Your accounting system contains the information critical to running your business – including information that you really don’t want “bad actors” to get their hands on. Here we touch on a few key things to put in place to keep your system safe.
Properly Train Employees
Your employee handbook probably details in depth your security policy and how to properly interact with hardware and software so that the company is not affected by any accidental risks employees may take while using the system. But hackers have gotten incredibly creative. From targeted phishing attacks to social engineering, they will go out of their way to gain access to your systems.
While handbooks are important, it is also important that your employees are properly trained in the subject. Training on security measures is best done interactively. You can role-play different ways that data breaches may occur and even make a fun game out of the training process, or contract with a security training company to provide online or in-person interactive training that allows you to evaluate and track each employee’s progress individually, as well as keep testing them over time. At the end of the training, all of the employees in your organization should know how to avoid putting the company and your valuable data at unnecessary risk.
Password protection sounds like a no brainer when it comes to accounting system security, right? Unfortunately, easily cracked passwords are one of the most common ways that systems get hacked. Passwords should not be familiar names, places, or dates that wouldn’t take a lot of thought or research to figure out. At a minimum password should be 12 characters and have a combination of letters, numbers, and symbols. It is also important that different accounts have different passwords, so if one is found out, everything is not compromised. This includes not re-using your favorite personal password at work!
Ever walk by someone’s desk and glance at the post-it notes they have on their monitor or stashed under their keyboard or on top of a desk drawer? How many of them contain passwords? This is another common way your systems can be compromised without you being aware of how the hacker got in.
If you really want to go the extra mile, two-factor authentication, biometrics, security keys are another option.
With any organization, it is important to monitor your employee’s activity. Are they regularly accessing information they shouldn’t? Has someone’s access pattern changed dramatically recently? Are they logging in from a foreign country, when you know they are sitting in the office next door? Setting up security notifications on user activity can help you keep an eye on things in your accounting system without dedicating a ton of time constantly monitoring it yourself.
The best thing you can do in ensuring accounting security is finding a trusted provider that you can truly rely on. Make sure you are comfortable with their security protocols and research them before choosing a solution. How often do they conduct security audits? What tools do they use to monitor the security of your data, and what tools do they provide you to do the same?
If your accounting system is on-premises, it’s worth having a meeting with your IT team to understand how they are securing your system and what they are doing to protect it. Has your company had a recent security audit? What vulnerabilities were identified, and what plan is in place to correct them? The days of assuming that your system is too small or too anything to not attract attention are over – ensuring that your data is secure is critical in today’s environment.