1 00:00:00,000 --> 00:00:06,000 < Intro > 2 00:00:06,000 --> 00:00:09,300 – Welcome to another enlightening episode of Count Me In. 3 00:00:09,300 --> 00:00:12,834 Today we have an exceptionally exciting conversation lined up for you. 4 00:00:12,834 --> 00:00:15,667 Our guest today is my fellow podcaster, 5 00:00:15,667 --> 00:00:19,840 and an author on Amazon's bestseller list, Tom Wooley. 6 00:00:19,840 --> 00:00:21,950 He has expertise in corporate accounting. 7 00:00:21,950 --> 00:00:25,160 Spanning sectors like pharmaceuticals, oil, and gas, 8 00:00:25,160 --> 00:00:28,590 and now he's making waves in the realm of cybersecurity. 9 00:00:28,590 --> 00:00:30,830 From big corporations to small businesses, 10 00:00:30,830 --> 00:00:32,834 the tech landscape is ever-changing, 11 00:00:32,834 --> 00:00:35,430 and Tom's insights are here to guide us through it. 12 00:00:35,430 --> 00:00:37,834 We'll discuss the rapid shift to remote work. 13 00:00:37,834 --> 00:00:40,500 The challenges of secure information handling. 14 00:00:40,500 --> 00:00:43,230 The complexities of selecting the right software, 15 00:00:43,230 --> 00:00:45,780 and the impact of new regulations. 16 00:00:45,780 --> 00:00:47,770 Buckle up, as we explore how technology 17 00:00:47,770 --> 00:00:49,570 is shaping the future of accounting. 18 00:00:49,570 --> 00:00:51,000 Tom, welcome to the show. 19 00:00:51,000 --> 00:00:58,000 < Music > 20 00:00:58,000 --> 00:01:00,333 To start off, I just really wanted to, 21 00:01:00,333 --> 00:01:01,469 maybe, you can talk a little bit about 22 00:01:01,469 --> 00:01:03,539 your background and how you got here. 23 00:01:03,833 --> 00:01:05,160 –Hi, Adam, thanks so much. 24 00:01:05,160 --> 00:01:06,690 It's a pleasure to be here. 25 00:01:06,690 --> 00:01:10,100 So I've been an accountant for 15 years, 26 00:01:10,100 --> 00:01:15,333 in the corporate industry before starting my own firm. 27 00:01:15,333 --> 00:01:19,167 I started off in pharmaceuticals, and then went to oil and gas 28 00:01:19,167 --> 00:01:23,666 in more of the financial analysis role 29 00:01:23,666 --> 00:01:27,160 and a lot of management accountancy. 30 00:01:27,160 --> 00:01:29,000 One of the things I used to do a lot of 31 00:01:29,000 --> 00:01:32,290 was whenever we would acquire a new company, 32 00:01:32,290 --> 00:01:35,210 we had to look at their financial systems. 33 00:01:35,210 --> 00:01:36,210 What they had in place, 34 00:01:36,210 --> 00:01:40,470 and then integrate them into our SAP financial system. 35 00:01:40,470 --> 00:01:44,666 All their historicals, and then get them trained, up and running for the future. 36 00:01:44,770 --> 00:01:48,333 So I got a lot of experience, and had a lot of fun 37 00:01:48,333 --> 00:01:53,000 working in accounting technology in my corporate career. 38 00:01:53,000 --> 00:01:55,909 And then decided that, "Hey, there's a lot of technology 39 00:01:55,909 --> 00:02:00,166 to be brought or to be moved over and implemented 40 00:02:00,166 --> 00:02:02,820 in the small business accounting world as well. 41 00:02:02,820 --> 00:02:05,240 Smaller firms need just as much tech, 42 00:02:05,240 --> 00:02:08,499 if not more, sometimes, than the big guys. 43 00:02:08,499 --> 00:02:11,999 And with the way the technology world is moving, especially, 44 00:02:11,999 --> 00:02:14,390 with everything going over to the cloud. 45 00:02:14,390 --> 00:02:19,499 I decided to start my own cloud accounting firm, back in 2015. 46 00:02:19,499 --> 00:02:25,499 And, then, when everybody started going remote, in 2020, 47 00:02:25,499 --> 00:02:28,166 I decided that was a good time to pivot again 48 00:02:28,166 --> 00:02:33,320 and go into cybersecurity, for accountants. 49 00:02:33,320 --> 00:02:36,180 And help other people tackle some of those issues that we saw 50 00:02:36,180 --> 00:02:39,166 as we transitioned to a lot of people working from home, 51 00:02:39,166 --> 00:02:45,332 remote, and just coping with a very wild and flexible world, 52 00:02:45,332 --> 00:02:47,499 over the last couple of years. 53 00:02:47,499 --> 00:02:50,166 – Yes, it's been a very wild and flexible world. 54 00:02:50,166 --> 00:02:52,110 There's been so many things happening 55 00:02:52,110 --> 00:02:53,499 with everybody working from home, 56 00:02:53,499 --> 00:02:56,332 and all the challenges that organizations face. 57 00:02:56,332 --> 00:02:59,190 And cybersecurity is something that's in the news every day. 58 00:02:59,190 --> 00:03:01,739 You see ransomware attacks, and so many different things 59 00:03:01,739 --> 00:03:04,332 that's affecting so many organizations. 60 00:03:04,332 --> 00:03:07,430 Maybe we can start by talking a little bit about 61 00:03:07,430 --> 00:03:08,790 what are some of the biggest challenges 62 00:03:08,790 --> 00:03:11,930 you see organizations facing, when it comes to cybersecurity. 63 00:03:12,166 --> 00:03:15,832 – Absolutely, there are a couple of things that really hit home. 64 00:03:15,832 --> 00:03:20,629 It's how to keep everybody working in a fluid environment. 65 00:03:20,629 --> 00:03:23,849 Where you can access all of your information securely. 66 00:03:23,849 --> 00:03:26,610 How can you find your clients' information securely. 67 00:03:26,610 --> 00:03:30,130 How can you receive it from them securely. 68 00:03:30,130 --> 00:03:32,459 We work in a time where we've got 69 00:03:32,459 --> 00:03:34,832 so many different communication channels. 70 00:03:34,832 --> 00:03:36,370 We have to actually tell our clients 71 00:03:36,370 --> 00:03:41,165 what is a safe and good way to get your information over to us. 72 00:03:41,165 --> 00:03:43,819 And when we started transitioning 73 00:03:43,819 --> 00:03:46,750 from working in the office to working from home, 74 00:03:46,750 --> 00:03:48,620 the biggest challenge that we faced, 75 00:03:48,620 --> 00:03:50,499 and that other accountants are facing is– 76 00:03:50,499 --> 00:03:52,665 how do you go mobile with all of that? 77 00:03:52,665 --> 00:03:55,720 How do you keep it in the cloud and know that it's secure? 78 00:03:55,720 --> 00:03:58,810 And, really, importantly, how do we instill 79 00:03:58,810 --> 00:04:03,360 that trust relationship with our clients. 80 00:04:03,360 --> 00:04:06,665 So that they know that their information is in good hands? 81 00:04:06,665 --> 00:04:12,665 And we started looking at so many different softwares out there. 82 00:04:12,665 --> 00:04:18,100 The second challenge is with a huge buffet of cloud software. 83 00:04:18,100 --> 00:04:19,889 Which one goes with which? 84 00:04:19,889 --> 00:04:21,489 How does it integrate? 85 00:04:21,489 --> 00:04:27,165 And it really came down to what does the process look like, 86 00:04:27,165 --> 00:04:31,332 for internally and externally with our clients? 87 00:04:31,332 --> 00:04:34,998 And that's what we hear a lot; is which software should I use? 88 00:04:35,080 --> 00:04:36,979 How do I implement it? 89 00:04:36,979 --> 00:04:38,498 There are some all-in-ones out there. 90 00:04:38,498 --> 00:04:42,665 Should I piecemeal, together, best in class? 91 00:04:42,665 --> 00:04:44,498 There are just so many solutions. 92 00:04:44,498 --> 00:04:47,831 Accountants don't have time for that, especially, during tax season, 93 00:04:47,831 --> 00:04:49,998 which has been basically year-round 94 00:04:49,998 --> 00:04:51,331 for the last couple of years. 95 00:04:51,331 --> 00:04:53,430 – Yes, I can only imagine. 96 00:04:53,430 --> 00:04:55,639 And also the biggest challenge, too, 97 00:04:55,639 --> 00:04:57,665 is if you're a Fortune 100 company, 98 00:04:57,665 --> 00:05:01,831 you have a lot more financial ability to get a larger software, 99 00:05:01,831 --> 00:05:03,100 a big all-in-one software. 100 00:05:03,100 --> 00:05:06,350 But if you're a smaller organization, or a Mom-and-pop shop, 101 00:05:06,350 --> 00:05:08,680 it's a lot harder to implement those bigger softwares, 102 00:05:08,680 --> 00:05:10,380 and, so, trying to find that challenge. 103 00:05:10,380 --> 00:05:13,331 How do you balance that depending on which organization you're with? 104 00:05:13,331 --> 00:05:14,970 – Yes, that's a great question. 105 00:05:14,970 --> 00:05:21,165 There are smaller softwares like QuickBooks Online and Dropbox, 106 00:05:21,165 --> 00:05:24,009 that people, typically, use when they're starting off. 107 00:05:24,009 --> 00:05:28,831 All the way up to SAP or NetSuite when they're the Fortune 100. 108 00:05:28,900 --> 00:05:33,009 So it really comes down to what is the budget 109 00:05:33,009 --> 00:05:35,498 and how customizable does it need to be. 110 00:05:35,498 --> 00:05:39,664 Something like NetSuite requires not just getting the software, 111 00:05:39,664 --> 00:05:43,498 but hundreds or thousands of hours of customization, 112 00:05:43,498 --> 00:05:45,498 implementation, and training. 113 00:05:45,498 --> 00:05:50,998 And what we really want to go for is finding out how the firm 114 00:05:50,998 --> 00:05:54,350 is interacting internally, and with their clients. 115 00:05:54,350 --> 00:05:59,331 Do they really need something that's super integrated and very expensive? 116 00:05:59,331 --> 00:06:02,430 Or can we put together those best practices 117 00:06:02,430 --> 00:06:05,331 to make something like OneDrive, 118 00:06:05,331 --> 00:06:08,460 Windows, QuickBooks Online, or QuickBooks Desktop, 119 00:06:08,460 --> 00:06:13,497 in a hosted environment, work in the same effectiveness 120 00:06:13,497 --> 00:06:15,497 as those bigger softwares? 121 00:06:15,497 --> 00:06:17,660 – Yes, there are so many different factors. 122 00:06:17,660 --> 00:06:20,331 You almost need a team of people to understand 123 00:06:20,331 --> 00:06:21,990 what your organization is doing. 124 00:06:21,990 --> 00:06:24,164 What your challenges are, and how you're going to be interacting 125 00:06:24,164 --> 00:06:26,164 with the different things to know what, 126 00:06:26,164 --> 00:06:27,090 if I'm understanding you correct, 127 00:06:27,090 --> 00:06:29,997 it's to know what software works best for you. 128 00:06:29,997 --> 00:06:32,251 – Right, I mean, that's the best way to go about it. 129 00:06:32,251 --> 00:06:34,664 And that's what I recommend, is putting together a committee. 130 00:06:34,664 --> 00:06:39,331 Somebody that represents from each department, what their needs are 131 00:06:39,331 --> 00:06:41,831 when it comes to implementing a security software, 132 00:06:41,950 --> 00:06:46,130 and how they are moving information on a daily basis. 133 00:06:46,130 --> 00:06:48,460 One solution for marketing 134 00:06:48,460 --> 00:06:51,930 may not be a winning solution for accountants, 135 00:06:51,930 --> 00:06:54,164 who are trying to move PDFs, 136 00:06:54,164 --> 00:06:55,997 every day, back and forth to their clients. 137 00:06:55,997 --> 00:06:59,664 So, yes, representing in that committee 138 00:06:59,664 --> 00:07:01,830 is a great way to go about seeing 139 00:07:01,830 --> 00:07:05,330 what the use case is, what the needs are. 140 00:07:05,330 --> 00:07:07,997 And, then, finding the right software solution 141 00:07:07,997 --> 00:07:10,997 in, like I said, that sea of what is out there 142 00:07:10,997 --> 00:07:12,164 and what they're all capable of. 143 00:07:12,164 --> 00:07:15,129 – Mh-hmm, and then once you actually find a solution. 144 00:07:15,129 --> 00:07:16,720 You still need to tap into that committee 145 00:07:16,720 --> 00:07:18,590 to say, "Hey, is this actually meeting your needs 146 00:07:18,590 --> 00:07:20,164 and is it working right?" 147 00:07:20,409 --> 00:07:23,039 – Absolutely, it's an ongoing commitment 148 00:07:23,039 --> 00:07:25,663 to working with those groups, and making sure that 149 00:07:25,663 --> 00:07:29,300 implementation goes according to plan. 150 00:07:29,300 --> 00:07:31,449 And things change along the way, sometimes, too. 151 00:07:31,449 --> 00:07:33,250 So that really helps give a sounding board 152 00:07:33,250 --> 00:07:35,830 for, "Hey, this isn't working the way we need it to." 153 00:07:35,830 --> 00:07:37,540 Or, "Yes, we're getting good feedback 154 00:07:37,540 --> 00:07:40,163 from the rest of the people in the department." 155 00:07:40,163 --> 00:07:42,860 And, hopefully, a few trial clients 156 00:07:42,860 --> 00:07:45,997 that have opted in to participate, too. 157 00:07:45,997 --> 00:07:48,163 – Yes, because you need, actually, that real-world experience, 158 00:07:48,163 --> 00:07:50,163 to see if it's actually working, of course. 159 00:07:50,163 --> 00:07:51,163 – Exactly. 160 00:07:51,163 --> 00:07:52,729 – I think one of the biggest challenges, 161 00:07:52,729 --> 00:07:55,330 when it comes to the accounting and finance team, 162 00:07:55,330 --> 00:07:59,330 is that working with other parts of the organization can be difficult. 163 00:07:59,330 --> 00:08:01,220 Whether it's working with the marketing department, 164 00:08:01,220 --> 00:08:03,080 making sure things are meshing together. 165 00:08:03,080 --> 00:08:05,909 How have you, maybe, helped organizations that you worked with, 166 00:08:05,909 --> 00:08:09,496 and you're helping them choose softwares to use? 167 00:08:09,570 --> 00:08:11,050 Have you found that as a challenge, 168 00:08:11,050 --> 00:08:13,229 when you're trying to help implement things 169 00:08:13,229 --> 00:08:15,240 that they have trouble working with other departments? 170 00:08:15,240 --> 00:08:16,659 Or are they coming together, 171 00:08:16,659 --> 00:08:18,280 since we're all kind of breaking down those walls, 172 00:08:18,280 --> 00:08:20,996 since we're all remote in a lot of ways, too? 173 00:08:21,163 --> 00:08:24,663 – I think it's going a lot more granular than that these days. 174 00:08:24,663 --> 00:08:32,496 I would have said, six to seven years ago, an all-in-one integration, 175 00:08:32,496 --> 00:08:35,330 everybody using the same platform is the way to go. 176 00:08:35,330 --> 00:08:36,719 But what we're really seeing 177 00:08:36,719 --> 00:08:39,580 is that there are departments out there 178 00:08:39,580 --> 00:08:42,830 that really want to work within their specialties. 179 00:08:42,830 --> 00:08:46,080 I mean, marketing, wants to work in Salesforce. 180 00:08:46,080 --> 00:08:46,663 – Of course. 181 00:08:46,663 --> 00:08:48,170 – The accounting department is not going 182 00:08:48,170 --> 00:08:50,829 to want to work in Salesforce, it's not the right place for them. 183 00:08:50,829 --> 00:08:55,663 So, really, cybersecurity has become top of mind 184 00:08:55,663 --> 00:08:57,329 and top of conversation so much, 185 00:08:57,329 --> 00:09:02,690 because as we're trying to move into best-in-class solutions 186 00:09:02,690 --> 00:09:05,496 for different departments and scenarios. 187 00:09:05,496 --> 00:09:10,130 Moving that data, safely, has become a real concern. 188 00:09:10,130 --> 00:09:12,829 If everybody is working in NetSuite or SAP, 189 00:09:12,829 --> 00:09:16,163 or something fully integrated, you don't have to worry about it as much. 190 00:09:16,260 --> 00:09:19,880 But when we're looking for the best solution 191 00:09:19,880 --> 00:09:21,820 to help people do their jobs, 192 00:09:21,820 --> 00:09:25,640 in a rapidly changing, very competitive environment. 193 00:09:25,640 --> 00:09:27,162 We want to give them the best software 194 00:09:27,162 --> 00:09:31,162 that they can get their hands on, than what they're used to using. 195 00:09:31,162 --> 00:09:35,329 And, so, that's when the technology industry 196 00:09:35,329 --> 00:09:39,050 has to step in, and find a way to make that work 197 00:09:39,050 --> 00:09:41,010 where it's still secure for everybody. 198 00:09:41,010 --> 00:09:44,100 Where they can work from home on their laptop, if they need to. 199 00:09:44,100 --> 00:09:45,959 They can have that exact same functionality 200 00:09:45,959 --> 00:09:47,610 at their desktop in the office. 201 00:09:47,610 --> 00:09:49,580 Where they've got the printers, and the scanners, 202 00:09:49,580 --> 00:09:52,540 and the other things that we need to do our jobs, 203 00:09:52,540 --> 00:09:54,250 and phone systems, even, too. 204 00:09:54,250 --> 00:09:56,190 A lot of people don't think about 205 00:09:56,190 --> 00:09:57,996 the vulnerability on the phone systems. 206 00:09:57,996 --> 00:10:01,079 But I want to make calls from my house 207 00:10:01,079 --> 00:10:03,329 just as easily as I'm doing it from the office. 208 00:10:03,329 --> 00:10:05,670 And I don't want the clients to know 209 00:10:05,670 --> 00:10:08,580 if they've got to try me at the office or try me at home. 210 00:10:08,580 --> 00:10:10,995 So everything's got to be flexible, 211 00:10:10,995 --> 00:10:14,495 and it's got to be seamless internally and externally. 212 00:10:14,495 --> 00:10:17,329 – Yes, and that's not an easy task to do for any organization. 213 00:10:17,329 --> 00:10:19,240 Whether you have a one-and-done system 214 00:10:19,240 --> 00:10:21,730 or you're piecemealing everything together. 215 00:10:21,730 --> 00:10:24,829 It's quite the challenge for any organization. 216 00:10:24,829 --> 00:10:27,160 And as I'm thinking about of all this, 217 00:10:27,160 --> 00:10:29,540 I know that there are a lot of rules and regulations 218 00:10:29,540 --> 00:10:30,540 throughout the government. 219 00:10:30,540 --> 00:10:31,910 I know the U.S. government, 220 00:10:31,910 --> 00:10:34,829 we had talked about the FTC Safeguard Rule. 221 00:10:34,829 --> 00:10:37,139 Maybe we can touch on how that's affecting people's decisions, 222 00:10:37,139 --> 00:10:39,110 as they're going down the line. 223 00:10:39,329 --> 00:10:45,250 – Yes, so the U.S. government is really moving in that direction 224 00:10:45,250 --> 00:10:48,910 and solidifying a lot of these rules/regulations. 225 00:10:48,910 --> 00:10:53,495 To address what has become insurance company concerns, 226 00:10:53,495 --> 00:10:58,250 client concerns, and concerns voiced by the Big Four, 227 00:10:58,250 --> 00:11:01,800 about how people's data is being secured and moving around. 228 00:11:01,800 --> 00:11:04,828 And a lot of large companies 229 00:11:04,828 --> 00:11:08,829 have had security challenges, recently, like Deloitte. 230 00:11:08,829 --> 00:11:14,328 Where their best efforts are going forward to protecting their clients, 231 00:11:14,328 --> 00:11:17,459 and it's a big investment both in time and financially. 232 00:11:17,459 --> 00:11:20,670 So the government's really moving 233 00:11:20,670 --> 00:11:22,828 with these FTC Safeguards Rules. 234 00:11:22,828 --> 00:11:26,260 The IRS already has the Gramm-Leach-Bliley Act 235 00:11:26,260 --> 00:11:28,010 that has been in place for a while now. 236 00:11:28,010 --> 00:11:30,310 So we're looking at, both, the enforcement 237 00:11:30,310 --> 00:11:34,209 of already existing rules, that are starting to clamp down. 238 00:11:34,209 --> 00:11:36,770 And then we're looking at the FTC Safeguard Rule, 239 00:11:36,770 --> 00:11:40,661 that was supposed to be implemented already, but they pushed it back. 240 00:11:40,661 --> 00:11:43,640 And these rules apply to businesses of all sizes, 241 00:11:43,640 --> 00:11:46,660 which is the really important factor here. 242 00:11:46,660 --> 00:11:51,510 Because in the past, a one to two-person CPA shop 243 00:11:51,510 --> 00:11:53,780 may not have to worry about a lot of these regulations 244 00:11:53,780 --> 00:11:55,950 and the costs that go along with them. 245 00:11:55,950 --> 00:12:01,130 But now it's everybody from that one-person show, 246 00:12:01,130 --> 00:12:04,019 all the way up to the Fortune 100, like you were saying. 247 00:12:04,019 --> 00:12:06,250 So the government is really stepping in 248 00:12:06,250 --> 00:12:09,430 and emphasizing how important it is, 249 00:12:09,430 --> 00:12:12,639 for people's information to be secure. 250 00:12:12,639 --> 00:12:15,328 What they call personally identifiable information. 251 00:12:15,328 --> 00:12:16,449 – Okay, so what does that look like 252 00:12:16,449 --> 00:12:20,460 for your accounting Mom-and-pop shop, 253 00:12:20,460 --> 00:12:22,161 whether they're a fractional CFO office, 254 00:12:22,161 --> 00:12:24,191 or they're an internal accounting team. 255 00:12:24,191 --> 00:12:25,380 What does that look like for them, 256 00:12:25,380 --> 00:12:29,750 as they're trying to adhere to these new regulations? 257 00:12:30,161 --> 00:12:34,250 – Yes, it's a challenge because a cybersecurity person 258 00:12:34,250 --> 00:12:37,550 is not cheap, from a financial standpoint, 259 00:12:37,550 --> 00:12:42,328 it is an investment to go out and get somebody. 260 00:12:42,328 --> 00:12:46,494 Somebody that, right now, the demand is already really high for. 261 00:12:46,610 --> 00:12:50,130 Salaries are going anywhere between 120 and 160, 262 00:12:50,130 --> 00:12:51,790 if you can even find somebody. 263 00:12:51,790 --> 00:12:53,827 – Wow. – So, anyone, right now, 264 00:12:53,827 --> 00:12:56,660 looking at staffing an accounting firm, 265 00:12:56,660 --> 00:13:01,661 is very familiar with how difficult it is to get good people. 266 00:13:01,661 --> 00:13:06,161 And we're looking at that same thing, right now, in the IT industry, 267 00:13:06,161 --> 00:13:09,161 especially, with cybersecurity, because the demand is just so high. 268 00:13:09,290 --> 00:13:14,730 So outsourcing is really their only solution right now. 269 00:13:14,730 --> 00:13:19,180 Because it's not as easy as a virus scanner or malware, 270 00:13:19,180 --> 00:13:22,994 where you can just toss it on the computer and leave it there. 271 00:13:22,994 --> 00:13:28,160 The FTC safeguards goes above and beyond; into employee training, 272 00:13:28,160 --> 00:13:31,494 active threat hunting, and putting 273 00:13:31,494 --> 00:13:35,827 Written Information, Security Policy, what they call a WISP, in place, 274 00:13:35,827 --> 00:13:42,160 So, for smaller companies, it's a big time and training burden, 275 00:13:42,160 --> 00:13:45,410 that really is slipping in there, commitment-wise, 276 00:13:45,410 --> 00:13:47,827 with your continuing education every year. 277 00:13:47,827 --> 00:13:51,494 – Mhm, and, so, that's an added burden because as accountants we, 278 00:13:51,540 --> 00:13:54,827 like IMA has the CMA certification, if you're a CPA. 279 00:13:54,827 --> 00:13:57,610 Everybody knows, if you're in this industry, 280 00:13:57,610 --> 00:13:59,620 you need to keep your continuing education credits up. 281 00:13:59,620 --> 00:14:00,620 And now, all of a sudden, accountants 282 00:14:00,620 --> 00:14:03,827 have to be at least versed in, when it comes to cybersecurity, 283 00:14:03,827 --> 00:14:05,494 they need to learn technology. 284 00:14:05,494 --> 00:14:08,160 Some people are saying, "Oh, you need to do data analytics." 285 00:14:08,160 --> 00:14:10,130 Like "Oh, you need to have data scientists." 286 00:14:10,130 --> 00:14:12,660 There are all these different things that accountants have to do. 287 00:14:12,660 --> 00:14:15,820 How can they stay up to date with these things? 288 00:14:15,820 --> 00:14:17,170 Obviously, outsourcing that, 289 00:14:17,170 --> 00:14:20,660 but what level of understanding do accountants need to have, 290 00:14:20,660 --> 00:14:24,160 in order to be at their best to do this? 291 00:14:24,160 --> 00:14:26,870 Obviously, they won't be able to be a cybersecurity expert. 292 00:14:26,870 --> 00:14:29,327 But what level do you think they need to be at, 293 00:14:29,327 --> 00:14:31,493 to best support their organization? 294 00:14:31,493 --> 00:14:35,199 – Yes, I think specialty training is the way to go with this. 295 00:14:35,199 --> 00:14:37,620 It's something that we can do 296 00:14:37,620 --> 00:14:41,980 on a one to two-day basis, a couple of times. 297 00:14:41,980 --> 00:14:44,550 I like to do it with my clients quarterly. 298 00:14:44,550 --> 00:14:47,810 Just to let them know what the new ransomware attacks 299 00:14:47,810 --> 00:14:50,326 we are looking at, if we've got any vulnerabilities, 300 00:14:50,326 --> 00:14:54,820 and it helps us build what we call a cybersecurity culture. 301 00:14:54,820 --> 00:14:58,300 Where we're talking about not just training 302 00:14:58,300 --> 00:15:02,910 in a one-and-done fashion, but building that mentality, 303 00:15:02,910 --> 00:15:05,290 like you were talking about, with y'all skills programs. 304 00:15:05,290 --> 00:15:08,930 Where internally we're focusing on ongoing education. 305 00:15:08,930 --> 00:15:11,089 Watching for those red flags, 306 00:15:11,089 --> 00:15:13,209 in case our computer is doing something weird 307 00:15:13,209 --> 00:15:15,779 or we're getting any emails that are suspicious. 308 00:15:15,779 --> 00:15:19,493 So these smaller continuing education-type courses, 309 00:15:19,493 --> 00:15:21,279 are really the way to go with stuff like that. 310 00:15:21,326 --> 00:15:24,260 – That makes sense, and it seems like, as organizations, 311 00:15:24,260 --> 00:15:25,930 we need to keep training our people. 312 00:15:25,930 --> 00:15:27,580 To make sure, "Hey, this is what you look for." 313 00:15:27,580 --> 00:15:30,509 I know our organization does a yearly cybersecurity training. 314 00:15:30,509 --> 00:15:31,740 Where it's like, "Hey, a reminder, 315 00:15:31,740 --> 00:15:33,826 look out for these things, look out for those things. 316 00:15:33,826 --> 00:15:35,670 If you get an email from the CEO 317 00:15:35,670 --> 00:15:39,440 saying, 'Hey, what's our routing account number 318 00:15:39,440 --> 00:15:41,510 and account number for our bank account, again?'" 319 00:15:41,510 --> 00:15:43,120 Don't do it. 320 00:15:43,326 --> 00:15:46,159 – Right, the real popular one right now, 321 00:15:46,159 --> 00:15:48,993 is a text message or an email 322 00:15:48,993 --> 00:15:52,826 from an executive level or someone's supervisor 323 00:15:52,826 --> 00:15:54,020 saying, "Hey, I'm in a meeting, 324 00:15:54,020 --> 00:15:56,826 I need you to get me iTunes gift cards 325 00:15:56,826 --> 00:16:01,493 or some other gift cards for the people here in the meeting, as a marketing. 326 00:16:01,630 --> 00:16:02,670 Go get them right now." 327 00:16:02,670 --> 00:16:06,159 And it sounds silly right now, but it's happening. 328 00:16:06,159 --> 00:16:10,992 I mean, people are falling victim to that every day, it's crazy 329 00:16:10,992 --> 00:16:12,449 because it's a numbers game. 330 00:16:12,449 --> 00:16:16,659 So you just got to find somebody in the right place, at the right time. 331 00:16:16,659 --> 00:16:21,579 – For sure, and so we've talked a lot about organizations, 332 00:16:21,579 --> 00:16:23,009 and training, and stuff like that. 333 00:16:23,009 --> 00:16:26,159 What can we do personally, on a personal level? 334 00:16:26,159 --> 00:16:27,710 Everybody has their own personal accounts. 335 00:16:27,710 --> 00:16:29,410 Are there things we all should be looking out for, 336 00:16:29,410 --> 00:16:31,430 and being aware of just to protect our own data? 337 00:16:31,430 --> 00:16:34,110 Just the other day, I logged into an organization, 338 00:16:34,110 --> 00:16:36,560 I forget what institution I logged into. 339 00:16:36,560 --> 00:16:39,270 And it was like, "Oh, by the way, we were hacked, 340 00:16:39,270 --> 00:16:41,490 but none of your account information has gone out. 341 00:16:41,490 --> 00:16:43,826 But your name and email address might be on a list somewhere." 342 00:16:43,826 --> 00:16:46,040 And I'm like, "Should I be worried?" 343 00:16:45,992 --> 00:16:47,659 – I'm really glad you asked. 344 00:16:47,659 --> 00:16:51,825 Because identity theft is really where a lot of this goes, 345 00:16:51,825 --> 00:16:54,190 and I think about it all the time. 346 00:16:54,190 --> 00:16:57,850 And I can tell you, personally, I recommend 347 00:16:57,850 --> 00:17:01,659 when your computer at home 348 00:17:01,659 --> 00:17:04,300 and any other personal device that you've got, 349 00:17:04,300 --> 00:17:06,790 always do their most recent updates. 350 00:17:06,790 --> 00:17:10,992 A lot of people will hit Not Now, Update Later. 351 00:17:10,992 --> 00:17:15,209 But I promise you, they don't make you download and reboot 352 00:17:15,209 --> 00:17:17,240 unless it's something pretty critical. 353 00:17:17,240 --> 00:17:19,659 So always do your updates, 354 00:17:19,659 --> 00:17:23,110 and don't give anything out over email 355 00:17:23,110 --> 00:17:25,992 that you wouldn't tell somebody that they could hold for later. 356 00:17:25,992 --> 00:17:29,440 So don't ever send your personal information via email, 357 00:17:29,440 --> 00:17:34,492 even if it's in a password-protected PDF, those are not secure. 358 00:17:34,570 --> 00:17:37,492 You really want to have it sent through either voice 359 00:17:37,492 --> 00:17:39,660 or an encrypted uploader, 360 00:17:39,660 --> 00:17:41,992 whenever you're moving that kind of stuff around. 361 00:17:41,992 --> 00:17:44,658 And the other thing is, always keep your virus scanner 362 00:17:44,658 --> 00:17:46,590 and your malware scanner updated. 363 00:17:46,590 --> 00:17:50,825 A lot of people don't, or they turn it off out of convenience. 364 00:17:50,825 --> 00:17:54,270 And, then, the number one thing that I will end on, 365 00:17:54,270 --> 00:17:58,179 that everyone is going to hate because even I don't like it. 366 00:17:58,179 --> 00:18:02,992 But it really works, is the multi-factor authentication. 367 00:18:03,080 --> 00:18:06,070 – The dreaded—Please send me a text message code 368 00:18:06,070 --> 00:18:08,720 or pull the code out of your email, 369 00:18:08,720 --> 00:18:12,890 or these authenticator apps that we use, I use Google's, 370 00:18:12,890 --> 00:18:15,390 it works really well, it works. 371 00:18:15,390 --> 00:18:16,980 I cannot tell you how many times 372 00:18:16,980 --> 00:18:20,290 I've gotten a random code in my email, 373 00:18:20,290 --> 00:18:24,000 going, "I don't know what that was for or who requested it, 374 00:18:24,000 --> 00:18:26,158 but I'm glad it is there." – Exactly. 375 00:18:26,158 --> 00:18:30,658 – Because even that little one, even if it takes you two minutes, 376 00:18:30,658 --> 00:18:32,549 to use the multi-factor authentication. 377 00:18:32,549 --> 00:18:35,159 I can promise you it is way better 378 00:18:35,159 --> 00:18:39,070 than having to cancel all of your credit cards, 379 00:18:39,070 --> 00:18:43,650 file a police report, undo any kind of identity theft. 380 00:18:43,650 --> 00:18:47,991 Because it is not a friendly process when we have to go through that. 381 00:18:47,991 --> 00:18:52,190 It's very invasive and it is not fun. 382 00:18:52,190 --> 00:18:54,420 – Yes, that doesn't sound like fun at all. 383 00:18:54,420 --> 00:18:58,280 And, I agree, multi-factor authentication it's annoying, 384 00:18:58,280 --> 00:19:00,370 but I think it's very essential. 385 00:19:00,370 --> 00:19:04,220 Microsoft has an app, too, I use theirs. 386 00:19:04,220 --> 00:19:06,658 But anytime I can set it up, I try to turn it on 387 00:19:06,658 --> 00:19:09,470 because I've gotten the same thing that you've gotten. 388 00:19:09,470 --> 00:19:10,700 Where I've gotten a text message 389 00:19:10,700 --> 00:19:12,830 and I'm like, "Well, I didn't try to log in there." 390 00:19:12,830 --> 00:19:15,100 So I quickly go and change my password 391 00:19:15,100 --> 00:19:17,120 and go update those things. 392 00:19:17,120 --> 00:19:19,270 And I think it's important to be vigilant 393 00:19:19,270 --> 00:19:20,620 about your own personal things, 394 00:19:20,620 --> 00:19:23,350 and the more vigilant we are about our personal, 395 00:19:23,350 --> 00:19:24,830 it'll help us understand how vigilant 396 00:19:24,830 --> 00:19:26,991 we need to be at a corporate level, as well. 397 00:19:27,158 --> 00:19:31,491 – Yes, that's one of my advantages, of going from owning an accounting firm 398 00:19:31,491 --> 00:19:35,157 to owning a cybersecurity firm, that works with accountants, 399 00:19:35,179 --> 00:19:37,860 is I know the pushback, personally, 400 00:19:37,860 --> 00:19:40,720 that I'm going to get from my team when I implement stuff. 401 00:19:40,720 --> 00:19:46,157 So when we look at implementing any cybersecurity, we look at; 402 00:19:46,157 --> 00:19:50,110 is it necessary and effective enough 403 00:19:50,110 --> 00:19:54,000 to warrant the frustration it's going to cause for our employees. 404 00:19:54,000 --> 00:19:58,630 And can we make it work as well and seamlessly as possible? 405 00:19:58,630 --> 00:20:00,870 Because I know, from personal experience, 406 00:20:00,870 --> 00:20:03,799 if it doesn't work or if it's too complicated, 407 00:20:03,799 --> 00:20:05,157 people are going to bypass it. 408 00:20:05,157 --> 00:20:09,157 And, so, you might as well not have frustrated them with it at all. 409 00:20:09,157 --> 00:20:12,824 And I don't lie to people and say that multi-factor 410 00:20:12,824 --> 00:20:17,157 is not a big deal, "It's no problem, just put it in there." 411 00:20:17,157 --> 00:20:19,679 It's a pain, people don't like it. 412 00:20:19,679 --> 00:20:24,020 There's a lot of pushback with employees and executives, 413 00:20:24,020 --> 00:20:25,929 whenever we go to implement this. 414 00:20:25,929 --> 00:20:27,657 And I always drink my own Kool-Aid, 415 00:20:27,657 --> 00:20:30,260 so I know I don't tell anybody, 416 00:20:30,260 --> 00:20:33,450 "This is going to be completely frustration free." 417 00:20:33,450 --> 00:20:35,720 I tell them, "It's absolutely necessary, 418 00:20:35,720 --> 00:20:40,059 but it's only the level of necessary that we need to stay safe." 419 00:20:40,059 --> 00:20:43,324 – Yes, sometimes, inconveniences help us stay safe, 420 00:20:43,324 --> 00:20:44,824 and I think it's balancing that. 421 00:20:44,824 --> 00:20:49,220 And I like what you said, is it worth the people's headache 422 00:20:49,220 --> 00:20:51,970 to help us keep us safe and trying to balance that, 423 00:20:51,970 --> 00:20:54,990 especially, in making those choices as an organization. 424 00:20:54,990 --> 00:20:56,490 – Exactly. – Yes. 425 00:20:56,490 --> 00:20:58,823 Well, Tom, it's been really great talking with you, 426 00:20:58,823 --> 00:21:01,890 getting to know you, and I really appreciate the expertise 427 00:21:01,890 --> 00:21:03,260 that you share with our audience, today. 428 00:21:03,260 --> 00:21:05,440 I know that they're going to find it beneficial 429 00:21:05,440 --> 00:21:07,340 as they're going on their journey, 430 00:21:07,340 --> 00:21:09,823 and their organization, and personally as well. 431 00:21:09,990 --> 00:21:11,990 – Thanks, Adam, the pleasure has been all mine. 432 00:21:11,990 --> 00:21:14,490 I hope your audience and your listeners, 433 00:21:14,490 --> 00:21:15,990 really, get something out of this. 434 00:21:15,990 --> 00:21:16,823 I hope it was helpful. 435 00:21:16,823 --> 00:21:19,157 < Outro > 436 00:21:19,157 --> 00:21:20,657 – This has been Count Me In, 437 00:21:20,657 --> 00:21:23,823 IMA's podcast, providing you with the latest perspectives 438 00:21:23,823 --> 00:21:26,490 of thought leaders from the accounting and finance profession. 439 00:21:26,490 --> 00:21:29,157 If you like what you heard and you'd like to be counted in, 440 00:21:29,157 --> 00:21:31,730 for more relevant accounting and finance education, 441 00:21:31,730 --> 00:21:37,656 visit IMA's website at www.imanet.org.