Last week’s Institute of Internal Auditors (IIA) cyber fraud webinar was a great reminder. Basic IT controls that we learned years ago are still valuable to follow. Sales reps may promise that their product is the “silver bullet” for preventing cyber fraud, but those apps don’t replace good old fashioned IT controls and training.
Fraud has existed for a long, long time. Technology gives criminals new opportunities to perpetrate bigger frauds more quickly than ever before. Many data breaches occur because basic IT controls are neglected, leaving systems vulnerable to hacks and malware. Purchasing advanced solutions doesn’t replace basic IT controls.
Four basic IT controls that reduce cyber fraud are:
- Update and Patch Management
Skipping system updates and patches create vulnerabilities, such as those that were exploited by hackers in some recent cyber fraud events (e.g., Equifax and Home Depot). Excuses for skipping updates and patches include lack of time and concern about impacts on other systems. Updates and patches are crucial — they protect systems with up-to-date security processes.
System logs and periodic monitoring should be established to detect operating activities or conditions that should not occur. Anomalies, such as after-hours transaction volume spikes and data transmitted to an unauthorized IP address, should be monitored and acted on. Automated alerts and error reports require follow-up and action to be effective.
- Password Management
Passwords are the key to the front door of an organization’s systems. Sharing passwords and keeping factory-issued passwords are like hanging the keys on the door knob. One example is when a system administrator fails to change the manufacturer’s default password, leaving the door to that system wide open to unauthorized access.
- Fraud Risk Training
Traditional methods, like training and documentation, make people aware of cyber threats and vulnerabilities. Real life examples of the risks and costs of a data breach, and techniques used by hackers to manipulate people and data, help workers to recognize risks and how to avoid them.
Even after investing in silver bullet applications, organizations can still fall victim to cyber fraud due to a breakdown in basic IT controls. Following these four basic IT controls help organizations reduce their vulnerability to expensive cyber fraud.
I often open my workshops with the question: “How many of you started your business to keep the accounting records?” Funny thing; no one ever raises her or his hand. Can it be that people start a business to engage their passion and serve customers?
Last week at the Whole World Workshop for health and wellness practitioners, I got the usual response to that question. No hands, but several chuckles. At that point, everyone was relaxed and ready for my presentation about Finance Fundamentals.
My presentation focused on four essentials for a healthy business:
- Separate Business and Personal Finances
The risks of commingling funds are a negative impact on your personal credit and cash flow and an inability to get a clear, isolated view of business finances. It’s never too early to open a separate business bank account, one for each separate and distinct business. Also, apply for a business credit card to help with payments and cash flow.
- Keep Up-to-Date Accounting Records
Keeping up-to-date records means you always know your financial situation. Separate accounting records should be kept for each business to substantiate income and expenses. No particular record keeping method is required – accounting package or spreadsheets – to capture the date, amount, business purpose, and income/expense type.
- Develop Budget and Cash Flow
Use income from existing sales and vendor contracts, leases, and historical data to develop an annual budget. Identify operating expenses by category. Remember seasonal and one-time items. Include plans for investment and growth. Project cash flow needs for 12-to-18 months based on when payments are due to make sure bills are covered.
- Track Financial Performance
Prepare and review a monthly bank reconciliation, income statement (i.e., P & L) and balance sheet. Compare actuals with budgeted income and expenses to identify where your plans need adjusting. Assess cash flow inflows and outflows to make sure you keep enough funds on-hand to meet expense obligations.
Maintaining a healthy business means keeping it “alive” and ready to deliver its products or services. The four essentials described above are as good as “an apple a day” to keep your business in good financial health.
Even after investing tons of money in technology and security for data protection, organizations still fall victim to data breaches. Why? Because security doesn’t work if people don’t use systems securely. Recent news events and surveys of IT security professionals reveal that the biggest cybersecurity risk comes from people.
A prime example is when a system administrator fails to change the manufacturer’s default password. The door to that system is wide open to unauthorized access. Phishing e-mails are a popular mechanism for exposing systems to attack.
Traditional methods, like training and documentation, make people aware of cyber threats and vulnerabilities. Another way to drive home the risks and costs of a data breach is to hear about real life techniques used by hackers to manipulate people inside your organization.
If you think your business isn’t at risk, a few scary, true stories about accessing and stealing sensitive data will change your mind. One of my IT referral partners, Envision Consulting, is hosting a workshop where participants will hear from the World’s Most Famous Hacker – LIVE!
A top cybersecurity expert, once on the FBI’s most wanted list and now a trusted, worldwide security consultant, is the main speaker at Envision Consulting’s “Top Business Executive Cybersecurity Workshop of 2016” on October 19th. His experiences demonstrate why people are the weakest security link and how easily they can be manipulated into handing over the keys to the kingdom. Registration and details: http://bit.ly/29yV0yx
Walk away with concrete ideas and techniques to adopt immediately in your business to lower the chances of becoming the victim of the next high-profile cybersecurity attack. Your people may be your greatest cybersecurity risk. Attending this workshop could be the greatest investment you make to mitigate that risk.
Nonprofits promise donors to use funds to deliver programs in support the mission. Those same nonprofits also strive to keep expenses low, especially in non-program areas. But the cost of bootstrapping non-program areas, like accounting, can be huge – and invisible.
Nonprofits have a legal responsibility to protect and account for their funds. Using reliable and effective systems and processes are part of fulfilling that legal responsibility. Investing in accounting infrastructure is essential. Knowing WHY accounting is essential helps nonprofits talk to stakeholders about funding infrastructure investments.
Three benefits that nonprofits get from reliable, effective accounting systems and processes are:
- Clear, Accurate View of Finances
Manual or disjointed processes make it difficult to get accurate, up-to-date financial information. The Board, executive director, and program managers don’t get the information they need to make good decisions for the organization. Investing in qualified staff, efficient systems, and standard processes helps nonprofits control and safeguard finances.
- Fewer Errors and “Do-overs”
A lack of clear, coordinated, and complete processes results in mistakes. Correcting errors and re-doing tasks eat up time that could be spent doing something else. Automating processes reduces the chances of a human error. Coordinating processes between people, roles, and responsibilities increases the chances of getting things done right the first time.
- Time Savings for All
Not all accounting processes are performed by the accountant or bookkeeper. Program managers and others provide receipts, timesheets, and other information that impact the accounting records. Manual or inadequate processes to collect and record information from the organization pose a challenge to maintaining accurate and complete financial information. Everyone gets time back in her or his day when processes and systems are coordinated with the rest of the organization.
Knowing the benefits of reliable, effective accounting systems and processes can help nonprofits explain the importance of infrastructure investments to their stakeholders. Explaining WHY will result in donors understanding that nonprofits cannot afford to keep bootstrapping their accounting.
Last week, I took an IRS exam to earn the Enrolled Agent (EA) credential. Being an EA will allow me to represent clients or interact on their behalf with the IRS. That’s on top of preparing income tax returns for businesses, individuals, estates, and nonprofit information returns.
The EA or other tax credential is one thing to look for to find a qualified tax preparer. Clients need to know that a knowledgeable tax professional is helping them follow the tax laws and take allowable deductions.
So what other experience or background should tax payers look for when “shopping” for a tax preparer? Other than getting referrals from colleagues, family and friends, taxpayers should ask prospective tax preparers these three questions:
- How Do You Keep Up with Changing Tax Laws?
Tax laws are constantly changing so it’s important to work with a tax professional who keeps up, so you don’t have to. Your tax preparer should describe attending conferences, webinars, or other methods she or he uses to stay current.
- What are Your Experience and Credentials?
Tax preparation is an unregulated industry where anyone can participate. Get examples of tax situations, client types, and complex issues where the tax preparer has experience. Her or his answers will indicate if she or he will be able to address your needs.
- How Do You Communicate with your Clients?
Does the tax preparer you are interviewing meet regularly with clients? Are meetings in person? Is the person available for you if a tax-related question or issue comes up? Make sure you feel comfortable with the tax professional’s style, manner and process.
It’s important to have a qualified tax preparer that is prepared to meet your needs. Feeling confident and comfortable with the answers to these three questions is a good sign that your taxes will be prepared accurately and consider allowable deductions.
This week, my business is two years old! Anniversaries are cause for celebration and reflection — a good time to check your progress and feel great about your accomplishments.
Looking back on my business from its start to its Second Anniversary, growth and success depend on these four important activities:
Continue reading “Two Years in Business!”