Hurricanes are no joke.

Friday, July 2nd, 2010

On Sunday night, August 24, 1992, Hurricane Andrew ripped through South Florida and caused more than $26.5 billion in damages. Our firm’s offices were closed for two full weeks – power in the neighborhood was out for a week, and then we were closed for another week to replace the electrical panel that had been flooded and the air conditioning towers that had blown off the roof. The name Andrew was retired by the National Weather Services, and replaced by the name Alex.

If you were in South Florida in 1992, you won’t forget that hurricanes are no joke.

Hurricane season runs June 1 through November 30. Building a “culture of readiness” for your family, employees and business will help you make good decisions and provide you with options to minimize the effects of a disaster like Andrew.

If you don’t have a plan, start planning right away.   Ask yourself:

• Who is my emergency management team, and what tasks should each of them be assigned?
• Which staff, materials, procedures and equipment are absolutely necessary to keep the business operating?  
• What are my backup plans if any of these are unavailable? 
• Can employees work at home if necessary? 
• What is my communications plan – how will employees know the status of the business and whether they should try to get to work?  How will I know all employees are safe?
• Which customers should I make sure to contact immediately, to let them know the status of the business?  Do I have their contact information easily available?

To learn more about how to prepare your business and minimize the effects of a hurricane or other disaster, register for my free breakfast seminar on July 22nd.  You’ll get important tips and answers to your questions, and receive a free copy of the Kaufman Rossin Disaster Preparedness Guide. 

Jorge Rey is Director of Information Security for Kaufman, Rossin & Co., one of the top CPA firms in the Southeast.  He can be reached at jrey@kaufmanrossin.com.

7 tips to protect your new venture

Monday, May 10th, 2010

New business ideas are hatching every day.  Whether you’re capitalizing on the Green Movement with a new solar-powered motorcycle or marketing the Fountain of Youth to aging baby boomers, starting a new venture brings  both opportunity and risk.   

One important risk area many entrepreneurs neglect is the risk to your data. Did you know that a business can be held responsible for identity theft if you don’t protect your clients’ sensitive personal information? This is no small matter: the chance of a data breach increases every day; the risks to your financial well-being and your reputation are enormous. 

What should an entrepreneur do to protect your data at this very delicate stage of the business lifecycle?   Here are some important tips for new businesses…and existing ones.

1. When you design your network, you’ll want to provide remote access. But make sure to protect sensitive data. Your network should be protected with firewalls. Publicly accessed servers should be segregated from the internal network. If you are planning to use a wireless access, take additional steps to protect this access point.
2. Install anti-virus software and update it regularly.  New viruses crop up daily – old software won’t protect you.
3. Implement a business continuity plan that takes into consideration business process priorities, maximum allowable downtime and cost associated with downtime.
4. Implement physical security devices (e.g. cameras, card readers).  If  your hardware leaves the building, your data goes with it!
5. Require strong passwords, and mandate frequent changes.  If staff will be using laptops outside the office, consider hard drive passwords that protect your data even if the hard drive is removed.
6. Develop and implement an Information Security Policy.   Make sure your employees are trained on the policy.  Include:
   • policy maintenance
   • asset management (including information handling)
   • physical and environmental security
   • communications and operations management
   • access control
   • information systems acquisition
   • development and maintenance (including vulnerability management)
   • information security incident management
   • business continuity management, and
   • compliance with legal requirements.
7. Outsource services that support your business but are not core to your organization.  These include  IT support, email messaging, on-line back-ups, and more. These disciplines change rapidly, so using outside professionals is the safest choice.  But perform the proper due diligence to engage the right vendor.   Review audited financial statements, service delivery capability, internal controls and security (e.g. SAS 70) and insurance.  Ask for references, and check them.

On yearly basis, review regulatory requirements and verify that your policies address them.   Make sure your procedures are updated as changes in your business occur.   Verify internal compliance with your policies and monitor third party vendors.  And train your employees — the new ones as they join you, and the existing ones annually!

Jorge Rey is Director of Information Security for Kaufman, Rossin & Co., one of the top CPA firms in Florida.  He can be reached at jrey@kaufmanrossin.com.
 

Why did the accountant cross the road?

Monday, April 19th, 2010

Some have said he did it just to get a laugh.

Others have said she did it to help the chicken with his tax return. 

And some accountants would certainly cross the road to win the Corporate Run!

At Kaufman, Rossin, we believe that laughing together is an important part of a healthy environment.  Joy at Work is one of our core values, and we like to think it’s one of the reasons we were named Best Place to Work again this year. 

So we’d like to spread the joy of laughter today and ask for your help filling in the punch line.

Tell us your punch line – Why did the accountant cross the road?

Who is guarding your wall?

Tuesday, April 13th, 2010

You may have skimmed the story earlier this month that talked about Chinese espionage gangs hacking into government computers.  Among other things, they obtained reports on Indian missile systems, the travel plans of NATO forces, and a year’s worth of the Dalai Lama’s personal email. 

We’re not the government, you may have thought. Our data isn’t important enough to steal. 

Think again. 

• Got customers?  Take credit cards?  Your data is worth stealing.
• Got patients?  Keep track of their medical records?  Your data is worth stealing.
• Got clients?  Keep files related to litigation, transactions, other legal matters?  You’re a target.
• Got employees?  Keep their social security numbers?  Definitely worth stealing.

You are as secure as your weakest link.  And take heed, your weakest link will be exploited. 

The Chinese built the Great Wall to protect themselves from their enemies: Huns, Mongols, Turkic peoples, and other nomadic tribes.  But, as Genghis Khan said, “The strength of walls depends on the courage of those who guard them.” He and his Mongol hordes bribed a Chinese official to open the Great Wall forts.  Thus the Mongols conquered China. 

The Great Wall offered no security to the Chinese when invaders identified vulnerabilities and exploited them. All it took was a simple payoff.   How confident are you that your information security can’t be breached?

If you said 100% confident, you’re fooling yourself, and you may be seriously at risk.  I recently wrote about seven “tales of woe” that happened at companies.  (Pay particularly attention to items 3, 4 and 5.)   Trust me, every industry is vulnerable.    And the risks to your clients, your reputation, and your wallet increase every day. 

If you haven’t had an independent information security assessment in the past twelve months, the Mongols may be about to exploit your weakest link.

Jorge Rey is Director of Information Security for Kaufman, Rossin & Co., one of the top CPA firms in Florida.  He can be reached at jrey@kaufmanrossin.com.