Guest article: Protecting data when working in the cloud

By Business & Finance
28 January 2019

Brendan Woods, founder and CEO of AutoEntry reports on how to minimise risks when working in the cloud.

Using cloud-based technologies to reduce operating costs and work more efficiently, is now commonplace among businesses in all industries. From apps that automate bookkeeping data entry, to chatbots to drive customer engagement and monitor sales, most business owners are aware of how smart solutions can make their organisation more productive and profitable.

However, many are less aware of the risks posed to their company through poor internal governance, employee error and using digital solutions which aren’t equipped with the highest level of data security.

A single data breach can be detrimental to the reputation and longevity of a business. Especially following the introduction of the EU General Data Protection Regulation (GDPR) last May, which places greater responsibility on business owners when handling ‘personal data’ for customers, employees and suppliers. That is, information that could lead to an individual being identified, such as home or email addresses or accounting information. Huge fines are at stake for non compliance, so businesses must make data security a top priority, and tighten internal policies. The following are some ways to get started.

Employees are the first line of defence

Whilst hackers are an ever present source of threat, employee error can be a much quicker route to a data breach. Yet, and especially in smaller businesses, a high proportion of staff don’t have a clear code of conduct to follow, and are unequipped to recognise threat. Employees should be given cyber security and data awareness training (either online or with an external expert) to upskill them on safe online behaviours and practical issues such as how to spot a phishing email.

Update IT and physical security

The strength of a firm’s internal IT plays a central role in keeping data safe, so businesses should regularly update their systems, including servers, firewalls and anti-virus software. They should also set permissions on folders, so certain people can access certain information on a need to know basis. Some record keeping and data entry software can help with this, as these solutions enable businesses to set permissions on files and to go ‘paperless’ by securely storing copies of their data online, rather than in the office.

Elsewhere, monitor instances of ‘Shadow IT’ or employees using programs which haven’t been approved for work purposes. Introduce a ‘clear desk’ policy and stricter rules on the complexity of passwords for work accounts. Issue employees with key cards to access the office and restrict the use of personal mobile devices to access sensitive client data.

Choose cloud service providers with care

As well as boosting productivity by automating administration, the right cloud-based applications can improve data protection, by helping businesses to keep automated digital records. However, businesses should check certain criteria before using new software, as not all solutions offer the same level of data protection.

For instance, software should offer ‘Advanced Encryption Standard’ (AES), so data is encoded and can’t be read by unauthorised third parties if a device is infiltrated, lost or stolen. As testament to its value, AES is leveraged by the US government to keep data under virtual lock and key, as well as many other global organisations.

Elsewhere, businesses should ask where their data will be stored, as some solutions may process data in territories outside of the EU where different data security laws apply.

Use the cloud with confidence

Cloud-based technologies are a game changer by allowing businesses to become more efficient. However, data security must be taken extremely seriously, especially in the wake of the GDPR. Businesses should never use a solution in blind faith and should do their own due diligence before committing to a new vendor. As well as driving operational efficiencies, the right solution will store data safely and disable security threats, enabling businesses to work with confidence.

Disclaimer: The information given in this article is for general guidance purposes only. It should not be taken for, nor is it intended as, official legal advice. Businesses should undertake their own research and seek their own legal counsel regarding data security and the EU GDPR.
AutoEntry is an automated data entry solution for business owners – accurately automating information from bank statements, invoices, receipts and more, into accounting software.