As a bookkeeper, you’re entrusted with some of your clients’ most critical and personal data – a responsibility we know you don’t take lightly! But with cybersecurity threats (and the best practices to protect against them) evolving so rapidly, it can be hard to know what to look for in a partner beyond a promise that they’ll safeguard your clients’ data.
If you’re looking to dig a little deeper, here are five key security features that’ll help you evaluate how well you can rely on your technology partners to keep your and your clients’ information safe and secure.
1. Whether or not data stays in Canada
As part of their work with you, your partner will inevitably end up transferring data that contains personal information to a data centre for storage or processing. And while the physical location of that data centre may not seem relevant to your consideration process at first glance, it’s actually an important consideration from a privacy and liability perspective.
In Canada, different industries and organizations are governed by federal and/or provincial privacy legislation, all of which have stringent requirements for data protection, including those around transferring data across borders.
A bookkeeper risks not only losing client trust, but also being fined with hefty penalties if they fail to ensure personal information is appropriately safeguarded in accordance with applicable Canadian law when transferring data across Canadian borders. Accordingly, teaming up with a partner that stores data in Canadian data centres may assist you in complying with Canadian privacy legislation.
2. Whether or not data is encrypted, regardless of its status
Encrypting data is one of the best ways to keep it from being accessed by unauthorized users. It essentially renders your clients’ information useless to anyone who tries to access it without the highly-protected encryption key that “unlocks” (or decrypts) the data.
To best protect your clients, your partner should be adhering to the highest industry standards for data encryption – whether that data is at rest or is being communicated or transferred. Ideally, each of your clients’ databases should be fully and uniquely encrypted.
3. Whether or not application security has been considered at each stage – from development to daily monitoring
Application security shouldn’t be an afterthought! Any potential partner offering built-in-house software solutions should have application security baked into the development process and rigorously, repeatedly tested from day one. That way, by the time it makes it to the end user (that’s you!), you can feel confident that it’s passed tests administered by both humans and machines under all sorts of conditions – no stone unturned.
But like we said earlier, the landscape of cybersecurity changes lightning-quick… so it’s equally important that application security is frequently tested and protected even after a solution’s already been launched. Look for a partner who does both!
4. Whether or not network activity is top of mind
Similar to application security, your partner should also be judicious when it comes to the monitoring, testing and protection of their own network. They should have a knowledgeable team of security experts and partners of their own who assist with assessing the state of their network security and applying upgrades wherever needed. Don’t be afraid to ask questions about how they manage this within their own business.
5. Whether or not multi-factor authentication is available
Yes, we can hear your groans of impatience from here… and yes, we know that multi-factor authentication (MFA) adds a step. But by requiring anyone on your team who accesses your clients’ data to verify their ID through more than just a username and password, your partner is safeguarding this information on your behalf that much more effectively.
We promise – it’s worth the additional few seconds that it’ll take to log in! Look for a technology partner that offers or mandates MFA as part of their login process.
Remember: in the world of cybersecurity, it’s always better to be proactive than reactive. Your clients depend on you to keep their data safe, and the right partner can help you do just that.
And in the meantime, check out Payworks’ comprehensive Security Best Practices EBook for guidance and easy tips on how you and your team can help safeguard your client’s data (and your own!) with confidence.
_____________________________________________________________________
This article is produced by Payworks as an information service. It is not intended to substitute professional legal, regulatory, tax, or financial advice. Readers must rely on their own advisors, as applicable, for such advice.