CYBER SECURITY IN THE ACCOUNTING FIELD

29 Jan 2021  |  302
CYBER SECURITY IN THE ACCOUNTING FIELD

In this podcast, our expert speakers Chris Rivera and Andrew Lassise had discussed, cyber-security and its benefits in the accounting field. Watch the podcast to know more.

#BKOT 28: BUILD A KICKASS OFFSHORE TEAM

CYBER SECURITY IN THE ACCOUNTING FIELD


Hosted by: Chris Rivera, Director Client relations, Entigrity Offshore Staffing

Guest: Andrew Lassise, AICPA, Cybersecurity Certified


 

 

Chris: Alright! Welcome back everybody it's been 24 hours since I have seen everyone and  today we are on episode 28 #BKOT.  We're heading into season right so what's going on, we got to be aware of cyber security. So we're going to talk about cyber security in the accounting field and I have with me an awesome guest today Andrew Lassis who's the CEO of RushTechSupport and he'll be talking about this. Andrew thank you so much just return from vacation, refresh, relax, ready to rock and roll and so tell us about yourself, your background and how you got this cup to be started?

Andrew: Yeah, so I think it's funny you said that relaxed after vacation because there was like that gap like the one week since I came back. It's been anything but relaxing, but like if this was a week ago like after vacation it was perfect. But my background as it relates as you had mentioned.  I had founded rush tech support and kind of the background kind of alluding to that. I had been working in IT for about a decade and a friend had reached out to me just randomly on Facebook messenger and he was like hey man we're starting an IT company, you want to come on board, and I was like  start up it's risky. I got a good thing at the nine to five I am currently working.  I am working my way up so you know I am probably just going to pass on this opportunity for now. And  after reflecting on it for a little bit it was like I am 27 I have got a little bit of money saved up in the bank. I don't have family, I don't have responsibilities like if this crashes and burns like the worst thing that could happen really like I will land on my feet like I still have my parents, like I could just move back to maryland  like live with them if like the worst thing.

Chris: That works first yeah.

Andrew: And like I did that I did that for 20 some years. So I came back and I was like look man, let's do it, let's see what happens and my gut was correct we went out of business in like three months so that you know learned a lot though and we still manage, even though we were only in business for a couple months we still managed to get like 500 clients. The marketing was on point and the customers were into it, but it was just run as if we had no idea what we were doing because now looking back on it, we had no idea what we were doing, but I made an agreement with the owner of the company, I said  I will keep working for you for free for the next two months we don't have to tell the customers we're out of business but then after two months, I am going to start up my own company and have a different name than yours and we're just going to like convert them over nobody will get refunds if they never call in, you keep collecting their residuals I only take the ones that I actually work on. So it was a win for both of us and that was the start of rush tech support that was March 2014. 

Chris: Wow, so several years now been doing this, that's a great story. Yeah not everything works out in the beginning but I mean you had the background in place and you were able to get it off the ground and up and running, but now you're  just specifically focused on the accounting community right.

Andrew: So, as the company had progressed and we started growing and I had skipped over the part. I have a degree in financial planning and I did an internship with the IRS with the vita program so I have a background in finance, and like a much better understanding of the accounting world. And I know accountants and finance like it's not hand in hand like a CFP's not a CPA, but there is more overlap in those two fields than there are in IT and other things.

So while I am far from an expert by any stretch when it comes to doing what accountants do,  I have a background like I have prepared probably a couple hundred returns and I have a higher level understanding than the layman, but not necessarily you know I would be a bad person to hire to be your accountant. But at least understand it and speak the language so kind of the transition when we had started from just where IT for everybody and you really can't be everything to everyone and it took us like 25000 clients to realize that we were in way over our heads. But that the counter side like our NPS scores were super high so all our clients were happy so it was like I guess we just keep doing this until it's crazy and it got crazy and so I took a step back and kind of looked at the company as a whole and like what direction we were going and who we were able to serve best.

And a lot of the clients that we had just by happenstance so they were like residential clients that also owned accounting firms and there was a lot of crossover in the issues that they would face. So it was kind of like it wasn't intentionally set out from day one but, the more and more that we started onboarding accountants and we started learning about the intricacies of our business and once we started getting a good understanding of the obstacles that they face, when it relates to cyber security and technology. And that a lot of them we're hearing the same things over and over you know my clients they email me their w-2s and 1040s and it's got all this personal information on it how do I set up a portal so that they can upload their documents or how do I know if the system that I have is even working  like, if someone's stealing information from you it's not like, they would take all of your clients data and then leave like a thank you sign like a moniker like by the way your files were here and instead of copy pasting them, I cut pasted them so you would know that it was stolen.

So we would get these questions a lot and then as we just started digging deeper and deeper and a couple years ago to renew your PTIN there were some new requirements from the IRS on having a data security plan and so a lot of these opportunities and just these specific things that really only apply to accountants kept happening to us over and over and so it changed from solving the problems to this individual client because this one happened to ask for it but we started recognizing accountants as a whole. They are all facing these problems or like the sole entrepreneur like how do I

Chris:  You got an expert.

Andrew: Right, how do I protect this stuff, if I don't even I can't afford to have like more than a part-time assistant like, how do I make all this other stuff work that I am legally required to and so we really did a good job at putting processes in place in helping fill the gap and while we try to cater to everyone's specific needs, when it's niched into a particular industry a lot of those needs are similar so we can make it more systematic than just like do you have antivirus, the end. 

Chris: Yeah, because there's so many  terms out there when you have like what the fishing, you have spoofing, you have ransomware, malware all that and what would you say if the top things- the firms should do right now if they aren't doing it already for with everything going on and I mean I get spam all the time or phishing emails. So what should a firm do right now if they're not doing  anything at the moment?

 Andrew: I am not even using it as a sales pitch, because a lot of people have an IT company and a lot of them are happy with the person that they currently have. We offer complementary audits so you could at least get peace of mind because you know on the flip side I had an accountant that I liked and trusted and I assumed he was doing a good job. And I recently had his returns looked at from a third party and the guy's response was he got in a bad accident in 2018 because that's the only way that would explain how bad of a job he did this year. And that was our best year ever financially so I got hit with so much crap but like I am not an accountant, I don't know what I don't know. 

So having an outside organization be it us who specializes in it or just anyone most IT companies will do complementary audits just to kind of point out what's good, what's bad having a third party just for that peace of mind and it's usually free. Like we do it for free and a lot of other companies do too. It's a great way so that you can at least be aware of where your blind spots are. Because you know if you didn't go to school for it or geez even if you did like there's so many laws and regulations like your wi-Fi can't be called Joe's accounting firm like it has to be it has to be a name that is not descriptive of your practice. 

99% of people aren't aware that you know you are going to get shut down if that happens No. Is security through obscurity like a great way to go about things No. But knowing details like that is where you know when you work with specialists, that they can point out here's something that you know if I am an auditor and I am looking at this stuff I don't even have to walk into your office, to know that there's red flags because your wi-fi has an identifying name, this is a problem. So aside from and it's sometimes involved it's not a ton but  so having a third party check on what you have whether or not you're going to have an IT person or not  that's always going to be a huge thing when you're getting your continuing professional education credits. There's a ton of them on cyber security so you could get awareness on some of the things that are going on in the accounting field.

I mean I am seeing now a ton of stuff from all sorts of different sources about click here to learn about second draw PPP funding and like it's clearly a scam but you know that's something that people are very interested in and it's topical and so getting these phishing emails that's where 92 percent of the infections come from is some sort of phishing email whether it's a generic click here or it says Chris Rivera in all caps but the capital a is a four and it looks close enough like there's the good and bad, well actually this is really just a bad thing. The people that do this are very smart like it's usually not stupid person that's doing these things and we get asked all the time, Why would someone do this? Why would they waste their time? There's a lot of money in it unfortunately there's a ton of money in ransom and it's very easy to send an email to a hundred thousand people.

Chris: And just have one yeah mess up and then and then they're off. Yeah it's incredible how you know technology is there. It’s our best friend and also could be a nightmare and so we have to embrace it and I think you're spot on like whatever processes you have in place it doesn't hurt to get a second look a fresh pair of eyes to see if everything's in check but it's great if I hear some recommendations right. So have you seen everyone moving to the remote environment and the accounting community in general has been slow to adopt the virtual environment due to the security aspect. So have you seen an increase and clients requests as far as helping or along the lines of more issues?

Andrew: Yeah, so if we go back to March, April of last year when things really started like when it was no longer something that we could deny and pretend that wasn't going on. So we go back to that time. Essentially what that time did for us in our sales pipeline is everybody that was kind of on the fence and kind of interested in it immediately. They're like I need this now, so we were crazy slammed at the beginning of it and then conversely everyone that wasn't really interested fell off and disappeared. So it was like a very strong and abrupt like here's everybody moving to the cloud we have to get work from home set up we have to get VPNs setup, we have to get ready set all of their things and there was there's a lot of times and I mean we've ironed out processes as the company's grown. But there are a lot of times where we'd go into an organization and it wouldn't be perfect, but it would be kind of a this you're not going to get hacked with the way that you have it's not the way that we necessarily would have set it up but we can still keep this on lockdown and as long as there isn't a pandemic and everybody has to work from home and we need to have different people in active directory, able to access the server, like it was kind of the assumed you're just going to stick in the office right.

And then when that wasn't the case. You solve a problem a couple times and you get the hang of it but initially there was a lot of accountants that and maybe not a lot, we'll probably it's probably like in the 50-50 because some were just staunch like we are going to go into the office and work from home isn't even an option. That's not on our radar that doesn't apply to us and it's like you know as your tech company like it does, we could literally do this and like nope we are working in this office and I don't care we are working in this office and that's how some people were. 

And then a lot of our clients are the type that they have been virtual from the start right and the pandemic actually played into that because there was less of the obstacle of well you see we don't have a brick and mortar,  we're all virtual so those clients we saw started getting bigger in onboarding more clients because part of their obstacle before was kind of that impostor syndrome, like am I the same as a brick and mortar guy so some of our small clients that were just virtual, that had like one or two employees like shot up to like seven and so helping them scale with the pandemic. 

I mean in general like I don't think anyone could look at the pandemic and say this is a great thing that happened. Tons of people have died and it's very terrible on like the health side and like the scare side on like a technology, strictly on a technology viewpoint of people's willingness to be adaptive and embrace the work from home, embrace the idea that you can have remote workers and still hold them accountable, still have all of your client data secured and safe and honestly when you're in a work from home environment and everything, everybody does gets logged, it actually adds an extra layer of security because now people know that if something happens it is there for everyone to see, whereas in an office and not to say that you know people are bad people and they're always stealing client data but the accountability.

Chris: Accountability perspective, yeah!

Andrew: Accountability perspective, It's usually not high on people's radar when it's in the office environment because we're all good right but then you can't see people and you still need to measure productivity it's a new obstacle that that we've helped a lot of our firms solve because of the pandemic.

Chris: Yeah, it's we're in the same line of business helping out accountants, give them the staff. You provide IT support and same thing right we're remote, we've been doing this eight years and never had a data security breach and knock on wood on our side setting up remote access into our client system. So it's nice that we have our whatever security our clients have in place then we have our layers our associates are reporting to an office you know it puts everyone's mind at ease. But I had said a year and a half ago it was a hiccup to move to not fully virtual but a partially virtual environment. 

It was a big stopping point with a lot of clients that I spoke with and so now like you said the  when the pandemic happened and everyone had to move to that model and scrambling getting everything set up and what do we do, where do we go and so it's good to have you know resources like us out there to assist with this. And then  I wanted to talk quickly about some of the services so clients can come to you and you'll take care of everything or do you have some like ala carte or besides you know the free assessment as well how does it work out?

Andrew: We'll do a la carte financially and value based, it doesn't really make sense. Usually what we do is more of an approach, we are your full-time IT staff. You've got people 16 hours a day, you don't get drama, you don't get call outs, you don't get sick kids, you don't have PTO, you don't have any of the issues that come with a w-2 withholdings blah blah you don't run into any of those with a 1099. 

And obviously accountants know the difference of a w-2 value versus a 1099. But usually the approach that we take with our clients is here is what the IRS requires that you have, here is our package that exactly what the IRS is looking for your data security plan, your VPN, your antivirus firewall, your security awareness, training like we have just a bucket that we offer to accountants of this. Is everything you are legally required to have it's not a sales pitch of buy everything that we can offer because, it's there's always deeper layers you can go but we usually just have the it’s not even necessarily like a sales process, it is here's what you're required to have here are the gaps in your system, here's how we can help and you no longer have to pay for carbonite, you no longer have to pay for norton, you no longer have to pay for whatever systems you currently have, and all of those can just get handled under one bill from us you don't have to pay for office like it's all just your whole IT department software everything for the company. 

Is all just all in one spot you don't have to stay on top of do I have a proper data security plan or what are the vulnerabilities like we literally live and breathe that and do it every single day. So you know for someone to look into what are the requirements on a data security plan, what does cyber security law even look like for accountants right.We've got tons of clients that all fall into these categories, so it's easier for us to just everyone needs to have this level of security because you're required to.

 

Chris: Yeah! I like the fact you know there's a IT will it's kind of like you know getting a haircut, it goes together you're always going to need both. And the idea that you're specific in the accounting community as we are exclusive in the accounting community you're able to offer precise services that they need and so it was  to have you on here is awesome giving this insight to us today. And  so before we wrap up, what are some final thoughts as we head into this season one doesn't click on anything right yeah don't click anything but no what are what is by setting into the season.

Andrew: Honestly, as silly as that is, if you were not looking for it intentionally just like, just don't click it. I mean the downside maybe you'll miss something or you get something you know here's new guidelines from lendio on PPP second draw and just you could look at lendio's website, and see what's actually going on as opposed to clicking a link in the email because it's so easy to make these things look legitimate and you type in your social security number, you type in your bank account information for your direct deposit, so you can get money and I mean we literally saw someone that you know long story short the guy's out 40 000$ and he knows it's his fault and there's really not a whole lot he can do about it, because you know he chose and unfortunately that's how a lot of our clients come to us is; hey we just made a huge mistake can you undo it and then it's just like tax planning you can't do tax planning for 2020 now that it's January 2021 like there's some things that we could frame a certain way but you're kind of limited because it's already happened. 

And a lot of that has to do with it too so make sure that if you aren't looking for something just don't click it, you're probably I can't think of an email that like an unsolicited email that I received and clicked on that like changed everything but I do see all the time unsolicited emails to people but just it looked legitimate.

Chris: Yeah, they're getting better, honestly. One of them I had I am looking at one now has my name Entigrity Solutions via Chris, I was like what I have a fax and I don't even have a fax machine right, it says my name, the office 365 everything that we use I am like holy cow I mean they're really  getting technical per se big character.

Andrew: Yeah, they're smart people like that's what it is. They are smart people and there's a lot of money in it and the human element to it you know we could put so many layers of software, but if there there's a person in the office that's just you know unlocking everything, it's like if you have security on your house and someone knocks on your door and you open the door well you just let them into your house it doesn't matter all the security that you have and how many locks are on the door if you unlock it and let somebody in that's exactly how the things fall apart. 

Get someone like us to and it doesn't have to be us per se but almost any IT company will do complementary audits because like that's how we can build trust and rapport and add value. And just learn if nothing else the worst thing that happens is you get peace of mind knowing that the person that you're happy with already is actually doing the right job and usually you know we'll go in and see here's some little innocuous thing like just send these three things to your guy like if you're happy with them it doesn't have to be a hostile takeover just bring this to their attention, but if you're not happy hire us, call now!

Chris: Yeah, exactly just like when accounts are doing a tax return right they don't just send it to the client, it gets reviewed by somebody right so and then they work on it together if there's any corrections. It's the same thing here you need to have your  IT overlooked. Everything's going well reviewed, hey cool we move on or like holy cow we were acting right now or something like that.

Andrew: You were hacked right now, make sure you trust the person.

Chris: Yeah over there and all of a sudden there's something going on so don't do that now. Alright so Andrew thank you so much for after you know returning from your vacation and meeting with us today I know you got a lot on your plates. I will let you go and  everyone for taking some time out this afternoon. Thank you for joining check out Andrew Lassise on Linkedin or rushtech.online for the services that he offers his clients and  that's it Andrew again thank you so much.

Andrew: Chris thanks man it was great being here.

Chris: Absolutely, we'll talk soon.


Entigrity™ is a trusted offshore staffing partner to over 500+ accountants, CPAs and tax firms across the US and Canada. Our flexible and transparent hiring model gives helps firms of all sizes to hire staff for accounting, bookkeeping, tax preparation or any other task for 75% less cost. As a firm 'run by accountants, for the accountants', Entigrity captures the hiring needs of accounting firms most precisely, providing staff that works directly under your control and management, still you are left with least to worry about compliance, payroll taxes, overheads or any other benefits.

 

 

 

 

About The Author
Senior Vice President

Mike is a CPA and has over 30 years of experience in thought leadership and mentoring. His experience and constant efforts in solving prevalent issues of accounting industry is his biggest stand out point. He has been instrumental in mentoring scores of entrepreneurial accounting and finance professionals to get up on their feet and convert their practices into successful ones. He has authored a book called 'Principles of High Performance Leadership'

Recent Posts

Schedule MeetingSchedule free consultation call