The US Department of Homeland Security (DHS) Has Issued a Warning of a New “Trojan Horse” Virus
The US Department of Homeland Security (DHS) has issued a warning of a new “Trojan Horse” virus that has been embedded in major systems since 2011 and could bring down the nation’s power and telecommunication systems. The “BlackEnergy” malware is said to be the same used against European companies and NATO earlier this year.
So, how is this relevant for accounting and tax firms?
If this or other disasters actually occur, the Office of Disaster Preparedness of the Small Business Administration calculates that 40 percent of small firms will close for the emergency and never re-open their doors. If the disaster occurs in the middle of tax season for a firm that has not prepared, the rate may even be higher due to the loss of client data. While large firms have the resources needed to conduct sophisticated risk analyses and keep their disaster coverage up to date, smaller firms don’t have a similar level of resources available to commit.
With the 2015 filing season looming, there simply is not time for a full risk assessment and disaster planning effort. But there are five things the firm can do today that could dramatically improve the odds of recovery from the next disaster:
- Update the firm's business insurance. Most firms do not have the disaster insurance they need, or sufficient coverage. For example, offices in New Jersey were surprised in the wake of Hurricane Sandy to learn that their policies do not handle flooding – that type of coverage requires federal flood insurance that is sold separately. Disaster insurance is one area in which small business may be tempted to cut corners, particularly if no disasters have occurred in recent years. Worse yet, home-based practitioners may assume that losses will be covered by their homeowner’s policy. It will not. State and federal aid may be made available, but may also take months or years to receive.
- Perform a complete system backup, and test it. Routine backups are an essential part of system maintenance, and should have been performed at least weekly, if not daily, throughout the year. Whether this has been done or not, it is time for the annual backup of all files. This should be done immediately now that business filings are completed for the quarter, and again once the books have been closed for all clients for the year. For those who networked Windows PCs rather than cloud or other configurations, this is also the time to set a System Restore Point and backup a mirror image of each drive to assist in data recovery. Finally, test each backup. The best backup procedures in the world won’t help if the data is corrupt and cannot be restored.
- Know where to go. Recovery from a disaster, manmade or otherwise, will not happen overnight. Once the immediate threat is over, the firm will need to set up operations at another work site that has available power, water, Internet access, etc. This may mean taking space at a local hotel or conference center outside of the disaster area, or having all employees work from wherever they live. Establish contact with each employee to begin the recovery process. Also, begin an advertising and communication campaign so that both clients and prospects know where to find you. Remember that meeting filing deadlines may still be mandatory, although governments usually extend deadlines to those affected.
- Establish a disaster workflow that enables the firm to continue operations. It may be too late to move any of the firm’s operations to the cloud, but this option should be evaluated. Firms already using cloud-based solutions should contact their vendor to arrange for any additional assistance that may be necessary in the event the disaster actually occurs. Using a cloud-based workflow solution such as GruntWorx will help ease the transition to a new operating location. Finally, remember that clients and customers will also be digging out. It will be necessary to learn from each what their plan is for the workflow of their own company or return. A disaster may not be the best place to prove the value of a workflow solution, but it is the most critical.
- Confirm that the client portal and other communications work as they should. Insurance, backups, and workflow aside, the element that will best define the ability of the firm to survive and thrive is communication. The firm should already have portals established for clients and employees, and these should be tested to ensure they are operated outside of the disaster area and are functional. Remember that land-based Internet may take time to re-establish, but nearly everyone has the ability to access the Internet via smartphones. Cellular communications will be one of the first capabilities restored after a disaster, but some firms also hedge their bets by using a cloud-based telecommunications and conference system such as Skype as a backup. In addition to the broadcast of information via portals, the firm should make every effort to directly and personally contact each client, customer, and employee as soon as possible.
Not every disaster strikes. Storms change their paths, tornadoes disappear into the clouds, fires are controlled, and so forth. But effective owners and partners know – or have learned to their chagrin – that they cannot count on it. With the winter storm season approaching at the same time as tax season, firms should practice taking at least these five steps for preparedness today.