Everyone’s jumping on the cloud, outsourcing is becoming the norm for accounting firms and telecommuting (even if it’s just for some out of hours work) is becoming more common. But solid, robust security steps can be overlooked. So what can you do to protect your precious data?
Must Read Tips for Cloud and Server Security
We recommend using a timed lockout for all access that means that if a user tries to login they have three attempts to do so and after three unsuccessful attempts the system will lock that user out for one hour. This is a powerful way to stop hackers. This may be part of a whole Intrusion Detection System.
Always have passwords as a mix of numbers, letters and symbols.
You may be interested in hack times released by an anti-virus software company – note the speed at which passwords with words are hacked.
myThomas9876543 – 3.6 seconds
Martin8569 – 12.01 seconds
21Everest – 2 minutes
mammamia – 3 minutes
896rUU – 2 hours
Please note the above is WITHOUT the timed lockout feature we have mentioned which means hacking software would take months or even years to hack a system if the password is the last one.
In addition a username can be as complex as a password (i.e. not a name) to make it even harder.
A way of creating a password is to use a sentence and take the first letter of each word and substitute “$” for the letter “S” and any other substitutions you will easily remember.
E.g. My first house was at 11 Bunning Street
Would give a password: Mfhw@11B$
Do not use email or an instant messaging service to send a password. We recommend you give the password verbally or text the password.
Consider providing the user with an option to change the password during the first login (following our guidelines).
Consider scheduling a password expiry alert to change the password regularly.
If you use a server you should set permissions and restrict access. This is easy to do and an IT contractor can do this for you.
Generally the only person with Admin rights such as being able to delete program files should be the IT Administrator. Depending on your company’s structure, files should only be able to be deleted by those who really must have this option. At the very least deny remote users the permission to delete files, folders and software from the server.
Permissions should be set for each folder on your hard drive to define who has access. Restrict access to systems or application root files.
If your accounting software has the feature, restrict access to individual client files to only those that need the access to that particular file.
Always ensure you have a daily back-up done and remember to change passwords when staff change!
You will be pleased to know BOSS follows very stringent security protocols. In addition we have taken additional security and confidentiality steps ensuring we have taken every reasonable precaution to ensure our clients data is safe in our hands.
So now you know more about the calibre of outsourcing provider we are – why not take a FREE TRIAL?