CPA Practice Advisor

NOV 2015

Today's Technology for Tomorrow's Firm.

Issue link: https://cpapracticeadvisor.epubxp.com/i/599790

Contents of this Issue

Navigation

Page 13 of 21

14 November 2015 • www.CPAPracticeAdvisor.com A YEAR IN THE LIFE: PAYROLL ACCOUNTANT As you prepared to safeguard your clients' information against potential cyber threats, it's important to con- sider where your payroll information is being stored. Is it on a laptop, the Cloud, hosted on a server? Each comes with its own set of risks, such as laptop theft or inadequate security at the server host. However, each also comes with its own level of security and they are not equal. Hosting your clients' payroll data on a server or in the Cloud is more secure than keeping your data on a laptop. If your laptop is stolen or damaged, employees' conf idential data, such as social security numbers, becomes compromised. Regularly assess your firm's sys- tems and processes for any potential risks. Develop a plan to safeg uard against potential cyber threats and communicate that plan to your frm and clients. If your data is hosted on a ser ver or in the Cloud, familiarize yourself with the providers' security systems and sof t ware. You should choose a provider that is dedicated to protecting your clients' payroll data and regularly updates and maintain their servers or sofware. Just because you r d at a i s stored i n t he C loud doesn't mean it's automatically safe. Sofware such as RUN by ADP pro- vides a secure Cloud environment and maintains a very stringent data secu- rity policy. As a payroll practitioner, you are accountable for the security of your clients' data. Tey are entrusting you to manage their payroll and keep their employees' confdential data safe, so be aware of who has access to the ser vers your data is housed on and how of ten t he y a re m a i nt a i ne d . Additionally, have a process in place to determine who handles which data in case a glitch or issue arise. Actively log and monitor all network access and activity. Maintaining up-to-date logs will make it easier to pinpoint any unusual behavior earlier, if necessary. A process should also be in place to r e v o k e a c c e s s f r o m a l l s y s t e m s whenever necessary to prevent former employees from accessing and abusing sensitive client data. Routinely update your virus and malware sofware and anytime a new threat occurs. Everyone in your frm s hou ld be re q u i re d to rout i ne l y change their passwords and create strong passwords that are hard to hack. Many frms allow their profes- sionals to access company data on personal devices. If this is the case for your frm, there needs to be a process in place to manage the access. Con- sider how data can be wiped from a device in the event of an employee's departure or lost device. Tere should be a strong frewall in place to prevent any outside access to cl ient data . I f someone is able to breach your frewall, then your clients' data is at risk. As part of that frewall, you want to regularly consult with anyone that may have access to your internal systems, such as clients or vendors. Make sure that any clients or vendors t hat have access to you r i nter na l net work is fol low i ng t he protocol that you have in place to prevent atacks against their systems as well. Any breach in your network or the networks that connect to yours puts all of your client data at risk. Data security is about more than just protecting your clients' data from outside threats. It's also about pro- tecting it from sofware glitches and malfunctions. If a server crashes or the Cloud is unavailable, will you still be able to access clients' data when you need it. Regularly backup your sys- tems to a secure location, so that you can restore it at anytime if you need to. If you use a Cloud service provider, make sure backup and recovery ser- vices are not only included in your service agreement, but you are aware of the backup schedule. Tis should be done on a regularly basis to avoid the impact of data loss. Your staf needs to be well-trained on the measures your frm is taking to protect client payroll data. Conduct regular employee training on data security to ensure everyone is aware of the threats facing that data and how to protect against them. As you con- sult with your clients, make sure they are doing their part, too, to aide in the protection of their payroll data. Keeping your clients' payroll data safe can be a daunting task, especially if maintaining the proper technology and protocols interferes w ith pro- v id ing qua l it y pay rol l ser v ices. I f necessary, appoint a Chief Informa- tion Ofcer or consider outsourcing the role to provide quality protection. Just as your clients hire you to expertly manage their payroll because they are not payroll professionals, it's okay to hire an IT expert to make sure you're keeping clients' data secure. Whether it 's a n i nter n a l or e x ter n a l role , someone should be solely responsible for ensuring employees are properly trained, data is securely backed up and anti-virus and anti-malware sofware is kept up-to-date. It's National Security Month, But Payroll Security Is An Everyday Effort By Taija Sparkman N ovember is National Security Month and there will be a lot of focus on mak ing sure data of all k inds is secure. Your clients rely on you to keep their pay roll data safe and secure all year-long, not just during the month of November. Terefore, it's important to ensure that your frm's sofware and technology employs the proper security.

Articles in this issue

Links on this page

Archives of this issue

view archives of CPA Practice Advisor - NOV 2015