Posts

An accounting firm considering to accept cloud technology.

Why CPA’s Need Cloud Services To Survive

Cloud Services For Accountants is More Important Than Ever

As a CPA firm you’re going to have to adjust to this new remote reality. No one expected the lock-down, however firms that operated on the cloud had an advantage over those who hadn’t yet or only did so partially.

Many accounting firms learned to understand how the right technology could help them access and review financial information, create reports, manage accounts and more.

There is no telling how or when businesses will open up. Moreover, reopening A CPA firm to its full capacity requires much more than opening the doors, turning the lights on and wiping off the dust from your desk.

It is a gradual process that will require much planning and the transition itself will depend on many factors.

That is why cloud technology has become so pivotal in the last few months. The lock-down put many accounting systems to the test, forcing everyone from individual practitioners to larger firms to operate continually outside of the office.

Firms that migrated to the cloud prior to the lock-down are doing well. Their client data secured in a data center and their applications on a cloud network ready to use. The Accounting industry has been discussing the impacts that would occur as a result of the cloud. Now, it’s no longer a theoretical discussion.

Experts predict cloud accounting to be a permanent feature of any CPA firm. Firms that didn’t migrate to the cloud previously might be asking if it’s too late for them. The answer is a definitive no.

Video Conferencing

Firms that use Microsoft 365 might be familiar with Teams. Teams is one of the many video conferencing applications firms are using to communicate while working remotely.  There are also applications like Zoom, Google hang outs, and Skype. These video tools facilitate collaboration and, with the right cloud service provider, can create an effective remote environment.

Financial services experts and CPA’s are discussing the possibly of permanent remote advising. Remote advisory services was always the direction technology was heading in. However, the lock-down that proceeded the COVID-19 pandemic only sped this transition.

These remote services will only be afforded to firms willing to migrate and adopt the virtual tools necessary to perform these roles efficiently.  That means finding a managed services provider with cloud hosting capabilities that are designed to meet your firm’s needs.

Remote Advising Through The Cloud

Remote advising is the future of the financial services industry. Technology was already in the processes of changing the role of CPA’s towards more advisory positions. With software automating much of the compliance work once handled by an accountant or bookkeeper.

James C. Bourke, a CPA an accountancy technology expert, predicts that if CPA’s are not spending on technology solutions that are accessible remotely, they will be revisited.

“Priorities are going to change on technology spending, once we are all back in the office,” he said in a recent podcast.

Adopting a cloud storage system that can handle any project without downtime can help your business succeed with remote work.

Migrating  Your Firm to The Cloud

Can you migrate mission critical applications to the cloud now? Specifically can you migrate Document, tax, engagement, and practice management to the cloud?

According to Bourke, currently, migrating to the cloud will be difficult but CPA’s should do everything they can to prepare themselves for a cloud migration when we return to normalcy.

That requires firms to research the best cloud providers, checking to see if they have the right security and compliance tools to provide your firm with the proper IT support without failing to meet regulation standards.

Technology disruption and the shifting to more advisory services are creating a professional environment where accountants must offer more valued and diverse skill sets.  However, this also means shifting focus to the client’s specific needs and away from other aspects of your practice like software, cyber security and IT services.

Leveraging the Cloud

If you plan on working as a trusted advisor you need to understand the implications of these shifts and what these tools mean for your firm. It’s not only adopting a cloud solution but adopting one that has the services that benefit your firm the most. Migrating to the cloud is like purchasing a car. Just because it has four wheels and an engine doesn’t mean it will be the vehicle you.

There are many types of cloud providers and every cloud provider has different assets, strengths and weaknesses. There are public, private and hybrid cloud. Different cloud companies like Azure have cloud services but require you to pay an extra fee for support services. Nerds Support’s accounting cloud services utilizes software that complies with SOX and FINRA standards for example.

Other cloud providers like AWS are public clouds with thousands of clients. Their service would be less personal and contacting support is difficult.

Cloud Accounting is The Future

A Survey in The New Jersey Society of CPA’s, revealed that 40 percent of participants expected a decrease in revenue as a result of the COVID-19 pandemic. The development of cloud technology and remote services will work to mitigate revenue loss once properly implemented.

The abrupt switch from in-person accounting services to remote focused work was jarring. Firms were unprepared for the demands of a remote work environment. However, now that industries, not just Accounting, have seen the results of a shut-in, firms will work to eliminate this vulnerability by revisiting cloud technologies and focusing on remote tools.

Managed Service Providers expect an increase in demand for public cloud services. Specifically, a an increase in SaaS, industry- focused apps. These include collaboration and other productivity and business continuity tools.

The social shift towards online platforms (VOD, social media platform, and cloud gaming) shift focus towards cloud infrastructure automation/management software.

In other words, cloud environment reliability, optimizing online platforms and the performance of your infrastructure determine the success of your firm in the future. Clients now and in the future will require and request online services.

Make sure your firm stays protected and ready for this new shift.

Cyber criminal breaching federal emergency loan site for access to money.

8,000 Emergency Loan Applicants Affected by Data Breach

The SBA Was Breached

8,000 small business owners who applied for loans from the Small Business Administration potentially had their personal information exposed last month, admits the agency.

The Economic Injury Disaster Loan program (EIDL) offers up to $10,000 to owners currently struggling with their businesses due to the COVID-19 pandemic.

Who Is Affected?

The breach affects people who applied for the EIDL. Traditionally, it was used to aid owner whose businesses were impacted by tornadoes, hurricanes and other natural disasters. Congress expanded it in the $2.2 trillion CARES Act.

Notification letters were sent to 7,913 applicants possibly impacted by the breach and then the letters were posted online. The letters revealed that personal data could have been exposed to other applicants. This data included phone numbers, addresses, dates of birth, income and financial information, and social security numbers.

What’s In the Loan Program?

The Economic Injury Disaster Loan program (EIDL) offers up to $10,000 to owners currently struggling with their businesses due to the novel coronavirus pandemic.

A Trump administration official described the issue to CNBC saying that an error occurred when some owners would hit the back button on a page they would see the information of someone else’s businesses rather than their own.

How Did The SBA Find Out?

According to reports by the Washington Post, the SBA was initially silent on the duration of the breach or about details of its discovery. Businesses that may have been affected were notified by the SBA and offered one free year of credit monitoring.

The Agency said it discovered the vulnerability on March 25 and notified those affected with letters. A copy of the letter was posted by a victim after the breach. The letter itself mentioned that there is no sign of data misuse as of last week.

What’s The SBA’s Track Record?

Business owners have had issues with the disaster loan website before. The site was taken down for maintenance for several hours on March 16, and owners could not apply during that time. On March 29, the SBA revised its application process for the disaster loans and owners had to reapply. Many learned days or weeks later that they needed to reapply.

Business owners experienced issues with the loan website previously. In fact, the site was taken down for maintenance for hours on March 16. This meant owners couldn’t apply for a loan in that time. About two weeks later on March 29, the SBA updated the application process for the loans and owners were required to reapply.

How Much Money Was Allocated?

As of April 19, SBA had approved almost 27,000 EIDL loans valued at $5.6 billion. Another 755,000 businesses received EIDL grants worth a total of $3.3 billion. The Trump administration official told CNBC that 4 million business owners had applied for assistance worth $383 billion—far more than the $17 billion allocated for the program.

Even before the breach the agency website was strained by a flood of applications for the loan that overburdened funding, keeping businesses waiting for weeks to receive money.

Before the COVID-19 crisis small businesses should have been eligible for up to $2 million in disaster loans. Unfortunately, because millions of companies are now seeking assistance,  the SBA had to limit the loans to the previously mentioned $10,000

What are the Risks Now That There Was a Breach?

That being said, the SBA approved nearly 27,000 EIDL loans since April 19. However, the breach raises a problem for anyone looking to exploit personal information on the website for social engineering scams. IBM Securities published research revealing it had seen a 6000% increase in email campaigns impersonating the SMB.

For more information on cyber security, cloud, remote work and more, visit Nerds Support’s blog.

 

FinTech Compliance Cloud Computing Thumbnail

How Financial Services Keep Data Safe On The Cloud

If you’d like to read more about how financial companies are using the cloud to innovate, click here.

A 2019 Global Wealth Study by Boston Consulting group reported financial services firms are hit by cyberattacks 300 times more than other companies. Financial institutions have a lot of sensitive data cybercriminals can monetize if accessed. That is why the financial services industry is so heavily regulated .

The US has experienced huge breaches of consumer data the last few years. The most famous example in recent memory is the Financial Technology, or FinTech, company Equifax. They experienced a data breach in 2017. The breach compromised the personal financial information and social security numbers of more than 146 million people.

FinTech gives consumers access to mobile banking, personal financial data and other services. However, since FinTech is so recent, it doesn’t have a regulatory framework yet. In the US, for example, in the mobile payment industry there are eight federal agencies with minor oversight over finance. Moreover, all 50 states have their own rules. It’s a very different story for Financial organizations and as we’ve seen above, for good reason.

As we’ve seen, lacking a regulatory framework impacts more than just a financial firm. It puts consumers at risk. In the financial industry, achieving regulatory compliance should be the focus for financial institutions big and small.

Cloud Security and Compliance

For a financial firm, credibility is everything. No organization wants to be fined, shamed or, worst of all, left behind by clients. Therefore, firms need to understand the challenges ahead to achieve compliance. Compliance is one of the biggest reasons financial firms are skeptical about engaging in a cloud strategy. However, once you understand how compliance is achieved in the cloud, the transition won’t seem so daunting.

Cyber Threats

As mentioned above, cyber security threats are sophisticated and aimed at getting your firm’s information. Hackers use a variety of methods to compromise your infrastructure for financial gain.  You can’t discuss cloud compliance without mentioning cloud security. As the workforce becomes increasingly mobile it gets easier to attack organizations operating on insecure networks. As a result ransomware is the most common attacks and is now a $2 billion- per-year industry.

One important thing to keep in mind

One of the main concerns that come up when considering financial cloud compliance is that customers don’t manage their own IT infrastructure.

That’s why it’s important to stress the fact that cloud compliance is a two way street. Managed IT service providers have a contractual obligation to their clients but clients must rely on best practices and regulations to look out for their interests as well.  In other words, a specific provider, be SaaS or HaaS will offer certain compliance and security features, but it’s up to the client to responsibly implement those features. With that said, we move on to the features themselves.

FinTech Compliance Cloud Computing Statistics

What’s Covered by a Financial Cloud provider?

It depends. Since the every cloud provider differs in their services and the way they present information, CPA’s and financial companies should review each cloud option carefully. That means choosing the appropriate cloud provider. Like shoes, cloud providers are not a one-size-fits-all.

Things to look out for when choosing a cloud provider:

1) What data will be stored in the cloud and what will remain in house. Why?

2) Where the data will be stored. Some providers don’t give you this information.

3) Service Level Agreement (SLA). Due to the compliance and regulations standards in the financial services industry, your firm might have to carefully review the types of services the provider offers and which align with your needs.

4) Encrypting Data. Keeping with compliance standards means encrypting sensitive data to protect it.

5) Systems & access controls. Data security is a big compliance mandate. You should know who at your firm has access to what data and what your cloud provider has access to as well.

Regulations and Guidelines

The important thing is that a firm become aware of the regulatory policies and procedures it’s expected to comply with. The Financial Cloud provider should have documentary records of how they plan to meet compliance in the cloud.

The GLBA ( Gramm- Leach- Bliley Act) and the SOX (Sarbanes- Oxley) Act are two main pieces of legislation that deal with the storage and maintenance of information within a financial institution. Therefore, to help with compliance a cloud provider should share information and supply your firm with access to necessary documentation.

Nerds Support’s white paper on compliance details SOX compliance and regulations.

Conclusion

Whether your firm chooses a private cloud or public cloud, compliance guidelines must be met to ensure optimal security. Cloud service providers and financial organizations should continue to improve their processes. Otherwise, your organization will be penalized or even breached. The data migrated from a firm to the cloud is valuable and entrusted to you by your clients. And when you mishandle that data, you run the risk of losing everything.

Financial firms use finacial cloud computing to remain competitive

How Financial Firms Can Digitize & Stay Competitive

Financial organizations are using financial cloud computing technologies to remain competitive as new research reveals banking and finance are becoming more dependent on emerging technology.  

In the old days, the cloud technology was adopted by small start-ups who didn’t have legacy architecture in place or the resources necessary to develop their own onsite IT. Now, larger institutions are moving to the cloud as well. Financial cloud computing stems from the growth of modern cloud providers. They have better security, compliance controls and privacy features. Furthermore, a modern cloud provider can automate many of the manual tasks that could put companies at risk if done improperly. Companies use the cloud to meet compliance and cybersecurity standards.
Although transition to the cloud requires upfront investment, for many financial firms the change means more than cutting costs.

Changing Demographic & Tech

56 million Millennials (ages 23-37) were working or looking for work in 2017, according to the PEW research center, making them the largest portion of the U.S. labor force. This means millennials are becoming the largest drivers of the economy. Millennials are on average more technologically savvy than the previous generations and have driven growth towards a more digital economy.

Banks and other financial institutions must adapt to account for this new trend. Digital banking users have increased from 26% to 51% between the years 2012 and 2017, according to the U.S. Federal Reserve. Consumers are banking digitally, meaning through desktops, laptops, tablets and smartphones.

82% of consumers ages 18-24 were using mobile banking platforms in 2017, indicating a shift towards a more personalized banking experience. They also want to sign up for banking services without needing to visit a physical branch.  

Valued Digital Financial Banking Features Statistics

The Rise of Mobile Banking

Based on a 2018 survey, PwC, a professional services firm, found that mobile users grew from 10% in 2017 to 15% in 2018. This means mobile banking is becoming more popular as time passes. Taking all of these statistics into account, banks should adjust their priorities towards increasing and personalizing digital banking services. There is growing competitive pressure coming from companies like Alibaba and financial startups to go digital in terms of how companies should function and engage with customers.The goal is to make banking services available to people in remote locations where they may others be unable to access local branches.

Digitalization 

Digitalization is also far less expensive than banking in a traditional brick-and-mortar branch. PwC ‘s report titled  Bank of the future: Finding the right path to digital transformation, mentions how some banks create full on digital native banks that use completely digital customer interface and back end.

The report also says, that branch transactions cost about $4 each, while online and mobile transactions cost $0.09 and mobile transactions cost $0.19. Automation is the biggest channel in terms of growth for many businesses across the board.

Going digital makes banks more agile as well. It allows them to quickly adapt to changing customer trends and tastes. Going digital will provide for a testing ground for new services and products where a bank would otherwise have to commit to a strategy and hope it’s successful.

Financial Cloud Computing 

It’s possible to use modern IT infrastructure to set up a digital bank using third party architecture, also known as cloud services or cloud computing. In other words, one can set up an entirely digital bank without the need for internal IT, which would be a huge financial barrier. Instead, one may outsource hardware, software and maintenance to a cloud provider, further decreasing costs and risks.

The true benefits of the cloud appear as teams use these features to operate in more dynamic, agile and efficient ways. The cloud uses virtual machines, digital computers to share and distribute new projects across platforms and devices.

The main reasons companies are adopting the cloud are to improve mobile access and collaboration. Collaboration services improve workplace efficiency, communication and overall improves their bottom line. Companies that migrated to the cloud experienced a 19.3 percent faster growth than those who hadn’t.

Furthermore, the average financial services firm uses 1,004 different cloud services, according to a study by Skyhigh. The survey was performed for 3.7 million finance employees across more than 14,000 cloud services. The report was anonymous and tracked the usage data of bank employees, insurance companies, investment firms etc. Also, the fastest growing cloud service category in the industry is collaboration. This included programs like Microsoft office, Gmail and Evernote.

Security & Compliance: IT Solutions for Finance

While this might sound exciting it means nothing in such a heavily regulated industry as finance. Less than 0.1 percent of financial firms using the cloud meet compliance requirements and security standards. IT solutions for financial institutions are subject to human error as it is. But many cloud providers lack the experience and expertise to help manage highly sensitive data financial institutions must keep secure for their clients. Choosing the wrong provider could mean failure to comply with PCI DSS, SOX, and GBLA standards. This means looking for a provider that specializes in high-end security that complies with these governmental regulations with extreme care. A cloud provider that you can trust, means a firm your clients can trust as well.

A secure cloud means not only compliance, but proactive preventative IT solutions for financial firms specifically. Even secure cloud services pose a risk. A hacker can gain access to data stored in the cloud using login credentials obtained through targeted social engineering or malware. It’s a common practice for users to rely on same passwords with multiple online accounts. 31 percent of people reuse the same passwords, according to a University of Cambridge study.

Multi-factor Authentication

A hacker could gain access to an employees Instagram or twitter account and those to login to other cloud accounts. Look for a cloud service with multi-factor authentication, this decreases the likelihood of this happening. For example, with a multi-factor authentication process, even if your passwords were obtained, the employee would receive a notification on their mobile device requesting authorization. If authorization isn’t given through the device, the user cannot gain access.

Some cloud services providers, like Nerds Support, use programs that require users to change their passwords every month, further decreasing the chances of a breach. The same Cambridge study also revealed users rely on the same 20 unsecured passwords as login credentials. Changing passwords periodically will force the user to create new and distinct login credentials. Highly trained systems engineers could provide further insight into crafting intricate passwords that are inaccessible to anyone except the user.

 

Nerds Support has 17+ years of experience helping financial institutions digitalize while meeting important IT compliance.

Do What’s Best for Your Firm

 It’s important to understand that digitizing everything is not necessarily the best option. Each bank is different and has different strengths and core capabilities. You might not be in a place to fully digital overhaul.

In order to succeed in digitizing where others fail is to define and evaluate your long term strategy. PwC suggests you consider the questions:

  •  What do we want to be known for?

  • What consumer segments are we targeting?

  • What are our core capabilities and how can a digital strategy strengthen them?

Many industries are also on the way towards digitization in order to appeal to the Millennial and Gen -Z that’s following behind. This also means that adopting a digital infrastructure is going to be pivotal in business-to-business (B2B) interactions.

Having outdated or incompatible business models may become a deterrent to industries you want to service and conversely, an updated, innovative structure may appeal to start-ups or bigger companies that are looking to change and want to work with work with institutions that they feel will help them achieve their goals.

Contact Nerds Support today for a complimentary IT assessment where we identify gaps and areas of opportunities in your IT infrastructure.

Transform your team into an agile, lean, modern work environment with Nerds Support’s IT Solutions.

Texas Ransomware Cyber Attack

Ransomware Attacks & Financial Firms

Ransomware Attack On Texas

Tuesday, August 20, 2019 a ransomware attack took place in 22 municipalities in Texas. Computer systems were hacked and held for ransom in a widespread ransomware strike. The cities of Borger and Keene were among those affected. Borger residents couldn’t access birth certificates or pay their utility bills.

Ransomware attacks are a growing problem for governments on a city, state and county level, according to a report by the Cybersecurity and Infrastructure Security Agency (CISA). The type of ransomware was not revealed and no state networks were breached in the attack according to Texas officials.

What is known is that the ransomware came from a single source.

Ransomware

Ransomware is the most common tactic used by cyber criminals because it’s relatively simple to execute and it’s cheap.

This has led to a rise in ransomware attacks since 2017 and most victims are small cities and counties. These cities are perfect because they often have underfunded IT staff and are therefore most vulnerable.

The same reasons that make these places so vulnerable to attack make financial firms vulnerable as well.

Cyber criminals are leveraging ransomware attacks to steal from industries of all kinds, but financial services firms are among the most lucrative.

Here are the reasons why:

  1. They store valuable, sensitive and confidential data that can be sold on the dark web or to a competitor.
  2. They usually have significant amounts of money available. This making them more likely to pay a ransom to get back encrypted data if there’s substantial downtime.
  3. Their IT security is believed to be lacking and inefficient, especially within smaller banks and credit unions.

The Looming Threat of Ransomware Statistics

Ways to Avoid Ransomware & Cyber Traps

Effectively combating ransomware requires implementing technical and cultural measures. This includes:

Training

Ransomware attacks are perpetrated through an email containing an infected link or attached document. Knowing what to look for is half the battle and greatly reduces the chances of falling victim to these attacks.

Here are some telltale signs of a ransomware attack:

  • There are glaring grammar and spelling errors in an ostensibly professional email.
  • You receive an email at odd hours of the day or night.
  • If the link attached to the email connects to an unusual URL. Hover your cursor over the link to check the URL.

Now more than ever it’s important to address this concern. Cyber-attacks affect financial services 300 times more than other companies, according to a report from Boston Consulting Group (BCG). Despite this, BCG found that many financial institutions are poorly equipped to respond effectively to a ransomware attack.

This comes from a failure to prioritize cybersecurity as a top issue. There is an overemphasis on prevention over detection and response. There is also a lack of security awareness in company culture in general, which can worsen the problem.

If employees reuse account credentials like passwords attackers can easily obtain them and cause serious damage. The most dangerous threats come from inside a firm- from a careless employee who fall victim to phishing, spoofing and other social engineering schemes. The resulting losses across the financial services industry run up to tens of billions of dollars.

 

Securing Your Network

It’s important to train users to recognize certain kinds of attacks, but keeping a secure network requires an approached focused on strong network architecture. An infrastructure capable of detecting and eliminating malware that may have found its way into the network.

It’s possible that your network may contain numerous latent threats, so all applications and email inboxes should be properly scanned for malicious content.

Top IT Service providers, like Nerds Support, deploy firewall as well as implementing comprehensive email security to stop threats before they become problems.

They’re also allow you to segment and control access throughout the network to minimize the spread of a virus attack should it get in.

Backups

When a hacker uses ransomware, they encrypt all data and sensitive information necessary to operate. That means payroll, customer’s financial information, email, internal documents and more. The only way to regain access is to pay a ransom of some kind.

If you backup your data, however, that doesn’t have to be the case. With the right strategy, rather than paying ransom, you can just restore your files from the latest back-up and the cyber criminal’s ploy will have been stopped in its tracks.

Cloud based back-up services are the best at this. Nerds Support provides partners with daily backups and updates all systems with the latest security features to combat cyber-attacks. These advanced solutions even allow you to create a virtual copy of your servers on the cloud and restore all compromised data within minutes of a breach or attack.

The Greatest Risk Isn’t What You Think

It’s logical for a cyber-criminal to target financial firms for the reasons mentioned above using ransomware. It’s a reality of living in an ever-more-digital era. Ransomware and other malware attacks are here to stay and should not be ignored. The greatest damage to a firm is not to their business, their productivity or their infrastructure, it’s to their reputation.

Financial services organizations possess people’s most personal financial information. Social security, banking information, credit history, etc. If you’ve failed to take the necessary precautions to prevent or mitigate an attack and your firm is breached, it will be nearly impossible for anyone to trust you again.

When you take on a client, there is an agreement that you will safeguard their information. There is a supposition of trust. If that trust is broken, the thing your service is founded upon, rebuilding your reputation will be an uphill battle for years to come.

What Does it Mean?

In the case of the Texas attacks, the governments of these municipalities have resources that help them recover. They have taxpayer funding, cyber security experts and other advantages that a private organization does not have. Even with these advantages, it’s still struggling to address the overall issue of cyber-attacks.

According to the cyber security firm Recorded Future, the attacks on these 22 cities were the most organized and coordinated attack they’ve ever seen. The Texas Department of Information Resources (TDIR) are currently involved in trying to bring back all systems online as are officials from other federal agencies.

If this is the type of damage that can be done on government institutions, there is no excuse for negligence on the part of any business let alone one as frequently targeted as a financial organization. Take stock of your current IT resources and make sure your company is properly prepared in all respects against ransomware and cyber-attacks.

For more information on Malware, ransomware and social engineering visit our blog or contact us and we’ll answer any questions or inquiries you may have about how to make your firm safe and secure.