Data security is a top-of-the-mind concern for businesses outsourcing their accounting services. Data breaches continue to occur at a disturbing pace, victimizing high-value targets as well as small to medium businesses. This environment may be cause for concern especially if you are turning over your company's financial information as you outsource to third party bookkeeping services. There are several strategies to consider to protect your company's data whether you are currently a client of an outsourced accounting service or are in the process of sourcing one for a new relationship.
Audit Your Internal Security ControlsSecurity begins in your own backyard. Examine your data generation, collection and storage systems to plug potential leaks. These leaks can come in the form of inadequate controls over access with too many employees given free rein over confidential or sensitive information simply because they belong to the department. In some cases, vendors or business partners may be granted access to records that have very little to do with their transactional relationship with your company.
Small business accounting practices may be wanting when it comes to securing data because of the mistaken notion that the company is too small of a target for malicious hacking. Take note that in most data breaches, hackers were going after personal information such as social security numbers, bank account numbers and passwords, all of which are demographic information contained in your accounting files for your employees, executives and to some extent, your customers.
Collect only information that you actually need to improve records management and improve retrieval as you need it. When you outsource your accounting services to a professional service provider, having a logical and process-driven system of collating data is essential to ensuring a productive relationship. Use database monitoring gateways and firewalls to prevent abuse of privilege and exploitation of system vulnerabilities internally and externally.
Research the Contractor's Security PracticesIt is not enough assurance that the bookkeeping services you are considering has never been a data breach target. You need to find out, preferably with documentation and written proof, everything you can about the company's physical security, data management and records disposal practices.
This is a three-pronged strategy:
1. Security for Physical Facilities or Remote Access Locations
Access points to any and all data must be secured. This includes having restrictions on remote access setups, managing data entry and exit points and created user-level permissions to restrict access. Outsourcing will likely minimize the reliance on paper-based data and reduce the vulnerability of printed data but the security in place for cloud-based systems and remote access needs to be a top priority.
The accounting services firm should support adherence to client security and be able to explain the rigid screening and recruitment process for their employees, especially those who will have access to your files. Employees should undergo extensive background checks and be regularly reviewed to ensure compliance with regulations and requirements. Additionally, each one should be trained and re-trained on the latest strategies and technologies relevant to data security.
3. Computer Networks and Systems
Data servers must be located in secure facilities with adequate activity monitoring systems in place. Each computer and critical process must go through several layers of user authentication, and all external storage portals, including USB, DVD and CD drives must be disabled to prevent unauthorized downloading of client data. The data transfer system must use 128-bit encryption or something comparable to the systems currently used by banks and credit card companies. Most importantly, the contractor must have a data recovery plan in place in case of an unplanned interruption.