In his article, “The Accountant and Cyber Security: 5 Actions Your Firm Must Take,” Andrew Cravenho cites some of the most recent examples of cyber attacks that have hit big-name companies and government agencies. He goes on to recommend steps that should be taken by CPAs, since it would be a mistake to “place your data at risk by making the assumption that you are too small to be targeted.”
It would be an even bigger mistake to focus on these comparatively rare external threats while ignoring an equally pervasive risk growing inside today’s firms, both large and small, unregulated employee use of file share and sync solutions for storing and sharing company information.
Common – And Risky – File Sharing Behaviors
At first glance, the many new options for accessing and sharing information seem very positive. Apps services such as Dropbox, Box, OneDrive and Google Drive make it fast and easy for individuals to collaborate on documents.
However, a closer look uncovers a widespread problem. Unsanctioned employee use of file sharing and sync solutions without management approval and without IT oversight is becoming a widespread issue. In a recent survey by M-Files, hundreds of professionals were asked about their file-sharing behaviors. Almost half (46 percent) admitted to using personal file-sharing apps to store business documents containing confidential or sensitive information.
When asked about the official company policies for file sharing, 70 percent of respondents reported a lack of a policy or a lack of knowledge of such a policy. Clearly the use of these apps by employees is going unchecked and unmonitored, and as a result, many firms are experiencing negative consequences from these unsanctioned behaviors, which range from loss of control of documents to information security breaches, data losses and non-compliance issues.
Mitigating the Risks
The proliferation of unsanctioned file-sharing app usage at work points to unmet needs. When employees find themselves wasting too much time on common tasks such as locating and sharing files, they look for alternatives to the company-provided toolsets. Ongoing and open communications between practice managers, technology support teams, individual accountants and office support staff can determine the shortcomings that employees must overcome, and simultaneously provide an opportunity to raise awareness about the risks associated with unsanctioned file-sharing apps and services.
A formal policy for file sharing can then be defined based on staff discussions and the CPA firm’s goals for securing and controlling content as well as for collaborating on information assets with those outside of the firm. Sharing this policy with the firm’s partners, suppliers and clients can also further encourage behaviors that support the new policy.
Maintain Control without Stifling Collaboration
Change can be hard, especially if it means giving up a solution employees are accustomed to, but the key is to provide an alternative approach that is equally as fast and easy to use for storing and sharing content, but that also provides the necessary levels of control and security. Providing employees with the right tools and solutions is critical for discouraging a return to unsanctioned personal apps.
Fortunately, leading enterprise information management (EIM) solutions can provide the control and security management wants, with the simplicity that employees demand. Documented use cases from numerous CPA firms have demonstrated that the right content management solution can balance flexible access with greatly improved content security to simultaneously satisfy employees and the firm’s management teams.
Added Benefits that Promote Change
Best-in-class EIM solutions offer many features that can significantly benefit accounting practices. Compared to traditional folder-based file management approaches, metadata-driven EIM solutions ensure that a single, central copy of each information asset is always found in the right context and that it is protected with appropriate security and access controls. With metadata, it is also easy to determine the content classes that can be shared with external parties via the cloud, while ensuring that certain classes of classified information assets are always kept behind the on-premises firewall.
The new paradigms for organizing and accessing digital information are also facilitating the automation of processes. Email-driven processes are being replaced with faster and more visible information-centric workflows for the approvals of documents. For example, an accountant posts a revised contract for review and approval on Dropbox and then emails it to others for review and approval. However, some recipients may save different versions of the document back to Dropbox after they review it, and then it becomes a guessing game of “which file is the correct and current version?”
However, this entire workflow process can be managed much more effectively and precisely via an EIM solution. A single version is provided to the review team in a very controlled and secure environment. Reviews and approvals are managed within the system and electronic signatures can be used in lieu of printing, signing, scanning and re-saving different file versions.
The long list of benefits makes an EIM system a more secure and compelling alternative when compared to file-sharing apps and services. Using an EIM solution to collaborate and share information improves productivity and helps everyone makes better decisions while also ensuring business content is strictly controlled and protected.
————-
Mika Javanainen is Senior Director of Product Management at M-Files Corporation. Javanainen is in charge of managing and developing M-Files product portfolio, roadmaps and pricing globally. Prior to his executive roles, Javanainen worked as a systems specialist, where he integrated document management systems with ERP and CRM applications. A published author, Javanainen has an executive MBA in International Business and Marketing.
Thanks for reading CPA Practice Advisor!
Subscribe Already registered? Log In
Need more information? Read the FAQs
Tags: Accounting, Technology