Keeping Client Data Safe in an Increasingly Mobile World
Michael Webb, Chief Technology Officer – SmartVault Corporation
Mobile has become a way of life, and with the proliferation of advanced devices, it’s easier than ever to work on the go.
SaaS-based applications in combination with mobile technologies enable you to deliver client documents while sitting at the airport, process a client’s payroll from home, and fulfill requests for sensitive data in real time, at any time. And while severing the tether to desktop applications and local servers marks substantial progress for firms, it has also made the accounting profession more vulnerable to data theft because sensitive information is quite literally being carried around and accessed from multiple locations.
Mobile status is no longer defined solely by the use of laptops. Today’s busy professionals are accessing and storing data from multiple devices, including tablets, smartphones, and flash drives. Also consider the number of public WiFi networks tapped into on a regular basis at hotels, airports, coffee houses, etc. All of this means added risk where data is concerned. Devices get stolen and networks get hacked—compromising sensitive client information and opening accounting professionals up to a world of potential penalties, embarrassment, and loss of business.
Because we live in a mobile world, taking precaution where data safety is concerned is a necessity. The time has come for heightened security measures. The question is: Do you have a plan in place?
Protecting Data—and Your Reputation
There are few professions with more regulations and compliance mandates than tax and accounting—and for good reason. Accounting professionals work with confidential financial data on a daily basis—both inside the office and out, and now from an array of mobile devices. As such, it’s the firm’s responsibility to ensure the safety of their clients’ data whether sitting in the office, on a plane, or at a local eatery. The time has come to protect mobile devices with the same fervor and commitment as our office computers.
To accomplish this, a structured plan is required—one that will help firms take proper and speedy action should client data become compromised due to theft or loss of a mobile device. To help you develop such a plan, the following recommendations will give you a good start:
- Take Inventory—First and foremost, it’s critical to know what devices you are using and why you are using them. Ask a few standard questions: Are you simply storing files? Are you accessing and processing raw data? Is the device used for review of documents only or are you sharing them via email? Having a basic understanding of how you use each device will help you better understand the level of security that is required. As you take inventory, it’s good to follow one general rule: Don’t store sensitive data on any mobile device if you don’t have to. You will also want to take inventory of the applications that reside on each device. This will further clarify what data is being accessed and potentially stored.
- Develop a Mobile Policy—You likely have a policy in place in relation to hiring staff or delivering client services—each adopted to protect and ensure the success of your firm. Creating a policy in relation to how you (and your staff) use mobile devices is just as important to your success. A sound mobile policy typically comprises two main components: 1) guidelines for data storage on devices and 2) procedures for lost or stolen devices.
First, ensure that as little client data as possible is stored on mobile devices, then develop strict guidelines around data storage—and enforce them. This will help you maintain control of what data (and how much) resides on mobile devices. Second, put a plan of action in place in the event that a device is lost or stolen. This includes any device—laptops, tablets, smartphones, or flash drives. Many states have enacted laws that require you to notify those affected by a data breach due to theft or loss of a device. Your plan may include guidelines for disabling/changing passwords, closing connections, and a procedure for notifying clients of a confidential information breach. By adhering to a strict policy, you position yourself to respond to the issue with speed and effectiveness.
- Audit Mobile Access—Auditing devices is another way to protect your data. Look at what applications you are using and the passwords and data that are stored on the device. Regular audits will keep you current on what devices hold what information so you can react quickly in the event of theft.
- Heighten Security on Mobile Devices—There are several ways to heighten security on your mobile devices. Some of the more obvious solutions are assigning stronger passwords, using the device’s auto-lock function, and encrypting documents. The best advice to heighten security, however, is to access data outside the device itself rather than working with stored data. For example, cloud applications enable you to access data and work in real time without having to store information on the resident device. That means that if the end-point device is lost, the sensitive information stays in the cloud. Firms with VPN capability can use a mobile device to access the VPN and then access the data from there—using the device as a thin client only.
Another guideline to ensure data security is to avoid using public WiFi networks when at all possible. Additionally, do not set your devices to automatically search for open public networks. This leaves your system open and vulnerable, and your data a “sitting duck.” You should only ever access sensitive data remotely over a secure HTTPS connection.
The Reality of Being Highly Mobile
The simple fact is that we live in a fast-paced mobile world. Advanced technologies allow us to live and work outside of a brick-and-mortar structure and have provided the freedom to work anytime and from anywhere—increasing productivity to record levels. At the same time, these innovations have also subjected us to greater risks of a data breach. As a mobile society, we tap in and out of public networks, exchange information via email, and store and access highly sensitive data on a multitude of mobile devices. And while this is necessary practice to stay connected and work, it does require taking precautions to keep data safe and sound.
By following some simple guidelines, like developing a mobile policy and heightening device security, you can continue to enjoy the benefits of an “always on” world, without falling victim to the risk that comes with it.
Michael Webb, Chief Technology Officer – SmartVault Corporation
As chief technology officer and a founding member of SmartVault, Michael Webb is responsible for the design and delivery of SmartVault’s Software-as-a-Service technology, managing the R&D group, and ensuring the overall security of SmartVault’s system. He has more than a decade of experience in the commercial software industry and can be contacted at firstname.lastname@example.org.