Category

HR

You Can Never Be Too Careful: Improving Computer Security

By | Accounting, CPA, Data, HR, MIP Fund Accounting, Nonprofit | No Comments

Cyber threats are on the rise worldwide. The costs of a data breach are staggering with the average cost to repair such breaches at $4 million. And if you think your nonprofit organization is too small to be affected by cybercrimes, data breaches, viruses, and ransomware think again: many of the worst threats are to individuals and small businesses and that includes small nonprofit organizations.

One of the areas most vulnerable to external cyber threats is communications. Contact forms on websites, emails, chats, images – all provide a window into your systems through which cyber criminals can enter to wreak havoc. Here’s how you can improve the security of your overall system with an eye towards shoring up the defenses of your communications network.

Questions to Ask – and Answer

The first step to solving any problem is to understand the full scope of the problem itself. To do this, you will need to evaluate all of the possible threats against your organization. Review security and access points including who has access to your systems, website, email server, social media accounts and any external software you may use such as cloud-based storage, file sharing, and other systems.

  • Do you have a written process for granting access and revoking privileges? A written process with a designated administrator controls access to key services and systems. You can detail who can access which systems and what to do when someone’s employment is terminated or they leave voluntarily.
  • Do you have a master list of all of your software and systems? Create a list of all of the software and systems, as well as administrators and contact people in your organization, for all of the software you use.
  • Do you have a process in place for updating your software? Those annoying popups prompting you to update your systems aren’t just for show. Software updates close gaps in the system that programmers find after the initial software releases. These “patches” are often important coding changes that defend against known threats. Regular updates of all of your software and operating systems are
  • Do you have virus protection in place? A virus protection program can screen websites to ensure they are safe and check inbound emails and attachments. Other types of virus programs scan your hard drive for malware, harmless but annoying programs, and other code that gets injected into your computer without your knowledge. It’s smart to have two packages rather than just one; two can often catch more than one.
  • Do you back up your systems regularly? In the event of a cyber attack, having backups ready to restore your systems is vital. Automatic backups can be installed or you can store some of your non-confidential files on a cloud server to keep copies safe.

Communications Security Tips

In addition to these questions and answers, consider a few other security measures to put into place.

  • Assume anyone, at any time, can read your emails. Do not share passwords or other confidential information by email.
  • Consider email encryption services, which encrypt email on your computer so that it can only be read by the sender and recipient.
  • Only open attachments from people you know.
  • Require two-step authentication to sensitive systems and accounts such as bank accounts.

If you’ve checked “yes” to many of these items, then congratulations – you’re ahead of many other nonprofits in the cyber security department.

One last step is to have an emergency plan on hand to restore critical systems in the event an attack cripples your nonprofit’s systems. The FBI virus, a form of ransomware, can infect computers merely through visiting an infected website and it is difficult to remove. It locks a computer so that you cannot use it until the ransom is paid to the criminal. A skilled computer technician or service can remove it but will cost both time and money.

This is just one example of possible threats. As the threats grow, having a backup plan and a plan to keep working while your systems are fixed is critical to keeping your doors open and your work continuing without pause.

Welter Consulting

Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you with your accounting needs. Please contact Welter Consulting at 206-605-3113 for more information.

Encrypt an Email and Secure Your Gmail – Tips and Tricks for Email Communication

By | Abila, Accounting, CPA, Data, HR, MIP Fund Accounting, Nonprofit | No Comments

The greatest threat facing the CPA community isn’t legislation or competition. It’s security as it pertains to our technology. CPAs must be cognizant of the latest security measures to protect sensitive, confidential client data. Technology has made it easy to send information to clients with the touch of a button, but where does that information end up – and how long does it remain accessible?

Such considerations are no longer academic questions. Instead, they are essential to running a secure and confident CPA practice.

Email Encryption: Protecting Sensitive Communications

Emails are by far the biggest offender when it comes to potential data breaches. Most email systems aren’t sent using encryption. Because emails are automatically shared across multiple devices these days, your email lives on long after you attempt to retract or erase it. It’s almost impossible to completely erase all traces of an email from hard drives, backup servers, and the recipient’s servers and devices.

The best way to protect emailed information is through encryption. Encryption “locks” messages so that only the recipient can read them. The recipient’s software automatically unlocks the message so that it can be read. If some third-party swoops in and somehow accesses the email, it cannot read it.

To encrypt your email transmissions, you can use a service that includes encryption. Gmail and Outlook are both good, solid email programs that incorporate encryption into their programming. Both services also include cloud storage, spam filtering, and IMPAP/POP support.

The drawback to using these services is that they use their own extensions rather than your company’s extension address. To rectify this situation, you can important Gmail or Outlook messages into Outlook Desktop.

The steps include:

1. Turn on two-step verification: Go to google.com/landing/2step, click the Get Started button, and follow the steps to set up two-step verification. A code is texted to your smartphone, which you enter to verify the account.

2. From your Outlook 2010, 2013, or 2016 ribbon, select File, Add Account to launch the Auto Account Setup screen.

3. Enter your name, email address (Gmail or Hotmail/Outlook.com), and password, and then click Next.

4. Set up a Gmail alias with your company name:

a. Open your Gmail account.

b. Sign in.

c. Click the Settings gear in the top right corner.

d. Choose Settings.

e. Select from the horizontal menu the Accounts and Import tab, Import mail and contacts,

f. Enter the email address you want to use as a Gmail alias.

g. Enter the password, and if necessary, enter the Pop username and Pop server.

h. Click Continue.

i. Sign in to the account you added

j. Open the confirmation message you received from Gmail

k. Click the link in the email to confirm and establish the connection.

l. To complete the setup, change the From line to reflect your newly added alias email address. For more details on how to set up a Google email address alias, visit Google support.

The process to set up Outlook aliases is similar.

1. Open Outlook.com.

2. Click the Settings gear.

3. Select Options.

4. In the Options menu in the left menu pane, select Connected Accounts, Other email accounts.

5. Enter the alias email address and your email password then click OK.

Keep in mind that encryption through Gmail or Outlook only works if both sender and receiver are using the same service. In other words, your message is encrypted only if you are using Outlook and your client is also using Outlook. If only you are using Outlook or Gmail, messages are encrypted on your end, but not the client’s end.

If you’d prefer, a computer consultant can help you set up a secure, encrypted email system for your business. Or make it a rule that confidential information must be delivered in person or via snail mail, rather than through email. If you’d prefer that no one else see your message, a phone call or letter through traditional mail may be appropriate.

We live in an age where technology can make our businesses more productive and efficient. It can also compromise sensitive client data. Fortunately, a few steps are all that’s needed to secure your email information.

Welter Consulting

Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you with your accounting needs. Please contact Welter Consulting at 206-605-3113 for more information.

Could Your Data Be at Risk?

By | Abila, Accounting, Audit, CPA, Data, Grant Management, HR, MIP Fund Accounting, Nonprofit | No Comments

Could your nonprofit associations’ data be at risk? Even with good security, you may still find yourself in the unpleasant position of ransoming your data from an unscrupulous hacker.

New viruses such as the notorious “FBI” virus do not hijack your computer for their own nefarious purposes. Some viruses lock your computer down so that you cannot access any of its information. Instead, once you pay a fee – like a random in a kidnapping – the hijackers ‘release’ your computer.

If you think this can’t happen to you, think again. What used to be a threat to major targets such as large corporations or government organization is now a threat to anyone at any time. In fact, smaller nonprofits may be targeted more frequently than larger ones because small organizations do not have the means to fight back when they’re the victim of crime. Criminals such as data hijackers look for easy targets or organizations that do not have the financial resources to fight back. Any organization is at risk.

What Is Data Hijacking?

The best prevention against data hijacking is awareness. It’s important to understand what data hijacking looks like and how to prevent it from occurring.

Data hijacking occurs when a computer program called ‘malware’ enters your system. Malware means malicious software. A specific type of malware called “ransomware” enters your system through an infected email or computer virus. Most often, users inadvertently click an email link or download software containing the malicious program.

Ransomware installs on the end users’ computer and encrypts the data on the target computer so that it can no longer be read. The encryption is so sophisticated that only the operator of the program has the key that unlocks it. Hijackers demand payment for the data ‘key’ that un-encrypts or unlocks the data.

How Ransomware Gets Past Security

There are many ways in which data hijackers bypass your organization’s secure to target your computers. One common way is to clone an executive or CEO’s email address or LinkedIn profile. They then use the fake profile to send an email with a link to people in your company. They often target top executives but anyone can be targeted.

Once the link is clicked, it downloads the ransomware and locks the target computer. A message appears on the computer screen demanding payment to release the computer. Hijackers often request payment in bitcoin, an untraceable digital currency that’s easy to convert into cash.

Even after paying the ransom fee, there’s no guarantee your computer will be released. In some cases, the hijackers themselves are unable to decrypt the computers after payment is made to them. In other cases, the hijackers simply disappear with your money – and your data is lost forever.

Preventing Data Hijacking

The best way to combat data hijacking is through prevention. The following steps should be undertaken to protect against lost data from data hijacking:

1. Be vigilant when screening your emails. Do not click on links within emails unless your are absolutely certain it’s from a known sender. The same goes for attachments which can also harbor viruses and malware.

2. Keep your computer programs updated at all times. Patches and updates protect against various forms of malware, including ransomware.

3. Backup your data frequently. Store it on the cloud as well as in storage devices NOT connected to computers or the internet.

4. Use firewalls to segment company data. This way if part of your network is affected by ransomware, you may not lose all of it if some is protected behind a firewall.

5. Block pop ups and disable macros in key programs, which are often used to distribute malware.

If you suspect that your company’s cybersecurity has been breached and ransomware or malware has been launched, disconnect your computer from the internet as soon as possible. That may prevent the malware from downloading entirely or from infecting others.

Next, contact Welter Consulting. We can help you with both the immediate problem and creating a long-term strategy to protect against viruses, malware, and ransomware.

Welter Consulting

Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services to help you with your accounting needs. Please contact Welter Consulting at 206-605-3113 for more information.

Blog #4

Switching from On-Premise to Cloud Solutions: The Experts Weigh In

By | Abila, Accounting, Data, HR, MIP Fund Accounting, Nonprofit | No Comments

By now you’ve probably read quite a bit about the benefits of switching from on-premises to cloud-based solutions. Forrester research reports that 50% of companies plan to increase their cloud spending in the next 12 months. About 92% have prioritized cloud computing as a new initiative in the next 18 months. Cloud computing isn’t the concept of the future; the future is here, and most companies will run at least one or more cloud-based software programs within the next year

As you consider switching all your software to the cloud, you may have questions. What do you need to know to make the transition? What benefits will your organization obtain from the switch? Is the cloud a better solution?

Five Big Benefits of Cloud-Based Systems

Consider the following  five benefits of cloud-based systems and how they may impact your organization.

  1. Obtain a clear picture of financial information: Quickly view the entire financial picture for your nonprofit organization. Cash flow, membership dues, sales from products, event/conference income, and much more can be reviewed easily and quickly. Information from multiple departments feeds into one system to provide a comprehensive big-picture view of the financials for your organization.
  2. Decreased reliance on spreadsheets: Many nonprofits still use spreadsheet-based accounting. Spreadsheets offer a simple method for running basic accounting information but lack the sophistication of combining information into one easily accessible location. Spreadsheets tend to be finicky, with formulas and formatting that can be tricky to use. And one small data entry error on a spreadsheet can lead to multiple problems later. Cloud computing reduces these chances. Reports can be run directly from cloud-based systems without fussing about formatting.
  3. Enhanced visibility: Cloud-based systems enhance and increase visibility of data across all parts of the organization. Everyone shares their information in a cloud-based system, with access available to all departments and team members.
  4. One data source: On-premises software can lead to multiple versions of the same document. Chasing after the latest version and reconciling changes can take a great deal of time. Cloud systems always provide the latest reports and information.
  5. Integrate office processes: Cloud systems integrate front and back-office operations into one system. You’ll no longer need to maintain separate systems for both.

On-premises solutions have many drawbacks. Not only do they lack integration and visibility, but they need updates. Updates must be performed individually on each piece of equipment. Cloud solutions update automatically so that the latest version is always running.

The Main Difference Between On-Premise and Cloud Solutions: ROI

Lastly, the biggest difference between cloud-based and on-premise solutions is the ROI.  With cloud solutions, efficiency increases immediately after adopting the cloud. The system gains in value with a positive ROI as it saves time and money elsewhere in the organization.

Not so with on-premise systems. Such systems begin losing ROI from the moment they’re installed. With constant updates and upgrades, purchases of special hardware and equipment to run them, and salaries for people to maintain them, these systems increase in cost and decrease in ROI.

Clearly, the winner is the cloud. With so many organizations adopting cloud-based solutions and more nonprofit software offered via the cloud, it’s time to make the leap to the cloud.

Welter Consulting

Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you improve and grow your accounting practice. Please contact Welter Consulting at 206-605-3113 for more information.