Posts

Miami-Based Nerds Support Inc. Ranked Among Top 200 of World's 501 Most Elite MSP's

Nerds Support is Among The World’s Most Elite MSP’s

Nerds Support Ranks Among The Top 200 Managed Services Providers 

Nerds Support is one the world’s premier managed services provider on the 13th annual Channel Futures MSP 501 rankings for 2020. The company is proud to have won this honor for the second year in a row.

In 13 years, the MSP 501 has grown from a competitive ranking list to an eclectic group of service providers, vendors, distributors and industry analysts that now define the managed services industry.

In response to demand from telecom agents, resellers, digital agencies and other non-MSP channel partners that are spinning up managed services practices, we are excited to this year launch the NextGen 101, an MSP 501 list. 

The demand for telecom agents, digital agencies, agents and other partners interested in managed services practices, MSP 501 released this top-tier list of exemplary managed services provider.

To read the full press release click here.

Channel Future’s 501 Ranking

MSP’s across the world complete an extensive survey and application reporting their services, rate-of-growth, annual total and recurring revenues, pricing structure and more to determine their eligibility. MSP’s are ranked using a unique methodology developed by Channel Futures that weighs revenue figures according to how well the applicant’s business strategy predicts and adapts to trends and growth within the industry.

Nerds Support’s History 

Nerds Support is a Miami based managed IT Services Company that provides IT consulting, support, cloud computing, Software-as-a-service (SaaS) and cyber security support to a variety of industries but focuses on manufacturing, logistics, financial and CPA firms. Scott Richman founded Nerds Support in 2004, hoping to provide small to medium sized businesses the assets need to gain a competitive edge by the strategic use of IT and support technologies.

Using his knowledge as a Microsoft Certified systems engineer, Scott built infrastructures unique to each of his clients and partners to provide them with a fully functioning IT services department. In the 15 years since its founding, Nerds Support has become the reliable partner of now successful companies and as they have grown so have we. The success of Nerds Support’s partners has coincided with our own because our partner’s success is Nerds Supports as well.

Nerds Support now has a thriving team of industry systems engineers and IT professionals with a combined 30+ years of experience in Technologies support, services and security. “We have a real passion for helping our clients,” said Scott. “We want to make sure our clients have the IT infrastructure, that they have the tools, that they have someone working with them helping them develop in a world that’s becoming more reliant on tech.”

That is why Nerds Support was ranked “…among the most elite, innovative and strategic IT services providers on the planet,” according to Kris Blackmon, Content Director of Channel Partners & Channel Futures. 

SOX 1 & 2 Financial Compliance Thumbnail

What is SOC 1 & SOC 2 Compliance?

What Are SOC 1 and SOC 2 Reports ?

Service organizations, like financial advisers and accounting firms, are required to meet compliance requirements. The two most common compliance frameworks are SOC 1 and SOC 2.

SOC 1

Service Organization Control 1, or SOC 1, reports are for businesses that handle financial information for their clients. This report ensures that financial information is managed securely by the organization.

In other words, SOC 1 reports assure costumers that your business has the appropriate controls in place to protect their financial information. SOC 1 features Type 1 and Type 2 compliance reports.

Furthermore, this report is conducted by a third party SOC Audit service and usually applies to businesses that provide financial related services.

The SOC 1 report focuses on the service organization’s controls and key control objectives decided by the organization.

A SOC 1 report is part of the SSAE, the Statement on Standards for Attestation Engagements (SSAE) 18 AT-C Section 320. SOC 1 reports were established by the American Institute of Certified Public Accountants (AICPA).

SOC 1 evaluates service control. However, a service organization is responsible for deciding key control objectives for the services they provide clients. Control objectives refer to business processes (controls concerning processing client information) and IT processes ( controls concerning the security of client information).

A service organization that needs a SOC 1 report can be companies that offer payroll services to clients. Typically, outsourced services provide their customer or client with a SOC 1 report as proof that they have reliable internal controls in place.

Type I Reports vs Type II Reports

Now that we’re clear on the difference between SOC 1 and SOC 2, we can go into the types. A type 1 exam evaluates the design of controls as of a particular date.

A type II exam also evaluates design of controls, however it also includes testing operation of controls over a period of time. The type II exam covers a minimum of six months.

Type I reports

Essentially, Type I reports allow auditors to perform risk assessments and let businesses know they can perform critical assessment procedures. The report describes an organizations system and how it works to achieve goals clients and customers. These reports also test how controls achieve specific objectives on a chosen date.

Type II

A type 2 report demonstrates the effectiveness of those controls over a period of time. Moreover, type 2 reports are a review of an organizations internal controls over a period of 6 to 12 months and includes an in-depth review of those controls.

When an organization undergoes the audit, they are continuously audited either annually or semi-annually. Additionally, a type 2 report analyses an organization’s environment to evaluate if the organization’s internal controls design and functionality are effective.

SOC 2

The difference a SOC 2 report have from SOC 1 are that the SOC 2 report addresses an organization’s controls pertaining to operations and compliance standards. The AICPA developed Trust Service Criteria, or TSC, which determines the standards for trustworthy controls.

Things like security, integrity, availability, privacy, and confidentiality are all aspects of TSC. However, the only TSC required in SOC 2 is security.

So, if a service organization chooses, they can take a SOC 2 report that focuses solely on security or all five TSCs depending on their specific requirements for audit.

SOC 1 & 2 AICPA Regulations values security, privacy, confidentiality, processing integrity, and availability.

In Summary

– SOC 1 reports deal with internal controls pertinent to the audit of a service organization’s client’s financial statements.
– SOC 2 reports deal with  service organization’s controls pertinent to their operations and compliance. This is detailed by the AICPA’s Trust Service Criteria (TSC).

For more content regarding Compliance, cyber security, Cloud technology, news and more visit our blog.

SOC 1 & 2 Financial Compliance Leaderboard

IRS Safeguard's Rule Cyber Security Social Engineering Customer Data

Renew Your Tax ID Number & Secure Your Data

The Importance of Data Security

It’s time to renew your prepared tax identification number (PTIN) for 2020. A data security responsibilities statement was added to the PTIN renewal process. It was added to keep you aware of your legal obligation to have a data security plan and data protection for taxpayer information. This is due to the Safeguard Rule. The Safeguard Rule states, “financial institutions must protect the consumer information they collect.”

As cyber-criminals continue to attack CPA firms, data security becomes more important. Accounting firms have important and sensitive client information hackers can use to get access to accounts or sell on the dark web. As a result, 71% of cyber breaches are financially motivated, according to a Verizon report on cyber-attacks in 2019. Knowing that, it’s easy to see why the accounting industry is so appealing to a cyber-criminal. Moreover, they steal taxpayer information and file fraudulent tax returns that they benefit from.

IRS Safeguard's Rule Cyber Security Social Engineering Customer Data

Securing Your Data as a CPA

If you’re an accountant or part of CPA firm, don’t fret. There are a few things you could do throughout your day to minimize risk of vulnerability to these attacks and keep your clients safe in the process.

Protect all email accounts with strong passwords. 81% of company data breaches are due to poor passwords, according to another Version report. Cyber criminals, like many people don’t want to work hard, they want to work smart. Therefore, they try and find the simplest route to achieving their objective. This is to say, if their objective is to hack an account the first thing they aim to get access to is password information. For instance, protect email and work accounts by using longer, more complex passwords that use a mix of numbers letters and symbols. Multi factor authentication is an additional way to prevent password access. For example, Nerds Support’s cloud software partner “Workplace”, requires users to log in through their desktops and their mobile devices. If the user fails to confirm they’re attempting to log in to their account within a few seconds, access is denied entirely.

Download anti-phishing software programs that help fight against phishing scams. 92% of malware is delivered through email. In addition, there anti-phishing programs like “avast!” and “Google Safe Browsing” that check pages against potential threats.

Do not open or download any attachments from suspicious or unknown domains. Hackers often use personal information on social media to create the illusion that they’re either existing or potential clients.

Only send password-protected, encrypted documents when files are shared with client over email.

Always back up sensitive data, preferably in a secure external server.

Develop a detailed security plan for clients.

The rising popularity of Cloud Computing

These simple IT solutions for accounting firms won’t replace a secure network and infrastructure. Managed IT for CPA businesses is an investment that will protect a firm from an attack of any kind.  As a result, any accounting firms are choosing to adopt cloud services for CPA firms specifically due to regulation requirements.

Cloud computing has become a strategic investment for many accounting firms. It has real-time responsiveness, a secure and scalable infrastructure, and a multitude of services that adapt to industry specific requirements. Additionally, the cloud helps develop a security plan to ensure an accounting firm complies with the safeguard rule.

The standard for cloud accounting service providers is maintaining compliance. Cloud compliance is the principle that cloud providers must be complaint with standards that the cloud customer faces.

Working in the cloud gives organizations flexible, convenient and secure solutions but it also requires working closely with the cloud provider and IT services team. All cloud providers have something called a Service level agreement.  SLA’s cover things like quality of service, availability and responsibilities of the cloud provider . That is to say, it’s a contract between the cloud provider and the client. Look into SLA’s if and when choosing a service provider.

There is a rising emphasis on data security and protection, as we discussed in the opening paragraph. The cloud is a helpful opportunity to advance your IT infrastructure. Make sure you’re doing everything you can to secure your client’s sensitive data.

If you have any further questions, Contact Us and we’ll be sure to answer them swiftly!

Financial women blind-folded in front of books representing regulatory compliance.

Regulatory Compliance: Compliance is Everything

The Need For Regulatory Compliance

Regulatory compliance is  a dull subject. Yet, if your financial institution or business ignores or isn’t aware of it –it could cause problems.

Regulatory compliance ensures organizations follow state and federal law, as well as federal standards and procedures. That may sound simple enough, but considering the variety of mandated regulations like HIPAA, SOX and PCI DSS, falling out of compliance happens fairly frequently. If that happens, you’re looking at possible audits, federal fines, even public scrutiny and negative attention that comes with an investigation. In a time where social media shapes perception, a company cannot risk losing business because of their reputation.

The reality is, not maintaining regulatory compliance only takes you towards significant revenue loss for your organization, or even worse.

Penalties for violating SOX compliance standards, for example, and can lead to millions of dollars fines, removal from listings on the public stock exchange and even years in prison. That is why compliance is often the focus of an organization’s security system.

Regulatory Compliance Isn’t Easy But…

While there are different types of compliance regulations for different industries, the three largest are HIPPA, SOX and PCI DSS. Your particular organization might need to comply with one or all three. Whatever the case may be, it’s important to familiarize yourself with the specifics of the regulations that apply to you. That being said, it’s possible to think you are taking the necessary measures to ensure compliance and still be in violation of one or more regulations. This happens unintentionally or unknowingly.

Some of the reasons for this might be because you’re referencing outdated material, updated or new wording of rules replaces old and misunderstandings on how these laws are interpreted by the various enforcement agencies.

Furthermore, these regulations are constantly changing and keeping track of all the minute alterations can take time and energy better used on other business related goals.

 

Cloud Compliance

Cloud computing for banking and investment services involves a lot of data. Even processing data has to go through regulatory benchmarks. These benchmarks are called Data localization laws. Cloud compliance just means that a cloud service provider is meeting regulatory standards required for their clients.

Data localization is important to understand financial cloud compliance. It should not be confused with data sovereignty. Data localization laws require personal data to be handled in a specific territory instead of a cloud provider. Laws in different countries often differ regarding this. Here are some financial tech support requirements you need to verify with any potential cloud provider.

SOX Compliance

SOX requires the following to be bench-marked, audited and monitored regularly, specifically sections 302, 404, and 409:
• Information Access
• Internal controls
• Database activity
• Account activity
• User activity
• Network Activity
• Login activity

Industry Costs of Compliance Statistics
IT Security:

The Gramm-Leach-Bliley (GLB) Act requires companies legally defined as “financial institutions” to ensure the security and confidentiality of sensitive client information. Therefore, IT security is an essential requirement everyone in the financial services industry.  Given the nature of the data a financial organization possesses, there are serious repercussions for shirking this responsibility.

Make sure the right controls are installed to avoid data breaches and you have the tools ready to alleviate any issues if they occur. Investing in services that monitor and protect your financial database is essential to complying with regulation.

Data Backup:

Always keep backup systems to protect your sensitive data. Both data centers and on-site IT infrastructure are subject to the same SOX compliance requirements. Finance IT solutions is not only about support but security as well.

Access Controls:
This regards both electronic and physical systems put in place to stop unauthorized users from viewing sensitive financial information. Part of this is adopting effective security measures like implementing multi-factored authentication, keeping servers or data centers in secure locations.

What Can You Do?

Considering you are in the best position to look after your businesses’ affairs, you should familiarize yourself with the most recent regulatory compliance information. Knowing as much as possible about the nuances of regulatory mandates prepares you to understand compliance regulations. Moreover, you can leverage this information to stay updated on any changes and plan accordingly.

You should then adopt IT solutions for finance that are in complete compliance with industry standards. That means finding cloud financial support with expert knowledge on regulation and compliance.

You should try to find an organization that creates a customized infrastructure that serves your specific requirements. Additionally, it should take into consideration all the standards mentioned previously: HIPAA, SOX and PCI DSS.

For more information on compliance standards and compatible IT solutions visit our website or call us at (305) 551-2009 and we’ll answer any questions or inquires you might have.

Accounting Firms SOX Compliance

Are You an Accountant? What You Should Know About SOX Compliance

Background & History of SOX

The Sarbanes-Oxley (SOX Compliance) Act of 2002 mostly came about due to a great deal of national attention surrounding several financial and accounting scandals by major corporations in the early-to-mid 2000’s. These corporations, like Enron, Tyco International, AIG, Adelphia, Peregrine Systems, and WorldCom were discovered to have executives within each organization who falsified accounting records to either secretly steal money for themselves, or to disguise decreasing company earnings, which falsely maintained higher company stock prices.

Because of this, most of the corporations either failed or were sold off, and left in their wake thousands unemployed and billions of dollars lost

As a result, Congressmen Paul Sarbanes , D-Md., and Michael Oxley, R-Ohio, joined forces to create the SOX Act, creating an enforcement method with the goal of protecting shareholders and the general public from accounting errors and fraudulent practices in the enterprise, as well as improving the accuracy of corporate disclosures.

The Act became law on July 30, 2002 and is named after Sarbanes and Oxley, who sponsored it. The act set deadlines for meeting compliance and established requirement rules. Moreover, Congressmen Michael Oxley and Paul Sarbanes drafted the act to create more accountability in the corporate sector.

SOX Compliance Statistics Accounting

Effects & Benefits

The Public Company Accounting Oversight Board was created due to SOX, setting specific standards for audit reports. It obligates all auditors from public companies to register with them. Also, it prohibits accounting firms from doing business consulting with the companies they are auditing. They can still act as tax consultants.

SOX compliance is both a legal obligation and an effective business practice. Although, companies should behave ethically without the need for these standards. Implementing SOX  has the added benefit of protecting a company from cyberattacks like malware and ransomware. Additionally, SOX compliance includes many of the practices of any data security plan.

There are many elements of SOX compliance, all of which Nerds Support are well familiar.

IT SOX compliance solutions for accountants and CPA professionals

A Brief Overview of the Major Elements of SOX Compliance

● Public Company Accounting Oversight Board (PCAOB)

– Provides independent oversight of public accounting firms providing audit services, as well as enforcing registration of auditors, defining the specific processes and procedures for compliance audits, inspecting and policing conduct and quality control, and enforcing compliance with the specific mandates of SOX.

● Auditor Independence

– Establishes standards for external auditor independence to limit conflicts of interest, as well as addressing new auditor approval requirements, audit partner rotation, and auditor reporting requirements.

● Corporate Responsibility

– Mandates that senior executives take individual responsibility for accuracy and completeness of all corporate financial reports.

● Enhanced Financial Disclosures

– Sets enhanced reporting requirements for financial transactions, as well as requiring internal controls for assuring the accuracy of financial reports and disclosures.

● Analyst Conflicts of Interest

– Includes measures designed to help restore investor confidence in the reporting of securities analysts.

● Commission Resources and Authority

– Defines practices to restore investor trust in securities analysts. As well as defining the SEC’s authority to censure or bar securities professionals from practice.

● Studies and Reports

– Require the Comptroller General and the SEC to perform various studies and report their findings.

● Corporate and Criminal Fraud Accountability

– Describes detailed criminal penalties for altering or destroying financial records, also including any other interference with investigations, all the while providing certain protections for informants.

● White Collar Crime Penalty Enhancement

– Increases the criminal penalties associated with white-collar crimes and conspiracies.

● Corporate Tax Returns

– States the Chief Executive Officer must sign company tax returns.

● Corporate Fraud Accountability

– Identifies corporate fraud and records tampering as criminal offenses, and lists to specific penalties for such offenses. The SOX Act contains several specific, severe consequences for violations of any and all specific parts of the act.

 

Penalties for not complying with SOX can lead to fines, removal from the public stock exchange, and more. By the same token, CEOs and CFOs who knowingly submit an incorrect certification to an audit faces up to 20 years in jail and $5 million in fines.

How certain are you that your organization is operating within strict SOX compliance? With Nerds Support, you’re just a call away. Our Miami IT Solutions team is ready to help you tackle all your IT needs. With over 17 years of experience in helping leaders in the accounting industry we know how to help you succeed.