WannaCry ransomware
Protect your data!
The WannaCry (WannaCrypt0r 2.0) ransomware is still going on to attack vulnerable systems on the Internet.
P & L Associates has received many inquiries about the safety of CPAnywhere and CSA system and would like to share some security measures to help defend your systems against ransomware attacks.
Will CPAnywhere be attacked by WannaCry?
No. The data center to host the CPAnywhere is protected by the dedicated firewall . It can defend most ransomwares such as WannaCry . WannaCry targets older versions of Microsoft Windows systems. That means if you are using our data center service to host your CPAnywhere, then you don’t need to worry about the present threat. However, if you host your own CPAnywhere on an older Windows platform, then the data in the mapped folder might be at risk of being encrypted. We strongly recommend that you update your Windows to the latest version.
Will CSA be attacked?
Yes. CSA is a networked or stand-alone system operates under Windows environment. If you are still using Windows XP, 7 or 2000, then your chance of being attacked by WannaCry is imminent. That means if you host your data on a Windows network drive with the write permission enable or simply rest in the stand-alone PC, then the data in the mapped folder or the PC folder might be at risk of being encrypted. We urge you update your Windows to the latest version for protection.
How can I protect myself against other ransomware in the future?
CPAnywhere: At the end of the day, the system will copy the data to an offsite Networked Attached Servers (NAS) for safe keeping. Every week, we will backup that data to another offline NAS for safe keeping. If anything happens to the Internet, we can restore the data backup easily and run it on local server until the Internet comes back on. We also suggest that you can install a dedicated Networked Attached Server to receive the data backup from our data center every night for triple protection.
CSA: Always backing up your data regularly and frequently. Make sure that you have multiple copies of your data in an offsite location on a rotation basis. If anything happens, we can always restore your system in a working situation if you have a data backup.
What is an encryption-based ransomware?
Encryption-based ransomware, such as WannaCry, encrypts files stored on computers network drives. Once infected, you are left with the option to either pay the ransom to regain access to your files or give up all your precious data previously stored on the computer or storage device. Since this ramsonware originates from the National Security Agency of the USA, it specifically seeks the “back door” of the Windows system, with or without the knowledge of Microsoft, to initiate the attack, the damage is controllable. All they need to do is to close that “back door”. That’s why you need to update your Windows system constantly.
Steps to take when discovering ransomware infection
If you happen to encounter a ransomware attack, do not panic. Turn off your Internet connection, WiFi, or pull out your network cable. Make sure that you are off the Internet completely. The next step is use the anti-virus software to clean up the infection. Afterward, load a copy of your backup data to the system.
Call us at 2521-3110 if you need help!
Report on User Group Discussion on Mobile APP
As promised, we are presenting the practical ideas presented from user group discussion or from user suggestions:
“MAKE IT SIMPLE”, that is the voice we heard from our users.
when you log in to the mobile app, the system will search through the system and present the information you need to know.
Personalized information presentation on mobile app’s main screen:
1. Most important deadlines for job, correspondence and annual return.
2. Your upcoming meeting with client, together with relevant information on job progress status.
3. Pending post-it messages from the system, employees or clients.
4. Jobs that are over budget, past deadline or need urgent attention.
5. Today’s time sheet entries.
6. Your present vacation time available.
7. Absence request and approval status.
8. Pending invoices that need to be reviewed and approved
9. New job task assigned with budget and deadline to complete.
10. Settlement on invoices that are under your control.
11. Newly added clients with welcoming note.
12. Prospective client’s change of sales steps.
13. List of absence.
14. Attendance detail for today.
15. Change of director of your client.
16. Any change to your own personnel record.
Security setting based on levels and department
1. Three basic levels: staff, manager and partner
2. User defined restriction on each piece of information
We are working toward the above goals. There may be some difference in presentation between Android and iOS apps but the contents will remain the same. The user group attendees will get to test the beta version once it is available. So far, we are quite happy with the progress. Our experience with the mobile app tell us that using the mobile app to access the system is the future. If you are a windows phone user, please let us know. Our goal is to make it so user friendly that no user manual or instruction needed to use the system. Once we pass through the beta version testing, we will report to you the final version for installation. Thank you!
Sincerely,
Harry Tsui, Director
__________________________________________________________________________________
Discussion Group Agenda:
User Group Discussion on most-wanted features on mobile phone
Customer Relation Management
What kind of information we want to see?
Group or related companies’ information?
Contact information?
Past historical contacts?
Job Assignment Management
What do you want to see in job information?
Deadline management?
Participants involved and detailed activities?
Work-in-progress calculation?
How to calculate productivity of a job?
Timesheet Entry and Expenses
How detail should it be in mobile phone entry of time?
Weekly or daily submission of timesheet for approval?
Approval by item or the whole submitted report?
Financial information
How to calculate the profitability of each client?
What kind of information you need in invoicing?
How to better present the accounts receivable in mobile phone?
Shall we project the cash flow?
HRMS Issues
Submission of leave request and approval?
One touch on availability of leaves?
Should the person able to see the leave situation on the intended date before submission?
Is payroll information useful on mobile phone?
Should the person be able to view his or her own personnel record on mobile phone?
Communication
Who can initiate company-wide communication?
Does the company allow staff to staff communication?
Should all communication involving a client be recorded on client’s folder?
Should we allow communication with your clients using the mobile platform?
Should we allow communication among your friends on the same platform?
Executive Information Summaries
What the figures show on the top?
Any Other Suggestions
User Group on Mobile App
We have conducted a user group discussion on the most wanted features on mobile app.
The areas that we have touched on are customer relation, job assignment, time sheet and expenses, financial information, HRMS issues and communication.
We would like to take this opportunity to express our appreciation to the users who came to the discussion sessions.
Once the prototypes on Andriod and the iOS are out, we will invite the attendees to try them out first and report for any improvement.
Applying Client Advances
The function Settlement handles all the foreseeable payments through check, cash, foreign currency, write off or setting up Client Advance account automatically in case of over payment.
If a client has deposited the advance for further payment, at the time of producing proforma invoices, the advanced amount will be deducted directly from the invoice.
However, this practice may not be applicable to some firms.
In order to clarify the situation, we have created a new function called Advance Apply.
The meaning is to apply any advance on record to an existing invoice.
This is just like a settlement but handled separately.
The automatic journal entries generated will be grouped under the Settlement journal.
New Expense Claim
The old way to do things is to integrate the expense claim to time reporting function. This is perfect for expense claim form and if you need to keep track of every expense along the way.
However, this is not really practical to Hong Kong practice. Most Hong Kong CPA record their expenses before or after the actual event. This is good for billing purpose. Get paid first before delivery of service.
After listening to our user’s suggestions, we have set up a brand new function called Expense Claim with Approval. The staff can enter the projected expenses claim and submit it to his supervisor for approval. Once approved, the claim will be put under Miscellaneous Charges waiting for Invoicing. This change will streamline the operation especially if the firm bills its client for expenses ahead of time.
This new function also allows staff to set up the expenses using the best estimate. When more information comes, he or she can then change the amount as long as it is before approval. This is just a convenient way to do things, the natural way. The best way to design a system is to keep a natural flow of events to fit the users. We hope this one small change will bring more convenience to users.
What are we working on?
It has been quite some time since our last post. During this period, we are busy working on the following:
- Simplifying the program in response to user’s opinions.
- Data conversion for Baker Tilly CPA (system) and other CPA firms (manual).
- Adding more options to different ways of handling things in CPA firms.
These changes are small but very meaningful to practicing CPA firms. Increase ability to enter everything in one entry, keeping track of the mark up charges for each expense reimbursement, supervisor approval of expenses and mark up charges… All these are important to day-to-day operation of a CPA firm. Our goal is to make life easier for CPA by taking care of every little detail of these practices. After all, the value of a system is just the multiplier of user’s experiences and whether those experiences are put in practice.
We will publish a summarized report of our user’s experience in their conversion from existing system or manual system to CPAnywhere. The conversion touches on existing jobs, clients, time sheet charges, expenses claim, reimbursements, issued invoices, accounts receivable, chart of accounts, leaves and HR data. We hope we can share the issues concerning big international CPA firm like Baker Tilly to local accounting firm’s success stories to the public.
Discussion with partners of a large CPA firm
We had a lively discussion with an international CPA firm’s partners about the CPAnywhere system.
I like to sum up their concerns here.
- How frequently do we increase the rental fee?
- How much do we charge for future upgrades?
- How often do we backup the data?
- Is it secured to locate the server at a remote location?
- How fast to access the system from China?
- How easy to handle multiple business entities?
Basically, these are the real questions that concern partners, to cap the uncontrollable increase in price and the security of the data. At the end, we felt we have learned a lot from the partners’ insights and suggestions. (to be continued!)
Result from the seminar on correspondence
We always get something good from the seminar especially from general discussion. Although many people were absent from the seminar, we were fortunate enough to have an in-depth discussion with Jenny Kun, a young, pretty and knowledgeable practicing CPA of JK & Partners CPA about the actual use of the current correspondence system for small CPA firms.
Producing IRD Reply Letters
Miss Kun had told us her frank observation that really hits our head, that is the current correspondence system only manage the ins and outs of the letters but not producing the letters itself. It is the automatic production of the reply letters to the IRD on behalf of clients that is more important than just the management system. Why? Because the firm can let the less senior ones to produce the IRD letter based on the selection of various templates and the items in concern and the senior manager can just do the sign off function. This is a revenue producing function. Got it!
We will implement the similar system like the Minutes and Resolution in CSA in the Correspondence System. The user can set up and modify the content of the templates. In the meantime, we will ask our existing users to share the commonly used letter templates to start with. If you have your own letter templates and you wish us to incorporate that into the new Correspondence System please send us the copies.
Auditwork
Miss Kun has used Auditwork to produce the final audit financial statements many years ago. She asked us whether we will continue the Auditwork program by incorporating the most recent accounting format. If we have to do it, this system will be an Internet based system like our Hedgefund system. That will be a simple system that goes from Trial Balance, Audit Adjustment, Notes and then directly export to the final presentable audit reports. If any of you are interested in it please call me at 2521-3110 for general discussion.
Thank you for your interest. We would like to express our gratitude for Jenny Kun’s good observation and suggestions that will benefit other users.
“Correspondence with the IRD”
Seminar: “Correspondence with the IRD” on March 18, 2016 (Friday).
The purpose of the this seminar is to introduce to you the complex Correspondence system in CPAnywhere. Although the system is all type of correspondence, however, we will concentrate only to the letters coming in or going out to the IRD. Last year, we were fortunate enough to have the representatives from Cheng & Cheng CPA to talk about their intensive use of the system and their 10,000 letters coming in and out of the system. This time, we will concentrate on the actual set up of the various IRD Letters, deadline setting, payment amount and time charged.
We hope this is a timely event because the end of the tax year is coming due on March 31, 2016 and a little bit preparation will help a lot. This time, we do encourage existing CPAnywhere users to come to study the system if you have not yet initiate the operation. For other users, this seminar will help your way of organizing your own tax letters for your clients even you have no intention of shifting to CPAnywhere at the moment. We will tell you everything that you need to organize this complex system.
The coming seminar is to introduce the Correspondence System in CPAnywhere to CPA firm, law firm and professional service providers as a powerful practice management system.
Target audience:
- Partners and owners
- Senior Manager in charge of IRD Letters and correspondence system
- Present staff who need the training on the Correspondence System
We will discuss the following features in the seminar:
- General introduction to CPAnywhere
- How the Correspondence System works
- Setting up Correspondence Type
- What to do when you receive the letter
- Reports and deadline monitoring
Please bring along an iPad, Tablet or a smart phone to the seminar. CPAnywhere is an extensive ERP (Enterprise Resources Management) system and it may take years to fully implement the various aspects of the functions. If you are new to the system, you can try out the system at the seminar. If you are already using CPAnywhere, you can directly access your own data and ask specific question relating to your own practice.
Sincerely,
Harry Tsui CPA
Title : [CPAnywhere] Seminar – Correspondence with the IRD
Date : 18th March 2016 (Friday)
Time : 11:00 a.m. to 13:00 pm. (2 hours)
Venue : Room 408-409, Fortress Tower, 250 Kings Road, North Point, Hong Kong
(Next to Fortress Hill Station, B Exit)
Seats : 20
Reservation : Please call Mr. Aki Ho at 2521-3110 for reservation
For : Partners, owners and Senior Manager
Cost : Free
Speakers : Aki Ho, System Consultant (Tel: 2521-3110); Harry Tsui, CPA (in Cantonese or English, if needed)
Some new ideas!
We have just completed the seminar today. Out of the seminar we have found some good ideas aired by the participants:
Interest accrued for unpaid bill – this is interesting because most of us have ignored this because of the high collection rate in Hong Kong. However, this is not the same in the US or South America where the bad debts are common. The user can modify the Invoice Template to add the interest charge cause and then add the interest amount onto the Quick Charge so that the Client Statement will show the additional interest amount.
My report – adding this feature is a convenience to user. Every user can set his or her favorite reports to the My Report portal for easy access.
One thing that we feel the participants are very interested in is the development of the Android mobile application for CPAnywhere. It will further enhance the communication platform within the firm for employees and outside the firm with its clients.