In a Nutshell: The shift to the cloud and more dispersed workforces means employees are tapping into workplace networks from potentially unsecured access points and across more personal devices. Cloud-based financial, accounting, and payroll solutions by Sage proactively protect business data against threats that many SMBs may not realize are targeted toward them. Bill Fuesz, Principal Product Marketing Manager for the Sage Intacct advanced financial management platform, explains what’s at stake for SMBs in securing business-critical internal and customer data and how the financial management cloud is a security game changer.
Small businesses are a prime target for fraudsters, and it’s time a critical mass of SMB owners and managers appreciated the threat. The problem, said Bill Fuesz, Principal Product Marketing Manager at US accounting and business software provider Sage, is that many are so occupied with what brought them into business that they fail to understand the threat.
What’s more, Fuesz said, they often need help to partner with experts who can efficiently diagnose and fix security vulnerabilities by bringing systems up to modern cloud standards. Securing the right cloud expertise is undeniably the key to establishing a secure financial operating environment for a small business.
Among the Sage products addressing the SMB accounting space, Sage Intacct distinguishes itself as 100% cloud-native. Fuesz works on the Sage Intacct team in entertainment, lodging, recreation, restaurants, and telecom verticals.
“We built Sage Intacct on the cloud for the cloud,” Fuesz said. “Companies want to do business with other dependable companies, and they want to know their data, particularly their financial data, is secure.”
Fuesz said he sees many SMBs with their heads in the sand regarding the security issue despite the frequent ransomware news reports about significant monetary losses. Tight resources and a lack of institutional knowledge create a feedback loop environment where tech upgrades take a continual back seat to product innovation.
That’s all well and good, Fuesz advises, until a ransomware criminal finally calls. At that point, the saved time from not implementing multifactor authentication and secure cloud storage won’t amount to much.
“Some of my colleagues notice the authentication steps whenever we sign onto our Sage app,” Fuesz said. “You might think of them as hoops you have to jump through, but they’re there for a reason.”
Change the Risk-Benefit Equation
Fuesz said he sees the cloud-native Sage Intacct solution as a complete package for SMBs in growth mode that are looking to reap process and execution efficiencies on a platform that grows with them.
Sage Intacct provides best-in-class cloud financials, including general ledger, purchasing, order and cash management, billing, and accounts payable and receivable. Dashboards and reporting increase visibility across multiple data sources.
Behind the scenes in a cloud app like Sage Intacct, security experts update the platform and constantly scan the horizon for new threats, Fuesz said. With an on-premise solution, on the other hand, networks depend on internal teams for periodic updates or go unprotected.
That’s a recipe for disaster, Fuesz said. A prolific writer, Fuesz outlined his views on cloud versus on-premise accounting solutions in a Sage blog post.
“All dedicated cloud security teams do is look at potential threats in the security universe and seamlessly push through patches and updates,” Fuesz said. “It’s invisible to the user — there’s no action they need to take.”
That’s more important than ever in the post-COVID-19 workplace. The pandemic shifted work patterns in ways that seem permanent, with more workers connecting remotely to corporate networks through their own devices.
Cloud apps provide better access to data and apps, and are central to the remote work revolution. SMB IT costs are lower, and cloud apps easily scale up (or down) on secure, industry-grade storage platforms. Multifactor authentication protects against oversights that could compromise security.
And with more US states looking to emulate the California Consumer Privacy Act and put actionable marketing data under the user’s control, the cloud essentially provides liability protection against financial penalties for losing data.
“You’re streamlining processes, taking out cost, and making your business more effective,” Fuesz said. “And if you aren’t doing it today, your competitors probably are.”
Ransomware as a Reputation Killer
Companies that use on-premise solutions and want to stay secure must continually grapple with data storage challenges and monitor and track device access. In contrast, artificial intelligence illuminates the telemetry of security inputs and outputs, and automatically isolates outliers in a cloud system.
“If you have folks accessing data on an external device or a local area network, it’s a lot more difficult if you don’t have those protocols in place,” Fuesz said.
Even spreadsheets present vulnerabilities, Fuesz said, because so many small businesses share them among employees to track routine operations. Spreadsheet security requires manually authorizing access to avoid malware and controlling software versions and file formats to prevent data corruption.
“It’s relatively easy for a malicious actor to program some code to infect a spreadsheet,” Fuesz said. “Once injected, it’s difficult to detect and can create severe headaches.”
The consequences of inaction can be severe. Ransomware attacks can shut down systems for days or weeks, putting businesses in a no-win situation. Either they pay the ransom (and that’s what it is) and hope the criminals restore operations and data, or they endure the financial hit and plead with authorities to restore the status quo.
A resident of Minneapolis-St. Paul in Minnesota, Fuesz recalled a recent attack against the Minneapolis Public Schools in which hackers threatened to expose sensitive student data, and decision-makers decided not to respond. The hackers chose to follow through on their threats, and sensitive data came to light and created problems.
With legislation, such as the California Consumer Privacy Act gaining steam, compliance issues could result in taking a financial hit from losing money or data. But there’s something even more important at stake, Fuesz said.
“The impact on your reputation is crucial,” Fuesz said. “Customers expect you to protect the financial data between your two entities, and once that trust is lost, it’s tough to get it back.”
The Zero-Trust Approach to Financial Security
Fuesz recently hosted a webinar panel at which he asked customers who switched from on-premise solutions to Sage Intacct to explain their rationale. The panel included representatives from a software-as-a-service company and a financial trading firm.
“Both said don’t wait — especially if you’re in a high-growth industry, you need to get the security in place and the visibility to the financials,” Fuesz said.
To get there, Fuesz argues, do what Sage does and adopt a zero-trust security model. Placing zero trust in network users isn’t meant to be impolite. It’s intended to serve as a governing philosophy for tech acquisition, strategic decision-making, and reputational enhancement, inevitably leading to a cloud financial management solution.
“Until we can fully authenticate that user and the user’s role, we expose no data on our platform,” Fuesz said. “It’s not a non-trivial task to make the switch, but it’s worth it in the long run.”
Even with all his familiarity with the Sage Intacct platform, Fuesz said he gains the most satisfaction from customers who use the Sage onboarding experience to take a critical look at operations from top to bottom.
As customers strengthen their security, they also examine the business processes surrounding what they’re doing. They find new ways to automate processes, eliminate manual work, and encourage remote work. It can be an eye-opener that shakes up old ways of doing things.
Sage customers often start with a small core of services and then add additional functionality. They may begin with the general ledger core because that’s where they can see the quickest return on investment. Soon, they’re adding processes like accounts receivable, accounts payable, and payroll.
“If you want to improve revenue, customer satisfaction, and efficiency, you’ve got to make a switch, not only in accounting but in your other systems,” Fuesz said. “Embrace digital transformation.”