Despite having top-tier antivirus technology, a robust firewall, and other advanced cybersecurity tools, your company's financial data can still be exposed. How could this happen? Today, we are turning our focus to QuickBooks Online – the cloud-based successor to the highly popular QuickBooks Desktop, which is used by millions of businesses worldwide.
QuickBooks Online enables easy access and data sharing between companies, accountants, and bookkeepers. However, it is currently missing a critical security control – the ability to enforce multi-factor authentication (MFA) on user accounts. While QuickBooks Online does offer MFA technology to protect login accounts, it's up to the individual users to enable and configure this security feature. If a user, such as a company employee, accountant, or bookkeeper, chooses not to enable MFA or decides to turn it off, the QuickBooks Online database becomes a potential target for phishing attacks.
Regrettably, there are instances where bookkeepers and accountants neglect to use MFA to safeguard their accounts from phishing attacks, thereby putting customer data at risk. The QuickBooks database may contain sensitive information such as customer and employee personally identifiable information (PII), banking details, HR data, and more.
An unfortunate limitation with QuickBooks Online is that there is no way to determine if a user has enabled MFA or not. Consequently, the only way to ensure MFA usage is to implement an MFA usage policy and require QuickBooks Online users to sign this policy, thus confirming that they have enabled MFA in QuickBooks.
This issue is not unique to QuickBooks Online. Many other cloud products also have security controls that are not enabled by default. Therefore, maintaining a comprehensive inventory of all your systems, including desktops, servers, cloud applications, and users/vendors with access to your data, is crucial. Furthermore, enforcing proper security measures throughout your system is a must.
Proactively addressing these security concerns is essential to protect your critical assets and the vendors who have access to them. This is where Vendrespect steps in, assisting companies in identifying critical systems, understanding the types of access users and vendors have to company systems, and implementing appropriate network security controls. Enabling security measures on these assets is vital for keeping your valuable data protected. Establishing an MFA usage policy and requiring users to sign it is a practical approach to mitigate potential risks associated with phishing attacks and unauthorized access. Lock down your QuickBooks, and ensure your data's safety today.
#cybersecurity #VendorRiskManagement #QuickbooksOnline #MultiFactor