How To Keep Your Locally-Installed Accounting Software Secure

I’ve heard it again and again. People choose a locally-installed accounting software over cloud-based software because they don’t trust the mysterious, elusive Cloud.

While it is true that locally-installed software has the potential to be more secure than cloud-based software, users who don’t take the proper security measures are subjecting themselves to a storm of trouble worse than anything the Cloud could conjure. If you’re using locally-installed accounting software and your computer is home to incredibly sensitive business information about you, your employees, and your clients, this is a chance you can’t take.

When you sign up for cloud-based software, the software provider often has strong security measures in place, like firewalls, malware detection, anti-virus scanning, etc. With locally-installed software, no one is taking care of security for you. Your data security falls entirely on your shoulders.

Here at Merchant Maverick, we don’t want you to have to bear this burden alone—or worse, ignore your computer’s security completely because it seems too complicated. So, we’ve created a list of 12 easy-to-follow tips to help your computer data be as secure as possible.

If you’ve read our How to Keep Your Accounting Data Secure in the Cloud post, some of these tips will look familiar, but they apply to locally-installed software as well and are so important we want everyone to know about them. While this post focuses specifically on locally-installed accounting software, these tips can apply to any locally-installed software, and even to the average Joe who just wants to optimize his computer’s security.

1. Don’t Share Your Passwords With Anyone

When we say don’t share your password with anybody, we mean it. Passwords are supposed to be a secret for a reason.

We may not be talking about the one ring to rule them all, but we might as well be. Security is a serious issue, so make sure you keep your password secret—keep it safe—because that is the surest way to protecting your company.

2. Create Strong Passwords

Everyone has heard again and again that it’s essential to create strong passwords for internet accounts, but how do you actually do that? We’ve gathered several tips from experts in the technology and security field; let’s begin with what not to do.

Don’t:

• Share your password
• Use common password combinations(123456)
• Follow the three most common password formats (according to Business Insider)
  1. “one uppercase [letters], five lowercase [letters] and three digits”
  2. “one uppercase [letters], six lowercase [letters] and two digits”
  3. “one uppercase [letters], three lowercase [letters] and five digits”
• Use the same password for multiple spots
• Start with a capital letter followed by lowercase letters
• End with an exclamation point
• Use password checkers

Do:

• Use long passwords (at least 8 letters)
• Use a combination of letters, numbers, and symbols
• Use multiple special characters
• Create a completely new password for every site
• Make it seem random

Tip: Business Insider interviewed a professional hacker from RedTeam Security, a cyber security firm that identifies any weaknesses in a company’s security before a hacker can, about his top tip for coming up with passwords. The hacker, Kurt Muhl, says to come up with a sentence you can remember, like: “I bought my house for $1.” Then, take the first letter of each word only, so you’re left with Ibmhf$1. And a few extra symbols or numbers where you’ll easily remember, and you’ve got yourself a strong password. After all, it’s much easier to remember a sentence over a random collection of letters, numbers, and symbols.

3. Store Passwords Securely

Okay, so now that you know how to set strong passwords, how should you store them? It may be wise to make a unique password for every login you have, but there’s no way to remember all of those passwords in your head. We’ve looked at several possible solutions, as well as unsafe organization methods to stay away from.

Some of these guidelines seem obvious, but you’d be surprised how many people don’t realize that the following storage choices are dangerous:

Don’t:

• Store them in an Excel document on your computer
• Store them in a Word document on your computer
• Store them in any sort of document on your computer (hackers can still access these)
• Save them in emails (sent or received)
• Leave them out on your desk
• Put them in a file that clearly says PASSWORDS

The bottom line is, don’t leave them where someone else could access them. Hide your list of passwords out of the sight of family, coworkers, and cleaning crews.

So where should you keep your passwords?

Many people in the tech industry recommend that you use a password manager like LastPass, Dashlane, or KeyPass. It’s worth noting that LastPass has been hacked on multiple occasions. If it were me, I would not take any chances on password managers where my data could be at risk from security breaches.

Instead, I recommend writing a list of passwords and storing them in an inconspicuously named file in a locked file cabinet or safe that only you have access to. If you really want your data to be safe, write your passwords in some sort of consistent code that only you know and that isn’t written down.

Yes, it sounds like a lot of work, but it’s a price worth paying for keeping your data—and more importantly, the data of your clients—safe.

4. Install Anti-Virus/Malware Detection Software

We highly recommend installing an anti-virus and/or malware detection solution. Anti-virus and malware detection software programs help you stay aware of any potential or existing threats in your computer’s security, and many of these solutions not only detect issues, but also fix them for you.

Some common and reputable options include:

• Bitdefender Antivirus Plus
• Bitdefender Total Security
• Kaspersky Anti-Virus
• Kaspersky Internet Security
• McAfee LiveSafe
• ESET Internet Security
• Avira Internet Security Suite

Note: Please do your research before purchasing. Forbes and PCMag both offer many articles giving advice on choosing good virus/malware protection.

5. Install Firewalls

In addition to anti-virus and malware detection software, you want to make sure your computer and your router have firewalls installed. As its name suggests, just as firemen dig a barrier to stop raging forest fires, cyber firewalls create a barrier between your computer or network and any unauthorized access to your computer.

Many computers offer built-in firewalls, which may be enough for your needs. Kaspersky explains how to know if your computer already has a firewall installed in the article 6 Tips to Keep Your Home Computer Safe.

If your computer doesn’t have a built-in firewall, or if you need the added security of a firewall software or hardware, here are some of the most common and reputable options:

• ZoneAlarm Free Firewall
• ZoneAlarm Pro Firewall
• Comodo Personal Firewall
• Tiny Wall

Note: Please do your research before purchasing. INC.com and PCMag both offer many articles giving advice on choosing good virus/malware protection.

6. Secure Your Router

The game doesn’t end after you make sure your router has a firewall installed. You’ll need to further secure your router by changing the original router password. (Refer to back to step 2 for instructions on creating a strong password.) It’s also a good idea to change the name of the router to something that isn’t easily guessed.

If you work in an office or business setting (or even just from home), you’ll need to create a guest wifi account (if your service provider allows). Ideally, you want to use the WPA2 (Wi-Fi Protected Access) option on your wireless router (if able) because this option offers encryption that is more up-to-date, as opposed to the older, less secure WEP (Wired Equivalent Privacy) option.

7. Educate Your Users

Most business owners probably have at least some knowledge about internet security, but that new fresh-out-of-school intern you hired might not. You want to make sure that all employees and contractors using your software and computer have a firm understanding of internet security.

Several accounting software companies, including Xero (one of the leading cloud-based accounting companies) experienced attempted phishing attacks in 2015. A phishing (pronounced “fishing”) attack occurs when hackers “fish” for user’s passwords and information so they can hack accounts. These attacks aren’t limited to cloud-based software and can affect locally-installed software users as well because the attack often uses email rather than the software itself.

In the 2015 attack, Xero users were sent a fake email that looked like it was from Xero but contained “malicious content.” While the company resolved this issue promptly, the best solution is always to have educated users who know to avoid suspicious links and verify addresses.

There are a few ways you can educate your employees:

• Send Out Pertinent Articles In Weekly Company Emails: Have your employees read articles like Xero’s “3 Ways to Avoid Being Phished” or McAfee’s “10 Tips to Stay Safe Online.”
• Double Check For https://: https:// is not just a collection of random letters and symbols—it indicates that the site you are about to access meets acceptable security standards. If you see that a site doesn’t have https:// at the front of it, it isn’t secure and could be a scam.
• Encourage Free Education Courses: Free online courses cover an array of topics, including security. Khan Academy offers courses on Cybersecurity, and MOOC offers a Web Security Fundamentals course, a Network Security course, a Cloud Computing Security course, and more. Both of these resources are free and there are several others like them.
• Enroll Your Team In Certification Classes: Not only can you sign up for free online courses, you can also earn verified certificates for the classes you take. Many of the certificate classes cost extra, but it could be worth spending the company budget on a weekend of classes if each employee comes out with a verified, professional certificate in security.

8. Take Advantage Of User Permissions

Almost all good accounting software offers business owners the ability to manage users and set user permissions for their employees. One of the best examples of this in the locally-installed software world is QuickBooks Pro, which lets you set ten different roles (company administrator, regular user, custom users, accountant, time tracking only, reports only,  all access rights, no access rights, limited access) and control the level of access by specific feature.

Be sure to take advantage of these user permissions. They are one of the most effective tools to control what your users see and don’t see. This way, you know that only the most trusted employees have access to more sensitive information, which eliminates worry.

9. Create Multiple Accounts For The Same Computer

If you have multiple employees sharing the same computer, be sure to create separate user accounts for each employee. The level of user access can be controlled for each individual account, ensuring extra security for sensitive information.

PC World recommends creating an administrative account that is used to control security settings and a standard account as your work account (even if you are the only person using your computer). Only administrators have access to computer settings, so this helps ensure that no one gets their hands on company information unless they are authorized. You can read more about PC World’s security recommendations in their article 9 Ways to Keep Your Windows Computer Safe.

10. Take Physical Security Measures

One of the main things locally-installed software security lacks is the physical security offered by cloud-based companies. Most cloud-based accounting software companies offer physical security measures like 24/7 surveillance of data centers, controlled entrance to servers and data facilities, etc.

I’m not saying you need to hire an armed guard to watch your work-from-home computer or office computers, but I am saying that it never hurts to be careful with how and where you store your computer. Things like not leaving your doors unlocked and not giving untrustworthy employees access keys to your office building seem like no-brainers, but go a long way toward ensuring your data is safe.

11. Keep Your Software Updated

Believe it or not, software updates aren’t just made to clutter your screen or annoy you while you’re in the middle of working. These updates often contain fixes to potential bugs or breaches. Make sure you take the time to update your software and ensure that you are operating with the best, most modern security measures.

12. Back Up Your Data Regularly

It’s easy to forget about backing up your data. Most cloud-based software providers handle data backups for you, but when you use a locally installed-software, you’re responsible for creating copies of your data (just in case anything should ever happen to your computer).

There are cloud-storage options you can export data to, but this defeats the purpose of a locally-installed software, doesn’t it? However, you can also back up data to an external hard drive that can then be stored in a safe location. Don’t forget to back up your data regularly so your information can stay as up to date as possible.

Keep Calm & Work On

Managing your locally-installed software’s security all on your own can seem overwhelming at first, but it can be done. We hope that these tips make your life easier and help you become more aware of the importance of computer security, both for your company’s sake and for your own personal well-being. Everyone can, and should, be able to use their software worry-free. While it might seem like a lot of work to implement these security measures, this is one case where it really is better to be safe than sorry.