Recently Paul Riva, a Partner at Gordon Advisors, P.C. and Paul Ferrence the Owner at TechWorx LLC contributed to an article with Mark Snitchler a Partner at Hubbard-Snitchler -Parzianello PLC. The article was featured in the MACPA E-News Issue 668 on April 2nd.
For the original article please click here.
Below is the article in full.
Is your company data properly protected? In our rapidly evolving IT world, playing offense against data security risks is vital, and very challenging. Read this article coauthored by a CPA, an attorney and an IT specialist to determine if you’re taking the appropriate steps to protect your company’s most valuable information.
COVER YOUR ASSETS
By: Mark M. Snitchler, JD
Paul J. Riva, CPA
Paul M. Ference
As a general proposition, the value of an asset correlates to our efforts to protect it. For example, family valuables may be kept in a safe deposit box. We have a tendency to lock our homes and cars when we leave them. Our wallets and purses are kept in our immediate physical control at all times. For business owners, some of our most valuable assets consist of company data, including customers’ buying habits, requirements, pricing, product sources and similar information. Instead of keeping this information in a safe deposit box, all too often this data is left unprotected and readily accessible to company employees. Some firms even use the “cloud” to store data which is both off site and potentially located anywhere in the world.
How is your data stored? Where is it located? What control do you have over your data? Do you know what your service provider’s back up plan is should their systems crash? From an information technology (“IT”), accounting and legal perspective, it is essential that all business owners have a clear understanding of these issues in order to take the appropriate steps to protect their assets.
From an accounting perspective data security is a top priority for accounting firms and the businesses they serve. Companies come into contact with all forms of private and confidential data every day. Credit card numbers, employee data, tax information, real estate information, bank ledgers, inventory sheets, purchase orders, legal documents, loan and credit information, retirement assets – the list can go on and on. Protecting this confidential information is important for the sake of the customer/client, employees and possible company liability. This is why it is of the utmost importance for companies to protect such a valuable asset as their company data.
Companies must transform policies and processes when it comes to data security to keep up with the rapid changing landscape of technology and innovation. The emergence of cloud computing, social media, blogging and the popularity of mobile, tablet, and remote work done by employees has created an efficient and technologically savvy work environment, yet at the same time has created new data security risks that need to be consistently addressed.
Businesses can play offense against data security risks by ensuring they have the proper technology and processes in effect for data security in their physical building as well as their network. Also, educating and training the staff on data security risks and having specific data security policies in an employee handbook is a great way to guard against potential data security risks. With proper technological protection, processes and policies in place, a company can effectively protect data security and ensure that their valuable assets are not compromised.
With regard to a company’s internal IT controls, passwords are vital to the safety of your data. Passwords should be difficult to guess and should never contain personal information. You should implement “password complexity”, if possible, using capital letters as well as numbers and special characters such as !, #, @. Passwords should be safeguarded just as you would store the key to your home or business. They should also be changed frequently throughout the year. A thorough audit of every account and password should also be done at least once a year. With regards to cloud storage, the business owner should know the encryption code or password for your data so that it can always be recovered and management should only use reputable sources to store company data.
Finally and in addition to internal ramifications for not controlling your data, weak protection may also violate obligations to third parties. Data regarding customers, products and pricing provides companies a competitive advantage and may often contain a business partner’s confidential information. Contracts may require that a partner’s shared information be used for limited purposes, remains the property of the disclosing party and must be protected as confidential. Lost or corrupted company information may not only place the business at a competitive disadvantage, such failures could lead to civil liability for failing to protect a partner’s confidential information. Businesses must identify potential data risks posed by its internal controls as well as its outside vendors’ procedures. If company’s data is maintained off site, the company may be responsible for any failure in the protective measures of its supplier. The fact that a third party controls the data may not relieve a company of its obligation to protect its business partner’s confidential information.
Few business owners are tech savvy in our rapidly evolving IT world. Doing your homework and asking the right questions are reasonable and prudent steps to protect your valuable business assets. Recognizing the possible risks and understanding how business information is maintained will help management minimize the chance that their or their business partner’s confidential information is lost or made public. Make sure your assets are covered.
Mark M. Snitchler is a partner with Hubbard Snitchler & Parzianello PLC in Detroit. He concentrates his practice in working with business owners on all corporate matters, as well as trust and estates planning and related litigation.
Paul J. Riva is a partner with Gordon Advisors, P.C. in Troy, Michigan. He has over 25 years’ experience in public accounting and possesses expertise working with manufacturing, construction, real estate, wholesale and non-profit organizations.
Paul Ference is the owner of TechWorx in Troy, Michigan. He has over 20 years’ experience in IT management, solutions and support.