Posts

Channel Futures MSP501 2021 Award Winner

Nerds Support is a Top 40 MSP in the World on the MSP501!

Nerds Support has been recognized as one of the premier Managed Services Providers (MSP) on the 14th annual Channel Futures MSP501 rankings for 2021, ranking in the Top 40 of all MSP’s in the world! Our team is proud to have been granted this honor for the third year in a row.

In 14 years, the MSP501 has grown from a competitive ranking list to an eclectic group of service providers, vendors, distributors and industry analysts that now define the managed services industry. And this year it was reported to have received the most applicants for the list since this award was founded!

Channel Futures MSP501 Ranking

MSP’s across the world complete an extensive survey and application reporting their services, rate-of-growth, annual total and recurring revenues, pricing structure and more to determine their eligibility. MSP’s are ranked using a unique methodology developed by Channel Futures that weighs revenue figures according to how well the applicant’s business strategy predicts and adapts to trends and growth within the industry.

Especially after last year with the boom in remote work technology, many companies experienced growth, so this growth’s significance is only amplified further.

Nerds Support’s History

Nerds Support is a Miami-based managed IT services company that provides IT consulting, support, cloud computing, Software-as-a-service (SaaS) and cyber security support to a variety of industries, specializing in manufacturing, logistics, financial/wealth management and CPA firms. Scott Richman founded Nerds Support in 2004, hoping to provide small to medium sized businesses the assets need to gain a competitive edge by the strategic use of IT and support technologies.

Using his knowledge as a Microsoft Certified systems engineer, Scott built infrastructures unique to each of his clients and partners to provide them with a fully functioning IT services department. In the 17 years since its founding, Nerds Support has become the reliable partner of now successful companies, and as they have grown, so have we. The success of Nerds Support’s partners & clients has coincided with our own, because our their success is Nerds Support’s as well.

Nerds Support now has a thriving team of industry systems engineers and IT professionals with a combined 30+ years of experience in Technologies support, services and security. “We have a real passion for helping our clients,” said Scott. “We want to make sure our clients have the IT infrastructure, tools, and support they need to succeed and develop in a world that’s becoming more reliant on technology.”

That is why Nerds Support was ranked “…among the most elite, innovative and strategic IT services providers on the planet,” according to Kris Blackmon, Content Director of Channel Partners & Channel Futures.

You can view the full MSP501 2021 list here.

SOX 1 & 2 Financial Compliance Thumbnail

What is SOC 1 & SOC 2 Compliance?

What are SOC 1 and SOC 2 Reports ?

Service organizations, like financial and accounting firms, are required to meet compliance requirements. The two most common compliance frameworks are SOC 1 and SOC 2. But what exactly are they? More importantly, how does SOC I and SOC II work exactly?

SOC 1

Service Organization Control 1, or SOC 1, reports are for businesses that handle financial information for their clients, also known as service organizations. This report ensures that financial information is managed securely by the business itself.

In other words, SOC 1 reports assure customers that your business has the appropriate controls in place to protect their financial information. Furthermore, SOC 1 features Type 1 and Type 2 compliance reports.

This report is conducted by a third party SOC Audit service and usually applies to businesses that provide financial related services.

The SOC 1 report focuses on the service organization’s controls and key control objectives decided by the organization.

A SOC 1 report is part of the SSAE, the Statement on Standards for Attestation Engagements (SSAE) 18 AT-C Section 320. SOC 1 reports were established by the American Institute of Certified Public Accountants (AICPA).

The purpose of SOC is to evaluate service controls. However, a service organization is responsible for deciding key control objectives for the services they provide clients. Control objectives refer to business processes (controls concerning processing client information) and IT processes ( controls concerning the security of client information).

A service organization that needs a SOC 1 report can be companies that offer payroll services to clients.

Typically, Managed IT Services providers supply their customer or client with a SOC 1 report as proof that they have reliable internal controls in place.

Type I Reports vs Type II Reports

Now that we’re clear on the difference between SOC 1 and SOC 2, we can go into the types. A type 1 exam evaluates the design of controls as of a particular date.

A type II exam also evaluates design of controls, however it also includes testing operation of controls over a period of time. The type II exam covers a minimum of six months.

Type I reports

Essentially, Type I reports allow auditors to perform risk assessments and let businesses know they can perform critical assessment procedures. The report describes an organization’s system and how it works to achieve goals clients and customers. These reports also test how controls achieve specific objectives on a chosen date.

Type II

A type 2 report demonstrates the effectiveness of those controls over a period of time. Moreover, type 2 reports are a review of an organization’s internal controls over a period of 6 to 12 months and includes an in-depth review of those controls.

When an organization undergoes the audit, they are continuously audited either annually or semi-annually. Additionally, a type 2 report analyses an organization’s environment to evaluate if the organization’s internal controls design and functionality are effective.

SOC 2

The difference a SOC 2 report have from SOC 1 are that the SOC 2 report addresses an organization’s controls pertaining to operations and compliance standards. The AICPA developed Trust Service Criteria, or TSC, which determines the standards for trustworthy controls.

Things like security, integrity, availability, privacy, and confidentiality are all aspects of TSC. However, the only TSC required in SOC 2 is security.

So, if a service organization chooses, they can take a SOC 2 report that focuses solely on security or all five TSCs depending on their specific requirements for audit.

Managed IT services providers like Nerds Support can achieve a SOC 2 certification in order to properly care for and handle sensitive client data.

SOC 1 & 2 AICPA Regulations values security, privacy, confidentiality, processing integrity, and availability.

In Summary

  • SOC 1 reports deal with internal controls pertinent to the audit of a service organization’s client’s financial statements.
  • A SOC I audit allows service organizations to report and examine internal controls that pertain to its customer’s financial statements.
  • SOC 2 reports deal with  service organization’s controls pertinent to their operations and compliance. This is detailed by the AICPA’s Trust Service Criteria (TSC).
  • A SOC II audit covers a combination of five distinct criteria:  Security, availability, process integrity, confidentiality and privacy.

If you have any questions about how your business can effectively maintain data compliance, give us a call at (305) 551-2009 or email us at [email protected].

And for more content & news regarding Compliance, cyber security, Cloud technology and more, visit our blog!

SOX 1 & 2 Financial Compliance Leaderboard

Financial cloud Industry Digitizing with the Cloud

Financial Cloud for The Financial Services Industry

Cloud for Financial Services Industry

Financial cloud services is an evermore popular topic these days, especially with the rising necessity of remote work options. Financial services organizations are moving to the cloud for a competitive advantage, advanced security and the potential for innovation. The global finance cloud market was valued at more than $15 billion in 2018 and is expected to reach about $55 billion by 2024, according to report by Mordor Intelligence.

One of the driving factors in cloud finance is operational efficiency. Moreover, by using the cloud, companies are able to offer end-to-end loan processing in record time, surpassing finance industry benchmarks.

Finance and asset management is undergoing a radical transformation. Four out of five organizations that participated in a Bizagi report say that providing a better customer experience that can respond to customer needs enables competitive advantage.

Digital Transformation

Companies continue to explore the cloud for financial services and its benefits. Additionally, cloud software provides companies the ability to focus on revenue and wealth management, while maintaining customer relations.

CSPs arose as a leaders in the digital transformation of various industries. These industries like retail and distribution represent sectors with medium to low regulatory oversight. This reduces some of the complexities associated with implementation.

However, adopting the cloud for highly regulated industries like banks, insurance and healthcare companies did not follow this trend. CSPs lacked the maturity to meet financial organizations’ regulatory and compliance requirements. But this has changed in recent years, with cloud adoption increasing within the industry according to a Gartner study.

Both the banking and insurance industries are adopting cloud services. The study also states that by 2020, 36 percent of institutions will use the cloud to support more than half of their transactional systems of record.

Regulations and Standards

The entry way to the cloud does have its challenges and it’s important to understand the full picture. Those who work in an industry as heavily regulated as that of financial services don’t need  reminders of their importance. There’s an expectation that Financial services organizations protect sensitive data and are subject to strict data security requirements. Data protection, business continuity, data privacy are considered when outsourcing their infrastructure over to a cloud service provider.

Financial services are among the most regulated industries with regards to data privacy and security. There’s a long list of regulations that include: PCI, DSS, GLBA, GDPR, Dodd-Frank, FFIEC, SOX and the USA Patriot Act.

Reluctance to Adopt the Cloud

With 71 percent of financial service businesses agreeing that digital transformation needs to happen fast in order to prevent commercial failure, what problems stop these companies from committing to the cloud?

In a survey released in March 2015, the majority of participants cited data security as their primary concern, with application development and testing being their primary desire of utilizing the cloud.Financial Industry Respondents Statistics on Digitizing with the Cloud

Reasons to Adopt the Financial Cloud

Despite those concerns, the reality is financial cloud security is actually an upgrade, and actually deter or remove any potential risks to data. A cloud provider uses top grade security features and a team of highly skilled systems engineers that monitor suspicious activity around-the-clock. Cloud service providers (CSP), like our IT Support for Financial firms also implement automated backups every day to reduce risk of data loss in case of a breach. The cloud is better than traditional systems with security. Using pattern matching technology to recognize anomalies when they appear, cloud providers prevent risks rather than create it.

CSPs are extremely secure and have redundancies in place. Regardless, it’s up to each financial institution to understand what they are buying from a CSP, the type of risks associated with the service provided, and the regulatory requirements. For example, depending on the importance of a FI’s service and the sensitivity of their data, the FI can choose the level of encryption. Passwords and encryption keys can be managed in various ways; some CSPs, like Nerds Support, offer additional services like “security as a service.”

Some CSP’s, like Nerds Support, take the added step of achieving compliance with HIPAA and PCI DSS regulations. In doing so they show the capacity to meet stringent security requirements, enabling customers to leverage security capabilities to meet these compliance requirements.

A Customized Cloud

Financial institution need to assess all the risks involved in their processes. Some of those tasks cannot be outsourced. That’s why the financial organization goes through a strict evaluation and assessment of the provider to ensure the quality of service is guaranteed as promised when choosing a provider.

The greatest risk for any organization, however, is not being ready to implement a digital transformation. Larger organizations face internal resistance. There is a resistance to change that plagues both large and small companies.

As more and more companies adopt cloud solutions, however, those in the financial services industry are looking to implement the cloud themselves to keep up. The need to incorporate on demand, easy-to-use services to meet ever changing customer expectation.

The skepticism by financial institutions is understandable. However, they were using Amazon Web Services which is a public cloud provider. There are CSP’s that cater to mid-market businesses and offer personalized services to their partners in the financial services industry. These types of services are more characteristic of private or hybrid clouds.

For example, CSP systems engineers at Nerds Support take the time to evaluate their partners’ current IT infrastructure through an extensive consultation process, rather than pushing a one-size-fits-all cloud service.

Things to Consider

The point here is that CSP’s are not all the same. They vary in the services they provide and how the go about implementing the cloud itself.
When adopting a cloud strategy, financial services decision makers should watch out for:

• Cloud providers that are unwilling to use compliance and up-to-date security to improve and personalize their service.
• Cloud providers that lack the financial services expertise necessary to maintain compliance and regulation standards.
• Make sure that your cloud contract states you keep ownership over all your data.

Customer Support is Important

In the early years of cloud computing, customer support was a huge issue for users. Users plagued by poor response times, inexperienced technicians and overall poor customer experience. Since then, CSP’s have taken great strides in improving support. Cloud technology has been around long enough to better implement through industries that benefit.

If you need a rapid response to client issues, make sure that your cloud services provider has options available for technical support. These options should include phone consultations, email and user training.

The reason to emphasize this point is because a CSP partnership is one that works best when it’s long term. Choosing a cloud provider that dissatisfies means going through the grueling process of migrating from one account partner to another. The problem is, many of these applications don’t easily transfer to other systems.

What are you waiting for?

It’s time for the financial services industry to leverage financial cloud to improve productivity, security and service. The opportunities and capabilities are there. For more information on  financial cloud services, call us at (305) 551-2009 or contact us with the button below.

Nerds Support Contact Us Leaderboard

IRS Safeguard's Rule Cyber Security Social Engineering Customer Data

Renew Your Tax ID Number & Secure Your Data

The Importance of Data Security

It’s time to renew your prepared tax identification number (PTIN) for 2020. A data security responsibilities statement was added to the PTIN renewal process. It was added to keep you aware of your legal obligation to have a data security plan and data protection for taxpayer information. This is due to the Safeguard Rule. The Safeguard Rule states, “financial institutions must protect the consumer information they collect.”

As cyber-criminals continue to attack CPA firms, data security becomes more important. Accounting firms have important and sensitive client information hackers can use to get access to accounts or sell on the dark web. As a result, 71% of cyber breaches are financially motivated, according to a Verizon report on cyber-attacks in 2019. Knowing that, it’s easy to see why the accounting industry is so appealing to a cyber-criminal. Moreover, they steal taxpayer information and file fraudulent tax returns that they benefit from.

IRS Safeguard's Rule Cyber Security Social Engineering Customer Data

Securing Your Data as a CPA

If you’re an accountant or part of CPA firm, don’t fret. There are a few things you could do throughout your day to minimize risk of vulnerability to these attacks and keep your clients safe in the process.

Protect all email accounts with strong passwords. 81% of company data breaches are due to poor passwords, according to another Version report. Cyber criminals, like many people don’t want to work hard, they want to work smart. Therefore, they try and find the simplest route to achieving their objective. This is to say, if their objective is to hack an account the first thing they aim to get access to is password information. For instance, protect email and work accounts by using longer, more complex passwords that use a mix of numbers letters and symbols. Multi factor authentication is an additional way to prevent password access. For example, Nerds Support’s cloud software partner “Workplace”, requires users to log in through their desktops and their mobile devices. If the user fails to confirm they’re attempting to log in to their account within a few seconds, access is denied entirely.

Download anti-phishing software programs that help fight against phishing scams. 92% of malware is delivered through email. In addition, there anti-phishing programs like “avast!” and “Google Safe Browsing” that check pages against potential threats.

Do not open or download any attachments from suspicious or unknown domains. Hackers often use personal information on social media to create the illusion that they’re either existing or potential clients.

Only send password-protected, encrypted documents when files are shared with client over email.

Always back up sensitive data, preferably in a secure external server.

Develop a detailed security plan for clients.

The rising popularity of Cloud Computing

These simple IT solutions for accounting firms won’t replace a secure network and infrastructure. Managed IT for CPA businesses is an investment that will protect a firm from an attack of any kind.  As a result, any accounting firms are choosing to adopt cloud services for CPA firms specifically due to regulation requirements.

Cloud computing has become a strategic investment for many accounting firms. It has real-time responsiveness, a secure and scalable infrastructure, and a multitude of services that adapt to industry specific requirements. Additionally, the cloud helps develop a security plan to ensure an accounting firm complies with the safeguard rule.

The standard for cloud accounting service providers is maintaining compliance. Cloud compliance is the principle that cloud providers must be complaint with standards that the cloud customer faces.

Working in the cloud gives organizations flexible, convenient and secure solutions but it also requires working closely with the cloud provider and IT services team. All cloud providers have something called a Service level agreement.  SLA’s cover things like quality of service, availability and responsibilities of the cloud provider . That is to say, it’s a contract between the cloud provider and the client. Look into SLA’s if and when choosing a service provider.

There is a rising emphasis on data security and protection, as we discussed in the opening paragraph. The cloud is a helpful opportunity to advance your IT infrastructure. Make sure you’re doing everything you can to secure your client’s sensitive data.

If you have any further questions, Contact Us and we’ll be sure to answer them swiftly!

Financial women blind-folded in front of books representing regulatory compliance.

Regulatory Compliance: Compliance is Everything

The Need For Regulatory Compliance

Regulatory compliance is  a dull subject. Yet, if your financial institution or business ignores or isn’t aware of it –it could cause problems.

Regulatory compliance ensures organizations follow state and federal law, as well as federal standards and procedures. That may sound simple enough, but considering the variety of mandated regulations like HIPAA, SOX and PCI DSS, falling out of compliance happens fairly frequently. If that happens, you’re looking at possible audits, federal fines, even public scrutiny and negative attention that comes with an investigation. In a time where social media shapes perception, a company cannot risk losing business because of their reputation.

The reality is, not maintaining regulatory compliance only takes you towards significant revenue loss for your organization, or even worse.

Penalties for violating SOX compliance standards, for example, and can lead to millions of dollars fines, removal from listings on the public stock exchange and even years in prison. That is why compliance is often the focus of an organization’s security system.

Regulatory Compliance Isn’t Easy But…

While there are different types of compliance regulations for different industries, the three largest are HIPPA, SOX and PCI DSS. Your particular organization might need to comply with one or all three. Whatever the case may be, it’s important to familiarize yourself with the specifics of the regulations that apply to you. That being said, it’s possible to think you are taking the necessary measures to ensure compliance and still be in violation of one or more regulations. This happens unintentionally or unknowingly.

Some of the reasons for this might be because you’re referencing outdated material, updated or new wording of rules replaces old and misunderstandings on how these laws are interpreted by the various enforcement agencies.

Furthermore, these regulations are constantly changing and keeping track of all the minute alterations can take time and energy better used on other business related goals.

 

Cloud Compliance

Cloud computing for banking and investment services involves a lot of data. Even processing data has to go through regulatory benchmarks. These benchmarks are called Data localization laws. Cloud compliance just means that a cloud service provider is meeting regulatory standards required for their clients.

Data localization is important to understand financial cloud compliance. It should not be confused with data sovereignty. Data localization laws require personal data to be handled in a specific territory instead of a cloud provider. Laws in different countries often differ regarding this. Here are some financial tech support requirements you need to verify with any potential cloud provider.

SOX Compliance

SOX requires the following to be bench-marked, audited and monitored regularly, specifically sections 302, 404, and 409:
• Information Access
• Internal controls
• Database activity
• Account activity
• User activity
• Network Activity
• Login activity

Industry Costs of Compliance Statistics
IT Security:

The Gramm-Leach-Bliley (GLB) Act requires companies legally defined as “financial institutions” to ensure the security and confidentiality of sensitive client information. Therefore, IT security is an essential requirement everyone in the financial services industry.  Given the nature of the data a financial organization possesses, there are serious repercussions for shirking this responsibility.

Make sure the right controls are installed to avoid data breaches and you have the tools ready to alleviate any issues if they occur. Investing in services that monitor and protect your financial database is essential to complying with regulation.

Data Backup:

Always keep backup systems to protect your sensitive data. Both data centers and on-site IT infrastructure are subject to the same SOX compliance requirements. Finance IT solutions is not only about support but security as well.

Access Controls:
This regards both electronic and physical systems put in place to stop unauthorized users from viewing sensitive financial information. Part of this is adopting effective security measures like implementing multi-factored authentication, keeping servers or data centers in secure locations.

What Can You Do?

Considering you are in the best position to look after your businesses’ affairs, you should familiarize yourself with the most recent regulatory compliance information. Knowing as much as possible about the nuances of regulatory mandates prepares you to understand compliance regulations. Moreover, you can leverage this information to stay updated on any changes and plan accordingly.

You should then adopt IT solutions for finance that are in complete compliance with industry standards. That means finding cloud financial support with expert knowledge on regulation and compliance.

You should try to find an organization that creates a customized infrastructure that serves your specific requirements. Additionally, it should take into consideration all the standards mentioned previously: HIPAA, SOX and PCI DSS.

For more information on compliance standards and compatible IT solutions visit our website or call us at (305) 551-2009 and we’ll answer any questions or inquires you might have.