Five simple and free steps to secure your business – Step four: Clear your Downloads folder
Clear Your Downloads
On the majority of accounting firms computers there is a location hiding in plain sight, which contains an abundance of sensitive client information. Most firms don’t even realise that there is data stored here. But on every computer there is a Downloads folder, and on most peoples it balloons unmonitored to become a huge repository of client information.
How do files get there?
Every time you download an invoice from Xero, or a file from Suitefiles or Dropbox, a local version will be stored in the Downloads folder of your computer. All firms should have a version of secure file storage available and that’s where the majority of people will save the files that they need to save. The problem is that no thought is paid to the additional file left in the Downloads folder.
How this caused a breach in an accounting firm
We recently met a small 6 user firm based in Newcastle that experienced a breach due to the Downloads folder. The firm are a relatively new business, are 100% on the cloud, and enforce a strict no local documents policy.
An accountant at the firm had a laptop stolen and the firm took every effort to contain the risk. They reset all his passwords and locked him out of his email to minimise exposure. They thought that they would be secure as no data was stored locally on the device, but hadn’t accounted for the Downloads folder. In this were sensitive files that contained TFNs, and in under a week four of their clients had experienced TFN fraud.
How you can manage this risk easily
As a blanket rule we say to firms that if they’re ever using a shared computer they should check the Downloads folder at the end of the session. This needs to be done to ensure that they’re not leaving sensitive data for someone to then come along and access.
For personal devices we recommend setting up an auto-delete on your Downloads folder which automatically clears out all files every 14 days. There are instructions on how to set this up on our support page here
If you want to learn more about how you can secure your business, you can book in a Cyber Security Consultation with one of the team here
This article was written by Jon Melloy, Technical Marketing Lead at Practice Protect, who’s sole focus is protecting accounting firms’ reputations with tools, policies and education to keep data safe without sacrificing convenience.
Categorised in: Blog
This post was written by Practice Protect