Hi, Sherry. In general, I am relatively impressed with Intuit's overall security. Sure, they have had data breaches, mostly in their TurboTax and Mailchimp products. The largest risk to their QBO product is social engineering attacks (i.e. phishing or other attacks trying to trick people into giving their credentials). The best defense against social engineering is education, complex passwords that change frequently, and multifactor authentication.
I'm most concerned with the fact they have PII (including SSN and EIN) of clients. Do I mention in my WISP that I'm depending on their security measures?
I never feel 100% comfortable knowing somebody else has access to my data, but there are some instances when we cannot control that. (We are one of the slow adopters still using QBD mostly because it fits our clients needs better at this point.)
But, yes, they should be listed in the section of your WISP that includes your service providers. And I usually include, in my WISP, the links to all of our vendor security policies.
How secure do you think QBO is?
Hi, Sherry. In general, I am relatively impressed with Intuit's overall security. Sure, they have had data breaches, mostly in their TurboTax and Mailchimp products. The largest risk to their QBO product is social engineering attacks (i.e. phishing or other attacks trying to trick people into giving their credentials). The best defense against social engineering is education, complex passwords that change frequently, and multifactor authentication.
I'm most concerned with the fact they have PII (including SSN and EIN) of clients. Do I mention in my WISP that I'm depending on their security measures?
I never feel 100% comfortable knowing somebody else has access to my data, but there are some instances when we cannot control that. (We are one of the slow adopters still using QBD mostly because it fits our clients needs better at this point.)
But, yes, they should be listed in the section of your WISP that includes your service providers. And I usually include, in my WISP, the links to all of our vendor security policies.
Thank you Brad, as always, for your insight.