CPA firms

IT Security Framework for Accounting Firms

The AICPA released two sets of criteria for public comment this week (Sept 2016) regarding cyber security. Both focus on different elements, but the common theme is the AICPA trying to develop a common framework for audit firms to evaluate the cyber security of their clients (risks and compliance). While this will prove to be very helpful, it got us thinking at Fluid: Do CPA firms themselves have a framework for their own security? Are CPA firms adequately protected from data breaches of their client’s financial information? Are accounting firms prepared to react to and recover from a malicious threat that may cause data loss or temporarily impact the productivity of the team?

Data security is a pressing issue for CPA firms given the rising level of attacks and the sensitive financial data accountants work with. A few data points –

  • Over ½ a billion personal records were stolen in 2015
  • Phishing campaigns targeting employees rose 55% in 2015
  • Ransomware increased by 35% in 2015 (362K reported cases)
  • 1 in 220 emails sent contain malware (431M new malware variants found)

While developing your own cyber security framework may seem daunting given the rapidly shifting threats, the task at hand can be greatly simplified if you break it down into the components parts (and work with professionals). At Fluid, we support our clients in 4 primary areas that each firm must address to have a comprehensive security plan.

1) Compliance Management:Fluid Security Framework

Does your firm understand all levels of compliance required given the data your firm interacts with? This can range from data retention compliance standards to data-center configuration standards. Often great compliance management starts with proper documentation, but rely on staff training and monthly monitoring to ensure/validate compliance.

2) Perimeter Management:

Think of your IT perimeter like the physical perimeter of a secure building. Are all entries and exits secured and guarded? Firewalls, cloud services, and email are major vulnerability points that should be managed and monitored for security purposes. BYOD and the proliferation of mobile devices has extended this perimeter, but these additional problem have solutions if they are approached systematically.

3) Vulnerability Monitoring and Threat Response:

You may know your weaknesses today, but that will change tomorrow; you need to monitor for attacks and have an active response if any attacks are detected. Much of this can be automated, but some expert oversight can make sure you don’t have any unintended gaps.

4) Cloud Backup and Disaster Recovery:

Even the best-run IT Departments may run into an occasional problem, ranging from accidental data loss to a malicious breach. We’ve found from our experience with clients that having a robust, offsite backup in a secure cloud environment can minimize the impact of most problems and greatly improve recovery times.

 

Whether you know it or not, your firm has ongoing IT activities in each of these 4 areas, which require ongoing focus and continual improvement – security is never ‘one and done’.

If you want to review your security practices, give us a call. We can help.

What Law Firms and CPA Firms Have in Common

How can we manage documents securely, collaborate and ensure we are using the correct version?  harvest_poster2How can we ensure we are tracking all our time accurately, without spending a fortune?

Small- to mid-sized CPA and law firms come to us with these questions every day. They may be drastically different professional industries, but they actually have many of the same IT challenges. They want to know how to improve productivity, efficiency, security and revenue.

Like most professional services firms, CPA and law firms must:

  1. Track time so they can bill their clients accurately
  2. Ensure they are not losing billable time due to poor systems or processes
  3. Manage their document security to meet client and regulatory requirements
  4. Find ways to collaborate more easily with their documents
  5. Be able to work from anywhere, on any device, at any time

And like many professional services firms, smaller CPA and law firms struggle with these core processes, but can’t afford the $50,000 solution the big guys use. So they end up using outdated methods to track time, compile data and produce invoices, resulting in a mad rush at the end of the month – and hoping they didn’t miss anything. They use email for sharing documents, and have no process for version control so there is no way to ensure that everyone is using the right document.

You don’t have to run your business like that.

What You Need

It is a known fact – if you don’t track time daily you will have errors and omissions, meaning lost revenue or embarrassing mistakes in invoices to clients.  You can also be open to legal issues in some circumstances.

And did you know that email is not secure? Even if you attach a PDF with a password, that email is not secure. An email creates a footprint on up to four computers before it arrives at its destination. The only way to secure email is through encryption, but that is not the best or most efficient way to share documents.

You can save your firm a lot of time, money and hassle with these technology solutions:

  • Easy-to-use time-tracking systems
  • Secure and reliable cloud-based document storage
  • Task management systems that integrate with time tracking and billing
  • Reliable and secure email
  • Disaster recovery plans
  • IT support

Why You Need It

We have spent a lot of time working with CPA and law firms, so we have seen a lot of nightmare situations first-hand.

  • Clients billed for services performed by a person they’ve never seen before
  • Confidential documents emailed with confidential customer data to the wrong person and unsecured
  • Thousands in lost revenue due to “lost time” because it is not entered daily
  • The wrong “final version” of a document sent to the end customer
  • Invoices delayed weeks due to the brutal process of gathering everyone’s time

If that doesn’t make you reconsider your technology solutions, this will. According to a recent survey from Decision Tree Labs1, 66% of service providers are losing 20 hours per month because people are entering time in multiple systems. And 61% of service providers are losing 20 hours per month because they are not accurate in capturing time.

Check Your Technology Checklist

Regardless of specialty, professional services firms need stable, reliable and easy-to-use applications to meet their core business functional needs – and Fluid can help.

Want to learn more? Block out your calendar on January 22, 2014, and join us to learn about the 10 technology trends law firms and CPA firms should pay attention to.

Register here and join us at III Forks Steakhouse in Dallas on January 22. Or contact us at 1-866-523-6257. We are happy to help.

 

1 The IT Service Provider Benchmarking Study, conducted in February 2013 by Decision Tree Labs on behalf of Autotask Corporation

10 technology trends law firms and CPA firms should pay attention to

Save the date! Your firm can’t afford to miss this.

Top 10 Technology TrendsForks Steakhouse in Dallas on February 26, 2014

Law firms and CPA firms face unique challenges that no other industry faces. Law firms have to meet ethics code guidelines and strictly protect their clients’ privacy. CPA firms must follow rigid data management systems that both reinforce and protect their clients’ financial information. This doesn’t mean you can’t use the newest technology!

Law and accounting offices can benefit from technology that eliminates errors and omissions in time-tracking and billing, makes it safer to share documents and enables you to work securely from your mobile device.

According to a recent survey from Decision Tree Labs1, 66% of service providers are losing 20 hours per month because people are entering time in multiple systems. If that doesn’t make you sit up and pay attention, this will: 61% of service providers are losing 20 hours per month because they are not accurate in capturing time. The numbers add up to big losses if you’re not streamlining your processes.

Get this – companies that use practice management software report higher average hourly rates.

We’re putting together an exclusive event to teach you all about the technologies that will save your firm money, save you time, improve your customer’s experience and improve your hourly rates.

Want to learn more? Block out your calendar on February 26, 2014, and join us to learn about the 10 technology trends law firms and CPA firms should pay attention to.

>> Register here and join us at III Forks Steakhouse in Dallas on February 26, 2014

 

1 The IT Service Provider Benchmarking Study, conducted in February 2013 by Decision Tree Labs on behalf of Autotask Corporation