Home – New Forums Money matters Cloud Accounting users – Beware!

  • This topic is empty.
Viewing 15 posts - 1 through 15 (of 16 total)
  • Author
    Posts
  • #987562
    ark8architects
    Member
    • Total posts: 32
    Up
    0
    ::

    Just a reminder to be very careful with your subscriptions and your data with cloud accounting providers.

    http://www.theage.com.au/small-business/finance/my-20000-mistake-20140417-36u7a.html

    #1163337
    Past-Member
    Member
    • Total posts: 1,815
    Up
    0
    ::

    As with anything, check it out first.
    Personally, I changed from a traditional package to an iCloud package at the beginning of the last financial year, and haven’t looked back.

    But I am the subscriber and I can give authority with reduced access for either a long time or a very short time to certain people, when needed, including accountants. I can remove that access at any time.

    The person/firm in question who are not allowing the business owner subscriber access to their files is obviously the main problem, not the provider of the software, iCloud or otherwise.

    Every business owner should have a vested interest in checking their own accounts and balances regularly, despite whether another person has access to do the accounts and payments for them.

    #1163338
    arrowwise
    Member
    • Total posts: 641
    Up
    0
    ::

    Good article.

    Your book keeper or accountant shouldn’t hold the master account for your cloud accounting in their name. It should be in the name of your business and from here you can grant access to whoever you choose under your terms. You should be able to drill down and give these helpers rights to only view or edit specific sections you open up to them. With a system like this in place, this issue wouldn’t of happened to Oscar.

    While the popular cloud accounting solutions do create a level or vendor lock, a clued up book keeper can easily migrate an entire business from one to the other within a few hours.

    #1163339
    Alan Maddick
    Member
    • Total posts: 410
    Up
    0
    ::

    $20,000 for a Xero conversion! Unfortunately there are plenty of people who are charging too much for Xero conversions at the moment as it is so popular. Best like everything in life to get 2 or 3 quotes.

    Some of the other conduct sounds like a dodgy firm of accountants less about the dangers of cloud based software…

    #1163340
    Tim B
    Member
    • Total posts: 4
    Up
    0
    ::

    Great article an unfortunately, an easy mistake to make but can easily be avoided.

    There’s no problem with having a professional set the Xero subscription up for you. I do it for clients all the time.

    What’s happened in Oscar’s case is the accounting firm set themselves as the Subscriber. There’s no reason for this to happen as it sounds like Oscar intends to use (and pay for) the Xero subscription himself . An accountant or other external party can have an Adviser Role, but this is something different..

    Without delving the depths of O-O programming, you have to bear in mind that both companies and users are distinct “objects” (entities or things) in Xero and other similar systems. They are linked together by object “attributes” (e.g. user Roles) and a system of permissions that only allows certain people to do certain things in a given company object.

    Xero users have a range of attributes described collectively as Roles which has been standard database practice since Adam was a lad. Many users can be in Read Only, Standard or Adviser Roles all at same the time but only one User can be the Subscriber. The Subscriber attribute is set during the company setup process and once it is set – it is set, until the Subscriber chooses to pass it on. I would emphasise that from a systems design perspective this is not an experimental or new innovation from Xero. It’s a widely used sensible way to control multiple users across multiple locations.

    The setter-upperer can allocate the Subscriber role to a current Xero user or have an invitation to join Xero sent to any email address if the Subsciber is not yet a Xero User. The Subscriber should always be the person who intendes to literally “own” the subscription – usually the person authorising the bill payment.

    From reading the article, I have great sympathy for Oscar’s plight and others caught in the same trap. Once you’re stuck, there are potential methods to get around the problem without a great deal of hassle or controversy, but it’s better not to get in the situation at all. Accountants and bookkeepers all have their own (free) subscriptions to accounting software. There’s no need for anyone outside the company to own the subscription.

    What really surprises is the $9,000 quoted by said accounting firm to do the conversion – and the fact that Oscar was willing to pay it. Database conversions should only be done by I.T. professionals with appropriate skills and experience. You wouldn’t ask your accountant to upgrade your network or switch you from Windows to Linux, and it’s the same for database conversions. Don’t forget, at their core – Xero and are big, fancy databases with flashy web-browser interfaces.

    If Oscar, Andrew or anyone else concerned by this article would like ideas or advice, feel free to get in touch. Particularly if you have $9k to spend on a small business conversion.

    #1163341
    nighttax
    Member
    • Total posts: 172
    Up
    0
    ::

    At an ATO webinar yesterday the ATO said they are still not satisfied that cloud is safe enough to keep any more than the most basic of information on. Yet here are Aussie businesses signing up for it in droves and storing all their info on it.
    Food for thought.
    regards
    Evan

    #1163342
    StellarScott
    Member
    • Total posts: 239
    Up
    0
    ::

    Nighttax … Is this an official or personal view.. Surely this would be on the ATO web site or in correspondence if an official view

    I believe the most important point of the original article is that when agreeing to a major change to your business practices such as changing accounting packages is to understand all the costs and implications..including reading the engagement letter

    #1163343
    Marc D
    Member
    • Total posts: 78
    Up
    0
    ::

    Hi,
    For a firm to be considered as a bronze, silver or gold partner with Xero they need to have 3, 25 or 100 clients. To qualify the firm must be the subscriber. It is not enough that the firm is invited in as an advisor, to qualify they must be the subscriber. So how the article gels with the basic underlying business model of Xero will be interesting to watch I think. It seems designed to minimize Xero’s risk to cashflow if nothing else

    Its a great program but has a number of weaknesses (as do the majority of cloud based accounting and other programs) particularly the ability to take a local backup.

    To my mind, to satisfy safe and easy record keeping, there needs to be the ability to archive, backup and sync and while sync is well addressed, the inability to created archived copies and running backups is, in my opinion, as serious flaw.

    #1163344
    nighttax
    Member
    • Total posts: 172
    Up
    0
    ::
    StellarScott, post: 189271 wrote:
    Nighttax … Is this an official or personal view.. Surely this would be on the ATO web site or in correspondence if an official view

    I believe the most important point of the original article is that when agreeing to a major change to your business practices such as changing accounting packages is to understand all the costs and implications..including reading the engagement letter

    Hello Scott
    The advice was presented as the ATO’s current official position on cloud hosting.
    When you think about it the banks and credit card companies and google who have a lot more money to spend on protection from hacking than xero, saasau, myob etc and certainly a lot more money than the cloud hosting companies and yet the banks, credit card companies, google etc all still get hacked.
    How is that people think cloud hosting is safe?

    Of course if I was selling xero or saasau or myob or whoever – of course I would be totally convinced that it was all the safest way in the world:-)

    regards
    Evan

    #1163345
    Greg_M
    Member
    • Total posts: 1,691
    Up
    0
    ::
    nighttax, post: 189316 wrote:
    How is that people think cloud hosting is safe?

    Of course if I was selling xero or saasau or myob or whoever – of course I would be totally convinced that it was all the safest way in the world:-)

    Just a consumer opinion here.

    I’d say a lot safer than the typical home or small office computer linked to the internet, if they’re using desktop applications.

    The stats on botnets and systems open to control by others are a lot scarier (and more prevelant) than Cloud hacks.

    Good Cloud companies have some of the smartest people on the planet working to secure their data. Your average business and personal PC user has little or no clue … there’s lots of articles about various businesses getting their non Cloud data hijacked.

    If you connect to any network you are at risk, better to connect to one where the other end is a least trying to stay secure.

    Don’t know about anyone else but I have no desire to go back to reconciling cheque butts in a paper and pen ledger.

    I do think the option to download the data as backup, is a good idea though (essential in fact, if you’re sensible).

    All innovation has bugs, it’s whether the cost benefit (and ease of use) outweighs the risk. Currently consumers seem to be voting with their feet and wallets … I don’t think even the ATO can reverse this trend.

    Does anyone have any actual stats on how often these services get hacked? I’ve not seen one reported. My bank seems to trust them enough to let them access data, via transaction API’s.

    Speaking of banks, they seem to wear the costs associated with hacking without too much public complaint … guess they figure the cost benefit is worth the risk, I’ve never known my bank to be doing anyone a favour at a loss.

    #1163346
    bluepenguin
    Member
    • Total posts: 1,026
    Up
    0
    ::

    My bookkeeper keeps telling me that a current concern with cloud-based accounting systems is accounts being hijacked and held to ransom.

    i.e. Someone gets access to your account, locks you out and demands $XXXX before they will let you back in.

    #1163347
    bluepenguin
    Member
    • Total posts: 1,026
    Up
    0
    ::

    Apparently it’s happening. I haven’t really looked into it though as I’m still using the old-fashioned MYOB.

    #1163348
    ark8architects
    Member
    • Total posts: 32
    Up
    0
    ::

    Here’s a link to an article by the Australian government’s Institute of Criminology on “Cloud Computing for Small Business – Criminal and Security Threats and Preventive Measures”. It’s not specific to cloud-based accounting but many of the issues are relevant, with some stats presented.

    http://www.aic.gov.au/publications/current%20series/tandi/441-460/tandi456.html

    I think it all comes down to risk management and to a great extent, (sub-conscious) personal philosophical beliefs in privacy and control of personal information. You are giving up a great measure of control over your financial records by placing it on the cloud, and entrusting it into the care of a third-party, for the benefits of convenience and ease-of-use.

    #1163349
    Calcul8or
    Participant
    • Total posts: 481
    Up
    0
    ::

    The cloud is not your friend. There, I said it (again).

    It is an insidious trap that people are flocking to like lemmings because….well noone really knows.

    Just what they find attractive about handing over commercially sensitive information to someone else, who can then turn around and legally hold them to ransom for, is completely beyond me. More than that, why they feel the need to bare their souls in such a way that makes it possible for ‘others’ (like certain govt depts maybe?) to peruse their data and gather information about them, seems a little unhinged to me, to say the least.

    “Accessibility! Accessibility!” They all yell at the top of their voices! “I can access my data wherever I am, whenever I want!”
    So what will you be accessing that data with?
    “My laptop ofcourse!”
    So why can’t you just store it on your laptop? Why do you feel the need to pay someone for something you can have for free? And what happens if you fall behind in payments? Isn’t doing better business all about cutting unnecessary cost and simplifying processes?

    Tumbleweeds……

    Programmer. Analyst. Nerd. Calcul8ors.com.au Custom Software & Collaboration
    #1163350
    Greg_M
    Member
    • Total posts: 1,691
    Up
    0
    ::
    Calcul8or, post: 189444 wrote:
    The cloud is not your friend. There, I said it (again).

    It is an insidious trap that people are flocking to like lemmings because….well noone really knows.

    Just what they find attractive about handing over commercially sensitive information to someone else, who can then turn around and legally hold them to ransom for, is completely beyond me. More than that, why they feel the need to bare their souls in such a way that makes it possible for ‘others’ (like certain govt depts maybe?) to peruse their data and gather information about them, seems a little unhinged to me, to say the least.

    “Accessibility! Accessibility!” They all yell at the top of their voices! “I can access my data wherever I am, whenever I want!”
    So what will you be accessing that data with?
    “My laptop ofcourse!”
    So why can’t you just store it on your laptop? Why do you feel the need to pay someone for something you can have for free? And what happens if you fall behind in payments? Isn’t doing better business all about cutting unnecessary cost and simplifying processes?

    Tumbleweeds……

    I’ll concede the giving of data access to others as a valid point. Given the scale of what I do, I don’t care really … there’s no state secrets or valuable meta data. A bigger business maybe. I’ve also never used a Cloud service where I could not download my data if I wanted to depart.

    Wether the cost benefit is there, will be in the eye of the beholder. Believe it or not, I rationalised a lot that I was using and got rid of most of them because the cost benefit was not there as I scaled down … if I was scaling a business up, and had the turnover, I’d revisit a few.

    I’m actually more concerned about tracking cookies profiling me ( a la Google) for marketing when I’m just generally using and searching the web.

    Do you ever connect that laptop to the internet? if not fine.

    If you do, I’d argue your probably no more secure than well managed Cloud application. All the hijacking and potential horror stories apply equally to to local machines.

    Typically the apps I’ve used run 256 bit encryption on top of salted, hashed passwords, and only store references to the encrypted hash, not the passwords themselves. Any connection to the site is via SSL, not an ordinary connection.
    I’d also argue that your average user doesn’t even know what I’m talking about, so how well are their network connected computers secured?

    Data backup is the one that wins me (as a micro operator).

    Take your laptop example, that works as long as you don’t drop it leaving the cafe you’ve worked in for a few hours. Or a passing ice fiend doesn’t smash your windscreen and lift it.

    If you pushed your data before you left the cafe, how did you do it?

    I’m not sure “that no one really knows”. I think a lot don’t want know … they’ve got their fingers crossed hoping it’ll implode and they can stick with what they’ve always done.

    Personally I think it’s done and dusted, the paradigm shift has happened. It’s not really up for too much debate. The only debate is how to make it work better and address the loopholes.

Viewing 15 posts - 1 through 15 (of 16 total)
  • You must be logged in to reply to this topic.