Small Firm
Technology Tips
Increase your
competitive edge without breaking the bank.
by Ed McCarthy
| EXECUTIVE
SUMMARY |
 Telephone
systems are moving beyond the traditional
hard-wired and expensive PBX. By
combining computer and Internet
technology with voice calls, a small firm
can manage more incoming calls and sound
like a larger organization. There are
many choices and services in this area.
Web-based unified messaging and Voice
over Internet Protocol (VoIP) are two
technologies that can make a small firm
appear to be a much larger organization
and confer a competitive edge. Firms can choose from
many data backup options,
ranging from on-site systems to Web-based
solutions. Consider imaging software that
can capture an entire disk’s
contents, including the operating system,
applications, data and user settings. As
in all technology choices, research
carefully and get informed help if
it’s needed.
One of the biggest
issues for small firms is security.
Identity theft can be set in motion when
a user opens bogus e-mail, and malware
can be activated when a user clicks in
response to an instruction to see, open
or download something from the Internet.
PCs in administrator status offer hackers
easy access to an office network, but
many common programs, including
QuickBooks, require administrator status
to run. It’s a good idea to reduce
the number of office PCs running in
administrator status.
Wireless (Wi-Fi)
networks that increase mobility are
a productivity tool, but Wi-Fi also
brings security risks. Enable the
strongest available encryption features
and MAC address filtering for your
office’s Wi-Fi network. Obtain
expert help to protect your business
against exposure.
Thieves don’t
need tech skills to steal an off-site
laptop or PDA. It’s a good
idea to encrypt the sensitive files on
every machine that leaves the office and
to limit online office connectivity so an
employee who travels can’t lose any
sensitive data.
Ed
McCarthy is a freelance
business writer in Pascoag, R.I. His
e-mail address is edmccarthy1@yahoo.com.
|
 ike time, technology is continuously
moving on, offering more and more choices as it
evolves. So with so much to choose from, how does
a small firm decide which technology to adopt for
an upgrade? Data security, user-friendliness and
reliability are important considerations when
making a decision, as is return on investment.
Savvy small firm practitioners know you
don’t have to have big firm resources to
take advantage of the latest advances. Here three
of them share a few useful technologies and
implementation tips for small firms and sole
practitioners who want better IT capability.
Security
Problems
About 90%
of desktop PCs in the United States are
set up with administrator status, which
can put those systems at risk.
|
MESSAGE WITH AN EDGE
Telephone systems are
moving beyond the traditional hard-wired and
expensive PBX. By combining computer and Internet
technology with voice calls, a small firm now can
have a sophisticated telecom system at a
reasonable price. Two technologies in particular,
Web-based unified messaging and Voice over
Internet Protocol (VoIP), can make a small firm
seem like a larger organization and confer a
competitive edge. Carefully research all the
options of any new system before introducing it
into your office.
Unified
messaging systems. Web-based
unified messaging systems combine voice mail,
e-mail and fax messages in one system so users
can access all their messages from a single
in-box. These systems are virtual PBX networks;
in other words, they are software-driven and
don’t require installation of telecom
hardware in your office. Users typically can
choose a toll-free or local number; callers hear
a customized greeting and are instructed to dial
an extension or get the directory listings.
Several systems support unlimited simultaneous
incoming calls.
Each voice-mail
box can have its own forwarding number, and some
systems offer “find-me” calling that
rings multiple phones sequentially or
simultaneously in an effort to locate the
recipient. If the call recipient doesn’t
answer, he or she can retrieve the message by
phone or online as an audio file. Most unified
messaging programs accept incoming faxes and
e-mails and notify the recipient of a new message
by e-mail or text message besides.
Monthly costs vary
with selected features. Prices and capabilities
described here may change, as technology services
often do, so think of them as ballpark figures
and research carefully. The VirtualOne Premier
Local plan from GotVMail (www.gotvmail.com) has a base monthly fee of $39.95,
which includes an 800 number, a virtual number,
20 mailboxes and 1,000 local-call minutes. The
Virtual PBX (www.virtualpbx.com) small business plan starts at $12 per
extension per month with a base rate of 5.9 cents
per minute for incoming local calls.
VoIP. VoIP
networks such as Vonage have been gaining
popularity among consumers. With this technology,
calls travel over the Internet and your data
network, so there’s no need to add new phone
lines or phones. VoIP also provides a full range
of advanced features, including voice mail,
call-waiting, call-forwarding and conference
calling. Users access their phone system’s
settings via the Web and retrieve voice mails by
phone or online. Some, such as Skype,
are—for the moment—free (www.skype.com).
The Vonage Small
Business Unlimited Plan costs $49.99 per month,
including unlimited calls within the United
States and Canada. Calls to other Vonage network
numbers—including international
numbers—are free. Consumer-oriented VoIP
systems are adequate for sole practitioners and
home offices, but larger firms should consider
business-class VoIP from vendors such as Avaya (www.avaya.com) and ShoreTel (www.shoretel.com) that run on local-area and wide-area
networks. Drawbacks? If the Web goes down or
electricity goes out, you have no phone.
CPA Simone
Velasquez-Hoover, a sole practitioner in Royal
Palm Beach, Fla., uses the Genie unified
messaging system from EasyTel (www.genie.us). The system asks callers to identify
themselves and relays the name to
Velasquez-Hoover at the forwarding numbers she
provides. If she’s unavailable, the system
takes a voice message or allows the caller to
page her. Velasquez-Hoover says sound quality
varies occasionally, but overall the
system’s benefits outweigh that drawback.
“During the last hurricane evacuation, the
phone system continued to work,” she says.
“Even though I was away from the office, I
could communicate with my clients, have
conference calls and receive faxes.”
DOUBLE YOUR DATA
The hurricanes of 2005 were a reminder of how
important it is to back up computer systems,
whether by a Web-based solution or an on-site
system. Don’t overlook portability—an
on-site backup medium under five feet of water in
your office won’t do you much good.
External
drives.
Velasquez-Hoover, who was forced to evacuate her
office twice in the past two years, relies on an
Iomega 400 GB external drive (www.iomega.com; approximate cost: $380) that backs up
her PC’s entire hard drive. If she has to
evacuate, she can quickly disconnect the drive,
which weighs less than three pounds, and take it
with her.
Another portable
storage option worth considering is the Mirra
Personal Server (www.mirra.com), which combines backup with Web-based
file access. It’s approximately 11 inches
tall, 10 inches deep and 5 inches
wide—bulky, but still small enough to move
easily. It attaches to your LAN and continuously
backs up files on any PC connected to the LAN,
but does not back up application software or
operating system files. It costs about $399.99
for 160 GB of storage capacity; $499.99 for 250
GB, and $799.99 for 400 GB.
Mirra also lets
authorized users access files over the Internet.
If you are at a client’s office and need a
file located on your office PC, you can log on to
Mirra’s Web site and server over the secure
connection. Once connected to your computer, you
can retrieve and upload any files. Mirra uses the
Linux operating system, so the device is not
susceptible to Windows-based viruses.
Imaging
software. If you want to back up an
entire hard drive, not just data files, consider
imaging software. These programs capture your
computer’s entire contents, including the
operating system, applications, data and user
settings. The software lets you choose a backup
location, including a partition on the disk,
network drives, RAIDs, removable drives, CDs and
DVDs. Prices vary with features: The Acronis True
Image 8.0 Corporate Workstation (www.acronis.com) version costs about $70; the Server
for Windows version costs $699.
Let your backup
needs determine the media: DVDs hold several
times as much data as CDs, but may need
monitoring if disks must be swapped. External
hard drives, tapes and Web-based backups can run
unattended, but the Web option can be expensive
for large backups. If you back up only data
files, store software installation CDs in a
secure off-site location.
ENHANCE OFFICE NETWORK SECURITY
One of the biggest mistakes firms and companies
make is to spend too much time trying to manage
external security threats while overlooking the
internal risks, says Susan Bradley, CPA/CITP. She
is the system administrator and one of seven
partners at Tamiyasu, Smith, Horn and Brown
Accountancy Corp. of Fresno, Calif., a 15-person
firm specializing in litigation support and
business valuation. The two most common types of
computer crime are identity theft—often set
in motion when a user opens bogus e-mail—and
malware (malicious software designed to damage or
disrupt a system) or spyware, which is activated
when a user clicks on something from the
Internet, she says. PCs set up with administrator
authority give users free rein to visit and
download from any Web site or CD-ROM. Setting up
PCs in this way contributes to the proliferation
of spyware and malware such as viruses, Trojan
horses and worms, Bradley says.
Just as
flesh-and-blood criminals do, malware chooses
easy victims—which administrator status
provides. Nonadministrator status, which allows
users to Web surf but not to download from the
Web, is designed to make it harder for spyware to
latch onto a system browser. “Moving users
away from administrator status on their PCs is a
practice the profession should encourage,”
says Bradley.
Bradley suggests
that firms use commercially available spyware and
malware filters and switch the PCs of employees
whose work doesn’t require frequent software
updates to regular-user (nonadministrator) status
(see “Resources”). Bradley switched about half the
PCs in her firm to nonadministrator mode, though
that did cause other problems, she acknowledges.
The problem with many programs, including the
ubiquitous QuickBooks, is that they require
administrator status to run, she says.
“Software companies don’t really
consider what that asks of you.”
Bradley suggests
running a search for “administrator
status” in the Windows XP Help and Support
Center in order to read “Why you should not
run your computer as an administrator” to
learn more about the security risks. There’s
also useful information at http://blogs.technet.com/jesper_johansson/archive/2005/11/30/415328.aspx and http://www.thechannelinsider.com/print_article2/0,1217,a=166172,00.asp.
PROS AND CONS OF WI-FI
Wireless networks continue to gain acceptance as
a productivity tool, both inside the office and
on the road. Wi-Fi can be a lifeline: Turn on a
laptop or personal digital assistant (PDA)
equipped with Wi-Fi, find an accessible signal
and you’re ready to go online. McQuaig and
Welk, PLLC, in Wenatchee, Wash., is a
two-partner, nine-person firm that specializes in
management consulting. CEO John McQuaig, CPA,
says the niche requires lots of travel, public
speaking and training—all situations for
which reliable technology is crucial. Virtually
all his staff use wireless-equipped laptops, and
staff members who travel employ Wi-Fi extensively
on the road. There are dangers, however.
Wi-Fi
exposure. A downside of Wi-Fi
flexibility is that wireless networks create
security risks because a signal doesn’t stop
at the perimeter of your office. Depending on the
signal’s strength, occupants of offices near
yours—or even cars in a nearby parking
lot—may be able to pick it up. The odds of a
hacker using that signal to break into your
network are small, but the threat to data
security is genuine.
Public
hot spots create more vulnerability. With
certain equipment, hackers can intercept
unencrypted data flows—a practice known as
“sniffing”—and record the
transmission. Thieves can capture a user name and
password from a nonsecure connection. “Evil
twin” hot spots are another way to intercept
transmissions: To block the genuine signal, the
hacker sets up a Wi-Fi base station in proximity
to a public hot spot and generates a stronger
signal than the legitimate access point. Users
inadvertently sign into the rogue network, which
then can capture unencrypted data.
Network
safety. To protect data so only
authorized machines can access the signal,
McQuaig’s office network uses WPA encryption
and MAC filtering. The firm outsources the
management of its system to Clear Focus, a
technology company also in Wenatchee.
“We had an
in-house systems manager, but the internal
demands to keep current were too great for a firm
our size to support,” McQuaig says. Because
the firm had developed a comfortable relationship
with Clear Focus from working together on a
number of installations, McQuaig hired the
consultants to take care of the firm’s
system support at a cost of about $150 per laptop
workstation per month.
Other
problems and solutions. To get a
Wi-Fi signal you must be close to an access
point—within 300 feet for most public hot
spots. If you need secure wireless Internet
access from locations that lack convenient hot
spots, cellular networks data systems may offer a
solution. Sprint and Verizon Wireless provide
high-speed EV-DO wireless access in a growing
number of U.S. cities and airports. EV-DO, where
available, offers average data transmission rates
of 400 to 700 Kbps. Cingular’s EDGE network,
also widely available, has an average speed of
only 70 to 135 Kbps. All the networks offer
lower-speed connections in areas where high-speed
connection is not available.
The data plans
cost from $60 to $80 per month for unlimited data
plus a voice plan. You also will need a wireless
modem card for your laptop, which costs $100 to
$250, depending on discounts and the length of
the contract. Insist on having the strongest
available encryption features and MAC address
filtering for your office’s Wi-Fi network.
|
 Let your
backup needs determine the media.
DVDs hold more than CDs, but
require more attention. If you
back up only your data files,
make sure you store software
installation CDs in a secure
off-site location. Don’t
overlook the risk of theft to
mobile devices. Install passwords
and encrypt sensitive data; have
backup arrangements for laptops
and PDAs.
Business
users may find VoIP call quality
inadequate. Try any system before
committing to it.
If you
choose to go wireless, install
network monitoring software and
require all staff members to use
a secure access service.
|
|
THEFT, A CHRONIC WORRY
The biggest risk to your data is not from Wi-Fi.
Thieves don’t need tech skills to steal an
off-site laptop or PDA. Use passwords and encrypt
the sensitive files on every machine that leaves
the office to prevent snooping—or you can
achieve security by prohibiting data storage on
off-site computers altogether. When a Tamiyasu,
Smith, Horn and Brown staff member traveled to a
high-risk area in Southeast Asia, “we
limited his online office connectivity to
Microsoft’s Remote Web Workplace, part of
the Windows Small Business Server 2003
program,” Bradley says. The laptop was able
to receive only screenshots. All underlying data
stayed on the server at the office. “If
someone had stolen the laptop, I’d have been
aggravated about replacing it, but we
wouldn’t have lost any sensitive data,”
she notes.
If you choose to
go wireless, install network monitoring software
such as AirDefense (www.airdefense.net) to track and deter intruders. Require
staff to use a secure access services such as
Jiwire SpotLock (www.jiwire.com), HotSpotVPN (www.hotspotvpn.com) or GoToMyPC (www.gotomypc.com) when going online through an
unencrypted hotspot. Don’t overlook the risk
of theft to mobile devices. At a minimum, install
passwords and encrypt sensitive data.
GROW YOUR OWN WAY
Technology changes constantly and the number of
tech tools is too big to cover comprehensively in
one article. New sources of products and new
suppliers appear every day. But don’t make
that a reason to put off upgrading your system.
Decide what technologies will best serve your
needs and take a step forward. The solutions here
have attempted to address the enterprise needs of
a small firm that seeks to minimize risk to data,
improve staff mobility to better serve clients,
and improve owner mobility to better oversee the
business and to manage costs. 
| |
| AICPA
RESOURCES Conference
TECH 2006: The AICPA Information
Technology Conference
June 12–14, 2006
Hilton Austin
Austin, TX
CPE
Information
Security: Critical Guidance for
CPAs in Public Practice and
Industry (# 732450JA). To
register or to order, go to www.cpa2biz.com or call
the Institute at 888-777-7077.
OTHER
RESOURCES
Brand links
These will take you to
information about specific
products.
|
|
|
| HOME | ARCHIVE | CONTACT | ADVERTISE | SUBSCRIBE | AICPA 