It's often said today that data is the new oil – the most valuable resource in the world. But something so precious is always attractive to thieves… or in the case of data, hackers.
Companies of all shapes and sizes are increasingly falling victim to security breaches and loss of data. In the Netherlands recently, an accountancy software company was hacked causing chaos to thousands of its clients.
It's no longer just the big players that are being targeted. We all need to up our game if we are to resist attack. So, where does data encryption come into this?
What is data encryption?
Encryption helps to protect data using a special kind of code to scramble it. The information can then only be read by someone with the key to that code. This all happens at the click of a button – but you need to have the right systems and processes in place.
These days, vast amounts of personal information are sent via the internet and stored in the cloud. It's pretty much impossible to avoid people's personal data ending up in a networked computer system. So it's important to know how to keep that data private.
SSL encryption
Most respectable websites now use something called 'Secure Sockets Layer' (SSL), to encrypt data as it is sent to and from a website. It stops outsiders accessing that data while it's transmitted. When you're online, always check that the site you're using has a padlock icon in the URL bar, and that the address has an 's' after the http in the web address. It should show as 'https://'.
Note: Our website solutions for accountancy firms (Mercia totalSOLUTION and Practice Track Online) both use https as standard.
Why is encryption important?
Here are just three reasons to encrypt your data…
1. Hacking is big business
Cybercrime is a multimillion pound industry these days, with some hackers earning more than £50,000 a month from their actions. There are all kinds of online forums where hackers sell data for big sums. As the competition grows, the online attackers need to find more and more new targets to exploit – and no business is safe.
2. Your clients won't thank you for losing their information
Many large companies have had to apologise to their customers after data breaches – which undermines people's trust in them. A multinational brand usually has a strong enough reputation to retain those people – but will your customers feel the same?
Always make sure you enable encryption on your email application and that the websites you're using are secure.
3. Regulations demand it
In 2018, under the GDPR, accountants were dedicated as 'data controllers', which means that you must be registered with the Information Commissioner's Office (ICO). Meanwhile, accountancy software providers are only classed as 'data processors.' So if there's a security breach they're not liable for any fine or punishment from the ICO. It certainly pays to make sure you're well protected from data loss.
While there isn't any specific requirement under the GDPR for accountants to encrypt information, it is clearly a sensible precaution to take. This was a real influence in our development of the accSEND tool, which enables accountants and clients to exchange sensitive information in a completely secure way.
There is some useful advice on data encryption in this article from the ICAEW.