Posts

5 End-of-Year Tech Tips 2018

As many business owners, CFOs, and solo practitioners think about their end-of-year business planning, it’s a good time to look at your technology end-of-year needs as well. I have covered these five tips:

Passwords

With so many security compromises occurring, following good password management practices is critical. If it has been a while, now is the best time to change and update your passwords. Using passwords with long series of complex characters that are unique to each site can’t be overstated. A good New Year’s resolution would be to start using a password manager to help you keep up with the tasks, such as LastPass or 1Password.

Backups

Backups are the cornerstone of all disaster recovery plans. Each business has its own backup and recovery requirements, but they should be reviewed regularly. The biggest questions around backups tend to focus on time to recovery and archiving data.  Do you have new accounts that are depending on you to work all the time? Does the information you provide need to be stored and retrieved in a certain way, within certain time frames? Updated backup plans will help your company to recover from a cyberattack, major equipment failure, flood or catastrophic mistake made by a staff member.

Technology Budget Planning

Creating a budget or planning a tentative budget for technological needs is not an easy task. Similarly, to set goals for 2019, a certain type of review is required, looking at the past year. The business requirements need to be incorporated into these plans. Will business expansion require increased bandwidth on your Internet connection? in what ways can you improve the security of your client data? What can you do to add more security for remote users? These are just some of the important questions business managers might ask and need to plan for in the New Year. Start with your business goals and previous year challenges to map out new technology investments or enhancements.

Safeguarding Data

An annual review of all company and client data is important for obvious reasons, but it may have compliance implications as well. Putting safeguards in place can help to prevent fraud and identity theft as well as enhance customer confidence and trust. Safeguard reviews should start with an observance of HIPAA, IRS guidelines or other industry standards that may be necessary for your business. You will want to preserve the confidentiality and privacy of all data by restricting access and disclosure. This may not be a costly effort but one that takes awareness and often attention to simple procedures. The recently updated “Safeguarding Taxpayer Data: A Guide For Your Business (Rev. 6-2018)” from the IRS offers many ideas on how to approach the topic, even if you are not an accounting firm.

Policy Reviews

IT policies establish expectations and regulations for behavior related to company technology and networks. Liaise with managers to review past issues and update policies with the organization. Review your current acceptable use policy and find ways to communicate expectations to your employees about proper technology handling. And of course, incorporate a Bring Your Own Device (BYOD) policy along with guidelines on passwords, wire transfers and so on, as the Social Media Use Policy should be considered as a part of your policy review.

How to Build a Disaster Recovery Plan for Accounting Firms

Disaster can strike at any moment, and its effects can be devastating to businesses. One year ago Superstorm Sandy slammed into New Jersey and New York City crippling many organizations for weeks, if not longer. With such dire consequences, it’s critical to have a good disaster recovery plan in place in case the worst should happen for you and your accounts.

A solid disaster recovery plan can be divided into three parts: Planning, Storage, and Recovery. Each part is equally important, and each one should have a thorough plan of its own. For accounting firms, it is not just that your data that you need to protect, it is your customers business information that needs safeguarding.

Planning
A solid disaster recovery plan requires everyone involved to know their roles and be ready to execute them at a moment’s notice. Ideally, a plan should be created with partners and vendors as well. Careful consideration for several broad scenarios helps devise plans that are best based on conditions in your area.  Some suggested disaster considerations include: floods, hurricanes, winter storms, local building issues and security threats.

This is the second key aspect of planning for disaster recovery – always make sure that there are redundant channels and oversight. In case the worst should happen, the channels of communication need to be set up so that everyone knows who to call as a primary, and who to get in touch with in case the primary contact person is unable to be reached. Make sure that everyone knows who the person to contact is in case of a major IT issue, and who the alternate contacts are. Maintaining a strong chain of communication can mean the difference between a temporary outage and a major business disaster. Determining primary and secondary communication options should be part of the plan.

Storage
Storing your data securely for a post-disaster recovery is as important as planning. The first step to storing and protecting your data is choosing a backup and storage method and provider. There are many options available for both backup and storage, and choosing the right one is based largely on the needs of the business.

Larger accounting firms with more involved data needs can opt for an in-house solution using their existing IT staff. Smaller accounting firms, or those with more generic data needs, should instead look at one of the cloud backup services or managed backup providers. Whatever option you choose, it’s important to make sure two requirements are met:

1. Your recovery data should be kept in multiple physical locations separated by some distance. Most cloud and managed backup providers already guarantee this level of duplication and redundancy by distributing your stored data across multiple different data warehouses in multiple locations. However, if you go with an in-house or custom solution, it is important to make sure that backups are not all located in the same datastore, and certainly not in the same building as your offices.

2. Your recovery data should also be stored on physical media somewhere in another location, in case a recovery is necessary and an internet connection cannot be established. External hard drives are a fast and cheap method for offloading data. Of course, the best approach to this varies on the type and amount of data.

Recovery 
The process of recovery begins with a good policy of detection and monitoring. Make sure that whatever disaster recovery plan you create accounts for carefully keeping track of your data in case of less obvious disasters – things like fires when you are out of the office, malicious intrusion (either physical or cyber), power outages and the like. The faster you can learn that your data is in danger, the quicker you can react and the easier the recovery process can be.

As mentioned earlier, everyone on your staff should know who to contact in the event of a major disaster. Make sure to inform your staff that their safety is the top priority – if you’ve been backing up your data properly and storing it offsite, losing your equipment in a disaster is only a temporary setback. Make sure you know where your data is and how to retrieve it. Practice full recovery drills several times a year so that everyone on your staff knows what to do – you don’t want to have to add learning an unfamiliar system to all the other post-disaster stress.

Make sure you have a plan about what needs to be recovered first, where all your priority information is, and how to get to it. For many firms, this will be customer-facing data – websites, client login portals, and any information that needs to be accessed by your clients. It should also include your most sensitive business information.

Having a disaster recovery plan can make the time between disaster and recovery much shorter than it would be without one, and the work required to implement one is minor compared to the risk of losing your business. Your business depends on a good plan and your clients are depending on you to ensure you have them covered as well.

To help in the executing of your disaster recovery process for your accounting firm contact Ease Technologies to learn more how we can help. 888-Ease911