Our Holiday Gratitude List

Wow – what a year 2018 has been! On the world stage, it started off with a bang with some amazing Olympic Winter games and was followed by a possibly even more exciting World Cup – not to mention all sorts of interesting political developments across the globe (to Brexit or not to Brexit…). On a national stage, much of the later part of the year was dominated by some horrendous wildfires, particularly in California. And although technology is continuing to advance at a rapid pace, science still can’t prove that candy corns are bad. Oh well, there’s always 2019! 

At Joy Accounting, 2018 was also a landmark year. We had a fantastic time meeting together as a team at QuickBooks Connect in San Jose. We continued to partner with small businesses to help them get to the next level. And we had a great time doing it! 

Those of you who know me (Nate) may also know that I love a good top 10 list. Read on for our Top 10 things we at Joy Accounting are grateful for as we close the book on 2018! 

10.  Technology that enables our remote team to connect as if we were in person. We utilize Zoom and Slack every day and are constantly working through daily challenges together and implementing solutions for our clients. And we can do it all in our sweat pants (if we so choose…). 

9. From our unbelievably amazing Accountant Kris: “Having a job that’s always interesting and consistently offers new challenges.” 

8. The ability to do life together with my incredible wife Terra (this one is from me obviously). Many couples don’t get to (or want to) see each other for large parts of the week since they are working in different locations. For most of the last year Terra and I have been working together from our home, and we use that time to brainstorm ways to take both our business and our clients’ businesses to the next level. It is truly a treat!

7. From our rock-star Lead Accountant Adrienne: “Having a flexible job that allows me to be the mom my kid needs.” (Adrienne, that seriously melts our hearts.)

6. The ability to design our business in a way that we’re able to pursue our interests and have a high quality of life. What this means practically is different for everyone on the team. For Terra and I, this means the ability to travel while still providing exceptional service. In 2018 we experienced two enormous bison casually walking through our campsite in Yellowstone, explored tremendous restaurants and locations in France, visited family in Montana and Colorado, and revisited the place I asked Terra to marry me 15 years ago (pictures below). And we did all of this while not missing a beat with our clients!

5. The opportunity to expand our horizons and branch out into new sectors that match with our passion. Recently we’ve taken on our first client in the Non-Profit sector! In one of Terra’s QuickBooks Connect classes, she heard an inspiring quote: “When a small business fails, it’s a family tragedy. When a non-profit fails, it’s a community tragedy.” This quote perfectly sums up why we have such a passion for small businesses in general; it is so difficult to manage a small business alone and we love partnering in a way that makes success more likely. This quote also shows why we are interested in moving further into the non-profit sector – non-profits are often the fabric that weaves a community together. 

4. Another one from Kris: “Feeling like I’m making a difference in the lives of my clients.”

3. Another one from Adrienne: “Having coworkers that are encouraging, collaborative, and fun.”

2. From our spectacularly talented Accountant Laura: “It comes down to our clients. They are amazing. It is so great to see our partnership with them help lead to their success.”

What is #1, you ask? Our team. Terra and I are so grateful for our team and proud of the work that they do. I cannot overstate the importance of hiring only the best; smart people who share your vision and passion. We have this at Joy Accounting – every one of our teammates are truly partners, from initial vision to the ultimate execution. Adrienne, Laura, Kris – thank you so much for everything you do!!!


Demystifying Cyber Security for the Small Business

Seemingly overnight, the technology platforms we came to rely on became much more intelligent, creating a digital persona for each of us and leveraging our preferences to ‘serve’ us better. And although the intention may have been good at the start, the line between ‘serving’ and ‘manipulating’ has increasingly been crossed, highlighting the need to be watchful and vigilant. 

Admit it – if you are like I am (and probably 95% of the population), hearing the question ‘What are you doing to ensure your cyber security?’ simultaneously makes you throw up in your mouth and run off the nearest cliff. On the scale, it’s somewhere between the feeling you get when hearing Christmas music in a Walgreens before Thanksgiving has even occurred and yelling ‘Operator’ into your cell phone after being on hold with T-Mobile for 15 minutes. In other words – on the low end of desirable topics or activities.

Can you imagine explaining our digital world to a 1995 version of yourself? Over the course of the last several years our lives have become increasingly inter-connected via technology, sometimes in obvious ways (think advent of social platforms) and sometimes in much more subtle ways. Seemingly overnight, the technology platforms we came to rely on became much more intelligent, creating a digital persona for each of us and leveraging our preferences to ‘serve’ us better. And although the intention may have been good at the start, the line between ‘serving’ and ‘manipulating’ has increasingly been crossed, highlighting the need to be watchful and vigilant. 

This need to be vigilant has been highlighted by the seemingly incessant drumbeat of large corporations (or political establishments) being hacked. In other words, not only do we need to be careful about where our data lives – we also have to watch out for bad people who are trying to trick us into sharing that data. Just recently I received a note from a hotel chain; on a high level it read something to this effect (note that I’ve taken some liberty with this):

“Dear valued customer – I think you may have stayed in one of our hotels in the last 20 years. Your data (along with a small number of others in the neighborhood of, ahem, 500 million…no biggie), including email addresses, phone number, passport number, favorite NFL team, yada yada yada – has been compromised. The hackers may have gotten your payment information but probably not (and really we have no idea whether they did or not nor do we care to help you). We are so glad you spent money at our establishment (even if you don’t actually remember staying with us). Best wishes for a happy new year and please feel free to stay with us in the future at full cost!”

As a consumer, what do we do with this deluge of information about possible breaches? When you start to peel back layers and really think about our digital imprint as a whole – it can get quite overwhelming.

When you put on your small business owner hat this creates an entirely new layer – not only are you responsible for ensuring that your internal communications and assets are safe, but also those of your customers.

At Joy Accounting, there are a few basics that come to mind that we absolutely rely on. In no particular order, they are:

1) Working with reputable cloud-based technology (like QuickBooksOnline) with bank level security (companies whose entire business models rely on keeping others’ data safe)

2) A good VPN solution (we use VPN Land)

3) LastPass (see the password section below – LastPass is absolutely critical for ensuring our security)

4) Utilizing ShareFile – secure document storage which also allows us to send encrypted emails with sensitive information. This also ensures that no important documents live on our laptops or phones.

5) Reviewing insurance policies to ensure our company has cyber insurance coverage.

6) Being very vigilant about our communication, both with each other and our clients (you will understand how that relates to security as you read through the items below)

Below we have a few tips on some basic strategies that you can implement to create awareness within your team. This is by no means a comprehensive list, but starting with some basics will help you get to a place where your stomach doesn’t turn at the question “What are you doing to ensure your cyber security?”

Creating Awareness Within Your Team

Know what a ‘Whaling Scam’ is and how to handle it

What is it? Someone impersonates an authority figure to get privileged/confidential information or to steal money. For example, hacking an email over public WiFi and then using it to impersonate the email owner.

How do you avoid or minimize the impact?

Only use trusted (password protected) public WiFi. It’s better to use your cell phone as a mobile hotspot.

Have a secondary process to validate information with your staff and clients. If you receive an email (especially if it seems like an odd request or if it involves something important like a money transfer), respond by calling or texting the person to verify and talk through the request (versus just responding to the email).

Do a ‘gut check’ – does the request make sense?

Make sure you have information available on who to notify when there has been a breach – authorities, cyber insurance,banks, etc.

Understand what Ransomware is and how to spot it

What is it? Malicious email with attachment that’s been opened.  Ransomware locks down/encrypts all data until a ransom is paid.

How do you avoid or minimize the impact?

Keep your antivirus updated.

Be an aware user – do not click on attachments or links in emails.

Get cyber insurance.

Make sure you have information available on who to notify when there has been a breach – authorities, cyber insurance, banks, etc.

Understand what a phishing scam is and what to do

What is it? Fake emails sent in an attempt to steal sensitive information,typically passwords or credit cards. These scams have also been used to fake invoices and steal customer and billing data. (and note that they come from a lot more places than the King of Nigeria these days…)

What policies should be implemented?

Be aware – don’t click on links or attachments you weren’t expecting. It’s always best to go directly to a website and not click on the link in the email.

Phishing Testing – send emails to your employees and see who opens the links and who doesn’t

Gut check – were you expecting this? Even if you were, a good rule of thumb is to not click on the link. 

Double-check the email address that the email came from. Does it look legit? Google, Paypal, Yahoo, and Apple are the most impersonated websites. The phishing scams are becoming so good that it’s very difficult to tell a real email/website from a scam.

Know how to spot and how to handle privilege misuse

What is it? Use of employee rights to access data that is abused either accidentally or maliciously to steal private data. For example, an employee leaves a firm and downloads client data before leaving. Or an employee downloads data legitimately to work on a mobile device and the device is stolen. Both situations have legal implications!

What policies should be implemented?

Communicate privilege/confidentiality policies with staff and have employees sign a policy every year.

Take training on data security and the proper use of client data.

Use Share File to request sensitive information such as tax returns, W-2’s, bank statements, etc.

Use “technical fences” such as bitlocker on laptops to encrypt hard drive data.

Know who to notify when there is a security breach: Clients, the State Attorney General and the U.S. Attorney General.

Know good password practices and how to avoid weak passwords

Why is this important? Weak passwords can lead to a network breach allowing hackers to obtain sensitive financial information and forcing owners to provide credit monitoring for all clients for the next year.

What are some policies to implement?

Use strong, complex passwords. 

Do not use the same passwords for multiple sites. If one site gets compromised, then they all get compromised.

Use longer passwords, 20+ characters.  Passphrases are better and stronger than passwords and easier to remember.

Don’t use easily identified personal information in your password – family names, pet names, street names, birth dates, etc. Avoid simple, sequential, or repetitive numbers and simple, obvious terms.

Don’t share passwords, even to websites like Netflix, especially if you use the same password (or a version of the same password) to multiple sites.

There are software programs used to just break passwords, don’t make it simple for the hackers. 

Change the SSID (name) and password on your WiFi router. 

Use LastPass and let LastPass create the password for you.  Do not keep LastPass signed in when you turn on your browser or it defeats the purpose of using the software.

Use multi-factor authentication such as a password and a text when a service or website allows you to. Two-factor verification should be 1) something you know and 2) something you have. For instance, when using an ATM, use your PIN (something you know) and your card (something you have). When using a website, use your password and a text message with a code to enter.

Change passwords regularly – every 60-90 days, especially when using banking websites.

Change passwords immediately upon staff turnover.

Be alert and aware. If you notice a breach or hear of one in the media, take action quickly. Change your passwords, change your security questions, or contact the owner of the website.

Secure your security. Use strong security questions so a hacker can’t easily reset your password. Don’t use your mother’s maiden name. If you have to, make one up. Just don’t forget what it is!

Don’t allow your credit/debit card or banking information to be stored on websites. If there’s a breach, you’ve now made it easier for the hackers to access that information.