What is the Cloud?
You have almost certainly heard about ‘The Cloud’ and wondered what it all means.
In simple terms, instead of downloading a software solution to your desktop PC or laptop and storing it on the hard drive then adding a data directory to store your data in, both the solution and your data are stored online and accessed via an internet browser from anywhere in the world that has an internet connection on your laptop, PC or tablet.
As internet speeds have improved and the cost of data storage decreased, lots of businesses are moving to cloud based solutions as many of the solutions run online from remote servers and the data that they generate is also stored on those servers.
So it is in fact a bit of misnomer to imagine your business data floating above your head in the clouds.
You are effectively renting space on someone else’s server and accessing it via the internet making it very appealing for businesses who suffer from constantly having to update their hardware to accommodate software upgrades and who need to install more powerful solutions that eat up massive amounts of storage space in order to cater for their ever changing business processes.
This is a major change, and it’s happening fast. IBM recently estimated that 90 percent of all the digital data created to date has been generated in the past two years.
There are good reasons for moving to a Cloud Accounting solution but security is uppermost in the minds of most people. Let’s take a look at Cloud security and provide some useful tips that may help make your data safer in the cloud.
Please note that this guide provides general advice on Cloud security and isn’t intended to cover everything. After reading it, you should be more familiar with ways to secure your data in the cloud.
Remember that nothing is ever 100% secure. Always get professional advice if you have concerns about the security of your data wherever it is held.
Key Benefits of Cloud Accounting
Lower IT Costs but Improved Experience
Cloud based solutions are often based on an affordable monthly subscription so no big capital expense outlay when you can least afford it.
Software upgrades, patches and backups are everyone’s nightmare and very time consuming if you have to download them to every device that uses an on premise solution. Cloud based solutions generally do not need to be upgraded by the user, it is done for you and so represents good savings on your IT support bill. Experienced professionals do the job for you out of office hours so very little down time.
Cloud based software is constantly evolving. New features are added and bugs are fixed as they occur generally meaning you always have the latest software with no need to wait for the next version to be released.
Access from Anywhere at Any Time
As mentioned above, Cloud based applications aren’t tied to a PC or laptop. Using a Cloud based solution enables you to access your software and data from wherever you happen to be as long as you have an internet connection. With most solutions you can use a laptop, desktop, smartphone or tablet. Many newer applications will run in a web browser on almost any device.
Better Business Continuity
Power outages, fires, floods, burglaries, earthquakes – all of these are potential business risks. Cloud based solution users can recover faster from a disaster than those with data stored on-site. You can be up and running within no time.
Cloud based solutions are often able to share data or integrate with each other allowing you to process your information in various different ways. For example, Cloud based accounting software such as Sage 50 and Sage 200 can integrate with third party Cloud Point of Sale solutions. This means that your front and back office data flows easily between each solution.
Cloud Accounting – How is The Data Stored?
Two of the concerns people have about Cloud Accounting is, ‘How is my data stored and how secure is the environment it is stored on?’
As mentioned earlier, in most cases your data is stored on servers in huge data centres, which are secure and managed 24 hours a day. Professional Cloud server solutions use secure and encrypted connections so the journey between your computer and those data servers is as secure as it can be; Data is encrypted on your computer before it’s sent to the remote server and encrypted again on its return journey back to you.
Cloud based solution providers take data security very seriously and work hard to protect your data. But computer hacking is a known hazard; It does happen, but it’s something you can help prevent.
How You Can Make Your Data More Secure
Many high-profile hacking cases in recent years have understandably made us nervous about storing our data in the Cloud. But in most cases, it’s not as simple as the Cloud being the problem. Often it’s the way the Cloud is used that causes issues.
Make Sure Your Passwords are as Secure as They Can Be
The power of passwords cannot be underestimated. So many people use the most obvious passwords in every application that requests one that are just not secure. We all do it – mostly for convenience. It’s easy to keep using the same one over and over again rather than keep having to remember one for each application we use.
So many people use their pet’s name combined with their date of birth, or their child’s name spelled backwards. Or they might use other combinations that seem clever but are actually far too easy to guess.
Short passwords can be cracked so easily. You just give a computer a word list and allow it to come up with every combination of those words. Longer passwords are harder to crack but also harder to remember.
No wonder this is a widely-debated area of computer security.
Try this exercise for yourself:
Search the internet for ‘correct horse battery staple’ for some interesting information.
The golden rule is to keep your passwords long, as random as possible and unrelated to your own life. Use a different password for each Cloud based application. People are increasingly using a Passphrase instead. Passphrases are typically about 20 to 30 characters long and usually harder to crack than passwords. Passphrases need to be meaningful, and not use your birth date or username.
Use Multi-Factor Authentication
In addition to requiring a username and password to log in, some software solutions offer multi-factor authentication. This type of solution is also referred to as Two Factor Authentication or Two Step Authentication depending on the approach used. Multi-factor authentication places an all-important additional layer of security on your login. This means that in addition to your standard login, you are required to provide another factor to authenticate your identity. This is sometimes a unique code generated by a separate application, service or device, or something unique to you – like your fingerprint or voice. This reduces the risk of your account being accessed if your password is compromised.
Take Advantage of Login and Online Activity Monitoring
Some Cloud based applications provide additional information about how their system is being used. Take the time to review the additional security services they provide and take advantage of them – every single precaution you take makes a difference. You may have noticed that many online services display details of when you last logged in to their service. If you notice this is incorrect, or from a suspicious location, then raise it with the appropriate party. Remember: tools like this are provided as a service – they’re there for you to use.
Use Anti-Malware (also known as anti-virus software)
Malware is the short name for malicious software.
In a nutshell it can download itself to any of your devices and steal your data. In most cases this happens because a user of the device has clicked on a link or attachment in an email or visited a website that’s not secure.
Remember the golden rule- If there’s a link or attachment that you don’t know or trust then don’t click on it under any circumstances. Take an extra minute to view the email address that it has been sent from – even it if it looks legitimate on face value – you will more than likely spot a bogus email address and be able to delete the email before you can click on any links or download an attachment.
Do not underestimate Malware, once it is on your machine, it is able to log your User ID, Password, Bank and Credit Card information or anything that you have accessed on your tablet, PC or laptop and send it to a hacker. Malware can also take over your computer and use it to attack other machines.
Malware is designed to be hidden, so it is mighty difficult to notice it by chance. Always make use of anti-malware software on your mobile phone, laptop, desktop PC and tablet and always ensure that it is kept up to date at all times. Hackers spend every waking hour improving their tools to easily get past outdated anti-malware software.
Also make sure you get your anti-malware software from a reputable source. It is not unknown for solutions that appear to be totally genuine to be Malware in disguise. If in doubt visit https://www.virustotal.com/#/home/upload and run a preliminary check. Malware is one of the easiest ways for hackers from all over the world to get access to your device. It is vitally important to take this seriously.
Phishing and Other Hacking Methods
Hacking does not just happen via Malware, it can happen through people.
Imagine the phone call: “Hello, This is Joseph from NatWest. We’re upgrading your Business Banking software but it looks like your password has changed since last time and we can’t get in to do the upgrade. What’s your new password?”
This is type of hacking attempt is called Social Engineering.
The other very prevalent method of hacking is called ‘Phishing’ and is delivered by an email. The email will contain links that the hacker wants you to click on.
Without adequate awareness, your staff can give away vital security information via these types of email and also by incoming phone calls from hackers.
So, the Cloud isn’t always the problem. Attacks are able to be carried out on data stored in-house, as the above examples illustrate. In fact the risk of storing data in-house is actually even greater, because burglary and theft come into the mix and not just from outsiders of your business. There are many cases of staff stealing company data to exploit however they choose. It is far easier to steal a laptop, desktop PC or USB stick full of data than it is to steal information in the Cloud.
Train your staff about online safety and good security practices
It is most unlikely that you would allow your staff to drive a forklift truck without putting them through an accredited training course or work in your all-important sales department without prior training or an induction process. It is equally as important to train your staff on how to use your computer hardware and software properly and to observe standard security measures to avoid Malware attacks, Phishing and Social Engineering scams.
Whatever devices your business uses, your staff should be trained in data security best practices. They should also be given strict criteria for choosing secure passwords on applications used by your business and how to be vigilant and identify Phishing and Social Engineering scams.
Visit https://www.getsafeonline.org/ for information on security best practice.
Cloud Security is All About Your Attitude
Cloud data storage is more secure than storing data on your own business premises. Cloud data storage has a much reduced risk of loss or theft, has more flexibility with the added ability to recover quickly from a disaster.
It cannot be denied that nothing can be perfectly secure on its own.
The way you use something will always affect its security. Few people would leave their house or car unlocked at any time. Take ownership of your Cloud based data security:
- Using sensible Passwords
- Protect your devices against Malware by using a reputable anti-malware solution
- Train your staff to identify risks and be vigilant Phishing and Social Engineering attacks
- Comply with GDPR law about storing other people’s data on your systems
Take a look at some of the Sage Cloud Based solutions now available:
Sage One: https://uk.sageone.com/