One of the aspects of what we must do and be at MoneyPenny is hyper-focused on client security. Each accounting, tax, and audit business we deal with always asks about our security. Even before Covid, we were always conscious that we are held to a high standard. We try our best every day to meet that standard. So it was with total amazement that just last week I had two situations arise that threw me for a loop as to how much of a higher standard we are really held to.
I was requested by a current client to come to the offices of a fellow accounting firm they had a friendship with and consult on selecting a workflow app, setting up how that would work within the firm, and developing procedures to allow them to grow more effectively. Covid, as it did with many firms, overwhelmed them and they mentioned that things were askew. They wanted a year-end review and adjustments in preparation for the upcoming tax season. They trusted my client to assist them, and my client asked me to come along to assist as I had done this with their firm previously.
It has been since January of 2020 that I have been to an accounting office. Being virtual before Covid was one thing as even then I still met with clients across the US live for some consulting. But since 01/2020 everything was virtual. And over this last year, many firms have seen the light of day on cloud systems, digital signatures, and security. Now as much as we want to be totally paperless, AI, digital, neat, and tidy; compliance and SMBs can make one often feel like Sisyphus. But overall, most people, I thought, got it during Covid. Paperless and digital are here to stay and there is no going back. How wrong I was.
Paper, paper, paper stacks of file folders. File folders in banker boxes are all nicely organized and dated. An admin assistant that spent her whole morning printing and collating. Was I in the 1980s? Nope, it was 10/2021 and they were still getting client copies sent out. They were all manually signed and had an invoice on top. Surely with Tax software hosted on the cloud, and digital signatures this was just a mistake? Nope, it was simply a matter of this is how we have always done things. Where were these copies printed from? The server of course after they download the PDF to the client folder on the local server. Why? Because the admin may need to retrieve it, so she needed it on the server, which was her PC at the front desk. Could not let her on the hosted server with the tax software? Not posting the answer cuz it was about, you guessed it, money. How much were all the paper and filing accouterments? And her hours to do this? Yep, you don’t want to know my reaction.
Forty-five minutes into this endeavor my client and I had to walk outside. Then we calmed down walked back in and just wrote on the whiteboard, security breach after a security breach. From physical to internet hacking, from redundant systems, to what the cost was then and the potential cost of a breach. We never did get to the workflow on that visit. But I left thinking well, this is an unusual case. Alas, it was not so.
Two days later my son-in-law posted pics of my granddaughter at a pumpkin patch on Facebook. Pics of my kids and grandkids are the only thing that gets me on Facebook since my mum passed. My daughter and her daughter with pumpkins and their beautiful auburn hair, ahh fall is my favorite season. But just below those pics, I saw a posting from an accountant asking for recommendations on the type of backup drive to back up her clients’ tax returns from her, wait for it…laptop. Based on many of the responses I am sure she got lots of WTF (without actually saying it) and recommendations to perhaps do this in a more secure fashion. I did mention security could be an issue even with a backup drive and provided a link to my hosting provider Coaxis and cyber security specialist Tech4Accountants then logged out.
We did quite a few tax return preps at MoneyPenny and all our client firms are very conscious of security and they know we take it seriously. I cannot guarantee perfection, but I can strive for it. From controlled, no wifi access, (hard wired only) no active USB ports, no mobile devices, to regular cyber security training, annual 3rd party cyber audits and an awesome managed service provider that tests us regularly We try every day to recognize the importance of the job we have been tasked with. And not one dang, already assembled return, ready for final review and digital sign-off, ever loaded to a local device.