For every organization that’s purchasing lease accounting tools, there are many things to consider; and data security is a major concern.
We’re talking about your company’s financial records, so rock-solid security is essential. Don’t forget that accounting auditors will want to know how your lease accounting software protects your information and ensures data integrity.
As part of your lease accounting software comparison, be sure to check for the following security credentials and capabilities that ensure the safety of your data.
1. Physical security of servers.
Most lease accounting software is cloud-hosted, which is the best option for a number of reasons. A cloud-hosted platform is fast to implement and is also much less expensive than other options.
However, choosing a cloud-based lease system means you must do your due diligence to ensure that your chosen vendor will keep your data safe. Be sure to ask these questions during your lease accounting software comparison:
- Do they have redundant servers in multiple locations?
- What type of physical security protects the buildings where servers are housed?
- Who has access to those servers and for what purposes?
2. Data encryption.
Data is regularly moving into and out of your lease accounting software. For example, you’re importing new lease records, entering updates to lease records, and sending journal entries to your general ledger. Your data must be secured both when it’s at rest on the servers, and when it’s in transit as records are added, modified, or exported.
Your lease data should be encrypted anywhere it is stored, and it must be encrypted via SSL when traveling to and from the servers.
3. User authentication
You won’t find lease accounting software that’s not locked down; users must enter a username and password to access the system. However, when doing your lease accounting software comparison, look for these authentication features that enhance security.
Control of login credentials. Make sure all parts of the system are password protected. It’s also important that your system administrator create and manage login credentials for your users. If your lease software vendor can create a login for anyone who asks, that’s a security risk. Your vendor should only provide login credentials with your administrator’s approval.
Password policy. In many organizations, lease software passwords must match your corporate password policy. Look for your lease software to provide flexibility so your administrator can set the desired password length, strength and expiration rules.
Multi Factor Authentication. Some organizations want the extra security of multi factor authentication. How does that work? Users enter their user name and password, and the system emails them a second one-time password that they must enter to access the lease software.
Authentication via Single Sign On (SSO). Your lease accounting software should provide the option to use your organization’s existing security store to authenticate users. If you have implemented a centralized security system, enabled for single sign on, your employees can log in once and have access to all their applications. However, the big benefit is the ability to quickly and easily revoke access to everything if an employee leaves the company. Your users and their access permissions must be set up in your lease software, but they are linked to your centralized security store accounts so users can only log in using this system.
4. IP whitelisting.
Some organizations want to limit access to the lease software so that users can only log in from secured devices connected to the corporate network. IP whitelisting limits access to specific IP addresses or a range of IP addresses.This reduces the risk of unauthorized access by blocking login attempts from unrecognized or potentially unsafe IP addresses.
For organizations with mobile or remote workers, IP whitelisting can be combined with other security measures, such as VPNs, to securely enable access from approved devices while still maintaining strict controls. This adds an extra layer of security by making sure that even if a user’s login credentials are compromised, unauthorized access from an unapproved location is prevented.
5. User roles and permissions.
Especially for comprehensive lease software (like Visual Lease) that manages the entire lifecycle of your leases, including administration and accounting, the design of user access and permissions is critically important for data security. Here are some items to check as part of your lease accounting software comparison.
Levels of administrative access. While most organizations have a single system administrator, look for the flexibility to allow some managers different levels of administrative permissions.
Separation of duties. What you want to see is a separation of roles and associated access rights within the various parts of the lease system. For example, a lease administrator may be able to create and modify lease records, but won’t be allowed to work with the accounting feed or create lease accounting calculations. On the other hand, you may want an accountant to send interface files to the ERP, move data to the general ledger, and approve invoices for payment. But you may want to prevent that user from creating payments. The goal is to give people access to only the capabilities and data they need to do their work and lower the possibility for fraud or malfeasance.
Group permissions. The best lease accounting software has a set of defined roles with pre-assigned permissions. That makes it easy to set permissions for users simply by assigning them to a group.
Here’s a great tip: creating a role for lease abstractors can be extremely useful. You can allow abstractors (who may be outside contractors or service providers) with the ability to create pending records but not to change live data. Then someone with a higher security level can review and validate the data before making it active. Doing that enhances your data integrity with another layer of authentication.
Individual level controls. While group permissions save you time, you also need the flexibility to control certain rights at an individual level. Look for the ability to add or remove specific rights as needed from users assigned to groups.
6. Secure API Integration
Secure API integration is a crucial data security feature to look for in lease accounting software, especially if your organization needs to connect the software with other business systems or ERPs. When evaluating API security, ensure that the lease accounting software uses encryption for all data transmitted through APIs to protect against interception and tampering. It’s also important to have access controls in place to restrict who can use the APIs and under what conditions.
Look for support for secure authentication protocols that add an extra layer of security to the API integration process. These protocols ensure that only authenticated users and systems can access your lease accounting data.
The software should also provide detailed logging and monitoring of API activity, allowing you to track who accessed what data and when. This helps detect and prevent unauthorized access, making your data safer.
7. Data Backup & Disaster Recovery
When evaluating lease accounting software, it’s important to assess the vendor’s data backup and disaster recovery capabilities. Data backup policies should include regular, automated backups to ensure that your lease data is always up-to-date. Ideally, backups should be performed daily, or even more frequently, to minimize the risk of data loss.
In addition to regular backups, the lease accounting software should have a strong disaster recovery plan in place. This plan should clearly outline the procedures for restoring data in the event of a system failure or cyberattack.
Key factors to evaluate include the recovery time objective (RTO), which measures how quickly data can be restored, and the recovery point objective (RPO), which measures how much data could potentially be lost in the event of a disaster. Shorter RTO and RPO times are preferable, as they minimize downtime and data loss.
Data security validation for Visual Lease
When filling in your lease accounting software comparison checklist, you can check all the data security boxes for Visual Lease’s platform. We have earned SSA18 SOC 1 Type 1 certification following a comprehensive independent audit that verified our controls and operations.
We’re happy to show you exactly how we keep your data safe. Give us a call or request a personalized demo.
Get more tips for your lease accounting software comparison: Get the Best Lease Accounting Software By Comparing Price & Value