Lock Down Your QuickBooks

Smartphone with the QuickBooks logo


Despite having top-tier antivirus technology, a robust firewall, and other advanced cybersecurity tools, your company’s financial data can still be exposed. How could this happen? Today, we are turning our focus to QuickBooks Online – the cloud-based successor to the highly popular QuickBooks Desktop, which is used by millions of businesses worldwide and why it’s imperative to use two-factor authentication for QuickBooks Online.

QuickBooks Online enables easy access and data sharing between companies, accountants, and bookkeepers. However, it is currently missing a critical security control – the ability to enforce two-factor authentication on user accounts. Two-factor authentication or QuickBooks Online is an option to protect login accounts, but it’s up to the individual users to enable and configure this security feature. If a user, such as a company employee, accountant, or bookkeeper, chooses not to enable two-factor authentication or decides to turn it off, the QuickBooks Online database becomes a potential target for phishing attacks.

Regrettably, there are instances where bookkeepers and accountants neglect to use two-factor authentication for QuickBooks Online to safeguard their accounts from phishing attacks, thereby putting customer data at risk. The QuickBooks database may contain sensitive information such as customer and employee personally identifiable information (PII), banking details, HR data, and more.

An unfortunate limitation with QuickBooks Online is that there is no way to determine if a user has enabled two-factor authentication or not. Consequently, the only way to ensure its usage is to implement an appropriate policy and require QuickBooks Online users to sign this policy, thus confirming that they have enabled two-factor authentication in QuickBooks Online accounts.

This issue is not unique to QuickBooks Online. Many other cloud products also have security controls that are not enabled by default. Therefore, maintaining a comprehensive inventory of all your systems, including desktops, servers, cloud applications, and users/vendors with access to your data, is crucial. Furthermore, enforcing proper security measures throughout your system is a must.

Proactively addressing these security concerns is essential to protect your critical assets and the vendors who have access to them. This is where Digital Uppercut steps in, providing a Risk Assessment service to assist companies in identifying critical systems, understanding the types of access users and vendors have to company systems, and implementing appropriate network security controls. Enabling security measures on these assets is vital for keeping your valuable data protected. Establishing a two-factor authentication for QuickBooks Online usage policy and requiring users to sign it is a practical approach to mitigate potential risks associated with phishing attacks and unauthorized access. Lock down your QuickBooks Online accounts and ensure your data’s safety today.

#cybersecurity #VendorRiskManagement #QuickbooksOnline #MultiFactor