Data Storage & Security

From the June/July 2008 Issue

Data Storage & Security Using tools easily available on the Internet, it would take a hacker only minutes to take all of the data off of your laptop. Your office network, unless you are in the tiny minority of accounting firms that do more than just basic network security, would not take much longer.

For all of the advances we have made in data storage and retrieval systems, the greatest problem with going electronic isn’t what format to use or how fast data can be searched; it is how well we can protect that data from being hacked and stolen. Cyber-security experts divide the problem into three areas: data collection, data transmission and data storage.

Data collection security is how we protect data from the time we accept it from a client until it is safely locked away in storage. There are any number of threats in the collection area, from a booming market in stolen laptops to public Wi-Fi systems that make it simple to hack into any computer that logs on.

Data transmission security is the protection of data from the office, through the archiving process and on to the data storage facility. The problems here are hacking, loss of physical storage units such as hard drives and disks, and interception over the Internet if the data is transmitted electronically.

Data storage security is the physical security of the stored data, whether that data is on disks in the office safe or in a secure offsite data facility. The level of threat to the data depends on where and how it is stored and accessed. As thorny as the problem of data security may be, the industry hasn’t exactly made it easy to lock data down. Security systems are too expensive, too complicated and too cumbersome to make their use easy for even accomplished networkers.

Nonetheless, there are four easy ways that accountants can help to safeguard both their own data and that of their clients:

Don’t use Wi-Fi, ever. Sure, it’s convenient. But there is a reason why none of the agencies of the federal government use Wi-Fi. It is simply not secure. In particular, avoid the systems where data thieves most prefer to lurk — coffee shops, hotel lobbies, conference centers and public parks. The rule is simple: If you use Wi-Fi, you are a risk to your clients.

Encrypt your hard drive. This means not only your laptop, but the office computers and home office computers, as well. The software to do this is built into the operating system of both PCs (Vista BitLocker) and Macs (Mac OS X FileVault). Both are fast and relatively easy to implement, though you may want some help with the initial setup.

Store data offsite. Data stored at the accounting firm is vulnerable in a number of ways, from the office cleaning crew to fire and flood damage. Storing it offsite is inexpensive these days, and it is relatively easy to find storage facilities that offer redundant backup, power and physical security, as well as full-time anti-hacking countermeasures. Just check to make sure that the facility offers secure transmission of the data, as well.

Get to know Virtual Private Networks (VPNs). A VPN is a secure, temporary connection inside of a network, including the Internet. Think of it as a black hole in the Internet that opens on command, lets you send and receive in a way impossible to hack because no one knows it is there, and then closes as though it never existed. Again, the ability to do this is built right into Vista and Mac OS X.

In an era of document management systems, electronic data storage and road warriors, we have made tremendous progress toward easing the burden of collecting and using data. But we’ve done far less to secure that data, particularly when it is being collected and transmitted. It’s an area that will get a lot of attention in the next few years, though, and accountants who are ahead of the curve will benefit more rapidly than those who wait.