• Home

  • Business

  • Protect Your Firm: Knowledge, Process, Policy and Action
5
Protect Your Firm: Knowledge, Process, Policy and Action By Sandra Wiley, COO, Senior Consultant, Shareholder, Boomer Consulting Inc.

Protect Your Firm: Knowledge, Process, Policy and Action

Embed Size (px)

Citation preview

Page 1: Protect Your Firm: Knowledge, Process, Policy and Action

Protect Your Firm:Knowledge, Process, Policy and ActionBy Sandra Wiley, COO, Senior Consultant, Shareholder, Boomer Consulting Inc.

Page 2: Protect Your Firm: Knowledge, Process, Policy and Action

Protecting clients begins with increased intellectual capital. Our clients come to us because of our technical expertise. They expect that we will be able to give them advice and counsel based on the knowledge we have of their business. The reality is we must be able to quickly and efficiently get the answers that we need to serve our clients well. The brilliant part of this task today is that we are moving to the cloud to do our research.

In a recent study by BCI and Wolters Kluwer, our responding audience showed that the research firms are relying on is deeply anchored in online resources. The preference for online research resources was especially pronounced when participants were asked which type of resource they used most often.

The act of staying up to date on regulations is increasing in complexity each day. The expectations of our clients also increase in a world where anything can be researched online. When asked in the survey about how difficult research and building intellectual capital was, a whopping 82 percent of the audience responded they were not highly confident that they have the tools they need, nor the knowledge to properly use them, to deliver the right information to their clients.

In addition to research tools, there is another opportunity to share intellectual capital and improve client service. This involves internal knowledge collection from working with clients in specific verticals or niches. Using tools designed to collect this type of knowledge will improve the speed and accuracy of answers to client questions. Alternately, many of these internal knowledge tools allow for someone to ask a question of firm experts, who can provide answers in a searchable, stored location.

The more we understand how to use cloud-based tools for research and growing our intellectual capital, the more likely we will be to decrease the overall number of hours we are spending in the research area of the firm. In the survey we show that number of hours spent in research is considerable, and we know that the more effective we can make that process the more time we can spend with the client. Tools like CCH® IntelliConnect Direct give access to all kinds of tax data instantly. CCH® KnowledgeConnect™ can be another resource for internal knowledge collection through a collaborative knowledge base and question/answer platform as well.

Protecting through Improved Intellectual Capital

IntroductionIt is an exciting time to be in our profession. The abundance of cloud-based solutions is providing more opportunity than ever before to work faster, communicate better and collaborate more efficiently. However, with new opportunity comes new danger.

Your firm needs to be committed to protecting information assets, including personal data and client documents. As a trusted advisor to our clients, the expectation is that we are aware of threats and are guarding their data. Data privacy and information security are fundamental components of doing business today, no matter how large your firm is.

In this paper we will look at three specific ways of protecting our clients:

1. Protection through our ability to research and improve intellectual capital

2. Protection through policies, procedures and processes

3. Protection by securing client data

FIGURE 1: Sources of Tax Research FIGURE 2: Source of Tax Research Used Most Frequently

0% 10% 20% 30% 40% 50% 60% 70%

Online reference materials by an outside vendor

Free resources via Google®

All Other

0% 20% 40% 60% 80% 100%

Online by outside resource

State Department of Revenue website

Free resources via Google®

CPE Events — Conferences

AICPA, State CPA Associations

Printed reference materials

Page 3: Protect Your Firm: Knowledge, Process, Policy and Action

Protecting through Policies, Procedures and ProcessesAs we turn our attention to processes, let us first think about the process of actual data entry and the ability to move quickly, efficiently and accurately as we build a firm that is protecting client data. The process of entering data is still largely completed manually which leaves the door open for “operator error.” It is also slower and therefore does not help reduce hours to leave more time for deeper client conversations. The move to scan and auto-fill is beginning to catch on, but slowly as the survey shows.

FIGURE 3: How do you get client tax data into your tax system?

0% 10% 20% 30% 40% 50% 60% 70%

Manual data entry

Scan/Auto Fill — Manual review

Scan/Auto Fill — Review of

diagnostic flags

Standardization is the key to any process that a firm uses in protecting data integrity and security. The move to standardization of processes is high on the list of the individuals in the Boomer Technology Circles™. These firms see that standardization will guard against human error, and will help to improve productivity for the entire firm. One interesting result from our survey is that 76 percent of the audience felt that they were somewhat or very standardized in their processes. Our experience shows that firms do have processes, but they are not standardized across the firm. Most firms have a difficult time deciding on the one process that is really best for everyone in the firm. This is an even greater issue for those that have multiple offices.

Process improvement will benefit your firm in three distinct ways:

1. Reducing data entry

2. Identifying errors earlier in the process

3. Streamlining preparation and review

In all cases, these improvements will also protect the client by allowing for greater accuracy, quicker turnaround time and more time to spend with their trusted advisor to find new opportunities for their business.

Protecting through Secure Client DataJust mention the words “Target” or “Home Depot” and you know that you will start the conversation about protecting client data. The world of data security starts and ends with solid policies that are developed and shared often throughout the firm. Data thieves are out to get our personal data in order to ultimately steal from us. Personal data is a hot commodity and we have an obligation to have a plan to protect our firm against these thieves.

The first logical step is to develop a written policy for firm client data security. Our survey participants showed that many have engaged in the act of developing these policies, however with the speed of change in technology today, the act of reviewing those policies, updating them and then sharing them with the overall team may not be happening often enough. The graph below shows how our audience responded. One point is that there is really no excuse with the knowledge we have today to be in the 13 percent with no official security policy. Firm leaders are making a conscious decision to not protect their clients.

The next step after developing the policy is to ensure the policy is well known and followed in the firm. This can happen by training staff on the policy at least one time per year. Have them acknowledge that they have been informed and ensure the policies are being followed by allowing your IT Professional to monitor the policies. Steps that are often taken by firms include the following:

ll Requiring strong passwords

ll Training staff annually

ll Requiring password changes after a specific length of time

ll Requiring encryption on mobile devices, laptops and USB drives

ll Implementing a device management platform that includes the ability to wipe a lost/stolen mobile device

ll Enforcing email retention policies

ll Developing security breach policies and procedures to provide a timely response to potential data breach

FIGURE 4: Which of the following best describes your firm’s policies regarding client data security?

0% 10% 20% 30% 40%

Security policy reviewed at least yearly

Security policy reviewed within the last 1 year

Security policy that is older than 2 years

No official security policy

Page 4: Protect Your Firm: Knowledge, Process, Policy and Action

An additional data breach concern comes with the mobile devices that are in most team members hands today. Firms are recognizing the need to encourage use and also guard the client data that is accessible through these productivity boosters. The trend appears to be for firms to allow team members to use their own devices and then give them parameters for the security on that device.

Firms have another challenge as they look at data security — backing up client data in the event there is a loss. The ability to backup data takes many roads from backing up to a tape and literally taking it home at night to backing up at multiple offsite locations. Our survey shows there is not a clear winner today among this group.

One of the biggest challenges with technology is ensuring that the data that runs the business is both accessible and recoverable in the event of an emergency. Using cloud backup services takes your internal data and moves it to a secure offsite location. This is crucial if you are in a single location.

Cloud applications can provide another way of tackling backup issues. Cloud vendors have an iron clad reason for effective backups — their entire business model revolves around making your data accessible and recoverable. Consider this aspect when upgrading or updating core business applications. Data backups are just one feature of cloud applications, but a very important one.

On the flip side of this coin, cloud applications provide a simple way to add additional features or capabilities to the firm. This is a strong consideration when looking at overall data security. What cloud applications are in use, where and how is that affecting client security? This can be an adversarial point between IT professionals where data security is a top focus, and employees who need to get work done. By working together, the firm’s security can be improved and productivity can be gained as both IT and other staff learn about the best applications to use in the firm.

A final threat to the firm is that of insider threats. What are insider threats? They are the staff members that you have sitting right in your firm today. They are not educated on how they might inadvertently allow viruses into the firm by simply clicking an email. It can also involve giving staff members access to more data than they need. These insider threats could wreak more havoc than we can imagine, but are entirely preventable by taking some precautionary steps. In our survey, we asked firms how they protect their firm against these security threats.

0% 10% 20% 30% 40%

Data backed up via tapes stored offsite

Combination of cloud and tape backup

Data backup via cloud-based

software vendors

Data backup to the cloud regularly (at least monthly)

No backup plan

FIGURE 6: Which of the following best describes your firm’s data backup plan?

0% 10% 20% 30% 40% 50% 60%

Educating employees about potential phishing scams

Actively managing systems permissions so employees don’t

have more access than necessary

Running criminal background checks

Monitoring outgoing network traffic to detect data theft

Developing a system to log and monitor external storage devices

Firm has not taken any steps

FIGURE 7: What steps have you taken to protect your firm from insider threats?

0% 10% 20% 30% 40% 50%

Bring your own device allowed with security measures in place

Bring your own device allowed without additional security measures

All mobile devices are supplied by the firm

No mobile devices allowed

FIGURE 5: Does your company supply mobile devices for business purposes?

Page 5: Protect Your Firm: Knowledge, Process, Policy and Action

All trademarks and copyrights are property of their respective owners.©2015 CCH Incorporated and/or its affiliates. All rights reserved.Join us on at CCHGroup.com/Social12/14 2013-0506-27

For More Information CCHGroup.com/Axcess 800-PFX-9998 (800-739-9998)

How to Protect through Actionll Conduct a security audit. If you don’t know what parts of your business are vulnerable or what data you have that needs to be protected, you can’t properly secure it. It is critical that you work with a professional to audit your entire IT infrastructure — computers, network, mobile devices and cloud applications used (known or unknown) — to determine what you need to do to prevent hackers from accessing client information.

ll Conduct a social engineering experiment. Many firms in the Boomer Technology Circles™ have hired outside companies to create “phishing” emails to be sent to their staff. The technology department then uses the results from the experiment to educate staff on best practices when it comes to email. The firms that have done this regularly have seen a significant drop in viruses and other issues due to email.

ll Educate staff on their important role in security. Your staff is your front line of defense when it comes to security. Sure, hackers can access your network remotely and siphon off data without setting foot in your office. However, vigilant employees (consultants, partners and vendors, too) can ensure that human error — which is a big cause of data security breaches — is minimized.

ll Use multiple strong passwords. Too many of us use simple passwords that are easy for hackers to guess. When we have complicated passwords, a simple “dictionary attack” — an attack by a hacker using an automated tool that uses a combination of dictionary words and numbers to crack passwords — can’t happen. Don’t write passwords down; use password management services, also called identity management solutions.

ll Encrypt your data. Encryption is a great security tool to use in case your data is stolen. For example, if your hard disk is stolen or you lose your USB thumb drive, whoever accesses the data won’t be able to read it if it’s encrypted. Keep in mind that email is not encrypted, but there are ways to make client communication secure and protected.

ll Back up to the cloud. Security is important, but if your data is not backed up, you WILL LOSE IT. Ensure that your data is properly backed up, and test the backup to ensure that your data can be recovered when you need it.

ll Be aware of where your data is stored. Perform a regular application and use audit. Understand what employees are using to perform work, where this information is stored and who has access.

This attention to data security can actually bring your firm full circle. We started this discussion with a look at protecting your client through knowledge advice. Businesses come to your firm for strong advice on financial matters. If you have strong internal security policies that are understood and enforced, you can also protect your clients by sharing what you know regarding data security.

Strong policies and technology solutions are often the end of the discussion on the best ways to protect clients. By bringing the focus of the protection back to client service, we shift from a focus of security and compliance to effective answers, advice and support. We can then offer our clients the security that their business is safe as well.

50%


Failure to protect - DLA Piper Global Law Firm

Failure to protect - DLA Piper Global Law Firm

Documents
Aderant 2012 Solutions Guide: Mange, Grow, and Protect Your Firm

Aderant 2012 Solutions Guide: Mange, Grow, and Protect Your Firm

Documents
Codification of technological knowledge, firm boundaries, and

Codification of technological knowledge, firm boundaries, and

Documents
Essentials of Management Information Systems, 6e Chapter 11 Managing Knowledge in the Digital Firm 11.1 Managing Knowledge in the Digital Firm Chapter

Essentials of Management Information Systems, 6e Chapter 11 Managing Knowledge in the Digital Firm 11.1 Managing Knowledge in the Digital Firm Chapter

Documents
Prime: Our Firm, Your Future - Helping Clients Protect Assets & Build Wealth

Prime: Our Firm, Your Future - Helping Clients Protect Assets & Build Wealth

Economy & Finance
Protect and Save your firm from data loses caused by disasters

Protect and Save your firm from data loses caused by disasters

Business
Practical Strategies for Effective Law Firm Knowledge ... · for Effective Law Firm Knowledge Management ... Practical Strategies for Effective Law ... An essential element of law

Practical Strategies for Effective Law Firm Knowledge ... · for Effective Law Firm Knowledge Management ... Practical Strategies for Effective Law ... An essential element of law

Documents
Law Firm Knowledge Management, An Introduction

Law Firm Knowledge Management, An Introduction

Business
Labour mobility and firm survival inn knowledge ... - ISCTE

Labour mobility and firm survival inn knowledge ... - ISCTE

Documents
HOW FIRM SIZE MODERATES THE KNOWLEDGE AND AFFECTS …

HOW FIRM SIZE MODERATES THE KNOWLEDGE AND AFFECTS …

Documents
Firm internal knowledge blogs

Firm internal knowledge blogs

Leadership & Management
MANAGING KNOWLEDGE FOR THE DIGITAL FIRM

MANAGING KNOWLEDGE FOR THE DIGITAL FIRM

Documents
Firm strategy and knowledge management in strategic supply

Firm strategy and knowledge management in strategic supply

Documents
KNOWLEDGE, STRATEGY, AND THE THEORY OF THE FIRM

KNOWLEDGE, STRATEGY, AND THE THEORY OF THE FIRM

Documents
Managing Knowledge in the Digital Firm

Managing Knowledge in the Digital Firm

Documents
Law Firm Knowledge Management

Law Firm Knowledge Management

Education
Knowledge management in-global-firm

Knowledge management in-global-firm

Documents
Knowledge flow across inter-firm networks: the influence

Knowledge flow across inter-firm networks: the influence

Documents
Management Information Systems 8/e Chapter 10 Managing Knowledge for the Digital Firm 12 MANAGING KNOWLEDGE FOR THE DIGITAL FIRM Chapter

Management Information Systems 8/e Chapter 10 Managing Knowledge for the Digital Firm 12 MANAGING KNOWLEDGE FOR THE DIGITAL FIRM Chapter

Documents
Toward a knowledge-based theory of the firm - Forsiden - … · Toward a knowledge-based theory of the firm ... vertical boundaries of the firm” (Grant, 1996: 109) ... 5.0 Boundaries

Toward a knowledge-based theory of the firm - Forsiden - … · Toward a knowledge-based theory of the firm ... vertical boundaries of the firm” (Grant, 1996: 109) ... 5.0 Boundaries

Documents
University–incubator firm knowledge flows: assessing their impact on incubator firm performance

University–incubator firm knowledge flows: assessing their impact on incubator firm performance

Documents
Knowledge sources of entrepreneurship: Firm formation by ... · Knowledge sources of entrepreneurship: Firm formation by academic, ... Innovative new ventures are at the heart of

Knowledge sources of entrepreneurship: Firm formation by ... · Knowledge sources of entrepreneurship: Firm formation by academic, ... Innovative new ventures are at the heart of

Documents
Law Firm Knowledge Management: A Selected Annotated

Law Firm Knowledge Management: A Selected Annotated

Documents
Law Firm Presentation | Proprietary & Confidential Your... · Law Firm Presentation | Proprietary & Confidential PROTECT YOUR BRAND: INTELLECTUAL PROPERTY FOR HR PROFESSIONALS May

Law Firm Presentation | Proprietary & Confidential Your... · Law Firm Presentation | Proprietary & Confidential PROTECT YOUR BRAND: INTELLECTUAL PROPERTY FOR HR PROFESSIONALS May

Documents
Pertemuan 24 Managing Knowledge for the Digital Firm

Pertemuan 24 Managing Knowledge for the Digital Firm

Documents
Educational Diversity and Knowledge Transfers via Inter- Firm … · Educational Diversity and Knowledge Transfers via Inter-Firm Labor Mobility Marianna Marino⇤ Pierpaolo Parrotta†

Educational Diversity and Knowledge Transfers via Inter- Firm … · Educational Diversity and Knowledge Transfers via Inter-Firm Labor Mobility Marianna Marino⇤ Pierpaolo Parrotta†

Documents
SESSION 10 MANAGING KNOWLEDGE FOR THE DIGITAL FIRM

SESSION 10 MANAGING KNOWLEDGE FOR THE DIGITAL FIRM

Documents
Chapter10: Management Knowledge for the digital firm

Chapter10: Management Knowledge for the digital firm

Education
A knowledge-based, technologically enhanced research firm … · 2016-05-17 · A knowledge-based, technologically enhanced research firm which provides professional ... • Ogilvy

A knowledge-based, technologically enhanced research firm … · 2016-05-17 · A knowledge-based, technologically enhanced research firm which provides professional ... • Ogilvy

Documents
Knowledge dynamics, firm specificities and sources … for Innovasjonsforskning... · Knowledge dynamics, firm specificities and sources for ... continuously born ... food 3.96 1.04

Knowledge dynamics, firm specificities and sources … for Innovasjonsforskning... · Knowledge dynamics, firm specificities and sources for ... continuously born ... food 3.96 1.04

Documents