Editor’s note: The following article is provided by the folks at Xero, a strategic partner of the MACPA and the Business Learning Institute.

By Donny C. Shimamoto, CPA.CITP, CGMA

Too often, cybersecurity is used as a word to invoke fear and make you scared to put any data anywhere that might be accessible on the Internet. But if you take a “glass half full” rather than “glass half empty” perspective, you’ll find that you can actually use your firm’s cybersecurity as a competitive advantage over others who have not mitigated their cybersecurity risks.

Let’s look at three cybersecurity risks that can be converted to competitive advantage:

  1. Ransomware
  2. Local system data breaches
  3. System accessibility

Ransomware is mitigated by SaaS applications
Ransomware attacks are cyberattacks where a hostile party encrypts your files with an unbreakable key and then requests that you pay a ransom to get the key from them to un-encrypt your files. Ransomware attacks are usually introduced through e-mail attachments or downloads from malicious websites that are activated or clicked on by someone within your firm. More sophisticated ransomware attacks will move from an infected computer over the network to other computers, and even onto the servers connected to the network, before invoking the encryption to control as much of your data as possible.

If your firm is utilizing Software as a Service (SaaS) applications (i.e. “true cloud,” not hosted applications or hosted desktop), then your data and uploaded files are not at risk from ransomware. If your computer is hit by ransomware, all you would need to do is revert to your last system backup — or even revert to factory settings, open up a web browser and you’re back in business.

When talking with clients or prospects, you can explain that if they are hit by ransomware, they at least won’t have to worry about their accounting data because you’ve got their data in the cloud and it’s protected. If you know your competitors are using desktop accounting software, you can also prompt the prospect to ask the other people bidding on their work how they’ve mitigated their ransomware risks, which sets up the competitors to be at a disadvantage.

Local systems are more at risk for a data breach
SaaS vendors are generally much better at securing systems than a local managed service provider (MSP). Cybersecurity is a very specialized function and requires an expert team to do it right. SaaS vendors that have teams dedicated to the cybersecurity function will greatly reduce the risk of a data breach by ensuring they follow the best practices for cybersecurity. When built well, their platforms also have advanced security features like two-factor authentication, which (while sometimes a pain for the user) greatly reduces the risk of a data breach even when a password is stolen. So as part of your due diligence in whether to use a vendor, be sure to get an understanding of how they address their cybersecurity risks. Also, be sure to actually use the additional security features they have built into their systems.

If you’re keeping client files on your laptop or mobile device, these are also at a higher risk for theft and, when stolen, pose a potential data breach if those files contained personally identifiable information. Another big local risk that many firms forget about are their backups. Remember, these backups have literally ALL of your data and your clients’ data on them. If someone were to steal your laptop, mobile device or backups, they would then have access to all of the data on it unless you have it encrypted using a strong encryption algorithm and key. Similar to ransomware, if you are using all SaaS applications, this risk becomes irrelevant since there are no local application or data files to worry about.

Again, prompt clients and prospects to ask your competitors how they are handling their files. Are they properly protected? How are they ensuring that the loss of a device or backup doesn’t result in a data breach?

Anywhere, anytime access means seamless service
The last major risk is system accessibility. This is also one of the risks posed by ransomware since it makes your system unable to be used. Localized disasters like flooding, tornados, heavy storms, or even a simple electricity blackout can also pose a threat to accessibility. If your systems are in your office, the inability to get to your office can impede your ability to access your systems. Or a flood or fire may damage those systems and render them unusable.

The hosting centers used by good SaaS vendors are designed to operate even amid these adverse conditions, or they have near immediate failovers to other data centers to ensure continued access to their systems. So when using SaaS vendors, these risks are mitigated since you only need an app / web browser and an Internet connection to be able to work. This also means that regardless of where you are, you could also potentially respond to a client’s request for information or files — without them knowing that you’re not in your office. This allows you and your staff to have more work / life balance while still providing seamless service to your clients.

Ask your prospects whether they have ever had to wait an inordinate amount of time for a response from a previous accountant and explain how you will always be able to respond within one business day — or whatever expectation you think is acceptable to set.

Cybersecurity can be a competitive advantage
Cybersecurity doesn’t have to be a downer. When handled correctly and leveraged as a differentiator, good cybersecurity practices and the use of strong SaaS vendors can provide your firm with a competitive advantage.

Donny C. Shimamoto, CPA.CITP, CGMA, is the founder and managing director of IntrapriseTechKnowlogies LLC, a Hawaii CPA firm focused on innovation acceleration and risk management for small businesses, mid-sized organizations, and non-profits. He has been recognized many times as a Top 25 thought leader and a Top 100 influencer in the accounting profession, and can be seen speaking for the AICPA, state CPA societies, and vendor events across the U.S. and internationally.

Your browser is out-of-date!

Update your browser to view this website correctly.

Update my browser now