Your mission, if you choose to accept it, is to store your data safely and securely in the cloud.
The cloud makes collaboration easier, increases efficiency, and improves operational performance.
The benefits the cloud provides are erasing concerns about cloud security. In the 2022 Nonprofit Research Study, 82 percent of respondents felt strongly about cloud security and believed the cloud was, at least, somewhat secure.
Deloitte’s Future of Cloud Survey further supports that, saying, “The vast majority of organizations surveyed say they have updated their business and operational strategies to address cloud security, risk, and controls and most organizations are seeing positive outcomes related to business and regulatory risk mitigation and value from cloud cyber services.”
Keeping your organization’s financial data safe in the cloud doesn’t require you to navigate a maze of (operational) lasers. With a few simple steps, your organization can safeguard its data and accomplish its mission.
What Security Features to Look for in the Cloud
In general, cloud platforms are regularly updated, backed up, and maintained, and the best platforms have layers of security that protect data and help reduce the likelihood of fraudulent incidents.
Regarding financial data, it’s important to have multiple security layers, including encrypted data and communications, multi-factor authentication, and SOC compliance endorsed by the American Institute of Certified Public Accountants and its Statement on Standards for Attestation Engagements.
A cloud vendor should also use 2048‐bit RSA, the standard SSL (Secure Sockets Layer) encryption technology, to protect and authenticate data transactions.
When evaluating cloud technology, consider whether it features robust internal controls and policies. Internal controls allow your organization to segregate duties and limit who can access financial information, which helps prevent fraud. Having a hierarchy of command ensures no one person has unchecked access to nonprofit finances. Cloud-based fund accounting technology makes it easy to implement these controls and often includes an audit trail that logs changes when they were made, by who made them, and at the workstation where they were made. Not using internal controls opens an organization to security risks, potential fraud, and decreases public trust.
It Takes Two to Succeed
Make sure your walkie-talkie works because safeguarding your data requires partnership. IT teams are an organization’s mission operative and need to be the leaders when selecting a cloud vendor.
The vendor is mission control. They’re the people who store organizational data and ensure its availability.
When it comes to cloud vendors, reputation matters. Leading cloud vendors operate with an established cloud provider, like Microsoft Azure or Amazon Web Services. These providers have fully established operational standards and adequate cybersecurity governance with multiple redundancies built into for a vendor to take advantage of. These essential measures keep an organization’s data safe and create a disaster-proof cloud environment to ensure an organization can be up and running instantly if something happens to its data.
For a mission to be successful, the IT team and cloud vendor must have an active relationship. IT teams are the technical experts in an organization. They have a working knowledge of operations and need to collaborate with the vendor and advise them on what technical aspects to look for. These relationships form the basis of a cybersecurity policy and lay the groundwork for how an IT team will train an organization’s employees.
Best Mission Practices
Break out the agent handbook because an organization’s cybersecurity policy needs to address employees and technology systems.
Employee training is crucial. According to Verizon’s 2023 Data Breach Investigations Report, 74 percent of breaches were caused by human error, with phishing and text message phishing scams being some of the leading causes.
Training team members regularly with real-life scenarios will help them spot potential threats and protect them from exposing a business.
These five best practices can set an organization up for mission success:
1. Regularly update and back up your data systems
2. Set access privileges and internal controls
3. Monitor team access through audit controls
4. Regularly train employees to spot phishing scams and malicious links
5. Encourage policies to protect whistleblowers
No one person can prevent cyberattacks alone. It takes a thorough cybersecurity policy and a team committed to keeping an organization’s business finances and accounting teams safe, but safeguarding your organization’s financial data in the cloud is Mission Possible.
The author, Neil Taurins, is the General Manager of Nonprofit Solutions at MIP Fund Accounting by Community Brands.