TOA Global Logo

Cloud Security for Accounting Firms: Why It’s Not An IT Issue

cloud security for accountants

Cloud security for accounting firms is one critical factor that is holding back firm owners and partners from building dedicated offshore teams. With growing market awareness around cyber security from the Mandatory Breach Reporting legislation coming into effect in February 2018 and the increased media attention from recent high-profile breaches, cautiousness is at an all-time high. 

“Isn’t That IT Issue?”

The fear is real according to Jamie Beresford, CEO of Practice Protect, leading provider of the most advanced cloud security services to accounting firms the world over. But when his team does security consultations, one of the most common statements they hear from accountants is, “isn’t that an IT issue?” Jamie says that this is a plausible assumption in the traditional sense of “IT”, but they need to fully understand that there are two different technologies in play here. 

The Difference Between Two Different Technologies

“With so many accountants being cloud advocates and early adopters of cloud technologies, it’s important to understand the difference between two very different technologies which will in turn explain why cloud security is NOT an IT issue.”

Jamie gives these specific descriptions:  
#1 – Server Based Accounting: Servers that are typically managed and sometimes hosted by an outsourced IT company to run MYOB AE, APS, Handisoft, files, email and other apps. 
#2 – Browser Based Cloud Accounting:  Browser-based applications such as XPM, Xero client files, Quickbooks, Class Super, BGL 360, CCH-Ifirm, MYOB Essentials and others that are accessible from anywhere with a web browser and are generally managed internally by a practice manager, outside of “IT”. 

The Risks Associated With Two Different Technologies

“Making this distinction between the two very different technologies allows you to understand the very different risks associated with both and why browser-based app security is not an IT issue.”

#1 – How a server is hacked: Jamie says that, generally, a server hack is referred to as an ‘intrusion’. This means someone breaks through a firewall or has illegally accessed a network. He says that what good IT companies do is to shield your firm from these attacks using antivirus software and emphasizing best security practices. What makes it easier for firms like yours to control users and apply security policies is that servers have a traditional Microsoft-based user login system which keeps a log of activities. 
#2 – How browser-based cloud data is leaked: Your client data like tax file numbers, bank account details, and personal information are accessed through browser-based apps that typically have their own login systems with your team managing their passwords. The caveat here is that data can be accessed by anyone from anywhere and at any time! So, according to Jamie, usually what happens is your team members are left to their own devices on how they choose to manage their passwords outside of the firm, server, and IT control. 

“Having this daisy chain of passwords outside of company policy dramatically increases the risk of passwords being leaked and is the new frontier in data theft.”


The fact is that cybercrime is increasing by over 50% annually with small businesses having fewer than 20 staff accounting for 60% of this number! Cloud security for accounting firms can be an issue if you are looking to build an offshore team. That is why we work closely with Jamie and his team at Practice Protect. Our aim is to help protect accounting firms who have built their offshore teams with us. We do our utmost so that cloud security will no longer hold accountants, accounting firm owners and partners back from building offshore teams. This is one of the key steps we take to realise our vision of revolutionising global accounting teams!