From the June/July 2008 Issue
Data Storage & Security Using tools easily available on the Internet, it
would take a hacker only minutes to take all of the data off of your laptop.
Your office network, unless you are in the tiny minority of accounting firms
that do more than just basic network security, would not take much longer.
For all of the advances we have made in data storage and retrieval systems,
the greatest problem with going electronic isn’t what format to use or
how fast data can be searched; it is how well we can protect that data from
being hacked and stolen. Cyber-security experts divide the problem into three
areas: data collection, data transmission and data storage.
Data collection security is how we protect data from the time
we accept it from a client until it is safely locked away in storage. There
are any number of threats in the collection area, from a booming market in stolen
laptops to public Wi-Fi systems that make it simple to hack into any computer
that logs on.
Data transmission security is the protection
of data from the office, through the archiving process and on to the data storage
facility. The problems here are hacking, loss of physical storage units such
as hard drives and disks, and interception over the Internet if the data is
Data storage security is the physical security of the stored
data, whether that data is on disks in the office safe or in a secure offsite
data facility. The level of threat to the data depends on where and how it is
stored and accessed. As thorny as the problem of data security may be, the industry
hasn’t exactly made it easy to lock data down. Security systems are too
expensive, too complicated and too cumbersome to make their use easy for even
Nonetheless, there are four easy ways that accountants can help to safeguard
both their own data and that of their clients:
Don’t use Wi-Fi, ever. Sure, it’s convenient.
But there is a reason why none of the agencies of the federal government use
Wi-Fi. It is simply not secure. In particular, avoid the systems where data
thieves most prefer to lurk — coffee shops, hotel lobbies, conference
centers and public parks. The rule is simple: If you use Wi-Fi, you are a
risk to your clients.
Encrypt your hard drive. This means not only your laptop,
but the office computers and home office computers, as well. The software
to do this is built into the operating system of both PCs (Vista BitLocker)
and Macs (Mac OS X FileVault). Both are fast and relatively easy to implement,
though you may want some help with the initial setup.
Store data offsite. Data stored at the accounting firm
is vulnerable in a number of ways, from the office cleaning crew to fire and
flood damage. Storing it offsite is inexpensive these days, and it is relatively
easy to find storage facilities that offer redundant backup, power and physical
security, as well as full-time anti-hacking countermeasures. Just check to
make sure that the facility offers secure transmission of the data, as well.
Get to know Virtual Private Networks (VPNs). A VPN is a
secure, temporary connection inside of a network, including the Internet.
Think of it as a black hole in the Internet that opens on command, lets you
send and receive in a way impossible to hack because no one knows it is there,
and then closes as though it never existed. Again, the ability to do this
is built right into Vista and Mac OS X.
In an era of document management systems, electronic data storage and road
warriors, we have made tremendous progress toward easing the burden of collecting
and using data. But we’ve done far less to secure that data, particularly
when it is being collected and transmitted. It’s an area that will get
a lot of attention in the next few years, though, and accountants who are ahead
of the curve will benefit more rapidly than those who wait.