Some Accounting Benefits Are Obscured In “The Cloud”

by Mark Gibbons 1. August 2016 14:21
The use of “cloud” storage technology supported by services such as iCloud, Amazon Web Services, and Dropbox has achieved ubiquity in our everyday lives for applications such as photo storage, transferring documents, and remote server hosting. The business applications are many, and accounting is among the professions that is enthusiastically embracing the cloud for a variety of obvious, and some less obvious, reasons. In addition to well-documented advantages such as cost, accessibility, bandwidth, and disaster recovery, assurance professionals are discovering that the use of cloud-based technology can make service delivery better in a variety of other ways. Audit teams are often in different locations utilizing the same data, which can cause version control as well as security issues. Cloud services can eliminate difficulties inherent in multi-location audits by allowing teams to contemporaneously access the same data, eliminating version control ambiguities. Using cloud services reduces the exposure to human error by keeping information from being directly loaded on multiple users’ laptops, which are particularly vulnerable to loss from theft and human error. Software updates can be implemented with minimal disruptions to an engagement. And, data privacy and cybersecurity are better than what many accounting firms could promise on their own, because the companies that host services for accounting and financial firms are held to strict SOC2 standards, their livelihood depends on their ability to keep sensitive information secure, and they have access to and budgets for the latest cybersecurity resources. The result is cloud services are increasing productivity and reducing costs, adding value to the audit process. It is this value that is driving adoption of cloud services by the accounting profession. According to the most recent Management of an Accounting Practice (MAP) Survey from the AICPA’s Private Companies Practice Section, use of cloud-based systems has increased by 66% in two years and is used by 59% and 77% of firms with $5-10 and $10+ million in revenue. Cloud technology is here to stay in the accounting profession, and clients are receiving the benefits.

Manufacturing is Risky Business

by Chris Talipsky 1. July 2016 09:26
Financial services, healthcare, and retail industry cybersecurity issues have been attracting the most headlines, but these are not the only industries facing significant cybersecurity attacks and breaches. In what may be a surprise to many people, manufacturing was the 2nd most targeted industry in 2015, according to IBM, behind only financial services. Indeed, as more manufacturing processes and infrastructure integrate technology, the more open they become to cyber attacks. And though manufacturing breaches may have flown under the radar for the general public, manufacturers are becoming increasingly aware of the looming cyber threat. In a recent manufacturing risk survey commissioned by BDO, 92% of manufacturers cite cybersecurity concerns, a 44% increase from 2013. According to Shahryar Shaghaghi, National Leader, Technology and Advisory Services at BDO, “all it takes is one weak link in the security chain for hackers to access and corrupt a product feature, an entire supply chain or a critical piece of infrastructure.” This vulnerability is illustrated by another finding of the survey: only 8% of manufacturers felt capable of preventing a breach. As a result, cyber risk management strategies are increasingly focused on response and resiliency, not just on prevention.

DHS Releases 4 Guidelines for Cyber Threat Info-Sharing

by Chris Talipsky 17. March 2016 13:39
Following the 2015 passage of the Cybersecurity Information Sharing Act (CISA), which we wrote about previously, the Department of Homeland Security (DHS) has released their guidelines for how government and the private sector are to share their threat data. The CISA is the largest cybersecurity legislation to have passed in 2015, and initially did not include instruction to the private sector and government regarding how the threat data is to be shared, and how personally identifiable information should be handled. Proponents of the legislation note that information is the biggest weapon against cyber-threats and malicious actors, and sharing this information between the private sector and government will offer leverage against cyber-attacks. The guidance also explains how the shared information will be used, which may allay opponents’ fear of misuse. DHS Secretary Jeh Johnson noted that “…Companies are required to remove personal information before sharing cyber threat indicators and DHS is required to conduct a privacy review of received information and has implemented its own process.” The DHS guidance consists of four documents: · Sharing of Cyber Threat Indicators and Defensive Measures by the Federal Government · Guidance to Assist Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures with Federal Entities · Interim Procedures Related to the Concept of Cyber Threat Indicators and Defensive Measures by the Federal Government · Privacy and Civil Liberties Interim Guidelines It is important for companies in the private sector to read the appropriate guidance and make sure that they are in compliance regarding the data that is shared. Some of it receives liability protection and some does not.
Categories: cyber security

Preparedness is Key in Managing Crises

by Ken Urish 14. January 2016 12:35
Not if, but when. That is the approach companies should take toward breach response planning in our current cyber security environment. Risk managers must prepare as though a breach or data security crisis will occur in their company. Looking at past breaches of companies big and small provides perspective on the actions that have worked best for such organizations. There are steps that can be taken that will mitigate damage and manage reputational issues. Before delving into what companies should be doing, it’s important to stress what doesn’t work, and what companies should not be doing. Making the wrong moves, even early, can diminish trust from stakeholders and customers and set in motion further, possibly irreparable mistakes. One of the worst consequences of being unprepared is a lack of certainty about how to handle situations, and firms that aren’t prepared often shoot themselves in the foot through inaction. Part of that inaction is a hesitancy or delay in declaring the issue to stakeholders, clients, customers, etc. But a delay can cause distrust in those people that weren’t informed in a timely manner. Further inaction can cause issues to compound, which makes the situation even more difficult to deal with and to recover from. When any declaration or announcement is made regarding the situation, it should come from an informed place. Misrepresenting the facts or providing false information will only complicate issues further. Additionally, don’t make assumptions about what 3rd parties are or aren’t doing to ameliorate the issue. Take the information you have and do the right things. A well prepared company will be focused on business continuity, key stakeholders, and data management. In order to keep things moving in the midst of crisis, it’s important that you maintain stakeholders' trust during this time. That is why preparedness is such an issue. You should be fostering and developing relationships with your stakeholders, so that trust is already present. Even if the trust is there, don’t lose sight of the human element. The stakeholders are people, and their feelings are important to listen to and to consider. Making fast, critical decisions will also instill trust in your abilities and keep things moving. Very importantly, a lot of data related to your business and any that was directly involved in whatever caused the incident will need to be collected and reviewed by legislators, regulators, lawyers. Having the necessary data in place keeps the process moving and maintains a level of transparency for everyone involved. It also avoids negative legal and regulatory consequences. Obviously, to have the data readily available, means having a plan in place to track and monitor important data. As you can see, preparation is the biggest part of what to do versus what not to do. A company that is prepared to deal with a crisis is already ahead of the game and many missteps that would normally occur are naturally eliminated during a thorough planning process.