Security is a popular topic in the industry at the moment, and it’s come to be expected that updating your security protocols, implementing new systems and reviewing processes can be a massive time sink-hole for accountants. With everything you’re looking at, it ultimately ties back to the biggest question of all: How secure is your firm?
We’ve already talked about how you can improve security internally, by looking at everything from checking passwords, bringing phones to work, training and more. But what about external security?
This is an even bigger question to be asking when you’re looking at the security of your firm, because it’s become common practice for accountants to offload some of their work and outsource. Doesn’t that beg the question “How secure are they?” because depending on what you’re outsourcing, you might be sharing everything from passwords to your various marketing engines to databases of contact information, and if your outsourcers don’t look after this data properly, it still could be you and your firm at risk!
To conclude our mini blog series on security, let’s look at some of the top things accountants outsource and how that can impact your security.
This is one of the top functions of an accountancy firm to outsource. Providers like The Profitable Firm have become a staple component in firms promoting themselves through blogs, website pages, social media and more. But with this relationship comes a caveat: sharing information.
It’s often overlooked when thinking about the “greater good” that is marketing, but when you are working with a marketing company, it becomes common practice to share access to everything, from your website, to marketing engines like MailChimp and even social media accounts.
By doing so, you’re effectively giving a third-party access to a hefty amount of data. Your website could store submissions from your various enquiry forms. Your MailChimp account could contain lists of client email addresses. And it all starts with handing over the passwords to those accounts. In a case like this, it’s important to double check what security protocols these third parties have in place so that your sensitive data is protected on their end too.
It’s a well-known fact that your website is one of the biggest marketing components for any business, let alone accountants. It’s your marketing hub, which means it’s important to keep maintaining it on a regular basis.
One of the lesser known facts, however, is the importance of an SSL certificate for your site. These have become more popular in the past couple of years and have become the norm for any website to have. An SSL (or Secure Sockets Layer) certificate, is an extra layer of security that effectively encrypts your website and therefore safeguards any sensitive data that is being sent through the website. This means any data submitted, whether it be through a contact or payment form, isn’t at risk of being stolen by hackers.
You can tell when a site has an SSL certificate installed by looking at their URL; if it starts with “https” as opposed to “http”, the “s” signifies it’s a secure site. This is becoming more and more important as it has recently been announced that any sites that do not have an SSL certificate will automatically be flagged as unsecure by Google and also de-ranked in Google searches!
Think about your user experience: Would you want to visit your site and be met with a screen that says “This site might be trying to steal your information”? That wouldn’t fill you with confidence in your accountant, let alone how they handle the security of any of your data. But the solution isn’t too difficult. All that you have to do is purchase an SSL certificate, which is readily available through domain and hosting companies, and have that installed on your site. Once that’s done, you can rest easy knowing your site is much more secure than those without an SSL certificate in place.
One of the final avenues that is popular to outsource is the production of accounts and tax returns. As you know, that’s what we do here at Advancetrack, and we like to think we take security pretty seriously with our online system and protocols in place.
If you don’t use Advancetrack, but have been considering outsourcing compliance work, it’s an important question to ask any provider. After all, you’ll regularly be sending financial data belonging to your clients and their businesses, so you want to make sure that this is handled well and protected on their end so that the data isn’t at risk of being stolen.
Security is something that shouldn’t be overlooked, whether it’s internal or external. You need to look at everything from your internal systems, to the processes your outsourcers use, to the training needed for your staff.
When all that is done, your firm will undoubtedly be in a much safer position, as you won’t be leaving the security of your clients’ data to chance!