Just like safely locking a file cabinet of financial paperwork, you need to make sure your software is protecting your organization’s digital records.
That means making sure the software your business or nonprofit uses – one of your digital filing cabinets – has appropriate security features that you and your employees can take advantage of.
There were more than 332,000 victims who reported phishing, personal and corporate data breaches, and identity theft to the FBI last year, according to the agency’s 2020 Internet Crime Report. Those kinds of cybercrimes can make your systems vulnerable, when hackers are able to gain access to hardware, personal information and credentials.
It’s critical that everyone in your business use best practices to safeguard their digital presence. I’ve shared my top recommendations for online security before, and it’s worth revisiting them. If your software has been compromised, these are the steps to take after a hack. But to avoid a hack, there are steps you can take as business owner to be sure that your software solutions are secure and protected.
1. Choose Software with Strong Security and Features
How secure your business’ data and clients’ data is starts with the software and systems you choose. When considering a new software platform or assessing your current suite of tools, there are a handful of key phrases you want to see.
- SSL (Secure Sockets Layer) and TLS (Transport Layer Security) for encrypted communication on the web.
- A software as a service (SaaS) website should include “https” at the beginning of its URL, which means it has an SSL certificate.
- Automated security monitoring and detection, to flag the company and warn you if there’s suspicious activity.
- Safe data centers – although it shouldn’t tell you which ones it uses, for security purposes!
- Built-in features, like the ones listed below, to give you more control and peace of mind.
If the software and systems you’re currently using don’t have these kinds of security features, I’d strongly recommend reassessing your options. What else is on the market that can meet your needs – and do it with your protection in mind?
2. Create Unique Login Credentials, with Multi-Factor Authorization for Each User
Shared accounts and passwords are a big “no” when you put security first. It’s true that assigning each user their own login credentials is the honest way to pay for software service, but there are distinctive security benefits for your business, too. When every person has their own login, you can pinpoint which users were responsible for which actions within the software, or with whom a security breach may have started.
Individual logins also mean you can turn on 2-factor authentication (2FA) or multi-factor authentication (MFA). That means the user is required to put in both a unique password and confirm their login attempt in some other way – maybe through a physical authentication token, an authentication app, a text or an email. If a password is guessed or stolen, the additional verification steps can keep your software safe.
3. Manage User Roles and Permissions
Not everyone at your business needs to have admin-level access to your software. For example, in QuickBooks Online and QuickBooks Desktop, you can set up your accountant, your trusted full-time employees and your contractors with varying permission levels to restrict what information they can see and change.
This kind of feature is great for protecting your business from corporate data breaches by making sure no one has access to more data or information than they need. If their account is compromised, a hacker won’t have all the keys to the castle.
4. Take Advantage of Activity Logs
Many software applications include an administrator-accessible record of actions happening in the app, including which user completed the action and what time and date it happened. These records can be invaluable, including everything from logins to specific transaction histories.
Make it part of your business maintenance routine to check these digital records for any abnormal activity. If something strange comes up, it’s handy to know how to access the activity log to get to the bottom of the situation.
5. Implement and Train on Best Practices
As the leader for your organization, you need to set a sterling example of good digital hygiene. Stay on top of what the latest best practices are for digital security – and then share those with anyone who has access to your software. Provide security training to your staff that you repeat intermittently as a refresher.
Include these tips in your training:
- Private connections: Log in to accounts with sensitive data only on private devices and secure WiFi networks. For example, don’t open your QuickBooks app while connected to an open public wireless network.
- Passwords: There are four big rules for passwords. Shoot for double-digits in length, use random assortments of numbers, characters and letters, and make each one different from any other password you use. Don’t write your passwords down; instead, use a password manager to keep track of passwords and keep them safe.
- Phishing: Beware of phishing attempts; always double-check the sender’s email address before you click on any links or download attachments.
- Logging out: Log out of web apps and software when you’re finished using them. When you step away from your laptop or computer, put it to sleep or log out.
Get Secure Software That Works for You
Some of our top picks for software solutions – QuickBooks, Bill.com and CashFlowTool – have these kinds of great security features. It’s part of why we recommend these tools for small businesses and nonprofits such as churches.
If you’d like help exploring your software options to find solutions that meet your needs, while also offering the security that businesses must have to protect data and avoid hacking, SBS Accounting & Advisors can help you assess the landscape and choose the software that’s right for you. Contact us today to set your organization up with safer online systems and practices.