Cybersecurity: Threats Faced by Today’s Accounting Professionals

Editor's Note:  We generally don't post guest articles on this blog, but in light of the increasing cyber security threats to accounting professionals who work online, we're making an exception. 

This article is by Jock Wols, Founder & CEO of Risk Desk, a specialty insurance broker servicing professionals, and PT Pro, an online platform offering professional liability (E&O) insurance solutions. His years of experience seeing the effects of cyber attacks is invaluable insight that we all should heed. Please take notes and share this information that is largely ignored in our profession. It can literally make or break your practice because cyber attacks are no longer a question of if they will happen, but when.

Not a week goes by without a headline related to a major cybersecurity incident.  While the largest incidents grab most of the attention, cyber threats do not discriminate against the industry or size of an organization.  Forget the notion you are “too small” to have anything of value.  Every single business, including a part-time bookkeeper or solo practitioner, is at risk from a cyber threat.

In fact, as a bookkeeper or accounting professional, you are an increasingly favorable target given the type of services you offer and sensitive information you work with.  Whether or not the perception is true of your specific business, you are a target.  According to the Verizon 2018 Data Brach Investigations Report, 58% of victims are categorized as small businesses.

In this article I will introduce cyber risk to you and what you can do to better manage your exposure.

Cyber Risk 101

Often the loss of personally identifiable information, such as credit card details or social security numbers, through a hacking event is associated with a cyber security incident.  Unfortunately, cyber risk is not limited to a “simple” for information.  The type of cyber threats vary, each carrying a different set of objectives and levels of sophistication.

A cyber security incident will lead to a financial loss and can represent either or both of the following:

First Party Liability
Expenses you incur to rectify the incident. Examples include, but are not limited to:

    • breach notification costs,
    • credit monitoring,
    • identity monitoring,
    • forensic investigation,
    • data restoration and recreation,
    • extortion payments,
    • fraudulent transfer of funds,
    • loss of income.

Third Party Liability
Damages to another party you are liable for as a result of the cyber security incident. Examples include, but are not limited to:

    • loss, theft or unauthorized use of information in your care, whether from an employee, client or vendor,
    • denial of service,
    • failure to prevent a cyber security incident,
    • failure to notify or warn about a data breach,
    • violation of federal, state or local laws.

Typically, a system breach is associated with a loss of information that leads to forensic, notification and monitoring costs of the impacted individuals.  To illustrate the breadth of the cyber threats that impact you as a professional, we share two actual claim examples reflecting two common cyber threats professionals face.

  • Phishing
    Phishing is a social engineering attack by a bad actor posing as a legitimate institution or individual with the purpose to obtain sensitive information.
An accountant received an e-mail purporting to be from a client instructing the accountant to transfer $670,000 in funds to an account purportedly controlled by the client. However, the email turned out to be fraudulent.  The accountant transferred the money, and the fraud was not discovered for 4 business days. All of the money was lost.
  • Malware
    Malware is computer code that infiltrates and compromises a system, designed for a variety of purposes, including stealing or encrypting information, hijacking the computer or monitoring user activity.
A small business was the victim of a sophisticated ransomware attack designed to “lock” the firm's equipment, software and databases. The hackers demanded $58,000 to unlock files. The firm paid the ransom and unlocked the equipment. However, some damage was done, which required some of the data to be restored by a specialty IT firm costing $53,150.

An often-understated risk is the impact of a cyber security incident on your clients or customers.  Do your clients rely on you to safeguard their information?  Do they expect you to deliver the services in a timely manner?  Is their business adversely impacted by you failing to render the services you promise to perform?  It is important not to underestimate the operational consequences a cyber security incident has on your ability to run your business.

What about the security of my online tools?

I am often asked whether the security included in online tools you use as a virtual bookkeeper or accountant is enough protection.  The answer is, it depends on who suffers the cyber security incident.

If the vendor, who provides the software, suffers the cyber security incident that impacts your business activities, then you can take recourse against the vendor.  In that scenario the cyber security incident is not your fault.  However, if the cyber security incident occurs through your system, enabling the bad actor accessing to the information in the vendor's software, then you are liable.

What if there's a breach?

The most severe consequence of a cyber security incident could lead to the closure of your business.  The financial loss can be severe as is the reputational damage you would suffer.  Your professional duty to safeguard your client's information may lead to legal liability, which could result in costly and lengthy litigation.  Lastly, you are exposed by breach notification legislation. These requirements differ for each State.  Failure to comply can lead to fines and penalties.

How can I protect myself?

The Ponemon Institute's 2018 State of Cybersecurity in Small & Medium Size Businesses found that a staggering 47% of respondents say they have no understanding of how to protect their companies against cyber attacks!  While awareness of cyber risk continues to increase, the biggest challenge is identifying the actions you can take to manage the exposure.

Assess
Recommendations often point toward conducting a cyber risk assessment or engaging a consultant or IT professional.  In reality, for a solo accounting professional, such recommendations are not practical.  Start by keeping it simple:  Self-assess as best you can. Then make improvements through ongoing education to build up your best practices and periodically review your processes.

Prepare
Cyber threats are best managed in two ways: (1) reducing risk through education and (2) transferring risk through insurance.

Education
Utilize online resources, content and cyber security courses to develop a best practices approach to cyber risk.  Staying informed is an important part of developing an awareness of existing and new cyber threats.

Insurance
Insurance is a valuable tool to both manage the potential financial loss as a result of a cyber security incident, as well as navigating the complex maze of handling a claim.  The coverage options are extremely varied as the cyber threats continue to rapidly evolve. You'll want to be clear on the coverage you purchasing as not all policies are equal.

  • Professional Liability Policy
    At the very least, request a cyber coverage enhancement for your professional liability policy. However, coverage is typically very basic with low limits.
  • Cyber Liability Policy
    A customized cyber liability policy typically provides broader coverage. A major advantage is the expert cyber claims support at your disposal to handle and resolve a cyber security incident.

Respond
A cyber security incident is scary for any entity and it is critical to respond quickly.  An insurance policy is invaluable as all it takes is a phone call to report the claim and initiate the incident response.  In the absence of an insurance policy, having the contact information of an expert on hand is very helpful.

What next?

  1. Step back and conduct a basic self-assessment of your existing processes.
  2. Make a commitment to education and best practices.
  3. Get a quote for insurance coverage, either for a standalone policy or a cyber enhancement on your professional liability policy.
  4. Conduct basic research for an expert who could help in the event of a cyber security incident.

Join Us This Month in TFB Premium

We've declared August Bookkeeper Cyber Security Month! As such, our Premium Members get the highly effective online class that shows you exactly how to avoid 95% of the vulnerabilities that cyber attackers look for. You even get a handy checklist and worksheet so you can get results quickly (and save money too).

Join us this month for Cybersecurity for Bookkeepers – 2019 Update in the TFB Premium Membership.

Click Here to Learn More

 

Posted in Articles, Case Studies, Virtual Bookkeeping | Tagged , , , , | 1 Comment

5 Online Tools Every Virtual Bookkeeper Needs

If you're already a virtual bookkeeper running your own business, or you're a professional bookkeeper and have been thinking about starting your own practice, you may be wondering, “How can I work efficiently online and set myself up for (more) success?”

In this age of mobile technology and automation, being a virtual bookkeeper (working via the Internet rather than physically going to your clients' offices) is your best bet for getting more done more profitably.

Here are 5 simple (and inexpensive) tools I recommend for getting the best results fastest.

5 Online Tools for Virtual Bookkeepers

Please note: Some of the links below are affiliate links, which means if someone makes a purchase, I may receive a small referral fee. It may also mean that you get a discounted price because you are a reader of The Freelance Bookkeeper blog. Yep, that fits the TFB win-win standard! 

  1. Cloud-based accounting software

While there are still many small businesses that are using desktop software and spreadsheets to track their financial transactions, moving to web-based software is usually a far better solution for both you and your clients. It's extremely convenient with 24 / 7 access. It's secure. It's always the latest version, and often subscription-based accounting apps are easier on your cash flow because most have accountant programs for discounted for free access.

Some good examples are QuickBooks Online Accountant, Xero, or even Wave, if you work with startups or solopreneurs.

  1. Secure document sharing portal

While email is convenient, as a virtual bookkeeper, you'll likely make extensive use of it (still). However, email is not a secure way to share sensitive information with your clients. You DO NOT want your clients emailing you any documents that contain personal tax identification numbers, login credentials, or bank account information! (And trust me, they will do this unless you proactively guide them and provide an easy alternative!)

As a professional, it is YOUR responsibility to protect your clients’ information, since you are liable for the handling of this needed electronic client data.

A convenient and reasonably inexpensive alternative to sending and receiving sensitive client documents and information is using an online, secure client portal.

Here are two that I use in my own virtual bookkeeping business and recommend:

Encryo – super simple to use (you can use it for free) and convenient to use with email, while keeping everything secure. Good for startup bookkeepers with simple needs or as part of your new client onboarding to collect initial, sensitive information.

NOTE: I've negotiated an exclusive 15% discount off of the first 12 months if you want to use the paid version (which is quite inexpensive). Just use the coupon code: Gabrielle 

SmartVault – This is the main document sharing portal that I use with my clients and have for many years. It's a robust client portal that is secure and can help to streamline your virtual workflow. I couldn't run my virtual practice effectively without it. They will also give you a 15% discount off of an annual subscription if you use the code: TFB15

In case your wondering, yes, I do have a partnership with both of these companies. That's because I only recommend what I use myself.

  1. Electronic payment method

When you work virtually, you should get paid online. It is by far a key way to make it easy for your clients to pay you and to be more profitable yourself. If you use QuickBooks Online, then using QuickBooks Payments is probably the easiest. The rates are reasonable.

The other online accounting software mentioned above also have payment solutions that integrate with their software. It's worth it to sign up for an integrated payment solution, since the small amount you pay in merchant fees is far less then you will spend in time and frustration chasing payments via paper check (not to mention it's just plain faster and safer).

Other convenient, inexpensive and simple-to-use online payment tools are PayPal (which I also use) and GoCardless (if you are in the UK or Europe).

  1. Professional email address

As a virtual bookkeeper, you'll find our field becomes more competitive. Your ability to show your professionalism matters more than ever. In today's gig economy, many are working as freelancers. However, if you expect to be paid premium professional fees, you'll need to stop using free email as your primary business email address. Otherwise, you'll just be seen as a low-cost contract worker rather than a serious business professional.

At the very least, get your own business domain to use for email (even if you don't have a website yet).

It's inexpensive to register a domain name and get a hosting account you can use for email (and later a website). Not sure what domain to get? Try to get your own name, if possible, with a .com. If that's not feasible, try your business name or something similar that will be easy for your clients to remember. Also, don't use dashes, numbers or anything trendy as part of your domain name. (I made that mistake early on.)

Two hosting companies I use personally (yes, I have several business domains as you already know) are these:

Siteground– Their servers are fast, competitively priced and a good choice if you have or will have a WordPress website (most websites these days use WordPress). I use them for one of my most important websites, and the performance has been excellent so far.

Blue Host – Very inexpensive and good customer service for getting a new domain and website. I have used them for years. I don't love how slow website loading can sometimes be, but the great customer service means a lot in my book. So I continue to use them for most of my sites as of the writing of this post.

  1. Website and / or Online business presence

As you probably figured out from the previous point about using a business domain, you will want to have a business website as well, if you don't have one already. I do recommend using a WordPress site (this software is free and usually easy to install on your hosting account). Designing your own site, however, is not as easy as it used to be. I do recommend getting help. If you'd like a future blog post on this topic, please let me know in the comments below.

If you're not quite ready to set up your own website, what you can do?

The next best thing that you can do yourself reasonably fast is set up your LinkedIn profile. This is invaluable for making connections with potential clients and gives you credibility as a professional in our field. This is the first step in setting up your online marketing and networking too. Even if you do already have a website, you should also setup your LinkedIn profile and link it to your website to pull some extra traffic and exposure.

Summary

Knowing which tools you need to start and build a successful virtual bookkeeping business is just the beginning. Having a plan for making them work together with a winning strategy to reach your goals is really the secret sauce that makes it all work smoothly.

If you'd like to save time by learning from someone who has been running a successful virtual bookkeeping business for over 16 years, then my free report might help. It's designed to help with both making the move to virtual and marketing your services online.

Learn more here

If you're already running a freelance virtual bookkeeping business, which tools have you found save you time or are invaluable for staying both productive and secure? Please comment below. I'd love to hear from YOU!

Posted in Articles, Virtual Bookkeeping | Tagged | Comments Off on 5 Online Tools Every Virtual Bookkeeper Needs

Get Bookkeeping Clients Through Social Media

Have you beet trying to figure out whether it's worth your time to try to get bookkeeping clients using social media? Or does this seem like a rather illusive notion?

What have been the traditional ways to get bookkeeping clients?

Prior to social media, most bookkeepers and accountants got their new inflow of clients from word of mouth and referrals. Advertising was another (expensive) less effective option. Word of mouth is still the #1 way for accounting professionals to get new clients.

The downside, is it can make you feel powerless to grow your business. You're mostly at the mercy of others spreading the word about your services for you. That is, others who are preoccupied with their own agendas.

Why does word of mouth work?

Now here's an interesting twist between the age-old way that we've been getting most of our new clients and social media. They both revolve around relationships!

I've long stood by the idea that the most effective marketing for our type of services is relationship-focused methods. Think about it. We're supporting the financial well-being of our clients by assisting them in maintaining accurate records and (hopefully) helping them use that information to become more prosperous and reach their business goals.

It makes perfect sense that the vital role we fill supporting our clients at the core of their businesses should involve trust. Trust is closely linked with relationships.

How does marketing via social media fit in?

It's known that we all do business with those we know, like and trust. In other words, you are generally willing to give your money to those whom you trust to give you the results you're after.

Social media is a way to get to know people and businesses through repeated exposure and relative safety. It also gives you the advantage of being able to ask advice from others who may know or have experience with a business or professional that you are looking to engage. You can more easily get unbiased information. It shortcuts wading through the typical marketing propaganda.

Therefore, social media provides a platform for bookkeepers and accountants to attract potential clients and build that vital trust through repeated exposure and sharing of advice. This is far more effective than the direct-sell approach of traditional advertising. The reach is far greater than via your local community as well. Of course, social media is also a lot less expensive, if you plan it right.

Additionally, you can improve your results with social media advertising to quickly extend your reach beyond those you are already connected to by friends, family and colleagues.

What if you could put this all together in a systematized way?

You absolutely can! In fact, it's easier than ever before! Using what is known as content marketing blended with the principles of more traditional networking methods, applied to the online environment, you can actually take charge and grow your practice consistently.

No longer do you need to be at the mercy of others to send you referrals, or attend local business mixers trying to “sell” your services.

In fact, that's exactly what one of the current courses available now in TFB Premium membership is all about. The class is entitled, Social Media Marketing for Bookkeepers and is available until April 15th.

We cover how to get started the quickest and easiest way on social media. Additionally, the March class (that was released this week) digs deeper into how you can create exactly what will attract the best type of clients for you using content marketing, inclusive of social media.

Learn more about TFB Premium here.

Personally, I have been amazed at the quality of clients that have come to me via social media, with minimal effort. These are not the typical tire kickers you get from ads either. Over the past few years I've had a regular stream of new client inquiries from Facebook, LinkedIn and even YouTube! I'm also working with colleagues who are seeing good success with social media marketing too.

What about you? Have you had new clients come to you as a result of your social media activities? Please share your experiences below in the comments!

Posted in Articles, Marketing, Virtual Bookkeeping | Tagged , , | Comments Off on Get Bookkeeping Clients Through Social Media

Bookkeeping Price Pressure: How Can You Compete?

You know how you've been hearing that automation is coming and that we are facing big disruption that will lead to bookkeeping price pressure and basically end in the demise of the profession as we know it?

Well, it's here! Though don't close up shop just yet.

This is certainly not the first time I've discussed the changes happening in our profession and how I see the vast majority of our colleagues reacting to (or better said, ignoring) the situation. In fact, it was less than a year ago when I highlighted that Intuit has plans for not only continuing with automation, but implementing artificial intelligence (AI) to serve small business clients more cheaply and efficiently than we can.

One of the key consequence for us with automation and AI is downward price pressure. Standard bookkeeping services are therefore being positioned as a low-priced commodity.

If you didn't see the post from last year about automation and AI disruption, you can find it here: The Future is Now – Disruption is on Our Doorstep. In particular, take a look at the video that was shown at QuickBooks Connect back in the fall of 2016 included in that article.

It wasn't just a bunch of bluster. Continue reading

Posted in Articles, Training, Updates, Virtual Bookkeeping | Tagged , , | 10 Comments

High Value Bookkeeping – Overcoming Phone Call Reluctance

Providing high value bookkeeping is what most of us claim we do. But are we living up to our promises?

In this new article series I will be exploring some of the key areas where we should take a hard look at how we are marketing to, and serving, our clients. If we're striving to make the transition from “typical bookkeeper” to a true high value bookkeeping service business, some upgrades may be order for many of us.

It's like a disease the vast majority of us have (including me, sometimes). It's an invisible force that holds us back from directly communicating with clients and prospective clients, in real time, on the phone (or via video conference, or even in person).

While this is often a result of us being of the introvert ilk, how do you overcome the anxiety of picking up the phone instead of just sending email? Continue reading

Posted in Articles | Tagged | 8 Comments