You can’t have missed them. Sony, Optus, even the Australian parliament’s e-mail system, each has had their data compromised recently.
The number of data breaches taking place each year is growing fast. And while it’s the hacking of high-profile companies that crowds the headlines, run-of-the-mill accounting data security breaches are becoming more frequent and more costly too.
At the same time, choices for where you can store your data are growing. It’s easier than ever to sign up with an offshore cloud provider, anywhere from Dhaka to Dallas. They all, of course, promise security. But not all providers are equal.
Here are some things you should keep in mind when considering your next move on data security.
Digital encryption is paramount
High-profile data breaches have now become routine. Scarcely a week goes by without a report about a major organisation having been compromised.
Many aren’t organisations short on resources, or security advisers. Security breaches are now an inescapable fact of doing business; a fact an intelligence chief wryly summed up when he said there were two kinds of American companies, those who have been hacked and those who don’t yet know about it.
So, what can you do about it?
Make sure you’re storing your data under the highest-level of security possibility. The current gold standard, used by banks the world over, is “SSL” technology with 256-bit encryption.
Good providers build in other safe gaps. Something like a virus can be crippling, not because it leaks a client’s precious data into the electronic ether, but because it wrecks years’ worth of hard work. Ask your provider what arrangements are made for backing up data – and whether backups are stored securely and far enough away from primary storage sites to balance the risk of natural disasters. Also ask them how regularly they back up.
But don’t forget physical security
Virtual breaches of security get all the attention. And understandably so, tales of intrigue and shadowy hackers in foreign countries are much more interesting than the truth, which is that most data security breaches occur within the office and from someone physically compromising data, such as by stealing a hard drive.
A UK study by PWC last year found that three times more often an employee (47 per cent) was behind an accounting data security breach than an external hacker (16 per cent). Accessing data without authorisation, data leaks and misusing confidential information accounted for about three-quarters of those breaches.
What does that mean? Encryption remains hugely important. But you need to be asking questions of your provider about the physical conditions in which your information is kept. You should be asking questions such as how secure the premises of a company’s server are and whether their staff are entrusted with access to your data, or login details directly. The right provider won’t shy away from these questions.
Choosing the right country can be critical
The great thing about the cloud is that it can theoretically be accessed – and exist – anywhere in the world. Innovative web hosting stations have even been established on the high seas.
But does that mean you ought to go offshore for data hosting? Not necessarily. Changing where your data is stored, and what regulations and laws it needs to comply with is a decision that should be made carefully.
For accountants, some of the potential consequences are not immediately clear. Storing your data in new jurisdictions may make it more difficult to ensure it keeps in line with changing Australian regulation. Data that is hosted in countries such as America and Singapore is also likely to be accessed by authorities with far greater ease.
A good example has come recently in the case of new Australian privacy laws. The government recently passed 13 new ‘principles’ governing the way businesses secure their data, particularly the way they store it online.
Failing to comply carries some pretty serious penalties, of up to $1.7 million for large companies, or $300,000 for small businesses. But if your data provider does business in America, it’s unlikely they will be as in tune with regulatory change here, particularly if Australian and New Zealand customers only constitute a small proportion of their clients. Given how quickly privacy regulation changes, storing your data with a local provider is probably the simplest way to ensuring you stay on the right side of the law.
Of course, these three points shouldn’t be the sole indicators when you’re looking to make a decision on where to place your data, but they are a good starting point. The choices on offer for data security are infinite but so are the needs of any business.
To find out more about the changes affecting accountants, download our free ebook Beyond compliance: Five trends changing the world of accountancy.
Please note that this article is intended for general information only and is not legal advice. You should seek professional advice suitable to your own circumstances.