Is your company data safe during COVID-19?

Randall Savely
By Randall Savely, SCPA Director of Operations

Over the past several weeks, many of us have begun using work structures that look much different than our normal structures. Like our office, perhaps your office’s data security policies were not prepared to deal with such rapid changes. If so, my advice to you is to ensure right now that you have adapted your data security policies to protect your data while your employees are working remotely. I share this with you based on an experience that happened in our office last week.

We migrated most of our corporate files to a cloud-based SharePoint library late last year. The timing of that move was serendipitous and it has been instrumental in allowing employees, as needed, the flexibility to work effectively out of the office. However, our accounting software is still based on our local server. As luck would have it, three weeks ago we were in the middle of a server upgrade and as a result our remote access and VPN access was disabled on our server. To help facilitate our accounting manager to work from home, I connected her personal laptop to the accounting files on her office computer so that she could connect remotely to them. This removed the data from the redundancy of our server, but the short term need to access the files seemed to outweigh the slightly-increased risk of data loss.

Well, as you might guess, the hard drive on her office computer crashed a few days ago, making all the data on her drive inaccessible. The good news is that we backup all of our accounting data online each night so we did not lose any important data, but the incident reinforced to me how quickly decisions made during crisis are often made with trade-offs in security and if you are not careful such trade-offs can have dire consequences for your files.

If we had not been doing regular online backups of those files we would have lost substantial corporate data that would have taken hours to try and recreate. As of today, our new server install is being finalized and by the end of this week our employees should be able to work remotely and access our files the way our structure is intended. However, a temporary deviation from our normal procedure could have caused substantial issues.

While it’s a given that dealing with a crisis such as a pandemic will at times make you adapt to changing needs, be sure that as you adapt to those needs you are not doing it in a way that jeopardizes the security of your information. If you have not prepared for remote access in advance and set up the needed security ahead of time, the risk of data loss can greatly increase when you make changes in the midst of an emergency. Be sure you are doing all you can to protect your data from loss during this time (and make a note to review your policies once this crisis is over to incorporate what you have learned during this crisis and ensure you are even better prepared for the next one). By the way, your data isn’t the only thing that needs to be secured. How are you handling deposits right now? Is a mixture of different people handling cash? Are different people than usual opening the mail and sorting checks? If so, have you adjusted your financial security policies as a result? That’s a topic for a different article, but don’t wait for me to write that article to deal with those issues as well.