My Bookkeeper Bill

Companies and organisations of all sizes handle sensitive client data and should look to employ a security strategy that protects this information at all costs, without being a burden on IT resources or adding significantly to the charges passed onto the clients.

All confidential client informationneeds to be protected from malware, viruses and a whole host of external cyber threats, as well as remaining secure and confidential. However, it is also vital to consider the types of threats that can be posed by internal forces, not just external.

IT security is not something that comes as part of the job description for a bookkeeper or for any company outside of the IT profession, but many firms have no designated IT specialist. To ensure firms remain protected, a few basic rules suffice in gaining IT protection:

Keep Out Malware

Very few firms can function without computers and only in rare cases are their networks purely internal. Instead, communication with customers often requires an Internet connection, meaning that fewer firms can manage without one. It is therefore important that all computer systems are equipped with basic protection, i.e. an up-to-date virus scanner and a personal firewall. Rather than implementing multiple solutions which have the potential to be confusing and time-intensive to manage, all-encompassing protection packages can provide modules which work seamlessly together.

Before investing in security technology, a company should assess the historical and current malware detection capabilities of various anti-malware products on the market.

Security software for all sizes of firms has in the past been expensive and confusing; however it is a vital aspect of business that cannot be overlooked in today’s troublesome cyber environment.

Encrypt Records

A lot of companies handle extremely sensitive customer data on a daily basis. All this information, which is not intended for third-party viewing, should be encrypted. Encryption translates data to a secret code and is the most effective way to achieve data security. To read an encrypted file, a key or password is needed to unlock the translated information.

Due to the nature of financial data, it is perhaps the most dangerous area for a company in that if it is breached it can be used for malicious, even criminal purposes. This means that there is a risk that employees who have access to a large quantity of this data also pose a risk to the firm and its clients. Although access may be required for employees to do their jobs, it is possible to restrict access to data that is not directly relevant or necessary for them to carry out their role. By encrypting this data, it lowers the risk of an internal threat where someone takes liberties with their clearance.

Ensure Data Is Backed Up

Not only is this confidential data at risk from malware and the inside threat from employees, but it can be corrupted, lost or stolen. Therefore it is vital that firms back-up all forms of records safely and securely. Suffering a loss of client data could not only mean a loss in custom and sever reputational damage, but could ensue in a law suit or even put the company out of business.

Establish Rules

Management in most firms know which areas of their company need protecting, but what about their employees? In most cases, staff won’t be IT experts either. Two strategies are recommended here; firstly, clear rules should be established for using IT systems, these should specify prohibited activities such as sharing passwords; and guidelines for the use of, for example, USB flash drives. Secondly, rules should be backed up with appropriate security settings.

The majority of businesses activities carried out by most companies are usually built on trust. Just one instance of compromised information could really damage a firm’s reputation and relationship with its clients. Most businesses have sensitive client data on file and confidential records, but the financial implications of a breach are far-reaching in most business sectors. By following these steps, firms can ensure that they are doing everything in their power to protect themselves and their clients.

Another set of regulations is set to fall on the shoulders of all employers. This time it’s a compulsory pension scheme for all employees.

This new pensions law is due to be introduced over four years from October 2012. The largest employers (120,000 or more employees) will be forced to sign up first. Those who employ less than 50 workers will be required to take part in the scheme from a date sometime in 2014 to 2016. The exact date will depend on your PAYE reference number.

Only one-man companies will be exempt, otherwise every employer who has workers in the UK will be required to enrol those workers in a pension scheme. There will be exceptions for workers aged under 22, over state retirement age or paid less than £7,475.

Employees will have to take an active decision to opt out and sign a form to do so. The employer will not be permitted to induce employees to opt out, or to screen out potential employees who do not wish to opt out of the pension scheme.

Employers and employees will be required to make contributions to the pension scheme totalling 8% of the workers earnings, including tax relief given on the employees contributions. The employer must contribute at least 3% of the workers’ earnings. This level of compulsory contributions will be imposed gradually over five years to 2017.

Employers can use an existing pension scheme, set up a new one, or use the new low cost pension scheme established by the Government called NEST (National Employment Savings Trust). Where an existing scheme is used the employer will have to certify that it meets all the requirements for compulsory pension saving. Every employer will also be required to register with the pensions regulator.

To prepare for these new regulations ensure you should talk to your pension scheme provider, if you have one. If you don’t have a workplace pension scheme you need to plan to set one up as this can take some time to implement, and to start budgeting for the costs!

We have business network partners who can advise and help you plan your workplace pension scheme. We receive no commission or reward for this service.