Why the IT industry has failed to protect accountants from cyber threats
I’ve written this short article to give SME accountants insight into why the IT industry has failed to deliver them a comprehensive solution to data security concerns.
How things were before cloud accounting
To understand where things are going it’s important to first reflect on how it was. In the pre-cloud era, a company’s server, managed by their IT trusted advisor was the centre of a firm’s technology stack. Staff came to work and entered a single login to access all software programs stored safely at their office. Sure, we didn’t have the productivity and cost benefits of cloud accounting but we had comfort in the fact that data was safe and we had a single, local party as the go to guy for all things IT.
The cloud era and the way things are now
Things are different now where we’re seeing a countless number of cloud vendors dominating the industry narrative with better functionality, lower entry cost models and fresh new ways of working. While this has undoubtedly been great for accountants there are two unmistakable truths that we need to be aware of:
Analysis Paralysis and a foot in each camp
The local IT provider’s position as the acountants technology trusted advisor has been diluted with cloud vendor messaging dominating the industry narrative and contradicting the traditional server based approach. While the benefits of cloud are evident, it’s influence has made it harder for accountants to make confident strategic IT decisions resulting in this ‘analysis paralysis’ phenomenon. In a lot of these cases, the cloud has created a half transition ‘foot in each camp’ scenario resulting in increased IT spend with both new (cloud) and old (server management) costs.
Sure, your IT company might not have been shooting the lights out back in the day but they did give you a single channel of IT advice which made it easier to make decisions. With contradicting influences now at play, it’s proving harder for firms to act decisively and execute a single IT strategy with confidence.
Decentralisation of your data security
The second decentralising effect that cloud has had is losing that single login to everything which is why the reported instances of breaches has increased so rapidly in recent years. Controlling access to your firm’s data is stressful for the practice manager and a hassle for staff having to manage so many passwords and two step login codes to do their job. Data breaches are only the half of it. Firms are also losing billable time and it’s crazy that we can be having this problem in 2018.
“Decentralised cloud logins and associated poor password hygiene is the root cause of nearly all cloud data breaches equating to a 35% annual increase year on year in reported data breaches with 60% of these breaches reported by firms under 20 staff. * scamwatch.gov.au
It’s a pain for a firm to manage, a headache for staff to track and a massive risk to your client’s privacy.
So why hasn’t someone solved this problem?
The simple answer is because cloud identity management has fallen in this ‘gap’ between cloud vendors and the traditional IT provider whose model relies on revenue derived from server and desktop management, not web browsers and mobile devices. The cloud has polarised the app developer and the IT tech pushing them further apart with cloud security falling through a gap somewhere in between.
With the new legislation and more and more breaches becoming public, SME Firms have been forced to stand up and take responsibility for their own data security. This form of IT awakening may well also finally shake them free of the cost and complexity of traditional IT infrastructure.
About the author – Jamie Beresford, CEO of Practice Protect. A business that specialises in helping accountants secure data and mitigate risk with done for you technology, training and policy so busy firms can keep their reputation secure and get on with doing business with confidence.