MEGHAN IS ONE OF OUR EMPLOYEES AND GRACIOUSLY WROTE THIS EMAIL TO ME FOR THE BLOG. SHE IS A BRILLIANT, OUTGOING (unusual for an accountant, don't you think!), FRIENDLY AND APPROACHABLE CPA. SHE GOT MY ATTENTION THE FIRST WEEK SHE WORKED FOR US. This email is so well written that I am going to copy it exactly as she wrote it........This is great advice!
Jean,
I actually had an “ah-ha” moment the other day about your blog when I went out to visit an old bookkeeping client of mine that I stopped working for over 6 months ago. I was helping him train his 3rd replacement bookkeeper (eek!), so I went on-site to help her get settled.I discovered, much to my dismay, that he still had...
.... all the same passwords and log-in information from when I was working there! There have been four new people through his books in the past six months, and yet, there has been no change in security! This is incredibly dangerous for any company, but especially in this day and age of complete electronic access to your accounts, this is a huge problem.
Word to the wise – whenever you have a staff change who has any sort of access to your financial information or files – CHANGE YOUR PASSWORDS! Immediately!
Also – when I was hunting through the files for a new credit card account that one of the interim bookkeepers had set up, I noticed that she had been keeping track of log-in and password information on a post-it note taped to the inside of the hanging file folder. No! No! No!!!! What do you think happens when someone happens across this folder and realizes that all they need to get into any of your financial information is to get to your paper files?!? Very dangerous idea.
Keep your log-in and password information in a safe place! Never on a file saved on the computer that the financial information is on, unless you have password protected the file and keep it in a hack-safe location. Best idea – get a piece of paper and pen, write them down, and store them somewhere away from the office, or in a secure location that only you and select few people know about.
One client I know had a great idea. He stored his passwords in an electronic file, password protected, and even more clever – used code words to remind him what the passwords were, rather than actually writing them down. So instead of actually listing the passwords, he had an extra step of protection. Should somebody discover the file, they won’t know that the keywords listed are simply there to jog the clients memory, not the actual passwords. I have adopted this trick in all my personal passwords as well! What random person is going to understand what “Hotdog84” means to you!? ;-)
Hope that helps!
Meghen
Comments