New Beginnings still require Process Management

A few weeks ago on Twitter, I said I would be announcing some big news and well here it comes. After seeing my friend Kim Hogan’s blog View from My Shoes I made a decision to follow in her footsteps and join the team at XCM Solutions

I have been at Fuoco Group LLP for many years and for the past year working with Fuoco Technology providing clients with technology solutions and overseeing the accounting firm’s internal technology needs. For a good part of that time XCM Solutions has been a valued software partner of the firm. With their help, Fuoco Group has increased efficiencies in tax preparation work and defining workflows. While I will have very fond memories of my time at Fuoco Group and relationships that will last a life time, I am excited about the new adventure.

I have always been a proponent of XCM within the firm as well as to the public while speaking about paperless processes and workflow. I have been asked many times in the past 8 years if I work for them, well now I do.

XCM Solutions is the industry leader with their workflow solution. While it is an automated workflow product most commonly identified with the tax process, it can be used for all workflow processes in an accounting firm as well as other businesses that have defined repeatable processes. While making the transition, I have seen that there is a definite need for the ability to track processes. When any person leaves a company there are things that need to be addressed from HR to IT. Commonly the tasks involved are done by multiple people and there is a need to have everything documented in each process. This also occurs on the other side, commonly known as onboarding. You need to get an employee set up on the network, provide HR materials, handle getting them set up in office space and training. All of these tasks are part of a process that should be documented. I know that XCM can do that for you and am willing to help.

I look forward to this new and exciting part of my life and will continue to share my insights on technology for accounting firms as well as small businesses served by those firms.

Disaster recovery – can you plan for everything?

Seems the only time I spend writing is during natural disasters. As the Eastern seaboard, especially those in south Jersey were hit with Hurricane Sandy, I was reminded by a friend in Florida that said the worst part of a hurricane is the aftermath. The flooding, loss of electricity and shortage of food & gasoline can push people to the limit.

I also got to thinking about disaster recovery for business. A couple of the businesses I am involved with Fuoco Group LLP and FuocoTech have pretty good disaster recovery plans in place. We have all of the standard procedures down and have a plan in place, but will the plan always work? Can you plan for everything? If you have backups of data, are they offsite? Will you need electricity to be able to run the devices to get the data loaded? Will personnel be able to get to your locations to be able to upload backups to any offsite servers?

These are many questions that one would need to answer and are only the tip of the iceberg. A few years ago I prepared a presentation (Find it on SlideShare Here) on disaster recovery that I thought was pretty comprehensive but as the past few years and the unforeseen circumstances around natural disasters have shown me, we cannot always plan on EVERYTHING!

Cyber criminals vs. Company Networks

I am sure that many of you have read articles or heard on the news about cyber attacks against some of major companies. Cyber attacks or “data security violations” are becoming more prevalent as our society is becoming more and more digital. In fact, according to the Privacy Rights Clearinghouse, there have been more than 2,500 data breaches involving more than 600 million records that have been made public since 2005. That is nearly one a day for the past 5 1/2 years.

Now I am sure that you may be thinking that all these digital records and computers may be a bad thing, but one of the reasons for the rise is, simply, there is more data and records in digital format than there 5 1/2 years ago.

These cyber attacks  against companies include various types:

• Intellectual property theft – US based companies are known throughout the world for developing cutting edge inventions, design and other intangible assets. These assest are vulnerable to online theft
• Fraud – Most commonly seen is stealing of credit card information which is sold
• Attacks on Infrastructure – For businesses this can include viruses & worms that affect servers and workstations. For countries and municipalities, it could include attacks on power grids or water supplies.
• Telecommunications – many times telecommunications systems get broken into for variosu reasons. The two that coime right to mind are the ability to force the network’s failure and to intercept communications.

There are ways for companies to combat cyber attacks and a lot of them are simple and require educating people about the ramifications of not adhering to policy. Though the digital world can be complex and many companies have detailed sets of information on policies and procedures to protect data and business information, the bottom line for me it is your people that are the best defense.

I say people are the best defense, but they need to be educated on the policies and required to know what they are and adhere to them. I like to say that people know the speed limit may be 55, but if there is no one there to make them adhere to it, they will drive faster. One way is to test employees on an annual basis to assess their knowledge and understanding of the company’s information security policy & procedures. This is one thing that I intend to do with my accounting firm, Fuoco Group, and all companies that I consult with. One thing to ensure compliance with testing and knowledge of the policies and procedures it to revoke system access to those not completing the testing. Watch how quick you get called when someone does not have access to the company network.

Here are some things that a company can do and should make clear in their policies to help prevent cyber attacks:

• Login credentials – No matter how much people may complain about needing to know passwords, make it a requirment that at a minimum they need to change passwords every 90 days. Also make sure they are informed how to protect their passwords. (taping it to their monitor just does not cut it)
• Software being installed without approval. Many times commercial software can icnlude security flaws that provide hackers an “open” door to the rest of the network. By using group policies to prevent installation of software on company computers, can prevent these open doors. There should also be Anti-Virus installed on every workstation, laptop and server in the organization and it should be updated regularly.
• Phishing emails – These are emails that appear to be sent from a legitimate organization but are really coming from people looking to steal your employee’s credentials to the network. This is something that employees need to be educated on as well as the general public.
• PERSONAL USE: I capitalize this one because more often than not this is one of the most abused things by employees and in my opinion the number one opening for attackers. Each company needs to make it clear to employees regarding the personal use of the company’s network, be it email, the internet or personal smart devices used to access the company’s network. (see next)
• Use of Company equipment – Employees need to be educated that it is YOUR workstation NOT THEIRS. You need to enforce company policy when it comes to the workstation, thumb drives, PDA’s, external hard drives and unsecured WiFi networks 

Protecting your company’s assets against cyber attacks is not easy, but employee awareness, policies and procedures that are enforced and the knowledge that these attacks are out there may make it a bit easier for you to sleep at night knowing you have done what you can. Now go put the alarm on so you can sleep!

Been away, but checking in

Well, I have to be honest. I have ignored this blog as there have been many things going on in my life, personal and business, that have taken the forefront. I have been thinking of so many things that I would like to share in my little corner of the world, where I have My Eye on Technology.

It is now the middle of tax season and the list of ideas on what to write about is growing. Our firm is pushing forward many initiatives during this busy season to better serve our clients and technology is at the forefront of those initiatives. From instituting a client portal for delivery of tax returns, to moving to a hosted environment for our servers, to using CCH’s Knowledge Coach with ProSystem fx Engagement for more efficient audits technology is aiding us in better client service.

I will be posting some insight into my experiences in launching these initiatives and look forward to hearing from others.