Chapter 26. Keeping Your QuickBooks Data Secure

Your QuickBooks records are indispensable. They help you invoice your customers, pay your bills, and prepare your taxes, prevent you from overdrawing your checking account, and provide the information you need to plan for the future. A company file does so much, yet many companies don’t take the time to keep their financial data safe and secure.

Losing data to a hard disk crash is a shock to your financial system as well as your computer’s, and rebuilding your records is inconvenient, time-consuming, and—if you hire someone else like Intuit to do it—costly. But having someone embezzle the money from your accounts could send years of hard work down the drain. Protecting your QuickBooks data takes so little time that there’s no excuse for not doing it. (In addition to QuickBooks security, don’t forget common-sense security like locking the door to your office.)

If you’re the untrusting type or simply have no one else willing to do your bookkeeping, you can skip this chapter’s discussion of creating users and setting up user permissions. The administrator login is all you need to work on your company file—and QuickBooks creates that automatically. Although you might not let other people access your financial data, that doesn’t mean that someone won’t try to access it without your permission. Good security measures like firewalls, up-to-date antivirus software, and passwords that strangers can’t guess go a long way to prevent unauthorized fiddling with your finances.

When you have several people working on your company file, security is a bit trickier. Each person who accesses your financial data is a potential problem, whether intentional or inadvertent. By setting up users in QuickBooks and specifying which areas of the program they can access, you can delegate work to others without worrying about security quite so much. With the audit trail that QuickBooks keeps (Setting Access Rights), every transaction that’s modified or deleted is there for you to review.

Setting Up the Administrator

In QuickBooks, the administrator is all-powerful. Only that person can create new users, assign permissions and passwords to other users, and set QuickBooks company preferences. If you use the EasyStep Interview to create your company file (Company Information), the wizard won’t let you finish until you specify the user name and optional password for the QuickBooks administrator (Setting Up the Administrator).

Note

Although the administrator password is optional, you should set one right away. If you don’t, anyone who opens your company file is logged in as the administrator, with full access to every feature of QuickBooks and every byte of your QuickBooks data.

If you skip the EasyStep Interview, you can create, open, and close a company file without any sign of a login screen. But behind the scenes, QuickBooks logs you in as the administrator without a password. As soon as you try to set up additional users, QuickBooks first asks you to specify the administrator’s user name and password—which you’ll learn how to do next.

Assigning the Administrator User Name and Password

When you create a company file, QuickBooks automatically creates the QuickBooks administrator, but it doesn’t require you to assign a password to the administrator. Now that you know how important a password is, you can edit the administrator to assign one (and change the administrator user name if you want).

Tip

If you’re the only person who acts as the QuickBooks administrator and you want to transfer the duties to someone else, create a new user and give that user access to all areas of QuickBooks (Restricting Access to Features and Data). That way, the audit trail (Setting Access Rights) can differentitate changes made by you and the new administrator. In fact, it’s a good idea to create a new user using your name and use that login for most of the work you do. Login as the administrator for tasks that only the Administrator can do.

You can use this procedure to change the values for the administrator user at any time. Here’s how:

  1. Log into the company file as the administrator.

    Open the company file using your preferred method and then, in the QuickBooks Login dialog box, type your user name and password. If the administrator is the only user, the QuickBooks Login dialog box shows only the Password box.

  2. Choose Company → “Set Up Users and Passwords” → Set Up Users. In the User List window, click Edit User.

    QuickBooks automatically selects whoever you’re logged in as in the User List window. The “Change user password and access” dialog box opens, as shown in Figure 26-1.

    Fill in the New Password and Confirm New Password boxes. Be sure to set up a challenge question and answer so you can reset your password if you forget it.
    Figure 26-1. Fill in the New Password and Confirm New Password boxes. Be sure to set up a challenge question and answer so you can reset your password if you forget it.

  3. To change the administrator name, type the new name in the User Name box.

    When you change the administrator name, the User List identifies the administrator by adding “(Admin)” after the user name, for example, “All Powerful (Admin)”.

  4. In the Password box, type the password for the administrator user. In the Confirm Password box, type the password again.

    See the box on Assigning the Administrator User Name and Password for tips for good passwords. Don’t copy and paste the password from the Administrator’s Password box into the Confirm Password box. If you copy a typo from one box to the other, you won’t know what the administrator password is, and you won’t be able to open your company file.

  5. To give yourself a chance to easily reset a forgotten password, in the Challenge Question drop-down list, choose a question like “City where you went to high school”. In the Challenge Answer box, type the answer to the question.

    The next section explains how to reset the administrator password with the help of this challenge question. (The box on Complying with Credit Card Security Regulations tells you how to download a tool for resetting your administrator password if you don’t know the password, and either don’t know or don’t have a challenge question.)

  6. Click Next.

    The dialog box reminds you that the administrator has access to everything in QuickBooks. Click Finish to close the dialog box.

Warning

If you work on more than one QuickBooks company file, the program throws one password-related curve at you: It fills in the QuickBooks Login dialog box with the last user name you typed—whether or not it goes with the file you just opened. Say you opened the Toboggan Tours file using the user name Admin. When you open the Double Trouble file, the QuickBooks Login dialog box fills in the User Name with Admin, even if the administrator name for Double Trouble is I_Can_Do_Everything. If QuickBooks won’t let you log in, make sure you’re using the correct user name and password for that company file.

WORD TO THE WISE: Password Guidelines

Because the QuickBooks administrator can do anything in a company file, choosing a trustworthy person for that role is only your first step in preventing financial misfortune. Your efforts are in vain unless you secure the administrator’s access with a good password. In fact, assigning passwords to all QuickBooks users is an important security measure.

Ideally, a password should be almost impossible to guess, but easy for the rightful owner to remember. It’s easy to meet the first criterion by using a random combination of upper- and lowercase letters, numbers, and punctuation, but that makes the password harder to remember. And unfortunately, if people have trouble recalling their passwords, they’ll write them down somewhere, shooting holes in your security. To improve your security, change your password every 3 to 6 months.

Here are some tips for creating passwords in QuickBooks that are both secure and easy to remember:

  • Make passwords at least six characters long, and combine upper- and lowe--case letters, numbers, and punctuation. These are the same guidelines that the credit card industry uses as part of its standard for protecting customer information, as you can read on Complying with Credit Card Security Regulations. (QuickBooks passwords are case-sensitive and can include up to 16 characters.)

  • Don’t use family birthdays, names, phone numbers, addresses, or Social Security numbers.

  • To make guessing more difficult, replace letters with numbers or punctuation that look similar. For example, replace the letter “I” with the number 1 or an exclamation point (!). Or replace the letter “s” with the number 5, or the letter “e” with the number 3.

  • To make remembering easier, consider using names, birthdays, phone numbers, or addresses of people not obviously connected to you. For example, if no one suspects that Kevin Spacey is your favorite actor, Kev!n5pacey would be a good password (but not anymore).

Resetting the Administrator Password

If you can’t remember your password and you selected a Challenge question for the administrator user, you can answer that challenge question to earn the opportunity to reset your password. Here’s how to make this life-saving feature work:

  1. In the QuickBooks Login dialog box, click Reset Password.

    The Reset Password button doesn’t appear if you didn’t set up a challenge question.

    TROUBLESHOOTING MOMENT: What’s the Administrator Password?

    The time may come when QuickBooks asks you for a password you don’t know. For instance, maybe the person with the administrator password left in a hurry, and you need it to open the company file. Or perhaps you’re trying to open a QuickBooks file from a few years ago and the passwords you’ve tried don’t work. If the challenge question doesn’t help, first try these solutions before you resort to Intuit’s password removal tool:

    • The Caps Lock and Num Lock keys may not be set the way they were when you set your password. Try turning them on or off.

    • Test your keyboard. Create a text document and type each key to make sure they send the correct character.

    If the password is still a mystery, you can download the Automated Password Reset Tool, which lets you reset the administrator password for company files opened with QuickBooks 2006 or later. To download the program, your QuickBooks program has to be registered with Intuit (Registering QuickBooks).

    In the QuickBooks Login dialog box, click Reset Password. In the Reset QuickBooks Administrator Password dialog box, click the “I can’t remember my answer” link. In the Help topic that opens (titled “Forgotten challenge phrase answers” in case you want to search for this topic later), click the “Download the automatic password reset tool” link. On the QuickBooks Automated Password Removal Service web page, select the version you used last to open the file. Then, fill in your QuickBooks license number, first name, last name, email address, telephone number, and postal code (the ones you used to register your program so Intuit can find your registration).

    After you download the program, double-click the file to run it. You choose the company file you want to reset, and then type a new password. The program only resets your password once. If you forget it again, you have to download the tool again.

  2. In the Reset QuickBooks Administrator Password dialog box, type the answer to the challenge question that appears, and then click OK.

    A Password Removed message box tells you that your password, challenge question, and answer have been removed, which means your company file is no longer password-protected.

  3. Click Close.

    QuickBooks nudges you to add a password by immediately opening the Change QuickBooks Password dialog box.

  4. Fill in the boxes as you would to edit the user. Click OK.

    Now, when you correctly fill in the boxes in the QuickBooks Login dialog box, QuickBooks opens the company file.

Complying with Credit Card Security Regulations

If your company accepts credit cards, you probably already know that you have to comply with standards for protecting your customers’ credit card information (known as the Payment Card Industry Data Security Standard). If you don’t, not only is your customers’ financial information at risk, but you risk paying fines for your oversight. Part of the standard requires you to change your password every 90 days and to use a complex password (one that’s longer than seven characters and has a combination of uppercase and lowercase letters and numbers). The steps to take in QuickBooks to comply with these password requirements are simple:

  1. Choose Company → Customer Credit Card Protection.

    The Customer Credit Card Protection dialog box opens and explains a little bit about the feature.

  2. Click Enable Protection.

    The Customer Credit Card Protection Setup dialog box opens. The fields are the same ones you see in the “Change user password and access” dialog box. The only difference is that the New Password and Confirm New Password boxes won’t accept passwords that don’t meet the secure password criteria.

  3. In the Current Password box, type the current password (which may not meet the criteria). Fill in the New Password and Confirm New Password boxes with a complex password.

    QuickBooks won’t accept the password unless it’s longer than seven characters and has at least one number and one uppercase letter; for example, “Kath3rine.”

  4. In the Challenge Question drop-down list, choose a question that you can answer in case you need to reset the password, like “Best friend’s last or first name”. Type the answer in the Answer box.

    When you use password protection, QuickBooks requires you to set up a challenge question and answer.

  5. Click OK.

    After 90 days pass, QuickBooks asks you to set a new password.

Creating QuickBooks Users

Setting up users in QuickBooks has the same advantages as setting up users in the Windows operating system or on your network—you can restrict people’s access to just the financial data they need to see, and you can keep track of what they’re doing. By setting up user logins for the people who work on your company file, you can:

  • Keep sensitive data confidential. User names, passwords, and permissions (Restricting Access to Features and Data) help protect both your and your customers’ sensitive data from prying eyes.

  • Prevent financial hanky-panky. By limiting each employee’s access to job-relevant data and checking the audit trail for changes or deletions (Setting Access Rights), you can prevent embezzlement—or catch the culprit early. These measures also help protect your data from unintentional errors by new or careless employees.

  • Let several people work in QuickBooks at the same time. QuickBooks has no way of knowing if several people share the same user name. If you want to protect your data or identify who’s doing what in your financial records, each person who accesses your company file needs a unique user name and password. If more than one person works on your company file simultaneously, you have to switch it to multi-user mode, as the box below explains.

UP TO SPEED: Sharing Your Company File

Setting up several users for a company file doesn’t mean more than one person can work on the file at the same time. If you want your company file to bustle with financial activity, you have to buy a copy of QuickBooks Pro, Premier, or Enterprise for each computer on which you want to run QuickBooks and switch the company file to multi-user mode.

Ever since QuickBooks 2006, multi-user mode means that you access the data in your company files through a database server. Here’s how it works: When someone performs a task in QuickBooks, their copy of the program asks the database server to send information or make changes. The database server makes the changes, retrieves information, and sends it back to them—and at the same time makes sure that the changes don’t conflict with changes someone else wants to make. (There’s no quiz. You can concentrate on your business and let multi-user mode take care of the file sharing.)

To turn on multi-user access, choose File → “Switch to Multi-user Mode”. When multi-user mode is on, the title bar of the QuickBooks window includes the text “(multi-user)(<user name>)” to indicate that several people can work on the file simultaneously and who is working on the file in the current session.

If you’re the QuickBooks administrator but you also perform bookkeeping tasks, it’s a good idea to log in as the administrator to perform the tasks that only the administrator can do. For your bookkeeping duties, log in with your other user name, particularly if you want the audit trail to record who makes transaction changes.

After you begin using your company file in multi-user mode, you soon discover that some tasks in QuickBooks like condensing your company file require single-user mode. If multi-user mode is turned on and you try to perform a single-user mode task, QuickBooks tells you that you need to switch modes.

Single-user mode also runs faster than multi-user mode, which makes it ideal if you have monumental reports to generate and a tight deadline. To switch a company file to single-user mode, first ask everyone to exit QuickBooks or perform your task when others aren’t in the office. After everyone has logged off, choose File → “Switch to Single-user Mode”.

Note

If company email isn’t enough, you can send instant messages to other people logged into the same file. Choose Company → “Chat with a Coworker” or in the Windows system tray, double-click the QuickBooks Messenger icon (which looks like a stylized person next to a thought balloon). To chat with another user, select her name and then click Start Chat in the QuickBooks Messenger window’s toolbar. To send a message to everyone logged into the company file (to ask them to log off so you can switch to single-user mode, for instance), in the QuickBooks Messenger window toolbar, choose Actions → “Send Message to Logged In Users”.

Adding New Users

Only the QuickBooks administrator can create additional users. After you log in as the administrator, here’s how you create other users:

  1. Choose Company → “Set Up Users and Passwords” → Set Up Users.

    The QuickBooks Login dialog box reopens, asking you for your password. This extra request for the administrator password prevents someone from walking up to your computer while you’re away and creating an account for herself. After you enter your password, the program opens the User List dialog box, shown in Figure 26-2.

    The User List displays “(Admin)” after the name of the person who has administrator privileges. The text “(logged on)” after a username shows who you’re logged in as.
    Figure 26-2. The User List displays “(Admin)” after the name of the person who has administrator privileges. The text “(logged on)” after a username shows who you’re logged in as.

  2. Click Add User.

    QuickBooks opens the “Set up user password and access” dialog box.

  3. In the User Name box, type a name for the person to use to access the company file. And in the Password box, type a password for the person.

    In the Confirm Password box, retype the password.

  4. Click Next to begin setting permissions, which are described in detail in the next section.

    When you click Next to begin specifying the areas of QuickBooks that the person can access, the program selects the “Selected areas of QuickBooks” option automatically. Selecting the “All areas of QuickBooks” option instead gives this user access to all your financial data, as shown in Figure 26-3. That’s why QuickBooks asks you to confirm that you want the person to have access to every area of QuickBooks.

Note

The external accountant user introduced in QuickBooks 2009 has access to all parts of your company file except sensitive customer information—perfect if you want to set up a QuickBooks user for your accountant or bookkeeper. To learn how to set up an external accountant user, see Setting Up an External Accountant User.

If you click Yes when QuickBooks asks you to confirm this user’s open access, the “Set up user password and access” dialog box summarizes their access. All you have to do is click Finish (not shown here), and their user name appears in the User List dialog box, ready to log into QuickBooks.
Figure 26-3. If you click Yes when QuickBooks asks you to confirm this user’s open access, the “Set up user password and access” dialog box summarizes their access. All you have to do is click Finish (not shown here), and their user name appears in the User List dialog box, ready to log into QuickBooks.

Resetting a User Password

Users can change their own passwords, which makes your company data even more secure. This way, users can’t log in as someone else and perform transactions they shouldn’t (like writing checks to themselves). To change their passwords, folks simply choose Company → “Set Up Users and Passwords” → Change Your Password. They have to type their current password and then type the new one. The administrator can change passwords and delete users if people leave the company.

Restricting Access to Features and Data

When several people work on your company file, it’s safer to limit what each person can do. For example, Trusty Ted has earned his nickname, so you could set his login up with access to every QuickBooks feature, including sensitive financial reports and accounting activities. Myra Meddler can’t keep a secret, but there’s no one faster for data entry, so you want to make sure that she gets no further than doing the checking, credit cards, and bill paying.

If a person chooses a command and doesn’t have permission for that feature, QuickBooks displays a warning message that identifies the permission needed to perform the action. In case the lack of permission was a mistake or an oversight, the warning message also suggests asking the QuickBooks administrator to grant that permission.

What the Access Areas Represent

When you tell QuickBooks that a user should have access only to selected areas of QuickBooks, you have to tell the program which areas the person can use. As you click Next, the “Set up user password and access” dialog box steps through one area at a time, as you can see in Figure 26-4. There’s some overlap, because each area actually covers a lot of ground:

  • Sales and accounts receivable. This area includes creating sales transactions with any kind of sales form (invoices, sales receipts, statements, and so on) and with any additional features (receiving payments, reimbursable expenses, finance charges, and so on). With sales and accounts receivable permissions, you can open the Customer Center and modify sales-related lists, such as the Customer:Job, Customer Type, and Ship Via lists, and customize sales forms. Full access includes printing and creating sales-related reports.

    In the upper-right corner of the “Change up user password and access” dialog box, QuickBooks shows which access page you’re on. Each area of QuickBooks appears on its own page (there are nine pages of permissions). When you’re done, QuickBooks displays a summary page with the features the person can access.
    Figure 26-4. In the upper-right corner of the “Change up user password and access” dialog box, QuickBooks shows which access page you’re on. Each area of QuickBooks appears on its own page (there are nine pages of permissions). When you’re done, QuickBooks displays a summary page with the features the person can access.

    For the sales and accounts receivable area, selective access includes the “View complete customer credit card number” checkbox, which helps protect your customers’ financial information. QuickBooks automatically turns off this checkbox, to restrict who can see a customer’s full credit card information. If you don’t accept credit cards, you can leave this setting as it is. Otherwise, you can turn the checkbox on for the people you trust to work with customer credit card numbers.

  • Purchases and accounts payable. These permissions include all aspects of bills and vendors: entering and paying bills, working with purchase orders, entering reimbursable expenses and credit card charges, and paying sales tax. You can open the Vendor Center and modify purchase lists, such as the Vendor and Vendor Type lists, and customize purchase forms. Full access includes printing 1099s and reports about vendors or purchases.

  • Checking and credit cards. Permissions in this area let people write expense checks and refund checks (but not payroll checks), enter credit card charges, and make deposits.

    UP TO SPEED: Commonsense Security Measures

    Your QuickBooks company file isn’t the only place that you keep sensitive information. Be sure to set up your computers so that your QuickBooks data and all your other proprietary information are secure:

    • Back up your data regularly. Back up your company file (Backing Up Files) and other data and store the backups in a safe place. Check that your backups save the files you want and that your backups restore without any problems.

    • Update your operating system with security updates. If you run a Windows operating system, review the articles about the latest security updates software at http://www.update.microsoft.com.

    • Use antivirus software and keep it up-to-date. These days, you need antivirus and anti-spyware software. Because the rogues who write viruses, worms, Trojans, and spyware don’t look like they’re going to stop any time soon, be sure to update your antivirus and anti-spyware programs regularly.

    • Install a firewall. An Internet connection without a firewall is an invitation to nosy nerds and criminals alike. A firewall restricts access from the Internet to only the people or computers you specify.

    • Plan for problems. Cross-train your employees so that more than one person knows how to do each procedure in your company, including working with QuickBooks. Store the QuickBooks administrator’s password in the company safety deposit box or give it to a company officer for safekeeping.

  • Inventory. People with these permissions can maintain the inventory items on the Item List, receive products into inventory, adjust inventory quantities, work with purchase orders, and generate inventory reports.

  • Time tracking. Time tracking permissions include the ability to enter time transactions in the weekly and single activity timesheets, import and export Timer data, and generate time reports.

  • Payroll and employees. Payroll permissions include opening the Employee Center and the Payroll Center, writing and printing paychecks, setting up and paying payroll liabilities, using the selected payroll service, maintaining the Employee and Payroll Items lists, and generating payroll forms and reports.

  • Sensitive accounting activities. Sensitive accounting activities don’t belong to any one area of QuickBooks. Reserve these permissions for people who are not only trustworthy, but who understand how your accounting system works. With these permissions, someone can maintain your chart of accounts, make general journal entries, transfer funds, reconcile accounts, access accounts through online banking, work in balance sheet account registers, and create budgets. Other permissions include condensing data (which removes details of past transactions), using Accountant’s Review, and generating the payroll report.

  • Sensitive financial reporting. These permissions let someone print every report in QuickBooks, regardless of any reporting restrictions from the other access settings you choose. For example, someone with this kind of access can print Profit & Loss, Balance Sheet, Cash Flows, and audit trail reports.

  • Change or delete transactions. As an extra precaution, you can give people permission to create transactions in an area, but not let them change or delete the transactions that they’ve created. For example, for trainees just learning the ropes, you might remove their permission to edit transactions, so they need to ask someone more experienced to make changes. An additional option lets people change transactions prior to the closing date. (Ideally, give this permission only to those who really know what they’re doing—like your accountant.)

Setting Access Rights

In the “Set up user password and access” dialog box, the “Selected areas of QuickBooks” option takes you on a journey of specifying access to areas of QuickBooks. As you click Next to access each area of QuickBooks, you can give someone no access at all, full access, or the right to perform some tasks in the area, as shown in Figure 26-5.

Here’s a guide to what each level of access lets people do:

  • No Access. People can’t open any windows or dialog boxes for that area of QuickBooks, meaning they can’t perform any actions in that area. QuickBooks automatically chooses the No Access option. To give someone any access to an area, you have to choose either Full Access or Selective Access.

  • Full Access. The person can perform every task in that area of QuickBooks, but not tasks reserved for the administrator user.

  • Selective Access. When you choose this option, you also need to tell QuickBooks what the person can do (Figure 26-5).

The final page in the “Set up user password and access” dialog box summarizes the access rights that you chose for the person, as shown in Figure 26-3. The Summary screen separates access into the same categories as the Selective Access level: Create, Print, and Reports. In most cases, giving someone full access means that “Y” appears in all three columns. No access usually displays “N” in all three columns. When a permission isn’t applicable to an area, QuickBooks displays “n/a”. For example, there aren’t any reports associated with the right to change or delete transactions.

When you choose the Selective Access option, you also need to select the option that specifies what the person can do. Selective Access separates tasks into creating transactions, creating and printing transactions, or creating transactions and generating associated reports.
Figure 26-5. When you choose the Selective Access option, you also need to select the option that specifies what the person can do. Selective Access separates tasks into creating transactions, creating and printing transactions, or creating transactions and generating associated reports.

Audit Trails

The audit trail feature is always turned on, keeping track of changes to transactions, who makes them, and when. You check this permanent record—the Audit Trail report, shown in Figure 26-6—to watch for unseemly activity.

You have to be the QuickBooks administrator or have permission to generate sensitive financial reports to run the Audit Trail report (choose Reports → Accountant & Taxes → Audit Trail).

The Audit Trail report shows every transaction that’s been created, changed, or deleted. To see the details of a transaction, double- click it.
Figure 26-6. The Audit Trail report shows every transaction that’s been created, changed, or deleted. To see the details of a transaction, double- click it.

Note

The Clean Up Company File tool (Running the Clean Up Company File Tool) removes the audit trail information for transactions that the cleanup deletes. So if you’re watching transaction activity, print an Audit Trail report first, and, as always, back up your company file regularly.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.145.78.56