Getting left behind by technology might at first seem like a lesser concern than, say, exposing your business to the unknown in the cloud.
As a professional risk mitigant and compliance expert, when the cloud comes up your mind might naturally wander to the worst-case scenarios: a large-scale hack that captivates the news cycle has infiltrated your firm. Or, after a long day at the office, your team member loses her tablet on the way home—a device she’s been using to store sensitive client information.
But here’s the thing: whether it’s a swift exposure like human error or a building frustration among clients, using the public cloud or not using it at all both pose risks to your reputation and business integrity.
Mobile technologies are here to stay and today there are ways to run your organization on the cloud while alleviating the security concerns. Here’s how:
1. Meet clients on their terms. As clients become more efficient, they increasingly expect you to do the same. So while certain clients might humor you and use the firm’s clunky (not to mention expensive) internal portals, others will want to continue using notoriously unsecured email. Relying on your clients’ patience or naiveté doesn’t make for a sound long-term business strategy.
Instead, to keep customers happy, you need to use the cloud the way they do—just more securely. CPAs, like most professionals, are already realizing productivity gains made possible by mobile technology and the cloud. For some, though, productivity doesn’t always lead to a positive result. As productivity cuts down on time, it naturally calls into question the future of the billable hour.
In truth, though, this is a huge opportunity. Say goodbye to the most maddening parts of accounting, from chasing down files, hand delivering information to the client’s office, and more. Think about what you might do with that extra time: perhaps serve more clients and do it in a more meaningful way, even focusing on consulting—a much less seasonal but profitable service.
2. Stop the cloud rebellion. A little afraid of the cloud? You’re not alone. Last year, according to the American Institute of CPAs’ Top Technology Initiatives Survey, only 27 percent of U.S. survey respondents were confident about their firm’s or client’s ability to take advantage of emerging technologies. That said, it’s a mistake to deploy a service that doesn’t capitalize on all that the cloud has to offer. Your employees will thank you—and be more likely to follow the rules—if they aren’t tempted to experiment with other solutions because they’re authorized to use a service they already know and love, like Dropbox. Encryption services like Sookasa, which automatically encrypts files stored in Dropbox or emailed through gmail, work seamlessly in the background with cloud services, so users don’t have to change their workflows.
3. Allow BYOD (bring your own device) – with policies in place. One of the greatest conveniences—and biggest risks—for accounting firms and clients alike is the prevalence of personal devices being used at work. On the one hand, reducing costs and enhancing the level of service accountants can provide while working remotely is a no-brainer.
But like it or not, many employees are devising workarounds to incorporate personal tablets and smartphones into their work routines. Turning a blind eye won’t help because the security of your entire firm is only as strong as its weakest link, and it’s a good bet that personal devices are the most vulnerable. IBM’s 2014 Cyber Security Intelligence Index Report shows that breaches are much more likely due to human error — like lost devices — than to hackers.
Educating CPAs about security risks is an important first step—just like they tell their clients about certain compliance risks. But so is implementing physical and network security. Password requirements, encryption technology, and automatic logoff settings are important safeguards for personal devices.
4. Don’t forget the data itself. CPAs and other professionals understandably focus their attention on cloud security, asking questions about how data is stored on a cloud provider’s servers. These are important questions, to be sure, and many providers can attest to the security and compliance on their own servers. But what about the data that trickles down to devices? On-the-go access is arguably the primary benefit of the cloud, but it’s also where security can break down. For that reason, a combination of services is often necessary.
Look for services that couple file-level protection with a seamless user experience. That way, your data is safe no matter where it resides.
Asaf Cidon is CEO and co-founder of Sookasa, and a Stanford PhD candidate specializing in mobile and cloud computing.
