Reach for the clouds… But is it safe?

One of the most common questions about online software is security. If I can’t see the server that runs the program under my desk, how do I know if my business information is safe?

According to DigitalFirst, all software, whether it runs on your desktop or online, is vulnerable to security threats. A security company once said the only safe computer is one that has been switched off. This doesn’t stop businesses from using software. Software is indispensable to running an efficient, modern business and communicating with your employees, customers and suppliers.

Instead of asking, “is online software secure?” a better question is, “is online software more secure than desktop software?”

For the vast majority of small and medium businesses the answer is yes. To understand why we need to look at the vulnerable points in the process of using software.

Desktop software

The points of vulnerability with desktop software are all located in one place, the desktop or laptop computer. It is the point of access for the user, the point of storage for the accounting software and the user’s data file, and the point of connection to the internet.

The level of security for desktop software comes down to the initiative and budget of the user.

Most businesses spend very little on security, whether electronic measures such as firewalls and anti-virus protection or physical measures such as locked doors and anti-theft cables. They also tend to spend little time or money on educating staff about best security practices.

The reality is that an office computer is usually vulnerable to a greater range of internet-based attacks than online software. And it is much more vulnerable to physical risks such as fire, flood or theft.

Not only is the software often poorly protected, the emergency processes to restore the software are usually lacking too. Backup is the great Achilles heel of many businesses who usually treat it as an afterthought. When something does go wrong it can take many hours or even days to return to full operation.

 

Online software

The points of vulnerability for online software are split between the vendor and the user. The point of access for viewing the software (whether laptop, desktop, smartphone or tablet) is still the user’s responsibility to secure.

Storage of the accounting software and the data file is not the user’s responsibility but the vendor’s. Software companies run their programs from enterprise-grade data centres with highly sophisticated, layered defences.

These enterprise data centres are patrolled by guards and access is controlled by keycards and fingerprint and iris scanners. Other physical defences include firefighting systems (gas and sprinklers), large diesel generators to supply power during blackouts, and flood-resistant locations.

Data centres usually have multiple, redundant, extremely fast internet connections. The networks are protected by the latest security technologies and 24-hour monitoring by a team of IT security experts.

There’s also security in obscurity; the data for one business is stored on the same server as hundreds of other businesses.

If a server fails in an enterprise data centre it can automatically push an online  business application from one group of servers to another.

Online software companies have detailed backup procedures for restoring their applications if a software bug causes a crash. The average amount of downtime for the best-known online business programs is several hours in a whole year.



So how hard is it to secure?

Whether the threat is theft, natural disaster, a virus or a hacker, online software is generally far better protected than a desktop program. If a thief steals a smartphone they won’t be able to access the online software without entering a password.

A business owner could log in from another computer and change the password in their online accounting software and it would be impossible to access from that smartphone again.

If a thief steals a laptop they have a much greater chance of opening data files in any desktop software it contains.

You can minimise the risk of attack in several ways.

Use a unique, difficult to guess password and keep it in a very secure location.

A password manager is a very handy tool for creating and storing long and difficult passwords for many websites. Of course, you need to have a very secure password to access the password manager but at least it’s the only one you need to remember.

Never reveal your password to anyone, even if they are allegedly calling from the bank or software company. If someone does ask you for your password it is almost always with malicious intent.

Only use your own laptop or computers rather than public computers.

Public wifi networks in cafes and airports can be compromised. For maximum security use your smartphone or tablet, or tether to them with your laptop, to access your online accounting software. Telcos tightly control access to their networks which makes them more secure.

One specific area of concern deserves its own chapter. What happens to your company file when you move from desktop accounting software to online? DigitalFirst has some answers for you: Read Chapter 8: Looking After Your Data to find out more.