Why business owners should regularly upgrade their accounting software

Many business owners buy accounting software and, even if the installation goes well, eventually grow frustrated when they don’t get the return on investment they’d expected.

There’s a simple reason for this: Technology is constantly changing.

Technological improvements are occurring at a breakneck speed. So yesterday’s cutting-edge system can quickly become today’s sluggishly performing albatross. And this isn’t the only reason to regularly upgrade your accounting software.

Here are two more to consider.

  1. Cleaning up

You’ve probably heard that old tech adage, “garbage in, garbage out.” The “garbage” referred to is bad data. If inaccurate or garbled information goes into your system, the reports coming out of it will be flawed. And this is a particular danger as software ages. For example, you may be working off of inaccurate inventory counts or struggling with duplicate vendor entries.

On a more serious level, your database may store information that reflects improperly closed quarters or unbalanced accounts because of data entry errors. A regular implementation of upgraded software should uncover some or, one hopes, all of such problems. You can then clean up the bad data and adjust entries to tighten the accuracy of your accounting records and, thereby, improve your financial reporting.

  1. Getting better

Neglecting to regularly upgrade or even replace your accounting software can also put you at risk of missing a major business-improvement opportunity. When implementing a new system, you’ll have the chance to enhance your accounting procedures. You may be able to, for instance, add new code groups that allow you to manage expenses much more efficiently and closely. Other opportunities for improvement include optimizing your chart of accounts and strengthening your internal controls.

Again, to obtain these benefits, you’ll need to take a slow, patient approach to the software implementation and do it often enough to prevent outdated ways of doing things from getting the better of your company.

Here at Hobe, we see more and more clients ask about new technology for their businesses, especially for accounting software. With so many different accounting software platforms on the market, many need our help deciding which one would work best for them. To help decide, our first questions are geared around their business goals and where they see themselves in two to three years. With how quickly technology updates, we make sure to stay tuned in to a business as much as possible.

Are you in the process of evaluating new accounting software for next year?  Read our Technology Consulting offering and let us know.  We can help you set a budget and choose the product that best fits your current needs.

Four things businesses need to do now to protect themselves against cyber attacks

by: Louis V. Loparo, CPA.CITP

Cyberattacks targeting small businesses (SMBs) are becoming more prevalent every day.  According to Keeper Security’s “The State of SMB Cybersecurity” report, a staggering 50 percent of small and midsized organizations reported suffering at least one cyberattack in the last 12 months where the average cost of a data breach involving theft of assets totaled $879,582!  In fact, the global cost of cybercrime will reach $2 trillion by 2019, a threefold increase from the 2015 estimate of $500 billion.

We frequently get questions or are involved in conversations with our clients regarding the protection of their sensitive data. In the past year alone, we have seen a huge increase in security breaches, attempted theft of data and identity theft. As this becomes a bigger problem, it is critical to stay informed.

What are the most common cyber crimes and how you can help protect your business with minimal exposure?  We’ll discuss each below.

The three most common cybercrimes are:


Ransomware attacks have become more sophisticated. Historically, they have been delivered through spam emails that were easy to identify. They are now targeting industries and specific people. For instance, a financial advisory firm will get an email that states “Here are my investment statements for your review, let me know if you are interested in taking on a new client”. Once they click on the attachment or URL, the malware will begin to encrypt files on the local drive and possibly attempt to connect to network drives and do the same. Users usually are not aware they have been infected until it is too late. They will no longer be able to access the files and at some point will receive a message demanding a ransom payment in exchange for decrypting the files.  Organizations may end up paying the ransom if they do not have good backups and getting the data back is critical.


Phishing attacks rely on social engineering to gain access to sensitive data. It is an age-old scam of thieves tricking people into giving them sensitive information so they can gain access to sensitive data. The targeted data includes but is not limited to: email account access, banking usernames and passwords and personal info such as names, social security numbers, address and date of birth. Once they have the data it can be sold on the black market, used to hijack a bank account or used to gain access to more data. The term used for this kind of data is “PII”, or Personally identifiable information. Most states, including Ohio, have specific laws regarding the security of PII. According to the Verizon DBIR, 30 percent of phishing emails are actually opened, and 12 percent of those targeted click on the infecting link or attachment.

Data Theft

Data theft occurs when a cybercriminal gains access and steals sensitive data. The theft can occur by hacking into a system, stealing hardware or internal theft. Some of these crimes target larger organizations. Data thefts can be very expensive and damaging. Two widely publicized thefts include Target and United States Office of Personnel Management.


Now, we’ve compiled our list of the top 4 actions your business needs to take to help protect yourself and your data:

Examine your IT infrastructure

You may want to consider investing in a security audit. At a minimum, you should do an internal assessment to ensure all your machines are patched with the latest software updates, verify your firewall is working properly and all the updates are current, require complex user passwords and monitor systems using antivirus software.

Educate your users

Constant user education is required. Remind people of the value of the information they have access to and their responsibility to protect it. Most breaches stem from user carelessness or lack of education. At a minimum, on an annual basis, hold mandatory security classes and require users to read and sign off on the internal company policies. Continue to communicate to them the new scams and threats that arise throughout the year.

Be ready to respond to any incident

Have an action plan in place in the event that an incident occurs. The action plan can be written or verbally communicated. The important part is that the users know who to contact and how. That contact person or team will need to be knowledgeable and have the ability to make quick decisions to do everything needed to rectify the issue and minimize the damage. It is impossible to have a plan for every potential incident, which is why it is so important the right person is notified as soon as possible. If you don’t have this capacity within your organization, you should contract with an outside company that can meet your needs.

Purchase cyber insurance policy

Spending on cyber insurance has swelled, primarily in the U.S., from $1 billion two years ago to $2.5 billion in 2016. Experts expect dramatic growth in the next five years as the insurance concept spreads globally.  The last line of defense is the insurance policy. We believe a cyber-policy is a necessity for any business that has a computer connected to the Internet. From the potential cost of protecting clients whose data has been stolen, to the hours or days you could be shut down, the cost of a breach can be crippling to a SMB. We have been involved in numerous engagements assisting clients after a data loss and it is very costly.

So, the last question we hear is “could this happen to our business?”  The answer is yes and the chance continues to rise every day.  Of the 1,000 IT leaders polled for Invincea’s “2016 Cyberthreat Defense Report,” three-quarters reported that their networks had been breached in the last year, and 62 percent said they expect to suffer a successful cyberattack at some point this year.  Although we don’t provide IT services, we do consult with our clients very frequently about their technology issues, and often, their concerns with protecting their accounting data.
Concerned about the possibility of cyber attacks at your business?  Contact us and let’s talk!

Every small business should be aware of these 5 IT security risks

by: Louis Loparo, CPA, CITP

As the latest news stories have shown, no company is safe from security breaches and data risks.  Even small businesses are susceptible to hackers looking for easy ways to dig into company databases.  However, many small and midsize businesses make the mistake that they are too small to be a target.  

So, the question remains as to why we are writing about IT security risks? The answer is two-fold… first, small businesses have to focus even more on the protection of their data, and second is because CPA firms have access to the most valuable information in your organization. It is up to us to ensure it is protected.  Below is our list of the top 5 IT security concerns that every small business owner should know:

  1. Where is my data?

Business owners need to have a firm understanding of where all the company data is housed, how it is protected and how it is backed up.  The current trends of utilizing cloud providers and allowing staff to “Bring Your Own Device” can make these tasks a challenge. Our recommendations to minimize your risk of data loss or security breaches are to:

  • Do your due diligence when selecting cloud providers, if you are not technically equipped to handle it, hire someone who is.
  • Do not rely on written company policies to protect your data.  While written policies are important to have, you should also have safeguards in place to protect your data with less reliance on the end users compliance.  For instance, if it is a company policy to encrypt all  data that is emailed from your business, you should have a tool that will automatically encrypt the data instead of relying on the end user to do it.
  • Have a disaster recovery plan and test it.  A disaster plan includes everything from accidentally deleting data to the building burning down.  Have a written plan in place.  By documenting the plan, it will force you to really think about where your data is stored, how it is backed up and how long it will take you to restore it.
  • Have security measures in place to protect your data onsite including firewalls, spam filters and antivirus software.
  • Buy a Cyber Insurance Policy.  While you want to have security measures in place to prevent data loss, if it still occurs, it can be very costly.  A Cyber Policy is the last layer of protection to help business owners limit their costs in the event a significant data loss event occurs.
  1. Don’t Click on That!

To prevent malware and virus threats teach your employees to ask before they click.  If a user gets a pop-up that says they need to install a new antivirus that they have never heard of, chances are it is malware.  Last year we saw malware hidden on reputable websites disguised as advertisements.  In addition to user education you need to invest in a good antivirus software.

  1. Social Engineering

Social engineering is the manipulation of people in order to get confidential information from them.  This could be everything from the Nigerian prince scam, to a fraudster impersonating IT staff attempting to get a user’s password.  This past year some of the ugliest social engineering scams we have seen were:

  • Imposter emails that appeared to be sent from management to the accounting department to try to get them to forward sensitive information or wire money.
  • Phone calls from the “IRS” trying to collect taxes due.
  • New “customers” sending fraudulent bank checks overnight  to companies in exchange for inventory to be sent immediately before the check clears.    

Scammers have been around forever.  They are more prevalent today because the advancements made in technology have given them a platform to hit a large number of people in a short period of time.  There is only one solution to avoid these scams and that is to educate your staff.  You should have regular training and communication to the staff to avoid anyone being compromised by a fraudster.

  1. Unpatched Devices

HP’s 2016 Cyber Risk Report stated that, the top 10 vulnerabilities exploited overall continue to be those that are more than a year old and 48% are five or more years old.   

What does this mean?   

It means that if the computers that were exploited were patched regularly there would have been no occurrence.   

How do you fix it?    

You need to use an enterprise tool to ensure all the computers on your network are patched properly.  At Hobe & Lucas, we contract with an excellent managed services provider to insure this is done.

  1. Disposal of Old Devices

When it is time to buy new devices and dispose of the old, you should think twice about giving away or selling old devices.  A not so savvy tech person can retrieve data from a hard disk, even if it has been reformatted.  The best practice is to destroy the hard drives from the old devices, then dispose of or recycle the remaining carcass.

In many cases, we have seen “operator error” as the biggest risk a company faces.  It is important to continually educate your staff and put in place the proper precautions and policies to avoid unnecessary security breaches.  We have been involved in numerous engagements assisting clients after a data loss and it is usually very costly.  Minimize your exposure now so you don’t have to scramble when something does happen.  

We are one of the very few accounting firms to have a Certified Information Technology Professional.  Our team has the expertise to guide your IT roadmap and recommend strategies that will help your business operate faster and better.  Prepare for the technology of tomorrow by partnering today.  Contact us or give us a call at 216.524.8900.

Bridging the Gap between Accounting and Technology: Having an Interpreter Makes All the Difference

by: Louis Loparo, CPA, CITP

We all know that communication is difficult when you don’t understand the language. When it comes to technology and accounting, business owners face a similar problem.  There is a gap between the services provided by their IT company and the services provided by their CPA.

As running a business (and subsequently handling complex finances) becomes increasingly technology-driven, the need to bridge gaps in understanding between the highly skilled service providers you rely upon can pose a challenge. While the professionals you trust for IT support and accounting services could be the brightest in their respective fields, there will almost always be a knowledge gap that is tough to surmount. It’s a gap that can cause confusion, delays, mistakes and a host of other problems. It’s also a gap that we recognize needs to be filled.

It’s for this reason that we have a specific accounting technology department headed by a rare breed of professional—a CPA that also holds a highly exclusive Certified Information Technology Professional (CITP) designation. The CITP credential is a specialized designation that identifies CPAs with the unique ability to bridge the intellectual gap between a business’s finance and technology specifics.  It also signifies that a professional bearing the CITP distinction has met the strict requirements for CPA licensure and has undergone additional rigorous training in topic areas such as “Emerging Trends”, “IT Assurance and Risk”, “Business Solutions”, “Data Analytics” and “Security and Privacy”.

Hobe & Lucas has always been dedicated to understanding its clients’ businesses and specific accounting needs, and the existence of our accounting technology department aligns seamlessly with that vision. We have always sought to improve business outcomes by tapping into a wealth of knowledge, and that knowledge includes not only what financial practices will serve you best, but what technology will most effectively fulfill your needs.

So how can we help in this regard? With a deep knowledge of software, such as all QuickBooks and Sage products, various database systems, Microsoft Office, and a host of other industry-specific software packages , we can assist with challenges such as:

  •       Accounting system conversion, implementation, integration, clean-up, project management and training
  •       Integration of cloud-based accounting solutions
  •       Data mining, analysis and reporting
  •       Development of budgeting spreadsheets, programs and tools
  •       Creation of automated business forms
  •       Assistance with specialized reporting
  •       Provision of cost-effective, technology-driven solutions for everyday problems

For further illustration of how we’ve already assisted businesses in overcoming their accounting technology hurdles, consider some actual client examples.

As many have found, sometimes having an interpreter that speaks multiple discipline-specific languages is the key to getting the most out of your operations and partnerships. We’re willing to prove it, too.

Have technology hurdles or related inefficiencies in mind?  Call us at 216.524.8900 for a free consultation, and our accounting technology professionals will be happy to translate.