Posts

A certified public accountant working on tax audits on the cloud on a secure laptop during tax season.

5 Data Protection Tips for CPA’s During Tax Season

/in /by

Tax season is the busiest time for certified public accountants (CPA’s) and hackers alike. While companies wonder how CPA’s can stay safe during tax season, hackers wonder how to get their data. This makes tax season the most critical time for any CPA to protect their client data.

Accounting systems have different ways to secure data, from secure cloud servers to partnering with a Managed Service Provider. With that said, here’s why it’s vital for certified public accountants to secure their data, and why it’s especially crucial during the tax season.

Threats Against Certified Public Accountants

CPA’s must protect their data year-round, especially during the tax season when hackers are most likely trying to breach your system. According to the FBI, hackers are attacking accountants and companies even more since the pandemic started, with more than 4,000 cybersecurity complaints a day.

Hackers are looking for the easiest way to target your CPA firm or company, targeting any area or loophole they can find. Cyber-attacks can happen anywhere and at any time, with different threat levels for various company sizes.

Types of cyber attacks such as:

  • Phishing attacks
  • Malware attacks
  • Ransomware attacks
  • Social engineering

CPA’s must protect their data and devices from hackers, or they may lose their business in the future. Companies need to start finding ways to improve their security, from commercial insurance to a more robust IT security strategy all year-round.

Here are 5 data protection tips your accounting firm can use to protect your data for this year’s tax season.

1. Cybersecurity Education For Employees

CPA firms must educate their employees on cybersecurity. Cybersecurity is an ongoing process, and companies need to ensure that their employees are up to date on the latest security standards.

From simple data breaches to ransomware, companies experience all kinds of cyberattacks. Many of these breaches result from human error, and employees may be the weakest link in your company’s security. You want to ensure that you and your team members can at least identify cyber fraud and social engineering efforts.

For starters, even the most basic education on phishing attacks, malware, ransomware, and encryption should help reduce human errors within the company. As a fact, 91% of all cyber-attacks on accounting firms come in the form of phishing scams. A proactive IT team should be able to help CPA’s to identify such threats and provide much-needed solutions.

When it comes to cybersecurity, most companies are worried about external threats. However, internal threats are a real threat, too. For example, an employee may accidentally delete important information, accidentally send it to the wrong person, or accidentally save it to the wrong server.

2. Passwords Are Not Enough

Passwords only protect one part of the data: the access point. Hackers have many ways to connect to your system, access your data, and take them away from you. This data is not only emails but also client financial information.

Companies’ number one mistake in security is using the same password for multiple systems. Even with a secure password, hackers can still penetrate an insecure database. Additionally, most networks use passwords that are easy to guess, so hackers can easily brute force their way into your system.

Building a secure system goes beyond using passwords. Additional security like authorization keys, granular permissions, two-factor authentication and secure VPN’s are some vital protocols that any CPA must consider.

VPN’s are an entirely different way to secure servers. VPN’s create a secure tunnel for your data, keeping it safe from the outside. SSL VPN’s encrypt the data, which means hackers can’t read it, nor can they breach your system.

With a VPN or cloud platform, your company can log in to any system without worrying about any threats. You’ll also protect your network’s security from outside threats, as well as keep your business’s data safe.

When CPA’s store their clients’ information, they must ensure that it is secure and encrypted; otherwise, they may face serious legal consequences. If you have information kept in the cloud, check that your IT service provider adheres to the proper compliance requirements for protection. Additionally, confirm they have a safety procedures & technology in position to ensure your information continues to be secure.

3. Secure Communication Channels Matter

When CPA’s communicate with their clients, they must make sure that their emails are encrypted, protecting both identities and information. According to the United States General Services Administration, more than 80% of companies do not have encryption on their email.

Data breaches and leaks happen because companies do not encrypt their emails, and criminals can easily intercept them. When you encrypt your emails, you protect both identities and information.

You want to secure your company’s internal communications to ensure that no man-in-the-middle attacks are happening on your watch. Companies need to add a more robust encryption channel, especially when dealing with client information, regardless of client size.

4. Build a Business Continuity Plan

Data breaches and network outages happen every day. Usually, businesses only plan for these threats when it’s too late. Having a business continuity & disaster recovery plan in place should protect your CPA firm from these kinds of data security issues.

Strategic IT security plans protect companies from disasters and threats while following compliance standards. They include backing up your data and ensuring that your information is secure at all times.

Additionally, having a plan protects you from potential lawsuits, as even a minor data breach can incur steep fines, costing your company thousands of dollars.

5. Partner with the Best Managed IT Provider

If you are entrusting your clients’ tax information in the Cloud, you should ensure it remains in secure hands. Naturally, it is your IT department/provider’s obligation to guarantee your information is safe and also available for your team. However, are they doing all that is required to guarantee this occurs?

It is extremely vital to pick a credible Managed IT Services & Cloud provider since you are basically turning over all your information to them. So, besides enhancing your defenses, you should verify just how well-prepared they are to prevent the dangers postured by cybercriminals.

Secure cloud servers are also vital, ensuring secure backups for all your data. Compliance standards like the GDPR and SOC Types 1 & 2 provide a strong enough guideline that CPA’s and accounting firms can follow to help protect client data.

The Bottom Line

Security is never static. CPA’s and accounting firms need to secure their data at all times, whether they’re busy preparing taxes or in the middle of an audit. Having a solid disaster recovery plan in place or adopting IT for Accounting protects your company, your clients’ information, and your company’s finances.

Even the slightest breach can be catastrophic for CPA’s and companies alike. Beefing up your security, not only during tax season, but the entire year, is a crucial process to keep your business running.

If you’re an accounting business owner looking for peace of mind this tax season, Contact Us today for a Free IT Evaluation. Nerds Support will provide all the help and advice we can give to put your business on the path to grow!

Accounting Firm Scams Vulnerabilities Thumbnail

Top 5 Vulnerabilities Accounting Firms Face

/in /by

It seems like every other day now institutions big and small are experiencing some form of cyberattack. With the growing emergence of remote work solutions last year, businesses had to adapt to the need for flexibility for the their teams. Unfortunately, this came with a lot of security concerns about vulnerabilities. Local governments, banking institutions, tech and networking companies have all undergone some sort of cyber breach. However, accounting firms are likelier than other businesses to fall victim to a cyberattack due to the wealth of sensitive client information they store in order to conduct business.

Since cybercriminals are always exploiting vulnerabilities and finding new malware to access financial information of accounting clients, it’s important to understand cyber threats your firm faces in 2020. So when an accountant thinks about cyber risks they’re susceptible to they think about attacks from outside the firm. Unfortunately, the cyber threats that could negatively impact the firm are ones that firms are responsible for. The good news is they can be prevented.

Here are five  main vulnerabilities CPA’s face today.

Why are CPA Employees at the Root of a Data Breach?

1) Human Error

Human error is the leading cause of accounting mistakes and it’s also the leading cause of cyber security threats. 90 percent of data breaches are caused by human error, according to a study by Kaspersky.

Bring your own device (BYOD) culture puts financial firms at risk when accountants neglect to check their network security. If an accountant has sensitive data on their personal device and decides to go to a coffee shop like Starbucks, it’s possible that a hacker can access that information because the user’s connected to a vulnerable, public wifi network.

Solution

Establish strict guidelines to limit the use of personal devices when handling accounts and client data.

2) Weak Passwords

Among the most common mistakes accounting professionals make is setting up weak passwords for accounts. Accountants should create separate passwords for their email, applications, and systems according to best practices. The reality is accountants, like many other people, tend to use the same password for all three. As a result, they make a hacker’s job much easier.

Passwords are a lot like keys. Imagine if you had one key for your house, your car and your business.  All anyone has to do to ruin your life is get hold of that key. Now, lets push this analogy even further. Imagine that same universal key. Not only does it provide access to all these valuable things but every night before you go to bed you leave it under a flowerpot outside for safe keeping. It might not be as obvious as leaving it out in the open, but it wouldn’t take long to find.

That is exactly what accountants do online. They create passwords that are easy for them to remember. Passwords are often anniversary dates, names of pets or loved ones, or the schools they studied in. Like the key in the flowerpot, a thief might not know exactly where it’s is hidden, but after some snooping around and persistence, they’d find it.

Social Media is a Hackers’ Greatest Tool

In today’s world of social media and online communication, personal information is available to everyone willing to look for it. A cyber criminal just needs to do a minimum amount of work looking through social media accounts to find anniversary dates, names of pets or loved ones, and the schools a target studied in.

That’s not to say accountants should rid themselves of all social media and eliminate their online presence. That’s a very extreme approach and, more importantly, is impossible. We shop online, we bank online, we purchase food online, we buy tickets online. All these things create a profile of who you are and can be leveraged to gain access to your accounts.

Solution

It is essential for accountants to set strong passwords for all their accounts. What are strong passwords? A strong password is a combination of letters (capital and lowercase), special characters like punctuation marks, and numbers or numerals. Stay away from passwords relating to your personal life as often as possible. A hacker will use whatever information they can to infiltrate a firm.

To avoid this firms should consider simple security methods like having users change their passwords monthly or at least quarterly and limit access through mobile devices. Also using multi-factor authentication software when accessing accounts can prevent breaches.

Accounting Firm Scams Vulnerabilities Statistics

3) Phishing

This leads me to the next cybersecurity danger CPA’s face: Phishing. Phishing emails are used to manipulate the reader to click on a link or attachment infected with malware or a virus. They are a form of social engineering. Whether  you’re a large firm or small you’re vulnerable because statistics are on the hacker’s side.  All it takes is one successful attempt to access the firm’s data. In other words, they only need to trick one employee to access the firm’s data.

Phishing attacks a varied and wide-ranging. They can come in the form of a credit card alert, a notice from a non-profit, a package shipment delay and others. However, now that there’s more awareness of phishing scams, scammers adapted to make attacks even more believable by hyper focusing on a specific target.

A target phishing email is known as spear phishing. Cybercriminals use everything they can find on the target to legitimize the email. They’ll make references to people in your life, places you’ve lived in, things that you’ve done to give you a false sense of security. For example, if you get an email from a store you’ve shopped at offering you deals on products you’re likely to buy, you’re likelier to open the email without question.

Avoiding spear phishing attacks means having the proper securities in place and training personnel to create a security first culture. Businesses can use phishing simulations to train accountants to recognize them also.

4) Malware

Malware is installed through a phishing email attachment or link to an infected web page. The scary thing about malware is that it can stay dormant for weeks or even months before it’s used to steal information or take over systems. There are even ways to purchase malware online through the dark web. In other words, cyber criminals no longer need to be tech savvy to deploy malware. They can be anyone.

Solution

Since Malware is installed through social engineering, the solutions are the same.  Accounting firms should have protocols in place to alert IT personnel when a request comes in through email. Managed Service providers, like Nerds Support, have alert system that notifies systems engineers of potentially fraudulent emails.

Our e-book goes into more detail on the benefits of e-mail and spam security services.

5) Cryptojacking

Cryptojacking is relatively new and unlike malware attacks, its goal is to mine cryptocurrencies on behalf of the hacker by using the victim’s devices. They gain access to the devices by using phishing techniques. They imbed crypto mining malware in popular websites in the form of free browser extensions.

Crypto currencies are valuable to hackers because they’re untraceable and can be used for purchase and exchange on the dark web. Furthermore, the attractive thing about cryptojacking is that it runs secretly and can go undetected for a long time. And since nothing gets stolen or encrypted, there’s little incentive to do anything about it.

 Solution

Other than training firms should implement endpoint protection/antivirus software that detect crypto miners. IT support should create a continuity strategy in case of an attack.  Another thing you can do is keep track and maintain browser extensions.

Conclusion

An October 13 story by CNBC reported that Cyberattacks cost small companies $200,000 on average. 60% of the businesses attacked go out of business within six months. Accounting firms are among the most targeted types of businesses today. Moreover, cyber crime has become the fastest growing type of crime costing businesses 5.2 trillion worldwide in the next five years.

Pandora’s box has been opened and now more than ever CPA’s cannot afford to take unnecessary risks. Adopting strategies and continuity plans to limit the impact of cyberattacks and phishing scams is key.

P.S. Cloud accounting is a growing field and provides unique solutions to many of these problems. Visit our page on IT Support for Accountants to learn more about how IT solutions could give your CPA firm the security and advantage it deserves to stay competitive.

Nerds Support Contact Us Leaderboard

How Accounting CPA's will continue post the pandemic

Accounting in a Post Pandemic Era

/in /by

Last year’s pandemic has impacted nearly every business in the country. Now, accountants might find themselves wondering how to create a secure work environment for themselves and their clients.

The needs of your clients are changing and so is the industry. Furthermore, new regulations created as a consequence of COVID-19 are affecting business practices.

With that in mind, here are a few changes that CPA’s will experience in the coming years.

Employees

All businesses including CPA firms are looking to get employees back to work.  These are some guidelines that might help your firm organize itself as the country begins to open up again.

  1.  EEOC sub regulatory guidance is a mouthful, but it is also important when considering how to navigate your firm’s re-opening process. According to EEOC guidance, employers are permitted to test for the presence of the COVID-19 virus before allowing employees to enter the place of work.
  2.  Employers must ensure the right infection controls regarding testing and be cautious of false positives and false negatives. Keep in mind that even the most accurate test only detects the virus if it’s currently present in the body. It does not guarantee the employee will not get the virus later.
  3.  Temperature checks are permissible under EEOC guidelines. However, who should administer the checks and how to administer them are not clear.
  4.  Employees testing positive for COVID-19 should be isolated from others and the workplace. Employers are encouraged to follow CDC and OSHA guidelines, which include closing off areas used by the sick employee, cleaning and disinfecting the environment, and informing other employees of any possible exposure to the virus in the office.
  5. Results from a COVID-19 test or temperature check fall under ADA confidentiality provisions. These tests are considered confidential information that should be kept in a secure location away from other employee information.

Industry

We covered employees, but what about changes in the industry itself? The COVID-19 crisis has accelerated certain trends and shifted others. Let’s review what some of those are.

A Shift in Duties For CPA’s

Small-business clients need help accessing relief programs in the CARES Act and the Paycheck Protection Program specifically. This means firms need to quickly transition from consulting to advisors as they help businesses get through the lockdown.  Financing reviews, a lot of cash flow forecasting and evaluating relief packages will be more important through tax season and the next few months.

Working Remotely

Experts agree that remote work for CPA’s is going to become the new normal. With companies like Twitter, Facebook and more making remote work permanent.

Although remote work was projected by  to increase gradually, the lockdown sped up the process. Firms were forced to quickly adopt remote enabling technologies like Video conferencing apps and the cloud.

Cloud Accounting

Speaking of the cloud, the move to remote operations has been difficult for firms who complain that apps like Zoom are not working well with their Citrix environment. That’s mainly because these firms have only partially moved over to the cloud.

Cloud accounting is an inevitability now that we know a pandemic can force us to work beyond the office at any moment.

A firm that was not prepared likely did not have the time to migrate to the cloud all of their applications and infrastructure over. So as things begin to pick up speed they’ll do so.

Moving to the cloud is not as easy as choosing to do so. There are steps to cloud migration. Moreover, the quality of the cloud service depends on the quality of the provider. Firms must familiarize themselves with the different types of cloud services: public, private and hybrid clouds.

By choosing a large public cloud like Amazon Web Services, you could be sacrificing personalized care. Choose a cloud that lacks the proper regulatory standards and it might hurt your firm more than it helps.

The chief concern for all CPA’s should be to assist clients, help save businesses and keep jobs.  CPA’s are the financial experts both individuals and main street businesses need right now. Having the right tools in place is going to be essential.

Accountants may have the technology to work remotely but not all of them have everything they require to work efficiently. Although being in the office doesn’t compare with being at home, adjusting is a matter of making the right choices.

Clients

Additionally, accountants can’t meet face-to-face with clients so they’ll resort to remote advising as a way to adjust. However, just like remote work, remote advising is going to outlast the lockdown it seems.

Accountants and clients will adjust to working from the comfort of their homes without having to bare long commutes or wait in an office.

Remote advising will redefine what it means to be an accountant like tax application services are doing now. Firms will realize that remote advising is not just a way of working through a pandemic but perhaps a more efficient way of doing business for both them and their clients.

Firms

Although the long-term consequences of the lockdown are still unknown, accountants need to see themselves as advisors businesses need to survive. Firms of all sizes are going to called on by their clients to help them though the economic downturns created by the lockdown.

CPA’s, unlike other professions, are facing an opportunity for growth. Accounting firms should position themselves as the first responders during a financial crisis. Employers, businesses and average citizens are looking for help. They want to apply for loan programs, government assistance, and financial relief programs. All of these examples require knowledgeable of tax, accounting and payroll.

CPA Firms Data Cloud Protection

How CPA Firms Benefit from Miami Data Protection

/in /by

All CPA firms have sensitive data that should they fall into the hands of cyber attackers, would be a disaster for their business. It could be anything from important personal files and client data, to product information and financial transactions. For that reason, data protection should be a serious consideration for any company. Proper data protection with managed services should guard your firm’s data while making it available to employees who need it. Moreover, it should ensure the data remains confidential, especially due to the possible security threat of remote workers operating on non-compliant company devices.

Data is currently the lifeblood of a business. That is why Facebook and Google became the tech giants they are today. The amount of data they have over their users is so valuable, industries depended on them to drive business, develop relationships and predict behaviors.

Imagine if that data were stolen and used for nefarious purposes. Imagine if it were sold on the black market or bought by a third party. You don’t have to be Facebook or Google to appreciate the severity of a situation like this. If your industry fails to protect both client and employee data, this could destroy your business.

Customers have a minimum expectation that your firm or business will keep that data safe. Data governance builds trust and trust builds a business. There are practices that everyone needs to follow to protect important data from breach.

Now more than ever, you find data hacks and attackers everywhere online. 53 percent of companies experienced a cyber-attack in the last year. This was up from 38 percent the previous year. This is why finding the right services that offer data protection in Miami is a good idea. Ransomware and hackers in particular are hitting accounting, the financial services industry and even educational companies all over the world.

Data protection keeps hackers from taking advantage of human errors

Whether you like it or not, human errors can appear from time to time in just about any business. And yes, they can lead to lots of downtime. Hackers will wait for such an error to appear and they will immediately gain access to your business information. If you don’t store your information adequately, hackers will just attack your business, and that can lead to a huge set of problems in the long term.

Training

This is such a huge issue that government regulations are now in place that make data governance a requirement. An important component of safety measures is security awareness training. Employees need to understand the importance of data security and procedures.

Online Safety

Our online activities reveal aspects of our daily life. What we search, where we enter our names, home address, and phone numbers. Facts about our education, our shopping habits, all of these things are recorded on the internet.

The amount of information that can be found on the internet is staggering. People expose their private lives online on a regular basis and that means these details can be exploited to gain access to employee information at work.

Data protection keeps hackers from taking advantage of human errors.  There are three main human errors that cyber attackers leverage to gain sensitive data:

Error 1: Phishing

Phishing and pretexting account for 93 percent of social related breaches, and email attacks are the most common.
The biggest mistake companies make is to neglect cyber until an attack or breach occurs. What every financial organization, accounting firm, and any business with sensitive data needs to do is create a security focused culture. Taking the time to address important warnings and issues in brief meetings or short five minute videos can give your business a huge advantage over cyber criminals.

Error 2: Poor passwords

81 percent of company data breaches are due to weak passwords. That’s because people recycle the same passwords across their various online accounts. Not only do people use the same passwords, but they continue to use those passwords as long as possible until it they’re told to change it by an IT department or affected by a cyber-attack. Businesses need to take an active role in helping their staff develop password good password hygiene. The reason many people use reuse these passwords are fear of forgetting. In fact, it was the number one reason for reuse. 61 percent of users admitted this in a poll by Lastpass.

There are password manager software applications that collect data and store it in encrypted databases. Nerds Support uses password expiration tools that instructs users to change their password every 30 days.

Error 3: Unauthorized access to devices

Although  industries  have become more mobile through smartphone technology, tablets and laptops, companies still issue devices to their employees. Over half of working adults allow friends and family to access employer-issued devices at home. Furthermore, it’s possible for employees to download malware that could gain access to important data and applications.
Implementing security controls on devices like two factor authentication and password protection is necessary in this case to avoid these risks. Also, introducing a thorough and comprehensive information security plan that addresses such concerns will lead to a more cyber secure culture within the workplace.

This is especially important for accounting firms due to the sensitive nature of their data. Financial firms are also vulnerable to these types of human error and critically impact the business. Nerd Support’s cloud accounting technology mitigates these risks by implementing rigid compliance centered practices.

Data protection Safeguards Against Breaches

Daily data backups, storing your data in an undisclosed location and taking the security measures mentioned above can go a long way. Data protection needs to be a top priority for all industries, because not only will you lose data, you’ll lose trust and eventually clients.

 

CPA Firms Data Protection Statistics

 

Daily data backups, storing your data in an undisclosed location and taking the security measures mentioned above can go a long way. Data protection needs to be a top priority for all industries, because not only will you lose data, you’ll lose trust and eventually clients.

Data Protection saves you money

The average total cost of a data breach is 3.92 million US dollars, according to extensive study by the Ponemon Institute. The average size of that data breach is 25, 575 records. In other words, 25,575 records are stolen on average whenever there is a data breach. Having strong protections is not a luxury, it’s a necessary investment. Most companies don’t realize this until a breach has taken place. The true financial impact is immeasurable when you consider future losses due loss of trust, credibility as well as the fines and fees.

Data protection keeps your company in compliance with the law

All businesses must safeguard their data. In Florida it’s important to remain compliant with the Florida information protection act of 2014. It’s a lot easier to avoid any potential lawsuits this way too. And, the most important thing, this way you can create powerful business relationships with each client.

By following compliance standards many of the vulnerabilities associated with human error are eliminated entirely. So you need to find IT solutions that take compliance not only into consideration but make compliance the basis for those solutions.

For accounting, it’s GAAP compliance standards that should be met. In the case of financial services, using FINRA approved cloud storage services is key.

What Happens When Data Protection is Underestimated?

There were huge data breaches in government run facilities in the past year. Ecuador was victim to a data breach that compromised the information of up to 20 million people. This included adults and children, dead and alive. To give you a sense of scale, Ecuador has a population of 16 million people. These attacks are only getting worse as hackers expose long neglected security weaknesses.

If you want to make sure that your company data is safe, contact Nerds Support for more information. Our dedicated data protection services team can give you a free consultation to discuss your industry and compliance needs.

Nerds Support Contact Us Leaderboard

A pair of Nerds glasses surrounded by SOX, SOC, & FINRA compliance standards surrounded by clouds

Compliance on the Cloud 101

/in /by

What is Compliance?

Compliance when dealing with cloud computing can be an issue for those using cloud storage or backup services. When you transfer data from your internal storage to a cloud provider’s you must examine how that data is stored so that you stay in compliance with laws and regulations. Financial cloud computing, for example, requires IT sox compliance to ensure quality of service.

In 2002 the Sarbanes-Oxley Act (SOX) was implemented as a response to huge accounting scandals. Companies like Enron, Global Crossing and others misled investors and cost shareholders billions of dollars. This, in turn, changed the IT world forever. What does this have to do with IT? It changed how we approach things like storage, data, security and other functions. 

Cloud computing compliance is, simply put, a principle that states a cloud based system must be compliant with standards that the cloud customer faces.

Compliance departments ensure that businesses conform to established rules and it’s important to understand, when switching over to a cloud service, how and in what ways the cloud meets compliance standards. Luckily, there are cloud providers that ensure compliance with regulations like SOX. 

If you’re in the financial services industry there are a few things to think about when considering an IT solutions cloud provider. 

How Compliance Works 

A global survey conducted by Veritas Technologies, a data management company, revealed that of the 13 countries and 1,200 businesses surveyed, 69 percent of organizations or 828, wrongfully believed that data protection, data privacy and compliance are the responsibility of the cloud service provider.

It isn’t.

When it comes to cloud compliance you need to be aware of the data you should move to the cloud and the data that should remain in house, the questions you need to ask of your cloud provider and what be written in a service-level agreement (SLA) to maintain industry compliance.

When SOX was first written, it explicitly left out how regulations should be met. This ensured that industries could adopt the most recent technology instead of having to wait for lawmakers to catch up to technology. Because of this, the cloud is a viable infrastructure for financial companies that forced to adhere to compliance rules. 

 The way IT departments store records changed due to the implementation of SOX. Regulations state what kind of information needs to be stored that relate to SOX compliance. Things like electronic records and messages, spreadsheets and emails are considered valuable and fall under the regulation.  

It’s important that you not take this for granted, and evaluate your SLA’s with the provider.

The first thing that organizations need to do is be aware of the type of services they use. There may be certain information that’s regarded as highly confidential and a company may decide to keep it on an internal network. Or if it is moved to the cloud, it’ll be a private cloud that will be hosted on the premises.

Nerds Support has a hybrid cloud in a secure location that has military grade security.

Ensuring Cloud Compliance 

Once your company has decided what information is to be transferred over to the cloud look at the contracts you have between with your cloud provider. Depending on whether the cloud is internal or external the approach will be slightly different. If it’s external, you have to make sure both you and the provider are clear about what type of data should reside on their cloud services and how they’ll protect said data. If it’s an internal cloud, are you going to have internal compliance checklist to make sure you’re within the regulatory standards?

With cloud & IT for financial services, customers and cloud providers share the responsibility to maintain compliance. It’s the duty of the organization to investigate the security policies of the vendor. 

Important questions to ask include: 

  • Where is data stored?
  • Who has access to the storage areas or data centers?
  • How is my data protected?

Compliance 101 SOX FINRA Cost Statistics

Service Organization Controls 

In some cases, companies can look at Managed IT services providers that certify compliance and chose their services without any further research. There are times, however, where a company will have to be more thorough and get involved in the cloud providers security to make sure it complies with industry standards. When it comes to SOX compliance, however, you should look for a vendor that provides you with Service Organization Controls.

This report enables user auditor to evaluate audit risks associated with the use of a financial cloud provider.   

It’s also important to establish and verify benchmarks that help check the effectiveness of the security around your data on the cloud.  Make sure your provider uses federal government guidelines for cloud security if it’s based in the US.

In order to avoid miscommunications between your cloud provider and your organization, make sure you take the time to classify the data in level of importance, delegating carefully what is suitable for the cloud and what needs to remain internally stored. Have the right contracts and go through them, establishing what will be covered under their services and how they’ll protect and back up your data. A business continuity plan is also imperative, just in case of any hiccups.

Nerds Support has cloud services that comply with financial regulations.

Contact us today to schedule a free IT assessment that can identify gaps in your IT infrastructure.