By Jonathan Rivlin, CPA
Greetings from the zombypocalypse, my fellow practitioners!
In this latest installment of TechTips, we’re going to cover an app called PracticeProtect. The reason for this is that with the rise of distributive working, aka working from home (WFH), an acronym that I didn’t know existed until a couple weeks ago, there’s a need to secure our systems.
It was hard enough to keep an office based system secure, how does a business owner secure multiple workstations in multiple locations?
Enter PracticeProtect.
This company is based in Australia and serves accounting firms worldwide.
The software acts as a collecting point for all firm staff to access the various apps used by the business. Each user’s identity and IP address are verified and stored within PracticeProtect during the setup phase. If someone has stolen or compromised a remote staff member’s computer, PracticeProtect will detect this before the would be hacker even gets to the screen where they enter a password. And if for some reason, they get that far, they’ll still need to have a 2FA code – if the remote staff member doesn’t have a static IP address.
PracticeProtect also allows the administrator to set geofencing and timefencing rules. No, this isn’t about processing stolen goods or a genteel sport. These terms refer to limiting the time and place from where logins can proceed.
Geofencing means that one can lock out every country other than the US, and if using remote employees, the country where that remote employee works from. Timefencing means you can set the hours from which logins are allowed.
The admin portal shows a global map of where (and when) all logins are made, noting date and time stamps.
They also provide a layer of security around Office365 and Outlook.
There is a limitation regarding banks. PracticeProtect can capture and store such bank login info, but because banks have their own security protocols, it’s not possible for anyone piece of software to provide auto-login support for all banks. We’ll discuss this further in a moment.
Aside from the enhanced security, there is an efficiency to be gained from using this application, even when compared to password managers. Once configured, your staff will login to PracticeProtect and then when they need to access the various apps used by the business, it’s a simple matter of a mouse click.
Also, if you need to terminate a staff member, you simply disable their access to PracticeProtect and they are then locked out of being able to access the other apps (Xero, Gusto, etc).
OK — on banks: The banking system in this country is, charitably, antiquated. I’ve had an opportunity to network with our professional counterparts from Australia and frankly, we are behind the times. The robustness of bank feeds, the virtual elimination of paper checks, and enhanced security on their transactions is something we should demand here. In our country, we face a patchwork of security protocols and ever changing standards.
Because our banking system is all over the place, some of the better features of PracticeProtect aren’t applicable. With that said, once a login credential is stored in PracticeProtect, it’s safer and more efficient to login to a bank from within PracticeProtect.
You might be saying to yourself, “Why do I need this when I already have a password manager?”
PracticeProtect is more robust than a password manager. It provides a date and timestamp of every login, every action, by user, on the system. If you need to login to a client bank account, and that account gets hacked, PracticeProtect can give you the wherewithal to prove that it wasn’t your fault.
Additionally, the customer and tech support provided by the company are top notch. They are responsive and personable.
The more people are going to WFH, the more a solution like PracticeProtect is needed.
Statistically speaking, a good number of us are going to either experience a hacking directly, or have to help a client through a hacking. Protect your firm and your clients with this app. Learn more here.