Posts

An accounting firm considering to accept cloud technology.

Why CPA’s Need Cloud Services To Survive

/in /by

Cloud Services For Accountants is More Important Than Ever

As a CPA firm you’re going to have to adjust to this new remote reality. No one expected the lock-down, however firms that operated on the cloud had an advantage over those who hadn’t yet or only did so partially.

Many accounting firms learned to understand how the right technology could help them access and review financial information, create reports, manage accounts and more.

There is no telling how or when businesses will open up. Moreover, reopening A CPA firm to its full capacity requires much more than opening the doors, turning the lights on and wiping off the dust from your desk.

It is a gradual process that will require much planning and the transition itself will depend on many factors.

That is why cloud technology has become so pivotal in the last few months. The lock-down put many accounting systems to the test, forcing everyone from individual practitioners to larger firms to operate continually outside of the office.

Firms that migrated to the cloud prior to the lock-down are doing well. Their client data secured in a data center and their applications on a cloud network ready to use. The Accounting industry has been discussing the impacts that would occur as a result of the cloud. Now, it’s no longer a theoretical discussion.

Experts predict cloud accounting to be a permanent feature of any CPA firm. Firms that didn’t migrate to the cloud previously might be asking if it’s too late for them. The answer is a definitive no.

Video Conferencing

Firms that use Microsoft 365 might be familiar with Teams. Teams is one of the many video conferencing applications firms are using to communicate while working remotely.  There are also applications like Zoom, Google hang outs, and Skype. These video tools facilitate collaboration and, with the right cloud service provider, can create an effective remote environment.

Financial services experts and CPA’s are discussing the possibly of permanent remote advising. Remote advisory services was always the direction technology was heading in. However, the lock-down that proceeded the COVID-19 pandemic only sped this transition.

These remote services will only be afforded to firms willing to migrate and adopt the virtual tools necessary to perform these roles efficiently.  That means finding a managed services provider with cloud hosting capabilities that are designed to meet your firm’s needs.

Remote Advising Through The Cloud

Remote advising is the future of the financial services industry. Technology was already in the processes of changing the role of CPA’s towards more advisory positions. With software automating much of the compliance work once handled by an accountant or bookkeeper.

James C. Bourke, a CPA an accountancy technology expert, predicts that if CPA’s are not spending on technology solutions that are accessible remotely, they will be revisited.

“Priorities are going to change on technology spending, once we are all back in the office,” he said in a recent podcast.

Adopting a cloud storage system that can handle any project without downtime can help your business succeed with remote work.

Migrating  Your Firm to The Cloud

Can you migrate mission critical applications to the cloud now? Specifically can you migrate Document, tax, engagement, and practice management to the cloud?

According to Bourke, currently, migrating to the cloud will be difficult but CPA’s should do everything they can to prepare themselves for a cloud migration when we return to normalcy.

That requires firms to research the best cloud providers, checking to see if they have the right security and compliance tools to provide your firm with the proper IT support without failing to meet regulation standards.

Technology disruption and the shifting to more advisory services are creating a professional environment where accountants must offer more valued and diverse skill sets.  However, this also means shifting focus to the client’s specific needs and away from other aspects of your practice like software, cyber security and IT services.

Leveraging the Cloud

If you plan on working as a trusted advisor you need to understand the implications of these shifts and what these tools mean for your firm. It’s not only adopting a cloud solution but adopting one that has the services that benefit your firm the most. Migrating to the cloud is like purchasing a car. Just because it has four wheels and an engine doesn’t mean it will be the vehicle you.

There are many types of cloud providers and every cloud provider has different assets, strengths and weaknesses. There are public, private and hybrid cloud. Different cloud companies like Azure have cloud services but require you to pay an extra fee for support services. Nerds Support’s accounting cloud services utilizes software that complies with SOX and FINRA standards for example.

Other cloud providers like AWS are public clouds with thousands of clients. Their service would be less personal and contacting support is difficult.

Cloud Accounting is The Future

A Survey in The New Jersey Society of CPA’s, revealed that 40 percent of participants expected a decrease in revenue as a result of the COVID-19 pandemic. The development of cloud technology and remote services will work to mitigate revenue loss once properly implemented.

The abrupt switch from in-person accounting services to remote focused work was jarring. Firms were unprepared for the demands of a remote work environment. However, now that industries, not just Accounting, have seen the results of a shut-in, firms will work to eliminate this vulnerability by revisiting cloud technologies and focusing on remote tools.

Managed IT Services Providers expect an increase in demand for public cloud services. Specifically, a an increase in SaaS, industry- focused apps. These include collaboration and other productivity and business continuity tools.

The social shift towards online platforms (VOD, social media platform, and cloud gaming) shift focus towards cloud infrastructure automation/management software.

In other words, cloud environment reliability, optimizing online platforms and the performance of your infrastructure determine the success of your firm in the future. Clients now and in the future will require and request online services.

Make sure your firm stays protected and ready for this new shift.

Accounting Firm Scams Vulnerabilities Thumbnail

Top 5 Vulnerabilities Accounting Firms Face

/in /by

It seems like every other day now institutions big and small are experiencing some form of cyberattack. With the growing emergence of remote work solutions last year, businesses had to adapt to the need for flexibility for the their teams. Unfortunately, this came with a lot of security concerns about vulnerabilities. Local governments, banking institutions, tech and networking companies have all undergone some sort of cyber breach. However, accounting firms are likelier than other businesses to fall victim to a cyberattack due to the wealth of sensitive client information they store in order to conduct business.

Since cybercriminals are always exploiting vulnerabilities and finding new malware to access financial information of accounting clients, it’s important to understand cyber threats your firm faces in 2020. So when an accountant thinks about cyber risks they’re susceptible to they think about attacks from outside the firm. Unfortunately, the cyber threats that could negatively impact the firm are ones that firms are responsible for. The good news is they can be prevented.

Here are five  main vulnerabilities CPA’s face today.

Why are CPA Employees at the Root of a Data Breach?

1) Human Error

Human error is the leading cause of accounting mistakes and it’s also the leading cause of cyber security threats. 90 percent of data breaches are caused by human error, according to a study by Kaspersky.

Bring your own device (BYOD) culture puts financial firms at risk when accountants neglect to check their network security. If an accountant has sensitive data on their personal device and decides to go to a coffee shop like Starbucks, it’s possible that a hacker can access that information because the user’s connected to a vulnerable, public wifi network.

Solution

Establish strict guidelines to limit the use of personal devices when handling accounts and client data.

2) Weak Passwords

Among the most common mistakes accounting professionals make is setting up weak passwords for accounts. Accountants should create separate passwords for their email, applications, and systems according to best practices. The reality is accountants, like many other people, tend to use the same password for all three. As a result, they make a hacker’s job much easier.

Passwords are a lot like keys. Imagine if you had one key for your house, your car and your business.  All anyone has to do to ruin your life is get hold of that key. Now, lets push this analogy even further. Imagine that same universal key. Not only does it provide access to all these valuable things but every night before you go to bed you leave it under a flowerpot outside for safe keeping. It might not be as obvious as leaving it out in the open, but it wouldn’t take long to find.

That is exactly what accountants do online. They create passwords that are easy for them to remember. Passwords are often anniversary dates, names of pets or loved ones, or the schools they studied in. Like the key in the flowerpot, a thief might not know exactly where it’s is hidden, but after some snooping around and persistence, they’d find it.

Social Media is a Hackers’ Greatest Tool

In today’s world of social media and online communication, personal information is available to everyone willing to look for it. A cyber criminal just needs to do a minimum amount of work looking through social media accounts to find anniversary dates, names of pets or loved ones, and the schools a target studied in.

That’s not to say accountants should rid themselves of all social media and eliminate their online presence. That’s a very extreme approach and, more importantly, is impossible. We shop online, we bank online, we purchase food online, we buy tickets online. All these things create a profile of who you are and can be leveraged to gain access to your accounts.

Solution

It is essential for accountants to set strong passwords for all their accounts. What are strong passwords? A strong password is a combination of letters (capital and lowercase), special characters like punctuation marks, and numbers or numerals. Stay away from passwords relating to your personal life as often as possible. A hacker will use whatever information they can to infiltrate a firm.

To avoid this firms should consider simple security methods like having users change their passwords monthly or at least quarterly and limit access through mobile devices. Also using multi-factor authentication software when accessing accounts can prevent breaches.

Accounting Firm Scams Vulnerabilities Statistics

3) Phishing

This leads me to the next cybersecurity danger CPA’s face: Phishing. Phishing emails are used to manipulate the reader to click on a link or attachment infected with malware or a virus. They are a form of social engineering. Whether  you’re a large firm or small you’re vulnerable because statistics are on the hacker’s side.  All it takes is one successful attempt to access the firm’s data. In other words, they only need to trick one employee to access the firm’s data.

Phishing attacks a varied and wide-ranging. They can come in the form of a credit card alert, a notice from a non-profit, a package shipment delay and others. However, now that there’s more awareness of phishing scams, scammers adapted to make attacks even more believable by hyper focusing on a specific target.

A target phishing email is known as spear phishing. Cybercriminals use everything they can find on the target to legitimize the email. They’ll make references to people in your life, places you’ve lived in, things that you’ve done to give you a false sense of security. For example, if you get an email from a store you’ve shopped at offering you deals on products you’re likely to buy, you’re likelier to open the email without question.

Avoiding spear phishing attacks means having the proper securities in place and training personnel to create a security first culture. Businesses can use phishing simulations to train accountants to recognize them also.

4) Malware

Malware is installed through a phishing email attachment or link to an infected web page. The scary thing about malware is that it can stay dormant for weeks or even months before it’s used to steal information or take over systems. There are even ways to purchase malware online through the dark web. In other words, cyber criminals no longer need to be tech savvy to deploy malware. They can be anyone.

Solution

Since Malware is installed through social engineering, the solutions are the same.  Accounting firms should have protocols in place to alert IT personnel when a request comes in through email. Managed Service providers, like Nerds Support, have alert system that notifies systems engineers of potentially fraudulent emails.

Our e-book goes into more detail on the benefits of e-mail and spam security services.

5) Cryptojacking

Cryptojacking is relatively new and unlike malware attacks, its goal is to mine cryptocurrencies on behalf of the hacker by using the victim’s devices. They gain access to the devices by using phishing techniques. They imbed crypto mining malware in popular websites in the form of free browser extensions.

Crypto currencies are valuable to hackers because they’re untraceable and can be used for purchase and exchange on the dark web. Furthermore, the attractive thing about cryptojacking is that it runs secretly and can go undetected for a long time. And since nothing gets stolen or encrypted, there’s little incentive to do anything about it.

 Solution

Other than training firms should implement endpoint protection/antivirus software that detect crypto miners. IT support should create a continuity strategy in case of an attack.  Another thing you can do is keep track and maintain browser extensions.

Conclusion

An October 13 story by CNBC reported that Cyberattacks cost small companies $200,000 on average. 60% of the businesses attacked go out of business within six months. Accounting firms are among the most targeted types of businesses today. Moreover, cyber crime has become the fastest growing type of crime costing businesses 5.2 trillion worldwide in the next five years.

Pandora’s box has been opened and now more than ever CPA’s cannot afford to take unnecessary risks. Adopting strategies and continuity plans to limit the impact of cyberattacks and phishing scams is key.

P.S. Cloud accounting is a growing field and provides unique solutions to many of these problems. Visit our page on IT Support for Accountants to learn more about how IT solutions could give your CPA firm the security and advantage it deserves to stay competitive.

Nerds Support Contact Us Leaderboard

How Accounting CPA's will continue post the pandemic

Accounting in a Post Pandemic Era

/in /by

Last year’s pandemic has impacted nearly every business in the country. Now, accountants might find themselves wondering how to create a secure work environment for themselves and their clients.

The needs of your clients are changing and so is the industry. Furthermore, new regulations created as a consequence of COVID-19 are affecting business practices.

With that in mind, here are a few changes that CPA’s will experience in the coming years.

Employees

All businesses including CPA firms are looking to get employees back to work.  These are some guidelines that might help your firm organize itself as the country begins to open up again.

  1.  EEOC sub regulatory guidance is a mouthful, but it is also important when considering how to navigate your firm’s re-opening process. According to EEOC guidance, employers are permitted to test for the presence of the COVID-19 virus before allowing employees to enter the place of work.
  2.  Employers must ensure the right infection controls regarding testing and be cautious of false positives and false negatives. Keep in mind that even the most accurate test only detects the virus if it’s currently present in the body. It does not guarantee the employee will not get the virus later.
  3.  Temperature checks are permissible under EEOC guidelines. However, who should administer the checks and how to administer them are not clear.
  4.  Employees testing positive for COVID-19 should be isolated from others and the workplace. Employers are encouraged to follow CDC and OSHA guidelines, which include closing off areas used by the sick employee, cleaning and disinfecting the environment, and informing other employees of any possible exposure to the virus in the office.
  5. Results from a COVID-19 test or temperature check fall under ADA confidentiality provisions. These tests are considered confidential information that should be kept in a secure location away from other employee information.

Industry

We covered employees, but what about changes in the industry itself? The COVID-19 crisis has accelerated certain trends and shifted others. Let’s review what some of those are.

A Shift in Duties For CPA’s

Small-business clients need help accessing relief programs in the CARES Act and the Paycheck Protection Program specifically. This means firms need to quickly transition from consulting to advisors as they help businesses get through the lockdown.  Financing reviews, a lot of cash flow forecasting and evaluating relief packages will be more important through tax season and the next few months.

Working Remotely

Experts agree that remote work for CPA’s is going to become the new normal. With companies like Twitter, Facebook and more making remote work permanent.

Although remote work was projected by  to increase gradually, the lockdown sped up the process. Firms were forced to quickly adopt remote enabling technologies like Video conferencing apps and the cloud.

Cloud Accounting

Speaking of the cloud, the move to remote operations has been difficult for firms who complain that apps like Zoom are not working well with their Citrix environment. That’s mainly because these firms have only partially moved over to the cloud.

Cloud accounting is an inevitability now that we know a pandemic can force us to work beyond the office at any moment.

A firm that was not prepared likely did not have the time to migrate to the cloud all of their applications and infrastructure over. So as things begin to pick up speed they’ll do so.

Moving to the cloud is not as easy as choosing to do so. There are steps to cloud migration. Moreover, the quality of the cloud service depends on the quality of the provider. Firms must familiarize themselves with the different types of cloud services: public, private and hybrid clouds.

By choosing a large public cloud like Amazon Web Services, you could be sacrificing personalized care. Choose a cloud that lacks the proper regulatory standards and it might hurt your firm more than it helps.

The chief concern for all CPA’s should be to assist clients, help save businesses and keep jobs.  CPA’s are the financial experts both individuals and main street businesses need right now. Having the right tools in place is going to be essential.

Accountants may have the technology to work remotely but not all of them have everything they require to work efficiently. Although being in the office doesn’t compare with being at home, adjusting is a matter of making the right choices.

Clients

Additionally, accountants can’t meet face-to-face with clients so they’ll resort to remote advising as a way to adjust. However, just like remote work, remote advising is going to outlast the lockdown it seems.

Accountants and clients will adjust to working from the comfort of their homes without having to bare long commutes or wait in an office.

Remote advising will redefine what it means to be an accountant like tax application services are doing now. Firms will realize that remote advising is not just a way of working through a pandemic but perhaps a more efficient way of doing business for both them and their clients.

Firms

Although the long-term consequences of the lockdown are still unknown, accountants need to see themselves as advisors businesses need to survive. Firms of all sizes are going to called on by their clients to help them though the economic downturns created by the lockdown.

CPA’s, unlike other professions, are facing an opportunity for growth. Accounting firms should position themselves as the first responders during a financial crisis. Employers, businesses and average citizens are looking for help. They want to apply for loan programs, government assistance, and financial relief programs. All of these examples require knowledgeable of tax, accounting and payroll.

Cyber criminal breaching federal emergency loan site for access to money.

8,000 Emergency Loan Applicants Affected by Data Breach

/in /by

The SBA Was Breached

8,000 small business owners who applied for loans from the Small Business Administration potentially had their personal information exposed last month, admits the agency.

The Economic Injury Disaster Loan program (EIDL) offers up to $10,000 to owners currently struggling with their businesses due to the COVID-19 pandemic.

Who Is Affected?

The breach affects people who applied for the EIDL. Traditionally, it was used to aid owner whose businesses were impacted by tornadoes, hurricanes and other natural disasters. Congress expanded it in the $2.2 trillion CARES Act.

Notification letters were sent to 7,913 applicants possibly impacted by the breach and then the letters were posted online. The letters revealed that personal data could have been exposed to other applicants. This data included phone numbers, addresses, dates of birth, income and financial information, and social security numbers.

What’s In the Loan Program?

The Economic Injury Disaster Loan program (EIDL) offers up to $10,000 to owners currently struggling with their businesses due to the novel coronavirus pandemic.

A Trump administration official described the issue to CNBC saying that an error occurred when some owners would hit the back button on a page they would see the information of someone else’s businesses rather than their own.

How Did The SBA Find Out?

According to reports by the Washington Post, the SBA was initially silent on the duration of the breach or about details of its discovery. Businesses that may have been affected were notified by the SBA and offered one free year of credit monitoring.

The Agency said it discovered the vulnerability on March 25 and notified those affected with letters. A copy of the letter was posted by a victim after the breach. The letter itself mentioned that there is no sign of data misuse as of last week.

What’s The SBA’s Track Record?

Business owners have had issues with the disaster loan website before. The site was taken down for maintenance for several hours on March 16, and owners could not apply during that time. On March 29, the SBA revised its application process for the disaster loans and owners had to reapply. Many learned days or weeks later that they needed to reapply.

Business owners experienced issues with the loan website previously. In fact, the site was taken down for maintenance for hours on March 16. This meant owners couldn’t apply for a loan in that time. About two weeks later on March 29, the SBA updated the application process for the loans and owners were required to reapply.

How Much Money Was Allocated?

As of April 19, SBA had approved almost 27,000 EIDL loans valued at $5.6 billion. Another 755,000 businesses received EIDL grants worth a total of $3.3 billion. The Trump administration official told CNBC that 4 million business owners had applied for assistance worth $383 billion—far more than the $17 billion allocated for the program.

Even before the breach the agency website was strained by a flood of applications for the loan that overburdened funding, keeping businesses waiting for weeks to receive money.

Before the COVID-19 crisis small businesses should have been eligible for up to $2 million in disaster loans. Unfortunately, because millions of companies are now seeking assistance,  the SBA had to limit the loans to the previously mentioned $10,000

What are the Risks Now That There Was a Breach?

That being said, the SBA approved nearly 27,000 EIDL loans since April 19. However, the breach raises a problem for anyone looking to exploit personal information on the website for social engineering scams. IBM Securities published research revealing it had seen a 6000% increase in email campaigns impersonating the SMB.

For more information on cyber security, cloud, remote work and more, visit Nerds Support’s blog.