Why cloud security isn't an IT issue

This post originally appeared on the Practice Protect blog and has been republished here with permission. Jamie Beresford is the CEO of Practice Protect, the authority in data security for accountants.

With Mandatory Breach Reporting legislation coming into effect in February and recent media attention on cyber security, market awareness around cyber security is building. One of the common responses we receive at Practice Protect during security consultations for accountants is “isn’t that an IT issue?” which is a plausible assumption in the traditional sense of “IT”.

With so many accountants being cloud advocates and early adopters of cloud technologies it’s important to understand the difference between two very different technologies which will in turn explain why cloud security is not an IT issue.

#1 – Server Based Accounting – servers that are typically managed and sometimes hosted by an outsourced IT company to run MYOB AE, APS, Handisoft, files, email and other apps.

#2 – Browser Based Cloud Accounting – Browser based applications such as XPM, Xero client files, Quickbooks, Class Super, BGL 360, CCH-Ifirm, MYOB Essentials and others that are accessible from anywhere with a web browser and are generally managed internally by a practice manager, outside of “IT”

Making this distinction between the two very different technologies allows you to understand the very different risks associated with both and why browser based app security is not an IT issue.

#1 How a server is hacked – Generally, we refer to a server hack as ‘intrusion’ which means someone breaking through a firewall or illegally accessing a network. Good IT companies provide protection against this with antivirus and other security practices. Servers have a traditional Microsoft based user logon system which keeps a log of activity and makes it easy to control users and apply security policies.

#2 How browser based cloud data is leaked – Browser based apps typically have their own login systems meaning users self-manage passwords which can be used to access your client’s data such as tax file numbers, bank account details and personal information by anyone from anywhere. Users are left to their own devices on how they choose to manage their passwords outside of the firm, server and IT control.

Having this daisy chain of passwords outside of company policy dramatically increases the risk of passwords being leaked and is the new frontier in data theft. With cybercrime increasing by over 50% annually and small businesses with fewer than 20 staff accounting for 60% of this number, accountants need to understand the risks not only for themselves but also have better conversations with clients as awareness around this topic increases.

To learn more about the new mandatory breach legislation, how a hack happens at a practical level and how you can arm yourself with the knowledge you need to demonstrate competency in this area you can attend one of our lunch and learn webinars or download the cloud security checklist at www.practiceprotectonline.com.


Join SuiteFiles and Practice Protect on Thursday 5th July for a special webinar, 'Realising the Freedom of Serverless Cloud Accounting.' In this interactive session, Jamie Beresford (CEO of Practice Protect) and Andrew Sims (CEO of SuiteFiles) will discuss how firms can make the leap to cloud-based accounting and the benefits of operating from there. Register here.