Still have some apprehension about using cloud based technology? We get it; security and privacy doesn’t seem to be guaranteed. Today we will address these concerns by discussing whether cloud accounting tools are secure for your organization, and suggest a few tips you can use to protect yourself. We will also go over what Visionary does to ensure our client’s data is kept secure. Let’s dive in!
Doing Your Part
Cloud Accounting tools are safe, but like anything else, you have to do your part. Many of you might be using desktop software, but remember that most times desktop software lives on one person's computer. With this one person having direct access, anyone with access to their desktop is exposed to private information. So if you think about it, how much more secure is that? Not to mention, many of us work remotely now. If your nonprofit is remote or hybrid, a cloud accounting tool makes it easier to access your financial data without having to jump through hoops.
I've had many executive directors come to me and say, I haven't seen our books in I don't know how long because I can't access it. Or, an accountant is holding their books hostage because it lives on their desktop. During the pandemic there were a lot of organizations that didn't have access to their books because it lived on some old computer located in their office, but we were quarantined at home. So if you think about it, that's not much more secure. You need to make sure that you're looking at financials consistently. If not, that is a security risk in itself.
How? Let’s Apply It
Let’s use QuickBooks Online as an example. It is a cloud-based accounting tool that you can access anywhere. That means that as long as you have a login and you have internet access, you can get into the software. Another perk is that you, as the executive director, can invite whomever you want to have access to your books and you can determine their level of access. You can determine what it is that they're seeing as well as the permissions.
If a staff member is only responsible for Accounts Payable, they can be granted access to the AP module only. Now, at Visionary, when we first start working with a client, we request accounting access through QuickBooks online. It allows us to be able to use certain accounting tools that you, as the organization leader, may not have access to, but it helps us to do our job better. When the project or engagement is over, you can revoke our access . This is done so that we don’t continue having access to your financial data even though we’re no longer your accountants.
We had a client in the past who hired us, brought us on, and when I went to see who had access, it was not only us, but also another accounting firm who was no longer working with them. That is a huge security issue. Keep a few things in mind: who has access and do they have the correct level of access? Also, you want to make sure that every now and then, the same way you would review your processes, review your organization's roles and responsibilities. Take a close look at your tech tools; not only what you're using, but who's using them.
Digital Security is not exclusive to your accounting software. Other tools include, digital document storage (ex: Dropbox), your donor management tool, other payment gateways, your bank account, etc. Let’s walk through another example of security that you can set up. When adding users to online banking, there are levels of access that can be granted. For example, if we aren’t performing bill pay services via your bank for you, we ask for read-only access because all we need to do is pull the monthly bank statements. If its a client, where we are moving money (ie paying bills), there are levels of approval and permissions set. While we may initiate the transaction, that transaction then has to be reviewed and approved before that money moves. There's levels to this.
Finally, if there are other tools that you’re using where access needs to be granted, you can use a password sharing app. We use password sharing apps which allows us to get access without revealing the password. That means the password can be shared with us without us ever seeing it. You might be asking yourself. “Why would I want to share a password?” The answer is simple… it's easier and more efficient when we are able to get in the various tools versus constantly asking, Hey, can you send us this? Hey, we need access to this. Can you download this report and send it to us? It's better for us to have that direct access, while also ensuring that the access is controlled. When we are no longer using it, or if we're no longer working with you, we ensure that you remove our access in order to protect you.
The Bigger Picture
Education is what's really important here. When I dive into the conversations around the apprehension or hesitation around using some of these tools or modern technology, what I mostly get is that somebody's just taking your information and carelessly throwing it on the internet for the world to see. That's simply not the case. Some of us, or even our parents, don't want to use engines like cash app, venmo, or other modern tools where you can send money because they believe random people on the internet have access to their financial data. There are other ways, too, that you can protect your information such as using secure portals, changing your password on a consistent basis, encrypting certain data that is being shared, and/or enabling two factor authentication. To sum it up, cloud tools are secure but not without some work on your part.