Posts Tagged ‘processes’

Cloud-Based Data Storage Solutions Aren’t Risk-Free

Thursday, September 1st, 2016
Cloud-Based Storage Solution | Rea & Associates - Ohio CPA Firm

If you do decide to store your company’s data on the cloud, be sure to thoroughly investigate the cloud environment you intend on using. Then pay close attention to whether their security controls and processes, including rollover sites or backup and testing procedures, adhere to industry standards. It’s also best practice to request a SOC (Service Organization Controls) SOC Report from your cloud provider. Read on to learn more.

I am regularly asked by clients, friends and family whether they should be concerned with storing their data in a cloud-based environment. My answer: Absolutely.

Even though cloud-based data storage solutions are managed by storage and security professionals (at least hopefully), there’s really no way to determine whether their authentication policies and data security procedures are always in line with industry standards. Because I’m acutely aware of these standards and best practices, I would have a hard time entrusting a cloud-based data storage enterprise with copious amounts of my company’s sensitive information.

Download The Free Whitepaper: Cybercrime: The Invisible Threat That Haunts Your Business

At the end of the day, your company’s data and the data you collect is your responsibility. Therefore, your IT team is ultimately responsible for verifying whether it’s properly secured and whether a proper authentication protocol is in place to ensure that those accessing data are approved to do so. When you work with a cloud-based data storage solutions business, your control over data security procedures is significantly limited.

And just because we haven’t heard much about these types of breaches in the past, doesn’t mean they don’t happen. Consider, for example, the latest “mega-breach,” that has affected millions of Dropbox users.

The Dropbox Breach

According to reports, more than 68 million Dropbox user accounts and associated information, including user names and passwords, were discovered online. The company said Dropbox user information stolen by hackers and distributed via the Internet was the result of a previously disclosed data breach from 2012. Unfortunately, the company and the company’s users are still being hurt by this attack. In response, Dropbox said in a statement that it was forcing password resets.

“We’ve confirmed that the proactive password reset we completed last week covered all potentially impacted users,” said Patrick Heim, head of trust and security for Dropbox. “We initiated this reset as a precautionary measure, so that the old passwords from prior to mid-2012 can’t be used to improperly access Dropbox accounts. We still encourage users to reset passwords on other services if they suspect they may have reused their Dropbox password.”

Protect Your Data To Protect Your Company

Most professionals in the data security field – including myself – believe that any and every site can be hacked. Therefore, in an effort to protect our companies and the businesses and individuals we serve, our goal is to provide comprehensive cybersecurity education to all employees while striving to be aware of all data security issues that may have occurred. Hopefully we will know about any data breach long before cybercriminals have a chance to post information on the Internet or before our businesses are notified of an issue by the FBI or Secret Service.


Want to know why data security professionals say that your company’s employees are your weakest link? This video highlights a common security breach method used by hackers to gain access to your company.


You can take a proactive stance against cybercriminals with the following data security protocols.

  • Don’t just install a firewall, constantly monitor your firewall. Your IT team can constantly monitor your company’s firewall through the use of Security Information and Event Management (SIEM) or Intrusion Detection Systems (IDS) programs. You can also work with an external service provider to provide this essential service.
  • Passwords are powerful, protect them. Require your employees to use complex passwords to log onto your company’s network and change those passwords regularly. Secondary authentication is also important to use wherever possible.
  • Don’t wait for disaster to strike – actively defend your company. Routinely test the access controls of your employees. Not all employees require access to all company data. Instead, only grant access to the data your employees need to do their jobs.
  • Educate, educate, educate. It seems like there are new phishing attempts, ransomware attacks and malware issues every day. But just because you hear that they are happening doesn’t mean your employees are aware. Make sure you keep your employees up to speed. Doing so may just stop them from clicking on a potentially dangerous email.

If, for whatever reason, you do decide to store your company’s data on the cloud, be sure to thoroughly investigate the cloud environment you intend on using. Then, pay close attention to whether their security controls and processes, including rollover sites or backup and testing procedures, adhere to industry standards. It’s also best practice to request a SOC (Service Organization Controls) SOC Report from your cloud provider.

At the end of the day, all you can do is take ownership of your data and be proactive when it comes to verifying the safety and security of your organization’s data. Email Rea & Associates to learn more.

By Joe Welker, CISA (New Philadelphia)

For more tips and insight to help keep your company safe from cybercriminals, listen to episode 41: “the hacked & the hacked nots” on unsuitable on Rea Radio.

Share Button

Business Improvement Begins Internally

Wednesday, May 18th, 2016
Lean Six Sigma - Ohio CPA Firm

Chris Liebtag recently appeared on an episode of unsuitable on Rea Radio, a weekly podcast produced by Rea & Associates. Chris, and host Mark Van Benschoten, discuss Lean Six Sigma and why all businesses can benefit by implementing the discipline. Click here to listen to the show!

When you think about the utility of Lean Six Sigma, you are likely thinking about its usage in the manufacturing industry. But did you know that business owners across a wide range of industries can find value in Lean Six Sigma as well? The usefulness of this practice spans far beyond a manager’s ability to improve efficiency on the production room floor. In fact, this discipline has yielded significant results in a variety of businesses spanning all types industries with varying product and service offerings.

Start listening and Discover The Hidden Factory of Lean Business Building on unsuitable on Rea Radio

Why You Should Run A Lean Office

Like most businesses (if not all businesses), one of the basic tenants of Lean Six Sigma is to understand and drive client value. Using this fact as a starting point, the Lean Six Sigma discipline is then used to identify areas of improvement in your organization while implementing effective, more efficient, solutions.

Even though a manufacturing company and a doctor’s office appear to be fundamentally different, both organizations can find significant value through the implementation of Lean Six Sigma because they share the same basic tenant – to understand and drive client value. From a healthcare perspective we know that patients value shorter wait times and improved professional interaction. Using Lean Six Sigma, we would review the office’s processes and determine how to make them more effective in the interest of driving client value. One solution might be to improve the general organization of the office. Doing so could feasibly result in greater efficiency among the staff, shorter wait times and longer, more meaningful interactions with patients.

This same scenario can play out in all offices where client value is considered a priority.

Better Quality Begins At The Beginning

When you have two people doing the same job without any formal processes, they’re bound to produce different results. Unfortunately, lack of consistency negatively impacts the company’s overall ability to produce quality products and/or services.

Companies and organizations that implement Lean Six Sigma, go through the exercise of deconstructing organizational processes to determine best practices, implement changes and establish quality control measures throughout every step of the process – not just at the end. Making quality a priority early in the process will consistently produce higher quality products and services.

Just Getting Started

Obviously we are just scratching the service of what Lean Six Sigma can do. I recently had the opportunity to talk about the effectiveness of Lean Six Sigma on an episode of unsuitable on Rea Radio with Mark Van Benschoten where I was able to talk a little more about the practice. You can go to www.reacpa.com/podcast or click the play button on the media player below to listen to our conversation. You can also email Rea & Associates if you have questions this topic.

By Chris Liebtag, LSSBB, PMP (Dublin office)

Check out these articles for even more tips to help you move the needle:

Your Business Could Be Doing Better

Turning The Tables On Ourselves: How We Used Lean Six Sigma

Gaining Efficiencies In Service With Lean Six Sigma

Share Button