Data security should be a major concern for all small business owners. With data breaches rising at an alarming rate each year, at times, it can feel like nobody is safe from an attack.

You do your best to keep everything safe in-house, but how do you know if your data is secure? What happens when you turn your financial data over to a third party?

Outsourced bookkeeping services are growing in popularity.

These service providers offer small business owners an appealing alternative to hiring an in-house bookkeeper. But naturally, this involves sharing sensitive information with a third party.

For those of you who are currently working with an outsourced bookkeeper, or plan to do so soon, you might have some questions about security.

Fortunately, there are steps you can take to protect your data, and ensure that you’re working with an outsourced bookkeeping service that is doing the same.

While nobody will ever be 100% immune from an attack, you should still be doing everything you can to decrease your chances. So, follow these security best practices for working with an outsourced bookkeeper.

Audit Your Internal Security Controls

Lots of small business owners are quick to question a third-party’s security practices, but they fail to look in their own back yard for any potential security weaknesses.

The first thing you should do, whether you plan to outsource bookkeeping tasks or not, is to perform an internal security audit.

Look at any software or systems that you’re using related to data collection and storage. Identify weaknesses or potential cracks in your procedure.

For example, how many employees at your company have access to sensitive information. You should restrict access on a strictly “need to use” or “need to know” basis.

I’m sure you have passwords on your computers and accounts. But password protection is useless if everyone in the building knows the code.

Sometimes, small business owners give vendors too much access to sensitive information as well. There’s no need to provide information, data, or access to vendors if the information is unrelated to your transactions with them.

I often run into small business owners who don’t have strict security procedures because they think their company is too small for a breach. Why would a cybercriminal want to target us? They have much bigger fish to fry.

That’s the wrong mentality to have.

In fact, 43% of cyber crime attacks are against small businesses. Small businesses are a bigger target because criminals know that those companies have weaknesses.

83% of small business owners handle cybersecurity on their own. Although I don’t have the exact numbers, I’m sure an overwhelming majority of that group is unqualified to do so.

Larger corporations have sophisticated IT departments to protect things like social security numbers, passwords, bank account numbers, customer data, and other sensitive information.

When conducting an internal security audit, it’s a good time to reflect to see if it makes sense where you’re storing sensitive data. For example, social security numbers and bank account numbers don’t need to be kept in the same place as vendor ID numbers.

Consult with the Third-Party About Their Best Practices

Once you’re confident that your internal security systems are air-tight, then it’s time to assess the situation with prospective third-party bookkeeping services.

Have a conversation with the outsourced firm about their security features and best practices. You may learn that working with an outsourced bookkeeper is safer than managing everything in-house. Here are some categories for you to focus on.

Physical and Remote Locations

Where exactly is data being stored?

You should be aware of any and all access points. One of the benefits of outsourcing is that it will likely limit the need for paper-based data. So, it’s less likely that physical information can be stolen or compromised.

Most of your data will be stored in remote locations, using cloud-based solutions.

You can create access stipulations to restrict certain permissions based on the user. For example, someone who is performing a simple task like data entry doesn’t need access to sensitive information, such as bank account numbers.


A responsible outsourced bookkeeping service will properly screen and hire their staff. So just confirm this with the third-party before you hire them.

Ask prospective outsourcing services if they run background checks on their employees.

Some firms will even run checks on a regular basis, such as every year, to ensure that their staff hasn’t had any changes to their record since they’ve been hired.

Furthermore, most outsourced bookkeeping firms train their employees with technology related to data security. So, everyone on the staff is aware of the best practices.

Computer Networks and Hardware

Any data server being used by you or your outsourced bookkeeper should be stored in a secure facility. These facilities should have proper activity monitoring as well.

All physical computers must have multiple layers of security and user authentication. You can even disable external ports like USB or CD drives to prevent unauthorized downloads.

Data transfers should use 128-bit encryption, or something like systems that are used by credit card companies and banks.  Navitance has been using military-grade encrypted portals since March of 2009 when the privacy law came into effect in Massachusetts.

The best outsourced bookkeeping services will have data recovery plans as well.


Technology makes our lives easier. As a small business owner, you rely heavily on technology to run crucial tasks in your bookkeeping department.

But that technology can also put you at risk for potential attacks.

Before you work with an outsourced bookkeeper, make sure you analyze the security of your own business. Then use this guide of best practices as a resource for finding a bookkeeper that prioritizes security as well.

That way you’ll feel comfortable knowing that your data is safe whenever you’re working with third parties.

An outsourced bookkeeper can actually improve the security of your small business bookkeeping department.