Is your firm just one lost CD from extinction?

The recent high-profile government security lapses have made us all aware of the potential for terrible publicity when things go wrong with personal data records.  HMRC can survive the PR disaster which accompanies the loss of disks containing details of 25 million benefits claimants simply because they are in a monopoly position but, be assured, if we taxpayers could have taken our business elsewhere, many of us would have.  Had the Revenue been a commercial company, the negative effect of the horror stories in the media would very likely have put them out of business.

Now, I personally think that the issue was blown out of all proportion.  Yes, the disks could have fallen into the hands of a shady underworld, ready and waiting to pillage our bank accounts but it is statistically more likely that they are in a landfill site - or under the seat in post office van somewhere.  Of course, it is the fear of what could happen that drives the tabloid hysteria and puts worries in the minds of the public at large.  So, if you are running your own accountancy practice, how well do you sleep at night, knowing what data is kept on the server in your office?

That's right, accountants are probably holding more personal financial information in their computer systems than any other group outside of the civil service.  Names, home addresses, national insurance numbers, tax references, dates of birth, details of dependents, bank account numbers, details of individual bank transactions, VAT registration numbers, company registration numbers, dates of residence at various addresses, dates of starting and leaving various employments, pension details, life assurance details.... the list is almost endless.

By now most well-run accountancy practices will have robust procedures in place for backing up client data, which probably even includes someone taking the tapes off site (if they remember or aren't on holiday).  However, this is a focus purely on security from the disaster recovery point of view - if the office goes up in smoke at least we can restore the data that Anita took home with her (although we may never have actually tested that).  When you think about the security of the data itself then what could be worse than an employee taking the disk home and either leaving it the car or chucking it in the fruit bowl in the kitchen.  How safe is that?

Even if your off-site backup copy is looked after properly, what is to stop someone breaking into your office, unplugging the server, putting it under their arm and walking out?  Being able to restore your data makes your insurance company happy but losing the data will make your clients extremely unhappy - and angry and litigious.

The first accountancy firm that has to publicly own up to a data loss in the way that HMRC did is going to  go out of business - at "Andersens" speed.  In my firm we have just moved every scrap of our data, client and internal, to a secure datacentre.  All staff members have a laptop to access the applications and data they need via the Internet from the datacentre.  No data or applications (other than Internet Explorer) are allowed on the individual's laptops and we are changing our contracts of employment to make the retention of any data on a laptop a dismissible offence.  It's time to get serious, really serious about what's on that little black box in the back room of your office.

Server taken to the cleaners

No matter how fantastically advanced technology gets it is still susceptible to the most basic of human interventions.

We use HQ for Accountants [HQ4A] to manage our CRM requirements.  It stores all of the contact information for our clients, maintains client histories that track all messages [email, fax, SMS message or letter], tracks our jobs workflow [accounts, payroll, tax, bookkeeping, enquiries], stores our shared calendars and to do lists.  It works just great and is accessible from any location via a web-browser.  Unless the server is down.

When I tried to login today from home I got no response.  Now the server doesn't expect a day off for the bank holiday, so I was expecting it to welcome me in as usual - but it was not listening.  After going through a couple of simple diagnostic routines I rapidly came to the conclusion that there was probably nothing at all wrong with HQ4A but there was something very wrong with the server - it was switched off.

One of my colleagues, who lives much closer to the office than myself, was happy to drive over and see what was going on.  It turned out that the cleaners had been in today and someone had unplugged the server to use a vacuum cleaner!  So, the RAID mirrored drives, Windows Server 2003 operating system and network firewall were powerless, despite all of their technological wizardry, against a simple, unintentional human intervention.

Of course, this is a problem that could have easily been avoided by better communication with the cleaning team or something as simple as a sticker on a socket saying "please don't turn me off" but the real point is that it is a problem that can so easily occur in the real, not technological, world.  The potential for a malicious or criminal intervention is much more worrying.

Anyway, all is now well and more importantly, soon this can never be an issue again.  When HQ for Accountants is next upgraded, in a couple of weeks, we are having it hosted on a third party server in a secure data centre, rather than on a server in our own office.  I am positive that the managers of the data centre will have a bit more control over who is wandering in and out and what they are up to.

IRIS works quicker online - who would have thought that?

Like thousands of other UK accountancy practices, we use the IRIS suite of software for our accounts production and tax compliance services.  For the 13 years of our existence to date, the software has hummed away on a server in our own office, busily making itself available via our internal local area network (LAN).  Today that changed and we have experienced something of a shock.

Our IRIS software has now been installed on a server in a data centre, located in London or somewhere (it doesn't really matter where).  We now access it via the Internet and a normal web-browser.  Our staff can work on IRIS from any location, particularly from home, and our outsourcing partner in India can also work "live" on the same data as us.  It's quite a bonus that they have done almost a full day's work on it before we even open our office here in Skipton.

Bill Duncan at Secure Virtual Office has been trying to get us to take this plunge for months but, being the cautious accountants that we are, we have been worrying about the speed and usability of working with our precious data when it is so far away - and that's where the shock has come.  Our Tax Manager and Accounts Manager have been testing the online version of IRIS to today and they are happily reporting that it runs quicker than when it was hosted on the server in the office!  Bill explained that this is because some clever technology called Citrix, ensures that only keystroke and mouse data travels up and down the line, with all processing work being taken care of at the server end.  When we used our own LAN there was a lot more traffic moving around the cabling which meant that speed of use was slower.  Who would have thought that?

So, we have better usability, secure data location, secure automated backups and remote access from anywhere.  Sorry Bill, we should have believed what you were saying from the start.