May 2017

Your Firm’s Biggest Threat

By Darren Root, CEO

I remember thinking, maybe 10 or more years ago, that I needed to do more to protect the data in our firm. After all, we had all this personal information—SSNs, DOBs, bank account info—for more than a thousand taxpayers. In addition, we had a master .txt file with data from nearly 7,000 W-2s. Given that vast amount of data, I decided to put an alarm system on our doors with 24/7 monitoring and to configure a dedicated, secure room for our servers with a digital lock preventing unauthorized access. Seemed logical at the time.

To be honest, I didn’t spend much time worrying about the security of our data; I was more worried about a natural disaster. (Would our backup really work?)

Fast forward to today: Security and its potential impact on the viability of our firm is now my biggest concern. I recently attended a thought leadership event at Thomson Reuters in Ann Arbor. One of the presenters was head of the criminal investigation unit for the Internal Revenue Service in Michigan. He told us that 3 to 5 accounting firms each day report to the IRS that they have had their data compromised (stolen).

Three to five firms, every day. And that’s just in one state.

He went on to say that much of the stolen information is listed for sale on the “Dark Web.” Seriously? I thought that was only in the movies. There really is a thing called the Dark Web where crooks buy and sell stolen information.

I know what you’re thinking: “What in the world are some criminals going to do with UltraTax data files?” Quite a lot, it turns out. These crooks are sophisticated, and they know how to use UltraTax, Lacerte, ProSeries and all the rest.

And to make matters worse, they are gunning for small accounting firms. Why go after small firms? Because small firms are an easy target, and we have lots of valuable data.

If you’re like me, you have little understanding of all the security risks that your firm faces each day. Even if you do understand that there are significant risks, knowing how to mitigate them is a whole other issue. Addressing security vulnerability is not a one-and-done proposition. The threats are ongoing and ever-changing. It’s a high-stakes cat-and-mouse game with no end.

I know you’re as busy as you can possibly be, and you don’t need another urgent thing creeping to the top of your list. To help ease the burden, we’re working on a multi-faceted security program to guide you through the due diligence involved in creating a more secure digital infrastructure.

Here is a list of 10 Steps to Cyber Security we will focus on this summer at our Partner Retreats, designed to better inform you on the issues and solutions needed:

  1. Set up your Information Risk Management Program
  2. Network security—Protect your network and filter out unauthorized access.
  3. User education and awareness—Produce user security policies covering acceptable and secure use of your systems. Include in staff training and continually maintain awareness of cyber risks.
  4. Malware prevention—Produce relevant policies and establish anti-malware defenses across your organizations.
  5. Removable media controls—Produce a policy to control all access to removable media. Limit media types and use. Scan all media for malware before importing onto your system.
  6. Secure configuration—Apply security patches and ensure the secure configuration of all systems is maintained. Create a system inventory and define a baseline for all devices.
  7. Managing user privileges—Establish effective management processes and limit the number of privileged accounts. Limit user privileges and monitor user activity.
  8. Incident management—Establish an incident response and disaster recovery capability. Test your incident management plans.
  9. Monitoring—Establish a monitoring strategy and produce supporting policies. Continuously monitor all systems and networks. Analyze logs for unusual activity that could indicate an attack.
  10. Home and mobile working—Develop a mobile working policy and train staff to adhere to it. Apply the secure baseline and build to all devices.

I know, you don’t have the time and/or the skill set to do all of what I just mentioned. Therein lies the problem—and the reason that criminals like small accounting firms. We have valuable data without the skill set to adequately protect it.

Rootworks is working hard to plan education opportunities for you and your staff, develop policies for your adoption, and find vendors who offer affordable, expert monitoring services.

This is a serious issue! Please don’t take it lightly or ignore it. Make sure you register for our Partner Retreats this summer—this will be a valuable discussion.

Tips & Tricks

By Amy McCarty, Education Team

Although it’s in the rearview mirror now, we can’t let go of tax season just yet. It might have been the best or the worst, but, whatever it was, evaluating it now while it is still fresh in our minds is key. The things you decide you want to change are better implemented before extension filing so you can work the kinks out before next year.

  1. What was your average completion time of tax returns?
    • If you are using Practice CS as your project management solution, download the Practice CS Project & Task Management Reports located in the Education Resources. Run the Project Tracking with Days to Complete grouped by Project to get an average for each type of project.
      • This report compares received date to complete date of project.
    • Most firms shoot for a 2-week completion rate.
  2. What was your revenue from tax returns? How does that compare to last year? How many hours did everyone work?
    • If you are using Practice CS for billing, run the Billing Analysis comparing last year to this year and detail by Project.
    • If you are using Practice CS for time entry, run the Production Analysis comparing last year to this year, group by Activity Type and detail by Staff.
  3. Did you implement audit protection this year? How much revenue did that bring in?
  4. That list you were keeping during tax season of the good and bad things, now is the time to review that with the entire team.
    • What was the best thing?
    • What was the worst thing? Does a process or a solution need to change? For example, the only way to receive documents from clients was via paper or email – this requires a solution change – portals need to be implemented. OR, for example, scanning documents was cumbersome because clients give the firm too much information – this requires a process change – clients need to be educated on what they need to provide to the firm

As you go through your tax season evaluation, create a plan or work with a Rootworks coach to develop a plan to make any necessary changes.

The Right Message, The Right People

By Chris Rund, Marketing Team

Building the Foundation for Your Marketing Communications Plan

In our last issue, we discussed the importance of beginning your marketing efforts with the end in mind—namely, setting specific and practical marketing goals, based on the overall strategic vision for your firm. This month, we’ll consider the actions you can take to reach those goals.

This is where the final P of the marketing mix (Price, Product, Place, Promotion) comes into focus—Promotion. Think of promotion as synonymous with communication. Remember, there are two cardinal considerations when you plan to communicate: 1) What will your message say; and 2) Who needs to receive it:

  1. What to say. If your goals are specific (and they should be), then they are each logically tied to a specific segment of your clientele or prospects. What you say needs to be tailored to address the needs, concerns, pain points, etc. of the segment you’re speaking to. For example, if your goal is to add six monthly clients in the dental practice niche this year, then your communications should show an understanding of the needs and concerns of dental practice owners and managers and articulate the benefits of your products and services that satisfy those needs and concerns.
  2. Who should receive the message. There are dozens of ways to communicate with clients and prospects, from media advertising to social media, speeches, trade shows, and so on. Making the right choices on which means to deploy is the key to reaching the right people as efficiently as possible. If you want to communicate with dental practice managers, for example, you should look for opportunities to place your message in places where they will receive it, without unnecessarily paying to reach additional people for whom the message is irrelevant. For example, while it’s true that dental practice managers might see an advertisement placed in the business section of your local newspaper, most of the audience would have no interest in the content; you’d be paying a lot of money to reach an audience that’s too big and not tightly focused on the right people. Look for more efficient means, such as advertising in a trade journal for dental practices in your region, or compile a mailing list of regional practices and create a direct mail or email campaign.

Remember that no single medium will do the job as effectively as a media mix. Using a combination of targeted media to deliver repeated messaging to the right audience will give your communication a synergistic effect. Consider a mix of traditional direct mail, coupled with email, social media, and targeted advertising to give your prospective clients at least half a dozen opportunities to receive your message during a 30-day period.

You can extend this with some non-specific, general awareness touchpoints, such as distributing printed copies of your firm’s newsletter or magazine. Advantage and Academy members, consider Rootworks’ InTheLoop and Advantage magazines as a ready-made source of content for your general awareness marketing efforts. It’ll save you countless staff hours with a turnkey solution. Visit to check it out and order online.

Begin mapping your strategic goals to an action plan of clientele/prospect segments and the media choice to reach them, and you’ll have the foundation to build a solid marketing program this selling season.

Next issue: “The Basics of Email Marketing.”

Advantage and Academy members:

Announcing Two new courses in the Online Learning System

  1. “FileCabinet CS & NetClient CS Implementation” is now live in the Online Learning System. Choose Learn > Online Learning System to get there.This course is designed for firms looking to implement either FileCabinet CS or NetClient CS or both. You will learn our recommended best practices for setup and use. If you have been using both applications, there are also modules that cover just best practices and clean up options to help you evaluate what changes might be made to make your processes easier. You must log into Grow first in order for the course to be added to your dashboard.
  2. “Bookkeeping Strategy” is now live in the Online Learning System. Choose Learn > Online Learning System to get there.This course is for staff members looking to revisit their bookkeeping strategy in their firm. You will learn recommended best practices and go through a process of evaluating what you are doing today to determine what changes need to be made in your current process. You must log into Grow first for the course to be added to your dashboard.

Receipt Bank–QB Desktop on Right Networks Integration:

As mentioned the last couple months: As you know, Receipt Bank currently works seamlessly with Quickbooks Online, and now they want to bring the same benefits to your desktop clients. They’re currently pursuing an integration with QuickBooks Desktop, hosted on Right Networks. This means you’ll be able to enjoy the benefits of Receipt Bank with both your QuickBooks Online clients and your QuickBooks Desktop clients.

Please note that the Receipt Bank – QB Desktop integration is specific to clients on Right Networks.

This new integration functionality will be available to the profession at large in the summer; however, they already have a wait list. Rootworks members will receive priority for the wait list, and, in addition, members are also being offered special pricing.

If you’re interested in integrating QB Desktop clients with Receipt Bank, fill out this registration of interest form, and the team at Receipt Bank will be in touch:

All Members:

  • Our May and June webinar schedule is live. Advantage and Academy members: We have three new staff trainings over the next couple months, including our first staff training on Marketing/Web. Marketing and Web topics will become part of our normal staff training schedule on a quarterly basis to start.
  • Our Q2 Planning Webinar is May 4th. We’ll recap tax season. Be ready to share.
  • Our Spring Technology Webinar is May 18th. We’ll bring everyone up to speed on new enhancements in the software products that we use.
  • 2016 Benchmarking is live.
  • Benchmarking information is visible to partners only.

You're subscribed! Thank you.