ASCPA E-Zine Series
Technology for CPAs Innovative trends to protect your data and help with your success
www.ascpa.com
•••
1
Contents Data Security —Protecting the Treasure Trove by Edward K. Zollars, CPA............2 Social Media — Exploring Digital Strategies for Business and Career Growth by Eric Majchrzak.........................5 The Hackers are Coming! Six Solutions to Protecting Your Information by Marcus A. Clarke.................... 7 Technology Trends to Monitor in 2014 by Thomas G. Stephens, Jr...........8 Inside or Out: Options for IT Disaster Recovery Planning by Michael Nyman, CPA...............10 Mobile Office Necessities —Technology Tips for Successfully Implementing a Mobile Office by Thomas G. Stephens, Jr........... 11 Minimize the Risk from Viruses by Randy Johnston......................13 Technologies to Green Up Your Practice — Nine Tweaks that can Help Improve Your Company’s Efficiency in a Paperless World by James Bourke, CPA/CITP...........16
Published by The Arizona Society of CPAs
Arizona Society of Certified Public Accountants 4801 E. Washington St., Suite 225-B Phoenix, Arizona 85034-2021 (602) 252-4144 www.ascpa.com
2
•••
www.ascpa.com
Data Security
Protecting the Treasure Trove by Edward K. Zollars, CPA Identity theft is a growing problem, with individuals finding it to be a costly and upsetting experience. A Department of Justice/Javelin Study & Research study found that the average loss to a victim of identity theft was $4,930 and total annual losses from identity theft are now estimated at $21 billion. Obtaining the information to steal a person’s identity has become a major criminal undertaking, and thus anyone who holds data that could be used to steal a person’s identity is potentially at risk to be targeted to obtain that data. CPA firms, by the very nature of their practice, are holding such significant amounts of such data in electronic format. Such data is often not only on the firm’s servers, but also either on or easily accessible on portable devices, including laptops, phones, portable hard drives and USB thumb drives. Protecting that treasure trove of data that would be of great interest to data thieves has become the responsibility of the CPA. Every CPA needs to understand just how they and their firm could “leak” data and the steps they need to take to insure the firm does not become a source of data used to steal the identity of a client or clients. Unfortunately this is going to require an understanding of technology by all members of the firm. It is not possible to protect your client by simply “hiring an IT consultant” and having some sort of automated system put in place which will solve the firm’s problem. More likely you’ll discover the IT consultant is going to require all members of the firm to undergo training on security issues.
ASCPA E-Zine Series - Technology for CPAs Computer System Attacks The firm needs to be concerned first with the possibility that a third party might obtain access to data by attacking the computers used inside the firm. Such computers are an excellent place to obtain the data, since the user will generally have logged into the firm’s servers and have access to client data sitting on the server. Software that infects the machine can easily be set to surreptitiously watch or scan for identity related data and transmit that to a server outside the control of the firm. While up to date security software is a necessary base level of defense for the firm, such software has significant limitations that must be understood by all members of the firm. Believing that just because you have installed up to date security software and have Windows update set to automatically install updates there are no issues represents a false level of security. Malware authors are continuously developing new modes of attack and testing those attacks against the major security packages out there. While security vendors become aware of such attacks and update their software, each new attack has a window of opportunity when it will not be blocked by the security suite—and while the security vendor is writing a fix to block this attack, the malware authors are readying the next attack. Thus it is important that members of the firm understand behaviors that put them at risk for malware infection. Keeping Windows (or whatever other operating system up to date) and all other software (such as Adobe Acrobat) up to date by automatically installing security patches is a key first step that all users must take. Malware authors reverse engineer patches issued by the vendors to close security holes and then rush out software to exploit those holes. Thus a system that is not updated is at a high risk for compromise. Limit your browsing of websites on firm computers to those directly related to the firm’s practice. Many exploits are “drive by” exploits that target issues with browsers, and in some cases those exploits have made use of methods to insert malicious code into websites without the knowledge of the entity hosting the site. That has included getting into ad networks and dropping code into ads. Consider the use of products like NoScript for Firefox. NoScript is an add-on for Firefox that refuses to run Javascript or Flash from websites until the user authorizes the site. While very secure, it is also very tedious to deal with and, unfortunately, most users are going to find it so much of a bother that they will simply turn it off. However, since exploits tend to make use of such “active” code on websites using such a product greatly increases security. Be highly suspicious of items received via email. A good rule is to never click a link from an email but rather type an address
in the browser’s address bar. It is trivial to “hide” where an email link is really going to, and making use of such links to “divert” users to load malware is fairly common, as well as using such emails to simply have users provide data directly to the nefarious party. Similarly, do not open anything received as an attachment that arrives from a third party unless you are expecting to receive the item. If an item arrives unexpectedly, confirm with the sending party that they have truly sent you something. And be extremely cautious if you receive an email that attempts to panic you into opening an attachment.
Portable Devices
• • •
We are now carrying around Good cryptography significant amounts of data in is a system that, our portable devices. Even a without the key, fully solid state drive equipped cannot be broken ultrabook, which many users complain have “small” drives, effectively without are equipped with 128GB drives. having the decryption Such drives can hold more data key. than most firms used to have on their main data servers. Similarly, our smart phones and tablets are now coming with internal storage of 64GB and more. We also have placed significant data on USB thumb drives and portable hard drives, which provide additional sources of data leakage when the devices are lost or stolen. It’s not tough to lose a USB thumb drive by accident, such as when it falls out of a pocket or purse while you are simply trying to get your car keys or take out your wallet. A key first step is that all such devices should be encrypted. While Microsoft has a native boot drive encryption technology for Windows (BitLocker), prior to Windows 8 it only was available in the Enterprise and Ultimate editions of Windows 7 and Vista. As well, if your machine does not have a TPM chip in it (and many inexpensive laptops don’t) you need to edit the registry to enable boot drive encryption, not a step for the faint of heart. However, if BitLocker is an option that you can set up or your IT consultant can do for you, it should be enabled. In that case a thief will need to be able to provide your password in order for any data to be read on the drive. Without that password, the drive simply contains random data that will be of no use to the thief. If BitLocker is not an option, third-party software can be used to encrypt the drive. A free, open source option is the TrueCrypt software (http://www.truecrypt.org) which can be used to encrypt the boot drive. While you might think such
www.ascpa.com
•••
3
• • • A quick way to determine if a vendor can access your data is to see if they offer an option to recover your password. If they can reset your password and give you access to the data, that means they could do the same for anyone — not just you.
open source, free software would be less secure, generally such software is more secure since it can be fully vetted. If the software is widely used (as TrueCrypt is), it’s fairly certain that the software is being continually vetted. Commercial software often attempts to depend on security by obscurity—they keep their method “secret.” That method is generally doomed to fail. Good cryptography is a system that, without the key, cannot be broken effectively without having the decryption key. Thus, knowing the details of the algorithm
does not open up the system to being unwound—rather, the thief needs the key (which is why complex passwords are so important). Portable devices (such as USB drives and portable hard drives) should be encrypted. If you have a BitLocker capable machine, you can encrypt such drives and the drive will be readable even on versions of Windows that don’t allow you to create BitLocker drives. TrueCrypt can do the same, though you’ll need to install the TrueCrypt software on machines on which you will want to read the data. Phones and tablets are more troublesome. However, most will allow you to have data on the device encrypted (check the system settings) assuming you use a password or passcode. iOS devices (Apple iPhone and iPad) can also be set to wipe their data if someone fails ten consecutive times to provide the proper password—an option that should be turned on. While restoring the iPhone or iPad from a computer backup in this case may be a pain, it’s much less of a problem than the firm will have if that data gets into the wrong party’s hands.
Third-Party Services A final key exposure is the use of third parties by the CPA firm to handle data. For instance, the use of offsite backup in the cloud is an often recommended procedure for disaster recovery—and, frankly, it has much to recommend it. But one problem is that when you backup your server to the cloud you are sending all of the valuable information to a party you don’t control.
4
•••
www.ascpa.com
At the basic level, a company should do its due diligence by reviewing the agreement they sign with any such such third party. Does the outside vendor agree not to access or use the data? Can they access the data or is it kept encrypted in a form that renders it inaccessible to them? And what is their procedure if they receive a subpoena for such data? After all, if you are paperless I can obtain your workpapers by attempting to get your backup vendor to give them to me via subpoena or court action—so will the third party notify you in that case? More to the point, can they really see the data? While policies are all well and good, reality is that if there is a rogue employee in the organization (and the recent issues involving Mr. Snowden indicate that even the NSA has issues vetting people they give access to IT systems) such policies might be bypassed. However, if the entity truly cannot see the data at all, they both cannot turn over the data without your notice in response to a subpoena and a rogue employee won’t be able to grab the data. A quick way to determine if a vendor can access your data is to see if they offer an option to let you recover your password. If they can reset your password and give you access to the data, that means they could do the same for anyone—not just you. Some vendors will offer you the option of having a “trust no one” option turned on where only you have access to the key. Often doing so will mean that if your password is lost, your data is similarly lost and you won’t have the ability to access data on tablets and smartphones—but that lack of convenience may be minor compared the risk of data loss. Often such services will be marketed by the vendors as “HIPAA compliant” since medical records are subject to special controls to attempt to control “leakage” of such data. Firms may also consider handling issues on their own and bypassing the third parties, doing automatic off-site backup via links to firm controlled equipment at other locations. While that is clearly possible, a firm must be careful to insure that they don’t introduce additional vulnerabilities with such a system. Reputable third-party vendors will have security specialists on staff who can insure that various vulnerabilities that might exist in supporting software can be addressed rapidly. Edward K. Zollars, CPA, is a shareholder of Thomas, Zollars & Lynch, Ltd., and concentrates in tax matters for privately held companies and individuals. Zollars has previously served as a member of the AICPA Tax Division’s Member Practice Improvement and Tax Technology Committees, and is currently a member of the ASCPA’s Tax Section Steering and Tax Legislation Committees. He is on the Advisory Board of the Phoenix Tax Workshop. He can be reached at edzollars@thomaszollarslynch.com.
ASCPA E-Zine Series - Technology for CPAs That’s breaking trust. If you are looking to embrace social media, there should be no gap between the way people experience you in person and the way they experience you online. If you are engaging and considerate in person, shouldn’t you also be online? Be consistent. Your reputation online is just as important in the digital space. In many ways, the stakes are higher because the social web acts as a megaphone.
Be Careful
Social Media Exploring Digital Strategies for Business and Career Growth by Eric Majchrzak From business development to building your personal professional reputation, using social media successfully depends upon how you structure your efforts and how much you give. Your commitment to social media should be considered an investment, much like the time and effort you spend developing trusted relationships. You have to give in order to get. Always think about the ways you can offer value to your network.
What Social Media are About Social media are inherently about relationships. Social media platforms provide two-way communication. Like the telephone, these channels are a vehicle to hold conversations. Relationships can be nurtured in person and online; in both cases it’s important to maintain and build those connections. Social media are about trust. To create trust, you need to build social capital, which is the currency of social media. Social capital can be defined as the level, trust and credibility that you have built up among people, the depth and meaning of those relationships, and the level of action a community will take on your behalf. This is an important concept because social media are considered “Trust” mediums. When someone creates a post on Facebook that attracts comments and the original poster doesn’t respond, that’s the equivalent of turning your back on someone in a conversation.
It can take months and even years to build reputation and trust, but it only takes a minute to ruin it. It’s critical that you use good judgment and common sense when online. Assume everybody sees what you post all the time. Be aware of its pitfalls, be sensitive to others and make sure your posts aren’t just about you or your company. If you have one misstep, it can be magnified – and it can lurk around forever.
Successful Outcomes of Social Media The business case for social media is powerful. Here are some of the more popular outcomes you can accomplish. While this is not an all-inclusive list, it’s a good representation of the major business objectives of social media: Business intelligence/research — Information on your clients, prospects, recruits and employees is now at your fingertips. Much can be gained when you get the back-story on people. If you have a meeting with someone for the first time, you can visit their LinkedIn and Facebook profile and get a better picture of who they are — both as an individual and as a company. Lead generation/sales — There are many ways companies can grow their practice using social media. From the content you post, to promoting certain products, to showing thought leadership, staying active on your channels and trying different things will often trigger a sale. One underutilized tactic is monitoring and searching for sales opportunities through people’s pain points. For example, if you search certain terms like “recommend accounting firms” or “recommend consultant” in LinkedIn groups or Twitter, many queries will come up from people in need. This is a proactive approach to finding new business. Enhancing relationships/networking — Social media is just like having a conversation in person. You have the ability to comment on what others post, you can reach out to people directly and connect. Deep relationships can be developed. Many of the folks I’ve met online are close friends, and in many cases I’ve never met them in person. When you are consistent and have built trust online, good things can happen, including: introductions, business opportunities, invites, referrals and leads.
www.ascpa.com
•••
5
• • • Consistency in social media and online communication will pay dividends. Posting content your audience finds valuable will demonstrate you are an expert. Recruiting — Social media comes in handy when trying to recruit or look for a job because it gives a candidate a peek under the hood of your company. Visiting a organization’s Facebook page will offer a glimpse of company culture. It’s good for candidates and it’s good for companies who are hiring. LinkedIn allows you to sort through passive candidates and those who are more active in the market. Often candidates will have robust profiles that include their skills, passion and community involvement. This transparency streamlines the interview process and gives people more information on how to prepare walking into an in-person meeting. Awareness (expanding your influence/reach) — Social media is a megaphone for your expertise. While publishing an article used to be the main way thought leaders would get their message out to the world, digital channels now allow you to expand your reach and reputation exponentially into different markets at virtually no cost. Building reputation, trust and credibility — Again, consistency in social media and online communication will pay dividends. Posting content your audience finds valuable will demonstrate you are an expert. Consider making introductions, building connections, reposting other people’s updates and sharing other people’s writing. Be a resource and share your knowledge freely.
titative goals are more important because they are about the relationships. How much value are you providing? How many doors have you opened? Think about what you’re trying to accomplish online and in your practice. Actions — There are several tactics you can employ to get started on implementing your social media strategy: Publish — Think about the message you want to put out to your audience and start creating content that speaks to this message. Post frequently. Share and Promote –—Start sharing the content of others, promote their news and comment to build trust. Monitor — Observe what conversations people are having. Conduct searches and stay on top of prospects and opportunities. Network — Expand, expand, expand. Ask for friend requests, start following people, ask someone to connect with you, and answer emails in a timely manner. All these activities will broaden your reach. Advertise —There are paid options to get the word out about your business. Depending on what your goals are, you may decide to do some or none. Know what’s available. Devices — To stay relevant, you will have to experiment with social media platforms – choose what works for you. Consider how your information is going to flow. Is your blog going to be the “hub” of your activities or your website? Create a game plan for your content marketing. What devices and platforms will you use? Engage and Measure — Constantly assess if these tactics are helping you reach your goals. LinkedIn and Facebook both have enhanced analytics to allow you to see in real time how many people read or share your post. While it’s difficult to put a metric on a relationship, it’s important to look at the connections you have built and your investment in them.
Develop a Strategy We know social media plays into our success as firms, but how do you develop a strategy? Research -—First, find your constituents online. If you are selling products to engineers, go where the engineers hang out. Do your research and find their communities. They may not be on all the social media channels, but you may find they spend a majority of their time on one or two. Go there and make yourself and your business known. Objectives — Next, figure out your goals and objectives. There are qualitative goals that we all like – number of fans, followers, likes you get on any given post or page. But quan-
6
•••
www.ascpa.com
The Personal Brand? A quick thought about brands: Social media obviously helps build company brands. When it comes to the individual, however, the idea of a personal brand is an oxymoron. Brands are inheritantly impersonal. Individuals are building their reputation; companies are building their brands. When individuals create a brand, they start acting like a corporation – and are usually not as transparent or genuine.
Social Media = Powerful Tool Whether you’re a firm, business or an individual, social media
ASCPA E-Zine Series - Technology for CPAs are a powerful tool that can help you communicate, network and find opportunities to enhance your business growth and career. Stay aware, experiment, but most importantly have fun and be genuine. Eric Majchrzak is a shareholder and chief marketing officer at BeachFleischman. He can be reached atemajchrzak@beachfleischman.com.
The Hackers are Coming! Six Solutions to Protecting Your Information by Marcus A. Clarke Every month it seems there’s a new massive data breach—Target, Nieman-Marcus, Hilton and Adobe. Where does this all end? Unfortunately, it doesn’t, and to understand why, you must first forget everything you thought you knew about hackers. There exists a global illicit economy that lives in the shadows of the “real” economy. A large part of this is fueled by credit card fraud. This fraud is the “bread and butter” of cybercrime, which today dwarfs the global illicit drug trade. This “dark economy” is truly massive; close to a trillion dollars annually, and a growing force already flexing its political power. Certain sovereign nations turn a blind eye to such activities because they serve a valuable purpose of providing economic growth, generating hard currency, and poking the rich western nations in the eye. In the past, these bands of hackers have enjoyed a certain popular “Robin Hood” appeal, but the business has now grown
• • •
far beyond its quaint roots. It is today a highly competitive, Banks are spending ruthless market where there enormous sums to are no rules whatsoever. The global Internet has many legacombat credit card cies that are hugely positive; fraud. However many unfortunately this is not one of have balked at making them. This dark economy really the shopping process took off when the Internet bemore secure because came a means of conducting it might inconvenience financial transactions, such as the consumer and slow shopping. Credit card companies quickly realized they could down their spending. hit the jackpot. At that time, most transactions were conducted by cash or by check, in person or by mail. Check processing actually cost money for the bank, but credit card transactions made a two to four percent fee right off the top. This was like a pot of gold at the end of the Internet rainbow. The promise of transforming the consumer economy such that banks would get a cut of virtually every consumer financial transaction was mind-boggling. All banks had to do was encourage cardholders to shop on the Internet. So they made it easy, and even provided assurances that transactions would be safe and liability for fraud would not exceed $50. The rest is history. For the global banking system, the Internet has become immensely profitable, as they have effectively become a taxation authority on all consumer purchases. However, there is a hidden, dark side. They have been paying an enormous price in fraud and this is what’s fueling much of the dark economy. Banks are extremely circumspect on this issue, because they absolutely do not want to scare people away from using their credit cards online. How do they cover this fraud? It’s not rocket science. Banks are paying perhaps two percent for their money, charging 12-18 percent to consumers, charging merchants close to three percent for every sale and consumers a fee every time they hiccup. There’s so much profit that even with massive fraud, banks are still making a killing. True, banks are spending enormous sums to combat credit card fraud. However many have balked at making the shopping process more secure because it might inconvenience the consumer and slow down their spending. U.S. credit cards could in fact be made more secure, like those in Europe, by adding a smart chip in the card but this hasn’t happened for the reasons above. At some point in the near future, the bank’s cost/benefit equation will tip. Consumers will become less wary and growth in online shopping will slow while data
www.ascpa.com
•••
7
breaches and cybercrime continue to grow. So now you get the picture. Big banks don’t want to spook us from shopping and paying bills on the Internet because it’s fabulously profitable. However, in making it so easy, they are also knowingly feeding an ever-growing dark economy by allowing massive amounts of fraud. It’s a strange, parasitic relationship in which we, the consumers are the “host” and the banks are feeding off us, and the cybercriminals are feeding off the banks. Of course you and I are paying for all of this, but the price may soon become much higher if this situation continues. The banks, by their own voracious appetite for profit, have allowed criminal organizations to grow to a size that presents an almost impossible challenge for law enforcement. Now you know the real story behind what you see in the headlines. So what does all this mean for you as a professional or small business owner? No technology available today can fully secure your network. No one, not even Google, Adobe, Microsoft or the U.S. Government has achieved this. That doesn’t mean you can’t take effective, affordable actions.
• • •
rity updates. Cybercriminals attack it with glee because they know that Your biggest problem millions failed to upgrade. today is having to 6. Your biggest problem today is having to legally report a data legally report a data breach and notify customers. This breach and notify will most likely occur via a lost or customers. This will stolen computer or storage device that wasn’t encrypted. Sensitive most likely occur data or client files should never via a lost or stolen leave your business premise in an computer or storage unencrypted form. Any notebook device that wasn’t should be encrypted, as should any USB drive. encrypted. After reading this, you might feel hopeless, but don’t despair. You can effect great improvements with solid policies, some updated technology and professional help. But take note, it’s unrealistic to expect an all-around computer professional will have the skills necessary to effectively secure your organization. Even the best don’t know what they don’t know, so get help from an experienced cyber-security specialist. A good way to start is an
Six Precautions You Can Take Now 1. If your organization allows personal Internet use, your risk of infection is vastly higher. Any Windows desktop that has access to sensitive data should have very restricted Internet access, and no personal use privileges. I recommend eliminating all personal use, or separating the two by having separate desktops on separate networks. Using a secure virtual desktop for work is one approach that is gaining popularity. 2. It is likely that one or more of your computers have some type of malware that could potentially expose your data. However, it is unlikely that anyone is actually looking around your network. It’s simply not worth the effort for a human hacker to do this, but this will likely become automated. Then all bets are off. 3. Ransomware, a form of malware that encrypts all your files with a secret key and demands a payment for this key, is becoming more prevalent. Your only recourse is to restore from backup (you’ve tested your backups, right?) or pay about $300. 4. Spam email remains the most common way computers become infected. Usually by an infected attachment or links to an infected web site. This is the number one area to focus attention for security awareness training and defenses. Allowing any personal email access from a business computer will likely bypass all defenses except the desktop anti-virus. 5. If you are still running Windows XP on any machine on your network, get rid of it. On April 8, 2014, Microsoft ended XP secu-
8
•••
www.ascpa.com
Technology Trends to Monitor in 2014 Here are six technology trends that may help you work smarter and improve your business. While not all of the these technologies may be applicable to all organizations, the pervasiveness with which these tools, services, and devices are appearing, leave no doubt that these are the technology trends you should monitor and capitalize on in 2014.
Software Licensing is Changing In the past, most individuals and organizations did not spend much time considering how they licensed software. Rather, as needs arose, they simply purchased licenses of boxed software, such as Microsoft Office. While these options still exist and may
ASCPA E-Zine Series - Technology for CPAs be viable in many cases, for an increasing number of individuals and organizations, licensing software through monthly subscription plans provides not only more functionality, but it reduces costs. For example, companies seeking to acquire “traditional” licenses of Microsoft Office Professional Plus 2013 will pay more than $500 for each license of the software. However, you can acquire the same software in an Office 365 subscription model for as little as $12 per user, per month. Further, when acquired through the Office 365 subscription model, you can install the software on up to five computers that you use, as opposed to one computer in the traditional model. As you seek to update/ upgrade/replace your current software, inquire to see if your software publisher offers a subscription model and, if so, carefully weigh the merits of changing how you license your software.
Cloud Collaboration is Real As workforces grow increasingly mobile and as professionals continue to need to collaborate with others both internal and external to their organizations, using the Cloud as a collaboration tool is gaining favor rather rapidly. In the past, team members would accomplish this by subscribing to individual accounts with services such as Dropbox, Box, SugarSync, and Google Drive. Although each of these services provides exceptional levels of functionality, challenges exist with respect to the ownership and security of organizational data stored in Cloud services licensed by individuals. Accordingly, many organizations desiring to reap the benefits of Cloud-based collaboration are turning to corporate-level services such as, SharePoint, AccountantsWorld, SkyDrive Pro, and ShareFile to use the Cloud safely and securely as a mechanism for collaboration. By opting for corporate-level accounts, you can stay in control and ownership of the data that you and your team may choose to store in the Cloud, yet still receive all of the benefits of being able to collaborate with other users on critical documents. Further, storing critical documents in secure Cloudbased services allows you to retrieve those documents from most, if not all, devices you use, including your desktop, laptop, tablet, and smartphone. The combination of these factors leads to increased organizational efficiency, productivity, and security and means that we cannot ignore the Cloud as a collaboration vehicle.
Windows 8 is a Substantial Player for Businesses Though shunned by some upon its initial release, Windows 8 and Windows 8.1 are really beginning to shine for many individuals and businesses. Designed as a “dual-personality” oper-
ating system, Windows 8/8.1 allows users to work the way that they want, either in touchscreen mode or classic mouse and keyboard mode – or both at the same time! Beyond user interface changes, you will likely find Windows 8/8.1 to be faster and more secure than prior versions of Windows. Coupled with innovative features such as Windows To Go, Picture Passwords, and the ability to search your computer and the Internet simultaneously, Microsoft’s latest release of Windows is one that you should not ignore in business environments, particularly if you are considering how to replace existing Windows XP computers in your organization.
Touchscreen Devices are Not Fads Most accounting and financial professionals today carry a smartphone and/or a tablet that includes a touchscreen; increasingly desktop and laptop computers offer touchscreens as options. If you use a touchscreen on your smartphone or tablet, why would you not want the same level of convenience to manipulate your desktop or laptop computer? Touchscreen devices – including desktop and laptop computers – are mainstream computing tools today and viewing them as fads may be robbing you and your team of substantial opportunities for increased productivity. For example, consider the restaurant industry. The next time you visit a restaurant, notice the prevalence of touchscreen-enabled point-of-sale terminals in these establishments. Even in these high-volume environments, touchscreen devices have proven their worth. Is it time that you consider touchscreens in your organization, particularly if Windows 8/8.1 is in your future?
It’s a Virtual World, After All In today’s computing environment, we seek the best of all worlds – low cost, high-speed, secure, and easily administered computing. When we design our computing infrastructures such that we have multiple physical servers and desktops to maintain, we likely are not able to meet all of our desired objectives. However, if we begin to virtualize our infrastructures – in either the Cloud or on-premise – the opportunities for achieving our objectives increase, as does the ability to increase the return on our investment in technology. Virtualization simply means that the “real” computing is being done on a computer other than the one we use to input and view data. Such a device could be a “thin client” connected to a virtual desktop in your office, or you could connect it to a virtual desktop hosted by a company such as IVDesk, Cloud9 Real Time, or Thomson Reuters. Likewise, we can choose to have our servers hosted by companies such as Rackspace, Amazon, or Dell. In a large percentage of cases, organizations find that
www.ascpa.com
•••
9
not only do they save money when virtualizing some or their entire infrastructure, but the quality of their computing environment increases also.
Tablets are Growing Up and Ready for Business iPad, Surface/Surface Pro 2, Nexus – these are just a few of the many tablet computers from which you can choose in today’s market. Tablets are rapidly catching up with their laptop cousins in terms of computing power. For example, you can now obtain a Surface Pro 2 from Microsoft with an Intel i5 processor, 8 GB of RAM, and a 512 GB hard drive running Windows 8.1 Pro – in either words, a full laptop computer in the form factor of a tablet computer weighing in at a paltry 2 pounds. As you consider your next computer, do not overlook the possibility that you might be able to obtain all of the computing power you need in a tablet device. This could be particularly true if you virtualize your desktop and all you need is a device that allows you to access it remotely over the Internet. Every individual and every organization is different. Not all of the technologies described in this article will prove to be useful to all readers. However, you should keep a close eye on each of the items mentioned and carefully consider whether implementing one or more of these technologies this year will prove to be beneficial. We believe that you will find many of these technologies to help make 2014 a very good year. Thomas G. Stephens, Jr., is a CPA and a shareholder in K2 Enterprises, where he develops and presents continuing professional education programs to accounting, financial, and other business professionals across North America. You may contact him at tommy@k2e.com.
ASCPA members can ask questions and learn the latest information about techonology in the IT Group on Connect — our member-only online community. Join the discussion today at: http://connect.ascpa.com
10 •
••
www.ascpa.com
Inside or Out: Options for IT Disaster Recovery Planning by Michael Nyman, CPA Disasters, both natural and manmade, can seriously disrupt routine business operations. Regarding information technology, the common belief is not if you will experience a disaster, but when. By developing a comprehensive IT disaster recovery plan, a business can survive the challenges that accompany practically any kind of crisis, from a flood to a fire. Perhaps the most important decision to make about disaster recovery planning is whether to use in-house or external expertise to develop and execute a strategy. Several important considerations are involved in this decision.
In-House IT Disaster Recovery Larger organizations often use internal resources for disaster recovery, as this can be economical. Capitalizing on existing infrastructure and IT staff members’ familiarity with the organization’s priorities, hardware, and software can provide the foundation for an effective and affordable plan. Committing to building an in-house recovery plan means a long-term commitment to operating one or more disaster recovery sites. It requires capital investment for equipment, trained personnel, and a reliable IT team. Critical considerations include: • Staff familiarity with hardware and software • Risk assessment • System and storage capacity • Staff training and retention • IT maintenance agreements. Typically, in-house advantages rely on staff sophistication, a true understanding of data, and how data can be recovered. Among the benefits of an in-house plan are:
ASCPA E-Zine Series - Technology for CPAs • Control of disaster recovery management • 24/7 on-site access to information • Proven return on investment. It’s important to know that an in-house disaster recovery plan can take more than 90 days to prepare before launching. It takes time to design and deploy the computing platform, evaluate and procure hardware and software, install and test features, and train staff. Investments in IT infrastructure and personnel also may be needed. Despite the challenges of launching a disaster recovery plan, organizations may find that an in-house model is preferable. For example, as a result of tighter rules and regulations including HIPPA privacy requirements, some businesses may prefer to deploy in-house disaster recovery solutions.
Outsourcing as a Solution Outsourcing can be an attractive disaster-recovery approach for small and medium-sized businesses that lack internal resources. For certain organizations, the benefits and advantages of outsourcing can be summarized in three words: quick, simple, and affordable. Perhaps the most challenging task regarding outsourcing is the selection of a service provider. When selecting an external IT disaster recovery partner, it is important to consider: • Integrity and experience • Vendor proximity • End-to-end solution capabilities • Skill levels • Resource capabilities • Technology flexibilities • Customization • Data Security In contracting for IT disaster recovery, all possible scenarios need to be addressed. For example, who will operate the recovery site and execute the plan? Will the service provider or the organization be in charge? The leader must be fully trained to respond to a disaster. Who will make up the support team? What is the protocol? What is the optimal recovery time? Following are facts related to outsourcing disaster planning: • The time to prepare an outsourced disaster recovery plan for deployment is 30 days or less, including application design and preliminary training of end users. • Restoration of services is typically completed in 48 hours or less. • Because data transfer is accomplished via the Internet, networking solutions can be affordable – sometimes totaling only a few thousand dollars a year. • Internal tape backup solutions take longer and may not
capture all of the data needed compared with more sophisticated outsourced capabilities.
A Hybrid Approach Recent trends have resulted in a hybrid approach, utilizing a mix of outsourced resources with an in-house plan. A popular approach is the implementation of cloud-based backups. Data necessary for the recovery phases of the plan is stored at Internet accessible points. Once a company has reestablished their connectivity to the Internet, data can be restored or directly utilized from the cloud location. This combines the control of the in-house plan, with the accessibility and affordability of outsourced providers. Regardless of whether an IT disaster recovery plan is based in-house or is outsourced, it needs to be inclusive. Infrastructure, leadership, staff, policies, and procedures must be included in a detailed, continually updated written plan— and most importantly, communicated to everyone involved on a semiannual basis. Mike Nyman, CPA, CISA, CISSP, CITP, CRISC is an IT security senior manager in the Phoenix office of CliftonLarsonAllen LLP. He can be reached at michael.nyman@claconnect.com or (602) 604-3524.
Mobile Office Necessities Technology Tips for Successfully Implementing a Mobile Office by Thomas G. Stephens, Jr. Accountants and other professionals are migrating to mobile offices like never before. Some do it in an effort to cut costs, others do it to provide better client/customer service, and still others do it for the sake of personal convenience. No matter the reason for moving to a mobile office, to be successful you must first address
www.ascpa.com
• • • 11
a few technology necessities, as outlined below (Note that other issues such as policies and procedures, workflow, and legal implications of working remotely are also necessary considerations; however, the scope of this article focuses on technology considerations only.) Properly handling these items significantly enhances your chances of success with a mobile office and, conversely, failing to manage these items almost guarantees that you will not be as happy or as productive in a mobile office as you could be.
First Things First — Define Your Mobile Office The term mobile office means different things to different people. For some, not maintaining a traditional office and working exclusively from home constitutes the mobile office. For others, working from the office a portion of the time, working from home another portion of the time, and working at client/ customer locations yet another portion of the time constitutes mobility. Before addressing the technology necessities for a successful mobile office, you should consider what “mobile office” means to you, because the technology required can vary depending upon your definition. For example, if your idea of the mobile office means splitting time between a traditional work environment and a home office, your Internet connection needs are much different from those who will work from many locations, including customer premises.
Identifying the Right Hardware for Your Needs To avoid overly complicating matters, simplicity makes sense in your mobile office. To achieve simplicity, seek to reduce the number of devices and operating systems you work with. For example, instead of a desktop at your traditional office and a separate laptop for use when away from that location, consider migrating to a “business class” laptop so that you will not have to worry about maintaining multiple devices and so that you will always have access to your data and applications. Examples of “business class” laptops to consider include HP’s ProBook and EliteBook lines, Dell’s Latitude series, and Lenovo’s ThinkPad Edge series. If you believe that a tablet computer such as an iPad could benefit you, instead of purchasing a tablet in addition to your computer, consider looking at the emerging class of “convertible” laptops. Units such as Microsoft’s Surface Pro, Lenovo’s ThinkPad X230t, and Dell’s XPS 12 combine the power of a Windows-based laptop with the convenience of a tablet. This class of computing device is growing and options in this market continue to expand. While your computer will likely receive the lion’s share of
12 •
••
www.ascpa.com
attention, your mobile office will not be complete without other devices. External monitors, printers, and scanners will all likely be components of your hardware environment, so carefully consider which models will work best for you. Additionally, if you will frequently visit client/ customer locations, you should likely buy a docking station for your laptop to make it easy to connect to all of your peripheral devices.
• • • When considering software for the mobile office, you may wish to examine Cloud-based solutions, instead of traditional software implementations.
Software for the Mobile Office What software titles will you need in your mobile office? The answer is simple – the same ones you need in a traditional office. For most of us, that means Microsoft Office and some form of PDF software such as Adobe Acrobat. If you work in public accounting, that also means – depending on your area of practice – access to tax, write-up, payroll, engagement, practice management and document management systems. If you work outside of public accounting, you may need access to the corporate accounting/ERP system and other specialized software applications. When considering software for the mobile office, you may wish to examine Cloud-based solutions, instead of traditional software implementations. Moving to this environment eliminates the need to install the software locally on your computer and provides you with access to your tools of the trade. Additionally, for your Microsoft Office licenses, you should examine obtaining those licenses through a Microsoft Office 365 subscription plan. Depending on the plan you choose, in addition to providing desktop licenses to Microsoft Office that can be installed on up to five computers you use, you also receive Microsoft-hosted email through Exchange Online, intranet services through SharePoint Online, communications through Lync, and synchronization of data through SkyDrive Pro. Further, many companies will find that the cost of licensing through the Office 365 subscription model to be much less than the traditional models.
Consider Communications Just because you will be working outside of a traditional office does not mean that you will not need to communicate with team members; in fact, the need for communication tools is greater in the mobile office because of the lack of “water cooler” time that we have in a traditional environment.
ASCPA E-Zine Series - Technology for CPAs Certainly, cell phones are a major asset in this area, but also carefully consider using tools such as Microsoft’s Lync, Skype, GoToMeeting, and Voice Over Internet Protocol (VOIP) phones to facilitate communications not only with team members, but also with clients/customers.
Ensuring Connectivity In the mobile office, the Internet becomes the backbone of your data network, so ensure that you have reliable, high-speed connectivity. At a minimum, DSL or cable-modem services in the home office are necessary. In addition, consider how you will connect when you are away from a fixed work location. In these instances, you will likely need some sort of cellular data service. These services can be add-ons to your existing smartphones data plans or can take the form of separate devices commonly known as “MiFi cards.” In either case, monthly fees typically in the $10 to $60 range are necessary to provide true mobile access to the Internet. Further, you can use your cellular data service as a backup to your in-home Internet connection, should that connection become unavailable.
Taming the Data Security Threats Lastly, consider how you will handle security threats, particularly the threat posed by potentially losing a laptop, smartphone or tablet on which you have stored sensitive information. The legal issues related to such a breach are significant, as are the client/customer relations issues. If you are carrying sensitive data on a portable device, ensure that you are using “long-and-strong” passwords on that device. Additionally, consider using a whole-disk encryption utility such as Windows BitLocker or PGP Whole Disk Encryption to provide additional security in the event your laptop is lost or stolen. While no security tool is perfect, using these types of tools, in addition to a healthy dose of common sense, will help to minimize data security threats. Going mobile offers many benefits such as reduced costs, increased productivity, and the ability to serve clients/customers better. Simply using a laptop or tablet does not constitute an effective mobile office. Rather, you must address numerous technology issues in order to ensure the success of your mobile office. Once you manage these necessities, you will be well on your way to working effectively in your rendition of the mobile office. Thomas G. Stephens is a shareholder in K2 Enterprises, where he develops and presents continuing professional education programs to accounting, financial, and other business professionals. Contact him at tommy@k2e.com.
Minimize the Risk from Viruses by Randy Johnston During the past year, we have been warning people that the current virus attacks are more aggressive and invasive than any we have seen in the past. These attacks are frequently delivered via email, social media, such as Facebook, and embedded in PDF files. The anti-virus companies are having more issues keeping their software ahead of the threats and the creators of viruses and malware are becoming smarter in their attacks. Even if your IT team or managed service provider is diligent in updating your firewalls and anti-virus (AV) signatures, your organization is still susceptible to attacks. So how do we minimize and mitigate this risk? Further, why are we so concerned about the attacks now? Haven’t viruses been around since the early 1980s? The first virus discovered in the wild was the Elk Cloner on the Apple II in 1981 and the first PC virus, Brain, was reported in 1986. Some key things to know about viruses include: • This year will bring new virus attacks with the discontinuance of security updates for Windows XP and Office 2003. • Aggressive viruses like Cryptolocker are charging ransoms for an unlock key after systems have been infected. CPA attendees at our webinars report these keys work and have been worth the amount charged. • Viruses exploit weaknesses in operating system controls and human patterns of system use/misuse. • Destructive viruses are more likely to be eradicated by anti-virus software. • Key logging viruses transfer information from your system(s) to the authors. This can include user ID and passwords, bank account information and other confidential data. • Non-destructive viruses remain resident on your sys-
www.ascpa.com
• • • 13
tems and slow your operations day after day. • An innovative virus may have a larger initial window to propagate before it is discovered and the ``average’’ anti-viral product is modified to detect or eradicate it. Infected systems are normally unusable during the recovery period. Viruses make attempts to hide intelligently and re-infect the systems where they have made initial entry. It may take 24, 48 or 72 hours to completely eradicate the viruses from your systems and to restore all of your files to a usable state. What will you have your team do while their computers are not working? How do you teach them to be careful in the first place? Have end users attend regularly scheduled and ongoing prevention training. This training should be recorded in human resources records so that there is a permanent record of training. This provides for accountability and liability protection. An employee should sign an acknowledgment that training has been received and understood. Such training should include customized basic training for your firm, especially since firms have unique virus protection strategies. All team members of the firm should be required to attend from the janitor to the CEO/Owners.
How Do We Minimize Risk? Security threats change regularly. Team members don’t recall what to do. To remind everyone of the appropriate strategies, schedule security training at least annually for your organization. The importance of compliance with your firm’s policies, steps to prevent infection, recovery methods and other techniques can be explained. Well thought out security training helps everyone understand the issues. Investing time in training can reduce the risk of a catastrophic loss of time due to an infection. We recommend covering at least the following topics: Name the product being used: It is important for team members to know if your firm has GFI VIPRE Antivirus, Trend Micro, AVG, Sophos, etc. Train on the basics of that specific product to familiarize the end users with the protection they have been provided by their company such as: “Here is the Icon for VIPRE Antivirus”. See it in the Windows tray (VIPRE is just an example – different products may be in use in your firm)? Note the color of the icon has meaning. Blue indicates that protection is on, active and up to date. Green indicates a scan in progress. Yellow means there is a problem with the program and you need to contact your IT support team immediately. Red is a severe problem and you should also contact your IT support team immediately. If you do not have an icon, contact your IT support team immediately.
14 •
••
www.ascpa.com
Explain how your firm’s AV protection works: Explain what the firm has purchased and installed: • Email gateway Antivirus • Exchange Antivirus • Firewall based Antivirus • Desktop Antivirus products to help protect our computer network from email threats. You need to point out that this protection only works if it is enabled, up to date and employees follow these basic principles: • Don’t click links in emails without determining where they go first • Don’t open attachments unless you know the source of document AND were expecting to receive it • When surfing websites and popup windows come up, (ALT-F4) is the proper way to close them • When in doubt, don’t open a file or click through a link Protect Outlook properly: Outlook has improved its virus protection and spam filtering with each version, but there are still fundamental features to consider and use: • Turn off the reading pane for the Inbox. This is not as great of a threat as it once was, but the reading pane can still be exploited for virus infections. • Disable links for messages in the Junk Email Folder (Outlook). This should disable attachments too. Ensure your AV is on and current on your desktop at all times: AV is only as good as the most current signature file. Vendors frequently release updates to protect for known threats in the world and these change hourly worldwide. Often, it can be several days or even weeks before some vendors have updated definitions (the file that allows identification of the viruses) to protect from the newest threats. It is not unusual for it to be several days, and on a couple of occasions, several weeks before the vendor released new specific definition protection for the new variant. Since different AV products have different signatures, some IT teams and providers will recommend different products be installed on your firewalls and desktops to provide more protection. Sometimes these products will conflict with each other and cause problems of their own. Do not open emails that are not recognized: or any file that may have questionable business content, especially if the email has hyperlinks or attachments. If you are not expecting correspondence or are suspicious of the content, it is perfectly acceptable to ask the sender if the message was from them. Be exceptionally cautious with email from unknown sources.
ASCPA E-Zine Series - Technology for CPAs • • • Malicious email authors are very clever nowadays and often include spoofed senders (senders pretending to be someone they are not), content that seems to come from valid business senders.
Frequently spammers will create spoofed (“fake”) emails from Intuit, Bank of America and Citibank. Malicious email authors are very clever nowadays and often include spoofed senders (senders pretending to be someone they are not), content that seems to come from valid business senders, including ones like a recent email from “Intuit” that contains a QuickBooks update that needs to be installed NOW to correct a program problem or improve performance. These emails have hyperlinks to an external virus payload and ZIP attachments that contain executable files which are email worms or Trojans, that is, programs that hide and attach themselves to your systems causing infections. These emails actually contain images from Intuit’s website and appear very legitimate. We need users to ask themselves, did I contact Intuit support and speak with someone about a specific problem that I needed an update for? Should I be receiving unsolicited email notices from Intuit about updates when that process is managed by my IT Support team? Staff need to regularly communicate with their IT Support team or the senders before opening questionable emails or files. Even more recent, we have seen spoofed emails sent from Citibank containing valid images from Citibank’s website that linked to external virus code and included ZIP attachments containing executable files that appeared as PDF (payroll) files, but were actually executable files with subject line “Payroll processing received” and the body contained instructions to open the attached PDF file to verify the amounts of each employee’s payroll amounts. Needless to say, these emails were not sent to the Controller nor were they actually requested by anyone. However, these worms were opened because staff thought they might actually get a peek at what others in the company are getting paid. If they would have paused before opening the attachment or links and asked themselves, did I contact Citibank for payroll information or am I actually running payroll thru Citibank, then they would recognize they received a new worm email variant that their Antivirus was not protect-
ing them from and the worm would not have been unleashed. Explain your procedures for recovery: Hopefully, you never have to recover, but if you do: • Outline your reporting and shutdown procedure • Have everyone stay off of their systems until given the all clear • Unplug infected machines from the network • Explain how you intend to estimate the recovery time • Explain what systems are likely to be made available first Consider other topics related to security: You probably don’t get your team together frequently enough. Take this opportunity to discuss other important security related matters such as reviewing the firm’s acceptable use and other computer policies regarding: • Encryption • Protection of portable computers and removable media • Properly handling USB devices from home or clients • Password strength and changes • Social networking site safety • Security of smartphones and tablets • Personal email access from Gmail, Yahoo or Outlook • Transferring documents to and from clients via your portal or secure email.
Training is the best prevention The best training is customized for each firm. Your staff should know how they are being protected and what the limitations of that protection are. Human Resources and IT should work together to deliver ongoing, regular training that is recorded into employee records. In between regular training sessions, IT should inform staff of high risk known threats via alerts whether that is through email, intranets or bulletin boards. There should also be training required for new employee onboarding since the next regular training might be months away and the new employee might put the entire training program at risk unless we educate them. If you are from a smaller organization, your IT provider should be able to provide guidance. Otherwise, the ideas above can serve as a starting point for building your own security training agenda. RandyJohnston is a shareholder in K2 Enterprises, where he develops and presents continuing professional education programs to accounting, financial, and other business professionals across North America. You may contact him at randy@k2e.com.
www.ascpa.com
• • • 15
Technologies to Green Up Your Practice Nine tweaks that can help improve your company’s efficiency in a paperless world. by James Bourke, CPA/CITP By now your firm or business has likely adopted technologies that have the “ability” to not only enhance profitability and increase realization but also help green-up the environment. Contrary to popular belief, many of us are still generating a significant amount of paper and in some cases, more paper than in years past. There is no question that migration from a paper-based office to a paperless office has the potential to increase realization, boost productivity, streamline the sharing of information within your organization and enhance your ability to protect confidential and private information that may be contained on those documents. However, that same migration will more often than not result in the utilization of more paper and related resources. For many that have made the migration, they would probably agree that they likely see as much—if not more paper today— than they did five years ago. Why is that? As companies go from a pure paper-based environment to a paperless environment, they will often implement a combination of applications and tools to accomplish this task. They include: • A document-management application • A “Portable Document Format” (PDF) tool such as Adobe • Portable and/or stationary scanners • Dual monitors These tangible components are critical to the successful implementation of a paperless solution for a CPA. However, the missing piece is generally a “retooling” of the manual workflow
16 •
••
www.ascpa.com
process involving the flow of data from point of entry through point of delivery. When an organization invests in a paperless solution, time needs to be spent examining the various functional workflows that currently exist. A workflow process that was functional and efficient in a paper-based environment can end up being terribly inefficient in a paperless environment.
Tax Practices By examining the tax area of a firm, a significant reduction in the generation of paper can easily be realized. Here are some best practices in the tax area that can help your firm or business go from that legacy environment that you have practiced in since starting your practice, to a “greener” future. Research: The days of paper-based research are over and have been over for quite some time. This area of the practice has made the leap to go “Green” and has done it well. I get a chuckle when I walk into a library or conference room at a CPA firm today. Many of these firms still have the traditional paper-based books from organizations such as RIA, CCH, BNA, etc. However, instead of being functional, these old publications line the walls and bookshelves within the firm as decorations and memories of a time gone past. Nearly every firm that I meet with has migrated to web-based solutions from each of these vendors and have eliminated the tremendous paper waste that was experienced by all of us in continually updating these libraries (some weekly). Preparation: Although firms have done a good job in jumping into one of the server- or web-based tax preparation solutions, many have not done a good job of eliminating the generation of paper throughout the process. Historically many firms followed this process: Early January, the firm prints an organizer, places it in an envelope and mails it to the client. By mid-February the client stops by the office along with their organizer (often unopened) and their source documents. CPA firm staff photocopies source documents and places them in a new file folder to house the current-year tax information. CPA firm staff key-in information into tax application and generate a paper copy of the return. CPA firm reviewer marks up paper copy of return and sends it back to preparer for revisions. CPA firm staff makes reviewer changes and reprints paper copy of return and sends reprinted return back to reviewer for final review. CPA firm reviewer either approves reprinted return or sends back to preparer (step five again) for additional changes, resulting in another reprinted return.
ASCPA E-Zine Series - Technology for CPAs Once ready for processing, administrative staff duplicate return, with one copy for the federal government, one copy for each state/city, one copy of the client and one copy for the firm file. Final package is assembled, signed off and mailed to the client. The above nine steps don’t assume that the issuance of “corrected” 1099s, additional information from the client or late arriving K-1s, will require reruns, resulting in the reprinting of multiple copies of the returns once again. As sad as this is, many reading this article may be thinking the above nine-step workflow process is pretty close to their workflow process today. This may also be coming from a firm that has implemented many state-of-the-art technology solutions and tools to help with the process. As previously indicated, the tangible components are one piece of the solution, while a retooling or re-education of your staff is the “more-critical” other piece of the “Going Green” solution.
necessary forms required for client signature or governmental filing would be printed manually. Your staff verifies the PDF file and publishes it to the client portal. Final (much smaller) package is assembled, signed off and sent to the client, with the client complete final deliverable via a portal.
Best Practice I will be the first to admit that there are many ways to increase efficiencies in the above nine steps, but the point of this presentation is to show how easy it is to get a little bit greener within each of our practices. By putting a little bit of thought into each
Waste No More There are so many ways to cut down on the generation of paper and waste in this process. A simple tweaking of those nine steps can be: If your firm still wants to go down the organizer route, you can take advantage of one of the online electronic organizer solutions offered by many of the vendors in the space or simply print an organizer (in PDF format) directly to a client portal, allowing the client to access the digital copy of the organizer remotely and securely. By mid-February the client can still stop by the office (as many still prefer the face-to-face meeting on an annual basis) and drop off their source documents. Your administrative staff scan source documents and place them in a document management solution. Your administrative staff can use one of the new scan-andpopulate technologies to auto-populate the tax-preparation application and then firm staff can key-in the remaining information. No hard copy is printed. Your reviewer reviews the prepared tax return on one of your dual monitors and annotates or digitally notes changes required to be made. Your staff makes reviewer changes and notifies administrative staff that return is ready to be assembled after changes have been reviewed. No hard copy is printed. Once ready for processing, administrative staff print return to PDF and prepare for publishing on the client portal and in the firm’s document-management solution. In addition, only the
2014 Technology Conference Dec. 10, 2014 8:00 a.m. -4:00 p.m. Join us for the ASCPA 2014 Technology Conference as we provide participants with the tools and skills they need to keep up with the ever-increasing pace of changes in computer technology. Recommended for 8 credit hours. Member Price: $300
Non-Member Price: $400
To register, go to www.ascpa.com Not a member? Go to www.ascpa.com to join the ASCPA and take advantage of this and other discounted CPE programs.
www.ascpa.com
• • • 17
ASCPA E-Zine Series - Technology for CPAs step, best practice steps can be developed easily to cut down on the flow of paper and the generation of waste. Tax is only one of the many areas of the practice that can benefit from such an exercise. Nearly every area of our practice results in a paper-deliverable and multiple-printed drafts leading up to that final product. The technologies are readily available. We just need to examine the flow of work through the process to help create a truly paperless environment within our profession.
ASCPA Technology Webcasts July, 2014 Outlook: The Killer App—July 15
James C. Bourke, CPA,CITP/CFF, is a partner at WithumSmith+Brown in New Jersey where he is director of firm technology. He currently serves on AICPA Council and the Chair of the AICPA CITP Credential Committee.
Become a Member of the ASCPA Today!
Explore new features in Outlook, including Conversation View, Quick Steps, Instant Search, Calendar Groups, Schedule View and Social Connectors, and how to put these features to use for increased personal and team productivity and more. Credits: 2
Arizona CPAs providing support, networking and profes-
Information Security Update Webcast— July 16
are just a few reasons to become a part of the ASCPA:
Guard against the most common scams and threats. Discover steps all users should take to ensure their systems and data are protected. Review security polices and monitoring procedures. Credits: 2
Storing and Synchronizing Data in the Cloud — July 22
The Arizona Society of CPAs is the largest community for sional development opportunities for you. We are here to help you keep up with the changes in your profession. Here • Get Connected/Stay Informed — Being involved in ASCPA activities can raise your career to another level. We keep you up-to-date on essential regulatory issues and vital developments affecting your bottom line through online and print publications and news resources. • Grow Your business/Increase Your clout. Using the
Understand cloud-based storage, including costs and security measures. Explore the various options for cloud-based storage. Credits: 2
ASCPA’s online CPA Referral Service, networking with
Excel Tips, Tricks and Techniques for Accountants—July 25
business.
Identify tips and tricks in Excel such as Freeze Panes, Split Windows, Selecting Cells with Special Characteristics, and more and how to use each to increase productivity with Excel. Credits: 8
Best Enhancements in Excel 2007/2010— July 28
your peers and increasing visibility through our resources can help you increase your client base and expand your • Find Employees or Advance Your Career. Use our Career Center to find potential employees or that perfect position. • Make a difference for Arizona’s CPAs. The ASCPA monitors legislation and promotes the interests of CPAs before the state legislature — we’ve got your back! • Enjoy the benefits and save money. As a member,
Discover Excel worksheet functions that are helpful and relevant to accounting professionals. Increase your productivity by applying time-saving tips and tricks. Credits: 2
you can take advantage of numerous member benefits,
Click on headings for more information.
nars at no charge.
18 •
••
www.ascpa.com
including save money on more than 180 CPE seminars and programs, plus you can register for up to eight live webi-
Join at www.ascpa.com