A Common Sense Approach to Data Security as Applied to Offshore Accounting Service
When we talk about any "increase" we have to say compared to what. In this case the CPA has to assess the data security for on-shore operations before he can assess the increased risk posed by offshoring.
What is the typical level of data security in a small business or a CPA office?
Since there are few staff members, there is little separation of duties. Such lack of separation encourages internal security problems.
The data resides in paper files. Paper files are vulnerable to fire and water damage.
The office is not physically secure. Staff members, leasing office personnel, and janitors have keys to the office. Any of them can copy confidential data.
Paper records are not shredded before being discarded.
The computers have no protection from unauthorized users or have relatively weak password control. Often the password is taped to the workstation.
Any email communication is done in the clear.
Workstations have recording devices which makes it easy to copy data.
Usually all workstations have email and internet access. It makes unauthorized transmission of data easy.
Let us look at how these factors change when accounting is sent offshore.
Internal control improves because the people who are authorizing the transactions are separated from the people doing the record-keeping.
All files are maintained electronically. Such data is backed up to an off-premises secure server. So threats from fire, water, and copying are significantly reduced.
Offshore contractors restrict physical access to keep unauthorized people out.
Workstations have access to only the data that is processed on that workstation.
Email communications are encrypted.
All recording devices on the workstations are disabled.
Only supervisors have access to email and internet.
We believe that best security practices can be installed when the client, the CPA, and the offshore contractor work together.
The first line of responsibility lies with the client. The Better Business Bureau has an excellent pamphlet on how to protect data theft. http://www.bbb.org/securityandprivacy/SecurityPrivacyMadeSimpler.pdf As the pamphlet points out technical solutions are not enough. They must be combined with good practices in everyday management of the company.
The CPA should advise the client to implement the common sense measures advocated in this pamphlet.
The offshore contractor must apply the same real world as well as technical solutions to security. The offshore contractor must consider the sensitivity of the data being entrusted to them and take appropriate measures to safeguard the information. A responsible contractor would only accept data than is essential to the task.
Let us now look at whether popular offshore destinations like India are more vulnerable to data theft. According to a March 2007 Symantec report entitled "Symantec Internet Security Threat Report Trends for July- December 2006", US was the country with highest level of malicious activity. China was next and India did not make it into the top ten. http://eval.symantec.com/...tepaper_internet_security_threat_report_xi_keyfindings_03_2007.en-us.pdf
Another common sense conclusion one can draw is that the thieves concentrate on high value targets. You can look at the data compiled by the Privacy Rights Clearinghouse. http://www.privacyrights.org/ar/ChronDataBreaches.htm#CP. During 2005, 2006, through June 20, 2007 they reported 155 million records having been compromised. Out of that less than 1000 records were compromised in attacks that netted 100 records or less. Thus records from an offshore contractor serving small businesses are less likely to be a target of identity thieves.
The CPA needs to assess the sensitivity of the data and put a value on it. The CPA can have the contractor include a liquidated damages clause if the said data is compromised. If the contractor is not willing to agree to a reasonable liquidated damage figure, find another contractor.
Data security is a complex issue. However, we can enunciate certain principles that can be applied by a small business:
Collect the least amount of data needed to serve the customer.
Since a large proportion of data theft involves the employees, screen them carefully.
In addition, the employees need to be trained to recognize various strategies used by criminals to facilitate data theft.
Take security measures in the office; for example use a locked mailbox, lock the office when it is empty even for a short period of time, shred any paper records before disposal, reformat hard drives before donating, selling, or returning a computer etc.
Take common sense precautions against cyber attacks. Encrypt the sensitive data, use firewalls, and keep your internet security software updated.
Comply with any specific security standards that are applicable to your business. For instance credit card information needs to be secured to a specific standard.
Providing security costs time and money. In a competitive world no business can spend more on security than what the market would pay for. Ultimately security is determined by the customers' willingness to pay.
While more money can buy more security, one must remember that no security is absolute. Just think about how many times classified information has been stolen from the US government.
Eventually there will be a security breach. How do you deal with such a breach? It seems that the best approach is to inform the individuals or businesses whose data have been compromised, notify the law enforcement authorities, and support the affected parties to monitor their credit reports.
Security is a multi-faceted problem. The key to success is co-operation between the client, the CPA, and the offshore contractor. No one party can be effective without the others.
Related Tags: bookkeeping services, outsource accounting, quickbooks bookkeeping, outsourced bookkeeping, accounting and bookkeeping outsourcing, outsourcing cpa services, outsourced accounting and book keeping, book keeping services, outsource tax preparation
Dev Purkayastha (CEO, Indevia Accounting, Inc.) holds an M.B.A. from Harvard Business School and is a qualified Chartered Accountant. In addition to his accounting experience, he has over 25 years of experience in the venture capital business as well as in investing in public enterprises. For more information on outsource accounting & bookkeeping services please visit: http://www.indevia.com
Your Article Search Directory : Find in ArticlesRecent articles in this category:
- Benefits of Online Accounting and Bookkeeping
Accounting and bookkeeping are some of the most delicate and time-consuming jobs. It really gets d - Rodman & Rodman, P.c. Shares Cash Flow Tips in a Bad Economy
So how can a small business survive in a bad economy? Larry Rice, CPA, Director of Strategic Con - Desston *** Chartered Certified Accountants ***
Our ServicesOur services are varied and include: Accounting Regular management accounts and report - Irs Debt
Debt owed to the Internal Revenue Service (IRS) is called IRS debt or tax debt. IRS debt may be a - Money Transactions Worldwide
What is Moneybookers? What are the benefits of using Moneybookers? - Arc of Greater Plymouth to Hold Children's Holiday Party on December 4th in Marshfield
DATELINE: MARSHFIELD AND - Adverse Credit Loans: Loaded With Facilities for Poor Scorers
To achieve financial support even after possessing bad credit records one should go for the adverse - The Lowdown on Accounting Careers
Accounting careers are in great demand, these days. This is because they are providing some amazin - Budgeting for Retirement
Many people think that once they retire budgeting their money is going to be a lot harder, this is - Budgeting You Money When Living in an Expensive City
The cost of living in a city increases almost everyday. With just the average rent of a two room Ne
Most viewed articles in this category:
- Successful Payroll Management
Yet, successful payroll management doesn't have to be a chore. Further, you can find significant adv - Knowing When to Hire a Bookkeeper
Do you love the thought of handling the financial books for your business? For most of us, unless yo - Benefits of Bookkeeping Outsourcing Online for Accounting Firms
Bookkeeping is a monotonous task for accounting firms. It takes long and tedious hours to maintain t - Spank Your Bookies
Bettor A: The Ego Bettor - This bettor is primarily motivated by the feeling of superiority that he - Legal Applications of official Paper Shredder at Accounting Departments
The way shredders are traditionally purchased and sold is by an uneducated consumer talking to an un - Do you Need Back Office Outsourcing?
Have you ever imagined how important the back office process is for the success of any organization? - Meet Deadlines and Earn Profit via Tax Preparation Outsourcing
Tax preparation is the information given out by an individual or an organization to a government bod - Internal Audit Still Faces Talent Shortage
More than half of the 400 respondents to PricewaterhouseCoopers' second annual report..."In tod - Computerized Financial Accounting - Methods and Practices - Use of software in Accounting
Complete financial accounting course or tutorial covers a range of following topics. It is being eva - Global Venture Capital: Ernst and Young Reports on Important Trend
"The convergence of globalization, Web 2.0, media and innovations in IT and life sciences are f