What does Ghostbusters theme song, have to do with your Accounting Practice?
Its all about "Trust" Its obvious, if you have a ghost, then the only call is to "Ghost Busters".
As a non-accountant, I find it strange that there is a push to get Accountants to move into the AFSL world, where trust is at a all time low..
In todays global, uncertain world, Accountants should be proud that they have retained the trust of their Clients. There are many reasons for this, but like most things, clients and the general public have long memories, and the typical local accounting Practice has stood the test of time, and maintained a consistent image within their local and national communities.
Going forward, I predict "Trust" will become the single greatest asset any Practice has.
What is professional trust?
Beyond the definitions, professional trust is the confidence that one has in the people
and organizations that work and deliver professional service to the extent that one
can rely on their work product, opinions,
and judgments..
When professional trust is low, we construct and prescribe formal systems and
attempt to ensure that we receive a specific behaviour from professionals. There is
a general threat of punishment if we don’t achieve the prescribed formality. This is
a loss of respectful regard and has the effect of reducing the benefits of professional
reliance.
See anything familiar about this approach?
When professional trust is high, we rely more on those personal professional
connections and develop understood ways of working together. Practice aptitudes
that involve diligence, pursuit of competence and reasonableness are evident in
behavior.
Like most things within a Practice, one needs a set of procedures, policies and culture to ensure that a "trusted" result is always delivered to the client.
Modern Cloud based Practice Management, with embedded quality, and workflow, scheduling systems underpin a modern Practice service delivery, and client experience.
Check out Accountants Web Office, today...
Your future awaits...
Disclaimer
The contents of this site should not be understood to be accounting, taxation or investment advice but rather as general product related educational information that may or may not meet your specific requirements.
Tuesday, February 17, 2015
Saturday, February 14, 2015
Are you the "Miley Cyrus" of Accounting Practices?
Miley Cyrus has many talents, but without question she has a talent which allows her to "stand out" in the crowded music scene. The question is how does any Accounting practice differentiate its services from the sea of Accounting Practices..
As the level of automation increases, within Cloud accounting services, and accounting software fees fall towards zero, how do all the practices using QBO(now only $4.99 per month), or Xero($35 per month), or Cognition(Free) stand out from the Crowd?
The answer is simple, service and just like Miley Cyrus, something that is unique which clients are willing to pay for....
If client finds a number of accountants, all using the same QBO/Xero accounting software, then what is the difference? Typically this will be in the first instance your fees...
The drivers..
The professional services market within Australia and beyond has changed significantly.
The tax and accounting industry is not only about delivering technical service, but doing so in a consistent and high quality manner. With the market becoming more competitive than ever, clients expect more from their accountants to not only guide their business through the mase of compliance requirements but to take full advantage of the opportunities that come their way. Never before have accountants been in a position to make a real and lasting difference for their clients.
The brave new world creates new business process complexities for many SMEs which many are not equipped to handle alone. When an SME starts selling online, taking credit cards, or streamlining their paperless workflows, they often don’t have the expertise needed to evaluate options and integrate the chunks to create an efficient business system, the explosion of expensive "add-ons" makes many of these decisions critical to the overall solution.
For accountants who stick to financial statement and tax preparation services, the dramatic improvements in technology will continue to commoditise those services.. Payroll and sales tax service, which today have become not much more than pressing the submit button on the software product, there is simply no margin in these, without significant volumes, which most practices simply don't have.
But?
Only 15% of clients think that their accountants are tech-savvy enough to ask for advice. The rest say their accountants are not keeping current, falling behind, or simply don’t know.
So what do clients really want?
1. help me remain compliant
Most SME clients don’t understand or want to understand all of the complexities of compliance especially with regards to tax, so they rely on accountants to get it right and they prefer not to have issues with a tax authority, let alone be investigated
2.Save me tax
Most SME's cannot control their income. so this best dollar any business can save, because tax spend doesn’t help one make more money. There are nearly always things one you can do to legally, only pay the tax due.
3. No surprise bills
This is the number one reason why clients leave their accountant. Always provide your clients with a upfront quote for everything, and if you don’t know how much it will be, give an upper limit of where you will stop. Every SME likes to how much they’re going to have to pay before they make the decision to buy your services.
4. Want be treated well no matter how small I am
Be sure that the right people in your client’s organisation are talking to the right people in your firm. Its all about relationships, every client likes to feel they’re important, which they are. So treat them as such.
The gaps between what clients want and what accountants are delivering is huge. But then, so are the opportunities for the accounting firms that can separate themselves from the pack.
How does a practice separate themselves from the pack?
The first point is that the typical Accounting Practice, is not a technology expert and never will be, this includes Cloud Accounting Software.
As almost every Practice makes use of Xero or MYOB to various levels, there is simply no point of differentiation with this approach. Additionally as Cloud Technologies become communities, the whole issue of "which" accounting software becomes mute, so being a specialist in any specific software is not going to make any difference.
In fact to many Sole Traders the whole concept that one needs to pay $35+ per month for accounting software is "out-of-this-world", and not in touch with any commercial reality..
In the old days a Sole Trader bought MYOB for $100 full stop... not the current $400 per year.
In reality the current Xero/MYOB does nothing fundamentally different to the old one-off $100 software.
So what is happening here, when did Accountants move to become Software Accounting Resellers?
In fact Freshbooks, have a mantra, that many do not need any accounting software at all, and with 3 times the number of users as Xero, there may be some truth in this.
Most accountants tell us that they would like to spend more of their time providing strategic advice to their clients. But of course, solving logistical and tactical challenges (like client errors and data transfers) gets in the way, and those challenges probably take up the majority of your staff’s time. That’s low-level “value” that any accountant could deliver, and that lack of differentiation is the single greatest threat to your practice’s growth and profitability.
So
Step one, is to remove the practice from any association with Accounting Software fees, this allows the client and practice to focus on the clients requirements, after all this what accountants have traditionally done. The old made new again...
Step two, the value proposition, most client’s value work that makes them or saves them money. They rarely value compliance reporting.
Step three, run your practice in the same way as you recommend to your clients..
We see practices pushing online accounting software, but running their practices with "Old World practice management solutions, some have not changed in the last 15 years, and many have no workflow or automation capabilities.
How many practices make use of Modern Cloud based Practice Management Solutions today?
How many practice who push Xero to their clients actually use Xero for their own accounting purposes?
Step four, Cognition, the next generation of Cloud Accounting allows each practice, or even bookkeeper, to develop, customize and deliver their very own Cloud Accounting "APP", allowing a unique client offering to their specific market.. Gone are the days of a one solution fits all. There are some 2 million+ Mobile Apps available for android alone today.
The future is bright for the modern Cloud based Accounting Practice, get on-board today, just like your clients..
Your own unique practice Cloud Accounting App, allows your practice to have the "Miley Cyrus" differentiator, so your practice does not compete with the "crowd" on price alone..
Ask about our Cognition ISV program, to deliver your Practice "Miley Cyrus" Cloud Accounting solution today..
Stand out from the Accounting Practice Crowd..
Embrace the "Miley Cyrus" approach, but perhaps skip her "wrecking ball" hit...
Disclaimer The contents of this site should not be understood to be accounting, taxation or investment advice but rather as general product related educational information that may or may not meet your specific requirements.
As the level of automation increases, within Cloud accounting services, and accounting software fees fall towards zero, how do all the practices using QBO(now only $4.99 per month), or Xero($35 per month), or Cognition(Free) stand out from the Crowd?
The answer is simple, service and just like Miley Cyrus, something that is unique which clients are willing to pay for....
If client finds a number of accountants, all using the same QBO/Xero accounting software, then what is the difference? Typically this will be in the first instance your fees...
The drivers..
The professional services market within Australia and beyond has changed significantly.
The tax and accounting industry is not only about delivering technical service, but doing so in a consistent and high quality manner. With the market becoming more competitive than ever, clients expect more from their accountants to not only guide their business through the mase of compliance requirements but to take full advantage of the opportunities that come their way. Never before have accountants been in a position to make a real and lasting difference for their clients.
The brave new world creates new business process complexities for many SMEs which many are not equipped to handle alone. When an SME starts selling online, taking credit cards, or streamlining their paperless workflows, they often don’t have the expertise needed to evaluate options and integrate the chunks to create an efficient business system, the explosion of expensive "add-ons" makes many of these decisions critical to the overall solution.
For accountants who stick to financial statement and tax preparation services, the dramatic improvements in technology will continue to commoditise those services.. Payroll and sales tax service, which today have become not much more than pressing the submit button on the software product, there is simply no margin in these, without significant volumes, which most practices simply don't have.
But?
Only 15% of clients think that their accountants are tech-savvy enough to ask for advice. The rest say their accountants are not keeping current, falling behind, or simply don’t know.
So what do clients really want?
1. help me remain compliant
Most SME clients don’t understand or want to understand all of the complexities of compliance especially with regards to tax, so they rely on accountants to get it right and they prefer not to have issues with a tax authority, let alone be investigated
2.Save me tax
Most SME's cannot control their income. so this best dollar any business can save, because tax spend doesn’t help one make more money. There are nearly always things one you can do to legally, only pay the tax due.
3. No surprise bills
This is the number one reason why clients leave their accountant. Always provide your clients with a upfront quote for everything, and if you don’t know how much it will be, give an upper limit of where you will stop. Every SME likes to how much they’re going to have to pay before they make the decision to buy your services.
4. Want be treated well no matter how small I am
Be sure that the right people in your client’s organisation are talking to the right people in your firm. Its all about relationships, every client likes to feel they’re important, which they are. So treat them as such.
The gaps between what clients want and what accountants are delivering is huge. But then, so are the opportunities for the accounting firms that can separate themselves from the pack.
How does a practice separate themselves from the pack?
The first point is that the typical Accounting Practice, is not a technology expert and never will be, this includes Cloud Accounting Software.
As almost every Practice makes use of Xero or MYOB to various levels, there is simply no point of differentiation with this approach. Additionally as Cloud Technologies become communities, the whole issue of "which" accounting software becomes mute, so being a specialist in any specific software is not going to make any difference.
In fact to many Sole Traders the whole concept that one needs to pay $35+ per month for accounting software is "out-of-this-world", and not in touch with any commercial reality..
In the old days a Sole Trader bought MYOB for $100 full stop... not the current $400 per year.
In reality the current Xero/MYOB does nothing fundamentally different to the old one-off $100 software.
So what is happening here, when did Accountants move to become Software Accounting Resellers?
In fact Freshbooks, have a mantra, that many do not need any accounting software at all, and with 3 times the number of users as Xero, there may be some truth in this.
Most accountants tell us that they would like to spend more of their time providing strategic advice to their clients. But of course, solving logistical and tactical challenges (like client errors and data transfers) gets in the way, and those challenges probably take up the majority of your staff’s time. That’s low-level “value” that any accountant could deliver, and that lack of differentiation is the single greatest threat to your practice’s growth and profitability.
So
Step one, is to remove the practice from any association with Accounting Software fees, this allows the client and practice to focus on the clients requirements, after all this what accountants have traditionally done. The old made new again...
Step two, the value proposition, most client’s value work that makes them or saves them money. They rarely value compliance reporting.
Step three, run your practice in the same way as you recommend to your clients..
We see practices pushing online accounting software, but running their practices with "Old World practice management solutions, some have not changed in the last 15 years, and many have no workflow or automation capabilities.
How many practices make use of Modern Cloud based Practice Management Solutions today?
How many practice who push Xero to their clients actually use Xero for their own accounting purposes?
Step four, Cognition, the next generation of Cloud Accounting allows each practice, or even bookkeeper, to develop, customize and deliver their very own Cloud Accounting "APP", allowing a unique client offering to their specific market.. Gone are the days of a one solution fits all. There are some 2 million+ Mobile Apps available for android alone today.
The future is bright for the modern Cloud based Accounting Practice, get on-board today, just like your clients..
Your own unique practice Cloud Accounting App, allows your practice to have the "Miley Cyrus" differentiator, so your practice does not compete with the "crowd" on price alone..
Ask about our Cognition ISV program, to deliver your Practice "Miley Cyrus" Cloud Accounting solution today..
Stand out from the Accounting Practice Crowd..
Embrace the "Miley Cyrus" approach, but perhaps skip her "wrecking ball" hit...
Disclaimer The contents of this site should not be understood to be accounting, taxation or investment advice but rather as general product related educational information that may or may not meet your specific requirements.
Wednesday, February 11, 2015
Cloud Accounting Due diligence..
Proper due diligence, focuses on identifying the players within the Cloud relationship.
That is, who is actually involved in providing the services and are they the same entity (or entities) that are processing or storing data?
In the case of aggregators, for example, a Cloud user could be dealing with a single entity which itself is provided services by various third parties.
The Add-On Dilemma?
Recently, many Cloud accounting providers, chose to only offer core features. This leads to of the required business functions, are now provided by a range of Add-On providers. You now need to ensure that you perform due diligence on all providers; required to support your operational requirements.
From a contractual and liability perspective, it’s important for the cloud accounting practice and their clients to know whether it has a directly enforceable contract with the key players or whether it is relying on those with whom it does have a contract to enforce relevant provisions.
If you cannot get answers to all these question then you should consider the Google example below as a typical response for most Cloud providers, and make the appropriate assessment.
Google Apps noted that “... Google and its licensors make no warranty of any kind, whether express, implied, statutory or otherwise, including without limitation warranties of merchantability, fitness for a particular use and/or non-infringement. Google assumes no responsibility for the use of the service(s). Google and its licensors make no representations about any content or information made accessible by or through the service. Google makes no representation that Google (or any third party) will issue updates or enhancements to the service. Google does not warrant that the functions contained in the service will be uninterrupted or error-free.”
Google also has a complex set of corporate relationships where the Australian licenced Google Entity, which in fact may not actually be involved in any Google related activity, typically one can find that one is actually using a foreign Google entity located in Island or Bermuda, rather than the Australian Entity, even if the transaction is totally inside Australian jurisdiction.
Specific Security questions for your cloud providers:
Perform the due diligence, ask the questions, and then assess the Risk vs Benefit..
There is nothing new about Cloud outsourcing, just need to understand the risks for your practice and your PE liability for your clients data, especially the cyber crime related liabilities. The above general questions are designed to assist with this risk assessment.
Disclaimer The contents of this site should not be understood to be accounting, legal or security advice but rather as general educational information that may or may not meet your specific requirements. You are advised to always seek professional advice to meet your specific requirements.
That is, who is actually involved in providing the services and are they the same entity (or entities) that are processing or storing data?
In the case of aggregators, for example, a Cloud user could be dealing with a single entity which itself is provided services by various third parties.
The Add-On Dilemma?
Recently, many Cloud accounting providers, chose to only offer core features. This leads to of the required business functions, are now provided by a range of Add-On providers. You now need to ensure that you perform due diligence on all providers; required to support your operational requirements.
For example, a review of terms should seek to assess issues such as:
- The parties in the Cloud stack not just the contracting parties and their roles, rights and obligations, especially regarding data, its processing, storage location, and ownership;
- Whether each party has the rights required from other parties in the Cloud stack;
- The capabilities and liability of other parties in the Cloud stack;
- Backup/restoring data and disaster recovery plans;
- Service levels and what happens if the internet is unavailable;
- Continuous availability of services for business continuity;
- Treatment of data on termination/insolvency;
- What happens in the event of a security breach?, client reporting obligations; and
- Issues such as change of control, service levels, service credits, audit rights, compliance with security standards, procedures in the event of a breach, force majeure.
If you cannot get answers to all these question then you should consider the Google example below as a typical response for most Cloud providers, and make the appropriate assessment.
Google Apps noted that “... Google and its licensors make no warranty of any kind, whether express, implied, statutory or otherwise, including without limitation warranties of merchantability, fitness for a particular use and/or non-infringement. Google assumes no responsibility for the use of the service(s). Google and its licensors make no representations about any content or information made accessible by or through the service. Google makes no representation that Google (or any third party) will issue updates or enhancements to the service. Google does not warrant that the functions contained in the service will be uninterrupted or error-free.”
Google also has a complex set of corporate relationships where the Australian licenced Google Entity, which in fact may not actually be involved in any Google related activity, typically one can find that one is actually using a foreign Google entity located in Island or Bermuda, rather than the Australian Entity, even if the transaction is totally inside Australian jurisdiction.
Specific Security questions for your cloud providers:
- Where is the data hosted, and if outside of Australia is there documented support to meet APP8
- Is all data encrypted in transit, i.e. is it possible to access the site via http:?
- Is all data encrypted at rest, on-line and archive (should be a minimum of AES256)
- If encryption is used are the keys unique, and under the exclusive control of the Practice
- Is there support for Industry standard Multi Factor Authentication(MFA)
- Can MFA support be mandated on all outside of Australia logins to support APP8
- Does the system support industry standard mandatory password changes, on at least every 60 day basis
- Is the system PCI or ISAE3402 certified.
Perform the due diligence, ask the questions, and then assess the Risk vs Benefit..
There is nothing new about Cloud outsourcing, just need to understand the risks for your practice and your PE liability for your clients data, especially the cyber crime related liabilities. The above general questions are designed to assist with this risk assessment.
Disclaimer The contents of this site should not be understood to be accounting, legal or security advice but rather as general educational information that may or may not meet your specific requirements. You are advised to always seek professional advice to meet your specific requirements.
The Cloud ate my data..
Cloud computing can work a bit like Hotel California; you can check your data in OK, but will you ever get it out?
One of the least thought about issues is exactly how does one get data out of the Cloud.
A Practice needs to consider the notion of being locked-in to certain applications or systems,
all Practices' and their clients need to consider the requirements to access data some years into the future for a range of regulatory reasons.
Backup of data may well require the applications which created the data to be available in order to sensibly access it. When was the last time you opened a MYOB-4 archive?
This may be achievable if complete system backups and there exists perpetual licences to applications which allow a user to rebuild a system so as to restore data. But does this exist in the current Cloud Accounting world?
In a Cloud setting, rebuilding an application years later so as to make data intelligible in most cases is impossible — and yet that is precisely what organisations might have to be able to do in order to remain compliant with data retention laws and regulation. All records, whether electronic or not, should be retained for at least the minimum period stated in any applicable statute or regulation.
In Australia there are more than 80 acts of legislation, regulations and rules specifying document retention requirements applicable to companies under Australian law. Depending on the situation data needs to be accessible for five, seven or 10 years after creation.
If a court orders a company involved in litigation to make available records from six years ago, or during an ATO audit, excuses such as “the Cloud ate my data” simply won’t wash.
Such scenarios should be considered at the outset of any relationship, and give rise to questions such as:
SAF-T The International Audit and Archive Format
In order to address a number of the issues above, we recommend that when considering any Cloud Accounting service, that as a minimum they support the Internationally standardised OECD SAF-T data archive format.
It is preferable that the SAF-T export is available to a client on-demand, but at a minimum that the Practice performs a yearly SAF-T archive.
Due to the scope of data within the SAF-T archive this file "must" always be exported and encrypted at rest. All major Accounting Software, Oracle, SAP, Cognition etc., support SAF-T exports.
SAF-T can be opened, viewed, and utilised, via any industry standard spread sheet program, our accountants typically make use of Excel.
Disclaimer The contents of this site should not be understood to be accounting, taxation or investment advice but rather as general product related educational information that may or may not meet your specific requirements.
One of the least thought about issues is exactly how does one get data out of the Cloud.
A Practice needs to consider the notion of being locked-in to certain applications or systems,
all Practices' and their clients need to consider the requirements to access data some years into the future for a range of regulatory reasons.
Backup of data may well require the applications which created the data to be available in order to sensibly access it. When was the last time you opened a MYOB-4 archive?
This may be achievable if complete system backups and there exists perpetual licences to applications which allow a user to rebuild a system so as to restore data. But does this exist in the current Cloud Accounting world?
In a Cloud setting, rebuilding an application years later so as to make data intelligible in most cases is impossible — and yet that is precisely what organisations might have to be able to do in order to remain compliant with data retention laws and regulation. All records, whether electronic or not, should be retained for at least the minimum period stated in any applicable statute or regulation.
In Australia there are more than 80 acts of legislation, regulations and rules specifying document retention requirements applicable to companies under Australian law. Depending on the situation data needs to be accessible for five, seven or 10 years after creation.
If a court orders a company involved in litigation to make available records from six years ago, or during an ATO audit, excuses such as “the Cloud ate my data” simply won’t wash.
- If service providers change, can the records be usefully accessed?
- Can I access archived data, years into he future without the service provider?
- Are there any lock-ins, such as licensing ( i.e. will the application even open the file if there is no current licence) which prevents access to accounting or SMSF data?
- Does the supplier limit the data that can be exported from their application, and will such limits still allow one to meet any data retention obligations?
- Can data be extracted on-demand from the Cloud?
- When will archive data be transferred and what form will it take?
- What are the obligations on each party regarding an exit plan?
SAF-T The International Audit and Archive Format
In order to address a number of the issues above, we recommend that when considering any Cloud Accounting service, that as a minimum they support the Internationally standardised OECD SAF-T data archive format.
It is preferable that the SAF-T export is available to a client on-demand, but at a minimum that the Practice performs a yearly SAF-T archive.
Due to the scope of data within the SAF-T archive this file "must" always be exported and encrypted at rest. All major Accounting Software, Oracle, SAP, Cognition etc., support SAF-T exports.
SAF-T can be opened, viewed, and utilised, via any industry standard spread sheet program, our accountants typically make use of Excel.
Disclaimer The contents of this site should not be understood to be accounting, taxation or investment advice but rather as general product related educational information that may or may not meet your specific requirements.
Tuesday, February 10, 2015
BYOD, Those pesty Mobile devices and your Practice...
What BYOD is and isn’t
BYOD – or Bring Your Own Device – is what happens when your employees, clients or guests use their own personal smart phones and tablets to access your Cloud Practice and Accounting Software. They bring their own mobile apps… security risks… privacy demands…with the intent to connect to your cloud enterprise. And they expect you to make it work, this includes managing any increased Cloud and BYOD risks for them.
Because it’s their own the device, uniformity goes out the window. You’re not handing them preconfigured devices to connect to secure enterprise networks, with work applications preloaded,
and all administrative privileges pre-vetted by your IT staff. And you can expect that these devices take the path of least resistance to connect; whether that’s your secure network using existing credentials or the guest network. BYOD means that hundreds or thousands – or tens of
thousands – of essentially rogue devices are interacting with your and your client organisation’s confidential data…and it means that you need to come up with a plan that protects this privacy and your confidential data and is transparent.
Who’s getting the most of it?
There isn’t an industry – or a corner of the globe – that isn’t putting the mobile revolution to work for them.
Here are a few examples of what they’re doing to accommodate BYOD.
Enterprise
Everyone wants to stay connected to the office now. So enterprises are leveraging authentication methods and policies they currently use for IT-managed laptops, and extending them to personal devices.
Education
Higher education practically invented BYOD. Colleges and universities have had to support student-owned devices for many years and have done an excellent job leveraging BYOD to transform the teaching and learning environment. Now, these same institutions are extending BYOD to faculty and staff.
Retail
Retail spaces are completely transforming as a result of mobile devices. While most of these devices used by staff are issued by IT - such as iPads for mobile point-of-sale (POS) - there is a growing trend to also allow BYOD in stores for certain employees. But the big story for BYOD in retail is for shoppers. Armed with smartphones, shoppers are price checking and reading product reviews while in the store – a Google/Think Mobile survey found that 77% of all smartphone users browse while
shopping. Wi-Fi networks can gather information about shoppers; improving the customer experience with real-time product information and special promotions to establish long-term social media connections.
Accounting
The modern Accounting Practice is moving from using commodity third party accounting software ( MYOB, Xero) to their very "own" mobile APP's.
These APPs are targeted to their specific clients, and exploit the over 3 million Android APPS today.
The practice is part of the ecosystem with their clients, delivering professional services around the clock. The modern Cloud Practice now has a "differentiator" in the market, which now includes sticky clients.
The next "big thing" in this space is the upcoming suite of personalised SMSF APPS, keep a look out in 2015, within this space..
What about the numbers?
"Worldwide combined shipments of devices (PCs, tablets, ultra mobiles and mobile phones) are projected to reach 2.5 billion units in 2014, a 7.6 percent increase from 2013"
"Mobile phones are expected to dominate overall device shipments, with 1.9 billion mobile phones shipped in 2014, a five percent increase from 2013",
according to Gartner, Inc.
What exactly DO you lose if you don’t move to BYOD?
To put it bluntly... your ability to manage risk.
As users increasingly combine work and personal applications on their devices, your management challenges grow more complex – and the chance that confidential data are leaked rises exponentially.
Devices are replaced, and lost or stolen, without IT being informed. Documents are not encrypted, but then stored in personal cloud applications. Jailbroken devices are infected and then connect to the network, which can have a detrimental effect on other users’ data.
Given that application and data security is the top IT concern regarding BYOD, an emerging approach is to combine device and application management within the network access-management solution.
In other words, an integrated approach.
What is the main security issues with most Cloud Solutions today, and BYOD.
With the move from Corporate to Cloud computing, most of the security infrastructure has been thrown away..
Policies which were developed over many years of operational experience has been lost as new entrants driven solely by cost enter the Cloud market.. Many of these companies did not exist 5 years ago..
Simple test, ask yourself the last time your Cloud anything asked you to change your password!
That's right even basic password policies are missing from these services, what else?
Some simple Questions to ask your "Cloud Software Supplier":
- Is my data stored within Australia (APP8)?
- Is there a mandatory password change policy in force?
- Can I optionally use a Multi-Factor-Authentication to protect my access?
- Is my data encrypted at rest?
- Are any encryption keys securely stored inside a Hardware Security Module (HSM)?
- Is there a disaster recovery plan in place for my practice data?
- Can any BYOD APP store user passwords?
- Can I enforce a One Time Password (OTP) to protect all BYOD access?
- Can "I" revoke an individual device access to any of my services, from within my Practice Console 24*7?
If you don't receive a satisfactory answer to all of theses questions, then you need to consider the associated risks Before using the service..
BYOD offers a bright future for Cloud Accounting Practices, as part of the next wave delivering unique Professional Accounting services "directly" to their Clients 24*7*365.
But all opportunities have associated Risks, ensure your Practice understands the risks for your Practice and your clients data..
Ask the Questions, until you are satisfied you understand the Risks for your Practice..
Disclaimer The contents of this site should not be understood to be accounting, taxation or investment advice but rather as general product related educational information that may or may not meet your specific requirements.
Subscribe to:
Posts (Atom)