K2E Canada Inc
  • Home
  • TRAINING
    • WEBINARS
    • ROAD TO EXCELLENCE ONLINE SEMINAR
    • SEMINARS
    • TECHNOLOGY CONFERENCE
    • INSTRUCTORS
  • NEWSLETTER
    • Signup
  • ABOUT
  • CONTACT
  • BLOG
  • Home
  • TRAINING
    • WEBINARS
    • ROAD TO EXCELLENCE ONLINE SEMINAR
    • SEMINARS
    • TECHNOLOGY CONFERENCE
    • INSTRUCTORS
  • NEWSLETTER
    • Signup
  • ABOUT
  • CONTACT
  • BLOG

Why You Must Enable MFA

7/5/2021

 
During a recent support call with a person at a consulting firm, I was disappointed to see that they were not using the supplied password manager. The firm provides a license to LastPass; however, the person did not want to be bothered using it or any other password manager. The result, frankly, is that the firm is at significant risk.

The firm uses a remote desktop connection to provide access to a custom line of business application. The only security in place was a username and password to log in. With the security flaws found and patched last year for remote desktop services, hackers are still busy looking for and finding remote desktop connections to attack. Since a password manager was not used to create the password, the password is insecure. I recommend reading the blog post “Your Pa$$word doesn’t matter” to understand how insecure passwords alone are.

So the first thing the firm did was confirm that log-in attempts for a user were limited to 3 before locking out the account. The next step was the implementation of multi-factor authentication (MFA).

There are lots of great options for the implementation of MFA. The MFA chosen by the firm is called Duo, and the reason it was selected is the simplicity of setup. On a test system, I learned how and completed the configuration in under an hour.

You can have password policies, provide password managers, train people on the use of the tools, and in the end, they may or may not comply. There is no choice for an organization but to implement MFA on every computer, application and service. MFA will provide a significant increase in security and, in this case, is now a requirement to connect to the remote desktop. A significant improvement over just using a password, which was most likely not secure.

Organizations must take the necessary steps to protect their networks and data. Implementation of MFA is the least we can do.  

Ward Blatch, CPA CA

Technology Focused Learning - Why It's Now a Business Necessity

12/2/2020

 
Planning your professional education curriculum is a balancing act, with many competing options and mandates, including technology focused learning. In the past, many have viewed technology focused learning somewhat dismissively. The following sentiment summarizes the attitude many have on this topic.

Why do I need to learn more about technology? I already use Excel and email and I can open PDF documents and navigate them with ease. What more is there to learn?

Well, the short answer is there is plenty more to learn, and it’s changing by the day. And that is why technology focused learning is a business necessity today to remain competitive.

The Ever-Changing Technology Landscape and It's Impact on Learning Plans

Consider the following four examples of how technology has changed how we work over just the past few years.

CLOUD COMPUTING

Less than a decade ago, most organizations were still running most of their applications from local servers and resources. In today’s world, having a fundamental knowledge of Cloud Computing is mandatory for success. Why? Because knowledge workers are now running five Cloud-based applications, on average. Given this, it only seems fitting that Cloud Computing should be a component of our technology focused learning efforts.

INFORMATION SECURITY

Information security was once thought to be the sole responsibility of the IT staff. Now, given the explosion of ransomware, phishing attacks, social engineering, and countless other schemes, security is a shared responsibility. No doubt, our IT staffs must continue their efforts, and likely enhance them to ensure adequate protection. But end users must become educated on the risks and be aware when something seems to be out of order. In other words, information security is a now a shared responsibility. In this environment, our information will be only as secure as the least secure link in the chain. Against that backdrop, can we afford not to include security training in our professional development curriculums?

SUBSCRIPTION-BASED SOFTWARE

Subscription-based software – such as Office 365 and Acrobat DC – is further complicating matters and escalating technology focused learning needs. For example, if you are an Office 365 subscriber, Microsoft is adding new features to your applications periodically. This means that you are getting new tools added to Excel, Word, PowerPoint, and other Office applications. Yet, these new features do not increase your productivity unless you are a) aware of their presence and b) knowledgeable on how to use them. Accordingly, on-going learning is necessary to ensure the you are maximizing your return on investment from your subscription-based applications.

EMERGING TECHNOLOGIES

Emerging technologies are coming to market rapidly and some organizations are implementing them almost as soon as they appear. A fitting example of this is Robotic Process Automation (RPA) – a technology that you may already be hearing much about. In a nutshell, RPA allows you to use software-based robots – “bots” – to automate tasks that are rote and repetitive. Stated differently – when implemented properly – this technology can free information workers from manually performing these same tasks. In doing so, it allows these team members to focus on tasks that have greater value to the organization. Further, RPA can reduce labor costs and increase overall accuracy and efficiency. 
Of course, RPA is but one of many examples of emerging technologies that are on the precipice of changing how we work. Unfortunately, those who remain unaware of RPA and similar emerging technologies will not experience the benefits as soon as they could or perhaps should. Again, this only reinforces the need for technology education.

Planning Your Technology-Focused Training

FOCUS ON MISSION-CRITICAL CONTENT FIRST

The first step in planning your technology-focused learning curriculum should likely be to consider the content you need to focus on. For example, if your organization will be implementing any new hardware, software, or other services during the year, then you and your team will likely require training in that area. The extent of that training will depend upon the complexity of the technology you are implementing relative to the current skills and knowledge of you and your team members.

ONGOING MAINTENANCE

A possible second step in planning your curriculum is to consider the need for “ongoing maintenance” training. Included in this category are updates on specific applications and services you already use. For example, if you are an Office 365 subscriber, participating in an update session of relevant new features should be near the top of your list. Likewise, assuming you are running Windows 10, gaining an understanding of new features and tools embedded in your operating system should be a priority. Remember if you don’t know about these new features – and therefore can’t use them – you will not be able to maximize ROI.

SECURITY TRAINING SHOULD BE MANDATORY

As mentioned previously, security training is a virtual necessity in today’s increasingly risky world. Typically, I recommend four to eight hours of security training each year for most business professionals and their team members. You can easily accomplish this during staff meetings or even “lunch-and-learn” type environments; these methods are particularly useful when trying to raise all team members’ awareness of the risky world in which we operate and continually reinforce their responsibilities.

SKILLS ENHANCEMENT TRAINING

In addition to the three categories outlined above, you should set aside time to learn relevant new skills that can make you more productive. To illustrate, consider some of the ubiquitous opportunities available in Excel. Recent enhancements to Excel in the areas of Power Query, Data Models, and Power Pivot set the stage for completely overhauling how many accounting and financial professionals create reports. The same can be said of Microsoft’s Power BI tools too. Unfortunately, relatively few accounting and financial professionals currently have the knowledge to take advantage of these tools. This means that most remain locked-in to stale, inefficient, and outdated reporting processes. When planning your curriculum, be sure to invest ample time in new topics that can expand and improve your skill set.

BECOME FAMILIAR WITH EMERGING TECHNOLOGIES

As indicated previously, emerging technologies appear at an unprecedented pace. Allocate time in your training schedule to become familiar enough with these technologies to know whether they could potentially become useful in your organization. This is not to say that you need to become an expert on each innovative technology. Rather, you should become aware enough of each of these tools to know whether they will impact your business. If you reach the conclusion that they are relevant, then you should likely invest more time in the future to gain a deeper understanding of the technology and its related benefits and risks.

Where to Obtain Your Technology-Focused Learning

TRADITIONAL LEARNING OPTIONS

The number of options you have available today for accessing technology focused learning is virtually unlimited. Formal training programs are offered by many companies (including mine, K2 Enterprises) and can often be scheduled through state CPA society organizations. Options available in this distribution channel include in-person seminars and conferences, webcasts, and on-demand sessions.

Another option is to engage one of the content providers discussed in the preceding paragraph to bring the training directly into your organization. The major benefits associated with this approach include: 1) the ability to customize the content to meet specific needs, 2) potentially reduced costs, and 3) the convenience of scheduling the training at a time and place that is convenient for participants.

Additionally, major technology vendors often sponsor their own conferences, which usually include substantial learning options. These options can be particularly useful if you have a specific training need that centers around a technology sold and supported by the sponsor of the conference.

SOME ALTERNATIVE LEARNING OPTIONS

You may be able to leverage in-house expertise to create and deliver content to other team members. However, you should be aware that this can prove to be an expensive proposition if the discussion leader will need to develop appropriate materials for participants. Also, you should check with the appropriate body to determine if professional education/development credits can be claimed in these environments.

Finally, don’t forget all the on-line resources that are available to you today, including something as simple as YouTube. You may be pleasantly surprised to see how much useful content is available on YouTube and similar platforms.

Summary

Technological innovation continues at unprecedented rates. And, consequently, so too does the need for technology focused learning. Unfortunately, in far too many cases, business professionals overlook the need to improve their technology skills. To address this issue, we recommend technology focused training that encompasses five areas: 1) Mission-critical content, 2) On-going maintenance, 3) Security training, 4) Skills enhancement training, and 5) Emerging technology familiarity. By allocating sufficient time to learning activities in these areas, you will be on your way to maintaining your skills. You will also gain new ones that will improve your productivity and efficiency now, and in the future.

Click Here to learn more about technology-focused training options from K2E Canada Inc.

Tommy Stephens

Multi-Factor Authentication – A Necessity in Today’s World

8/1/2020

 
From the perspective of data security, today’s world is an extremely dangerous one. It is hard to go a single day without hearing about yet another data breach, a phishing incident, or some other form of security nightmare. Yet, virtually all of us have a simple and highly effective security option available in the form of Multi-Factor Authentication (MFA). In this article, we explore MFA and how and why you should implement it to improve the security of your data and reduce the likelihood that you will become yet another victim.

What is Multi-Factor Authentication?

MFA is a security protocol that requires you to log-in (authenticate) to a website or application by using more than just your username and password. With MFA in place, you authenticate to a website or other application by using at least two of three of the following characteristics.

  1. Something you know, such as a username/password combination.
  2. Personal characteristics,  such as a fingerprint, retina scan, or facial recognition.
  3. An item that you have in your physical possession, such as a key fob or a smartphone.

A common form of MFA in use today begins by entering a username/password combination to log-in to a website. Upon doing so, the user receives a numeric code on their smart phone and, in turn, they also enter that code into the website to complete the process of authenticating to the website. The advantage to MFA in this scenario is that someone attempting to “hack” their way into the user’s website would not only need to know the username/password combination, but they would also need to have the user’s smartphone in their physical possession in order to receive the text message to complete the authentication process. And, while this is not an impossible scenario, it is a far less likely one than the hacker knowing the user’s username and password combination. As a result, the risk of the hacker accessing the user’s account is diminished significantly.

Which Apps and Services Offer Multi-Factor Authentication?

Maybe a better question is which ones don’t, because virtually all websites and applications that provide access to sensitive data today offer some form of MFA. For example, most banking and other financial websites support MFA as a means of making it more difficult for a hacker to gain unauthorized access to an account. Similarly, many accounting applications – both Cloud-based and desktop/server-based – also offer MFA as a means of providing advanced security for the data stored in the database. Many mobile apps also offer MFA as a means enhancing security. Even Windows 10 offers MFA as a security option through its “Windows Hello” feature. With this tool, users can log-in using traditional username/password combinations, PIN codes, fingerprint scans, or facial recognition – or some combination of each of these factors. Further, Windows 10 allows users to “pair” their Bluetooth-enabled smartphones to their computers so that if the smartphone is out-of-range of the PC, the PC automatically enters “locked” status; this particular feature is known as “Device Lock.”

How Do I Activate Multi-Factor Authentication?

Of course, the process for enabling MFA will depend upon the application or service in question. However, in general, it will be necessary for a user with “administrative” rights or privileges to activate MFA for an application or service in use by a business. For example, an Office 365 Administrative user can enable MFA for a single Office 365 user or for all users in an organization. On the other hand, an individual user can enable MFA on their banking website (assuming this feature is offered by their bank) by modifying their settings on the site. Notably, virtually all websites, applications, and services through which sensitive information can be accessed offer some form of MFA today. 

What Should I do if Multi-Factor Authentication is Not Available?

If a website, service, or application that you use does not offer MFA, you should contact the publisher to ensure that MF is, indeed, not available. If it is not and you are committed to continue using that website, service, or application, then you should ensure that you adhere to the principles of strong passwords, which include the following:

  • Passwords should be at least twelve alphanumeric characters in length.
  • You should never write your passwords down.
  • Never share your passwords with anyone.
  • Change you passwords  immediately if you suspect that they may have been compromised.
  • You should use a separate password for each website, service, or application you access.

From a practical perspective, most individuals simply cannot comply with the guidelines outlined above and, to that end, password management tools such as Roboform, LastPass, KeePass, Dashlane, and Zoho should be used to help manage passwords. (You can access CNET’s best password managers for 2019 by clicking here.) Remember, if the websites, applications, and services you use do not support MFA, the security of your sensitive data will be almost solely determined by the strength and security of your passwords…this is not a time to be lax with your passwords!

Summary

Data security is a top-of-mind concern for all business professionals today. Yet, all too often these same professionals do not take advantage of the tools that are available to them – such as Multi-Factor Authentication – that can strengthen the security of this data. To the extent that you have access to MFA, ensure that you activate this feature everywhere so that you will reduce the chances that you become yet another victim of a data breach. Remember, cyber criminals are always looking for the past of least resistance; enabling MFA will make that path more difficult, if not impossible, for them to travel in order to steal your data.

Tommy Stephens

Responding to COVID-19 with Remote Access? Pay Attention to Security!

4/1/2020

 
As the world comes to grips with COVID-19, many businesses are responding by encouraging team members to work from home. The rationale behind this action is to reduce the possibility of a contaminated team member encountering other team members, and potentially contaminating them. Unfortunately, not everyone has thoughtfully considered the security ramifications of encouraging team members to work remotely. Consequently, many of these new remote workers may potentially and unknowingly compromise sensitive information. Read this article to learn about five security best practices you need to have in place in these environments.

Do Not Connect through Unsecured Wi-Fi

It’s an unfortunate fact, but many home wi-fi networks remain unsecured. As such, cybercriminals can intercept the data transmitted over these networks easily. Of course, this results in potentially compromising sensitive and privileged information. Therefore, if you work from home and use wi-fi, protect the network at a minimum by requiring a password to establish a connection. Remember, you should never utilize an unsecured wi-fi network, regardless of whether it is in your home, a hotel, or any other venue!

To improve security relative to your internet access while working remotely, consider the following options:
  • Connect to the Internet using wired connections. Not only will they be more secure, but they might also be faster.
  • If wired connections are not practical, secure your wi-fi connection with a strong password. You may need to re-configure your wi-fi router to add this password.

Consider Using a Virtual Private Network to Improve Remote Access Security

Virtual Private Networks (VPNs) create a secure, encrypted “tunnel” in the otherwise unencrypted Internet. Accordingly, the VPN encrypts all traffic that passes through it, even if the network itself is not encrypted. Stated differently, assuming a secure network connection (as described in the previous paragraph), a VPN adds yet another level of encryption to your data. Your IT staff may already have a VPN option in place for you. However, if they do not, you can take advantage of one of many good “personal” VPN’s, including Nord VPN, Private Internet Access, Express VPN, and CyberGhost VPN. (Click to learn more about personal VPNs.)  Either approach helps to reduce your risk of exposing confidential and sensitive information.

Be Aware of Bring Your Own Device Risk

If you work from a computer that you provide personally – as opposed to a company-provided device – are you sure that your device is adequately secured. This risk is known as Bring Your Own Device (BYOD) risk, and it can be quite significant. For devices that your IT staff maintains, they likely implemented necessary security measures already. Examples include ensuring that anti-malware software updates automatically, users do not log-in with Administrative rights on the computer, and unauthorized software cannot run on the computer. But in the traditional home computer environment, often these and other necessary security measures are not in place. Further, because several family members likely use the home computer, you run the risk of compromising data due to someone else’s actions or activities on the device.

In short, when working from home, try to use devices managed by your IT team. When this occurs, we shift the security issues associated with the computer to professionals who should have adequate training for the task. If, however, you must use your device to work remotely, at a minimum, ensure that your operating system and all your applications have the most recent updates available. Also, verify that anti-malware software is installed on the computer and is updated at least daily. These measures help to reduce BYOD risk when working from home.

Watch Out for Leaving Data Behind

Following on the previous point, be careful about where you store your data if you are working on your computer. In these situations, it is common for team members to save files on the local hard disk, as opposed to the corporate server or some Cloud-based resources. Then, when the working environment transitions back to a more routine one, and you return to the office to work, you may realize that all the files you have been working on are still on your home computer.

To address this issue, consider storing all your data on an external hard disk and then taking that hard disk with you to the office when normal operations resume. Better yet, if your organization provides access to Cloud-based storage such as OneDrive for Business, store the files there. That way, you can collaborate with either team members in real-time using Microsoft Office applications.

Is Your Office Computer Turned On?

You can use tools to control your computer in the office remotely. This approach gives you access to all the files on the device and network; it also means that you have access to all the applications installed on the computer. However, there is a downside. The downside is that, with some exceptions, you must leave the computer turned on so that you access it remotely. Of course, while the computer is on and you are not physically present in the office, unauthorized users might choose to run applications and access data from that device. Therefore, you may want to consider asking your IT staff to enable Wake-on-LAN (WoL) on your computer. Without going into a technical discussion, WoL essentially allows you to turn on your computer remotely. With this feature enabled, you won’t have to leave it running 24/7, and, in turn, you reduce your security risk.You can use tools to control your computer in the office remotely. This approach gives you access to all the files on the device and network and to all the applications installed on the computer.

Summary the Need to Improve Remote Access Security

The global pandemic caused by COVID-19 has clearly put us in uncharted territory, on many fronts. Yet business needs to continue with as little disruption as possible. One way that can happen is to work from remote locations to reduce the risk of contracting or contaminating team members. For those who work remotely on a routine basis, hopefully, the five items discussed above have already been addressed. However, for those who are suddenly working in this environment, be sure to address the issues outlined in this article to reduce the risk of compromising confidential and sensitive data. Let’s not make a challenging situation any worse because of a data breach.

Tommy Stephens

    Categories

    All
    2022
    Accountant
    Accounting Software
    Accounting Solutions
    Adobe
    Advisory
    AI
    Artificial Intelligence
    Automation
    Backup
    Bitcoin
    Blockchain
    Business Automation
    Business Continuity
    Business Intelligence
    Business Management
    Cloud Computing
    Collaborate
    Collaboration
    Colonial
    Computer
    COVID 19
    COVID-19
    CPA
    CRM
    Cryptocurrency
    Customer Relationship Management
    Cybersecurity
    Cyptocurrencies
    Dext
    Doc.It
    Ecommerce
    Emerging Technologies
    Entrepreneurs
    Excel
    Forecasting
    Forecast Sheet
    Google
    Grammarly
    HR
    Internal Controls
    Internal Priorities
    KPIs
    LET
    Links
    Management Reports
    Microsoft 365
    Microsoft Office 2021
    Microsoft Teams
    Office
    Office 365
    Online Shop
    Outsourcing
    Pandemic
    Paperless
    Personal Computer
    PivotTables
    Power Automate
    Power BI
    PowerPoint
    Productivity
    QuickBooks
    Quickbooks Online
    Ransomware
    Receipt Bank
    Remote Work
    RPA
    Sage 50
    Security
    Small Business
    Small Business Accounting
    Small Business Accounting Software
    Stockhistory
    Technologies
    Technology
    Tech Update
    Windows
    Windows 10
    Windows 11
    Word
    Work At Home
    Workflow
    Work From Home
    Xcm
    Zoho
    Zoho CRM

    Authors


    Ward Blatch
    Ward provides consulting and training services as the Managing Director of K2E Canada Inc. He joined K2E Canada in 2005 and is responsible for the Canadian operations of this international consulting group, which provides professional development technology education for accountants across Canada and the US. Ward lives in rural Nova Scotia and can be reached at ward@k2e.ca.

    Tommy Stephens
    Tommy is one of the shareholders in K2 Enterprises, affiliating with the Firm in 2003 and joining as a shareholder in 2017. At K2, Tommy focuses on creating and delivering content and is responsible for many of the Firm's management and marketing functions. Tommy resides in the metro Atlanta area. You may reach him at tommy@k2e.com.

    Randy Johnson
    Randy is a nationally recognized educator, consultant, and writer with over 40 years experience in Strategic Technology Planning, Accounting Software Selection, Paperless, Systems and Network Integration, Business Continuity and Disaster Recovery Planning, Business Development and Management, Process Engineering and outsourced managed services. Randy can be reached at randy@k2e.com

    Bernie Smith
    Bernie coaches businesses to develop meaningful KPIs and present their management information in the clearest possible way to support good decision making. As the owner of Made to Measure KPIs, he has worked with major organisations including HSBC, Airbus, UBS, Barclays, Credit Suisse, Lloyds and many more.

    RSS Feed

Training & Education

Webinars
Road to Excellence Online Seminar
Seminars
Conferences
Instructors

Tech News

K2E Canada's Tech Update Newsletter

More

Privacy Policy
About
Contact
K2E Canada Inc.  |  484 Scarlett Crescent  |  Burlington, ON L7L 5M2  |  (905) 633-9772
© 2023 K2E Canada Inc. ALL RIGHTS RESERVED.