Accessing client data on mobile devices is becoming second nature to professionals in many industries. In most cases, we take for granted we won’t lose our phone, or have our data compromised in a coffee shop or airport.
The subject of security for mobile devices was brought to the headlines recently when several celebrities had compromising photos stolen from their devices. Here are some considerations on how to protect your Los Angeles accounting firm from data loss exposure on mobile devices.
Enforce Standard Builds and Encryption Apps
You may have conceded through pressure to allow employees to choose their own devices for accessing firm data. Whether your employees are carrying phones or tablets on iOS, Android, Windows or Blackberry platforms, enforcing common mobile encryption apps should be mandated.
Accounting firms should consider the exposure of the data at rest on these devices, including client contact information, financial data, and messaging applications including email. Firms should also have employees use mobile VPN apps when they are accessing the firm’s data.
There a number of security software vendors that go beyond encryption applications and offer client’s solutions for “bricking” a mobile device via SMS should a device be stolen. All data on the phone will be locked down and the device can be rendered useless.
Limit Mobile Device Access
There is nothing wrong with restricting mobile access to those who absolutely can’t do their job without it. Senior management and other customer facing executives might be the only employees who require it. Laptops, tablets, phones, and other mobile devices can easily be left on a subway, airplane, or taxi and expose your firm and your clients to a great deal of liability which is completely avoidable. Enforcing advanced password management and use of two-factor authentication for mobile devices should be mandatory for any firm.
Establish Policies for Mobile Security
The reputation Blackberry has for security is well documented. In some cases, their devices have not fared well relative to iOS devices or Android. Your firm should not apologize for setting policies on mobile devices to be able to protect valuable client data.
Considerations for company-wide acceptable use policies should include:
- Only using mobile devices for the purposes of carrying on firm business or limiting access to client data when in a secure area
- Usage of advanced passwords, VPN apps, and Mobile anti-virus applications on company devices
- Limit transmission of client related data via SMS or related instant messaging applications like SnapChat or Google Hangouts
- Requirement for employees to have a separate personal mobile device which will not be provisioned to access firm or client data
- Usage of mobile applications for systems like QuickBooks Online, Sage50, or their browser equivalents to office/home/secured Wi-Fi environments
- Standardize your firm on a single, business appropriate file sharing application such as Box, then provide permissions on a per user basis to those who work with specific client files
- Implement mobile device management technology
Many accounting firms yield to employee pressure on the usage of mobile devices as a business tool. When accessing data which carries as much risk and potential for liability as accounting firm data, you have to hold firm on company policies and enforce them visibly in your organization. A single lost device, hacked tablet in a café, or stolen smartphone can cause irreparable damage to your firm’s reputation, your client trust, as well as seriously impactful data loss.
Do you have policies on security for mobile devices in place? Please share your thoughts in the Comments section below.
And to follow-through on the tips introduced in this short article, be sure to download your free guide, 12 Ways for CPA Firms in LA to Utilize Technology More Efficiently.