media

Scaling Back for Security

By Tyler J. Wise|February 16th, 2020|Blog|

It can seem a peculiar thing to wind back a growing, and successful business, before you are even 40, but this is what I have done. Since doing this I have probably been asked “why” more than I ever have in my life, and I have three inquisitive kids! So, why did I?

Well, growing a business is hard work, especially when you start it from scratch, and are a perfectionist (in the neurotic bad sense). The hard work was never an issue, but for me, simply having a business was not enough, it had to be the best. I think we all start out with this ideal, and I honestly believe every business out there is the BEST at something, whether they know it or not. I needed the validation, I craved it, and once I got it (accounting firm of the year in 2018), my wife was quick to ask me, “now what will you do?” She knew that this was a driving force for all the sacrifices we had made, and once I had gotten what I “needed” the fire would need stoking. And, she knew me all to well.

In less than a year, we had placed a significant component of the business on the market (over 67% of our client base) and re-housed as much of our staff as we could. The business now looks remarkably different than it did 12 months ago. We are a team of two, and neither of us are full time. We also have no physical presence anymore, after having main street offices in the heart of the city. Both of us work from our homes and operate the business purely in the digital space.

The reason for this was two fold. One, I have a young family, and I have lost enough time from them, so being home means I can be around them more often. Three meals a day with the family certainly outweighs the zero I was previously enjoying with them. I am in a position to help them with their school work at last, and even more so as we homeschool them. I simply can be Tyler, husband and father, who is an accountant; rather than Tyler, accountant, who has a wife and children he sees occasionally. For most, this is reason enough, and if you are in a position to spend more time with your family you should take it! I even get to enjoy more coffees with my parents, who are not getting any younger!

The second reason is that we are a digitally passionate firm, I love tech and everything it facilitates. I started the firm as paperless and entirely cloud based, which is not a big deal now, but in 2011 it was pretty progressive. I am always testing software and hardware, developing my own, and looking to push the envelope as to what is expected by accountants. This has lead to me breaking more stuff than building it. But breaking then dovetails nicely to fixing it, and that has been a nice supplementary skillset. I enjoy fine tuning my penetration testing skills, and seeing if I can get in to my own infrastructure and testing as much of it as I can. Thinking like the bad guys, and trying to ‘steal’ as much of my own data as I can.

With increased information security skills, I have been engaged (only occasionally) to test other accounting firms IT infrastructure. I have only done this a handful of times, and what I have been asked to prove is not much, just how vulnerable their systems are. The funnest bit was physically proving this by some social engineering  skills (using a USB Rubber Ducky and the guise of “the back up of my MYOB should be on this”), and as a result obtaining all network passwords. That was enough for me to penetrate their systems, and enough for the firm to realise they needed security hygiene courses. Regrettably, at this point it was out of my paygrade and it was time to refer to the professionals. 

What this did identify for me was a gap in the market place. Who was servicing accountants and educating them, and testing their data security? No one it seemed, because all place an unfair expectation on our IT consultants and software providers. We expect their systems to shrink-wrap ours and be bulletproof. Regrettably this is not the case, and the more you integrate, the more vulnerable you become. Accountants without data are not much, and accountant with insecure systems are a ticking time bomb. This rush of “hacking” was the part a of the second reason why I wound down my business. To provide me more time to refine my ethical hacking skills, and then to service the accounting (and legal & finance) sector with these skills to ensure data remains secure. Most importantly I want to educate accountants (and associates) of the importance and benefits of cyber security.

While I am an accountant today, who dabbles in penetration testing, my aim is to reverse this. I enjoy accounting as much as I do cyber security so one will always feed the other as far as I am concerned but I could not possibly increase my skills and morph my business whilst knee-deep in the grind of my previous business existence and structure. It is that old adage. I was too busy working in the business as opposed to on it.

This pivot could turn out to be the biggest mistake of my life, or it could be the biggest adventure. I am betting on the latter, and I hope you will be too! I would be lying if I said I was not terrified about all of the risks, but I do believe life is for living, and if nothing else, I will have had a crack. I started my business from zero before, so doing it again is not unfamiliar.

If you know of any accountants that could benefit from me sharing my knowledge, or testing their systems and networks, then please have them reach out to me! Regardless, I will be sharing what I learn and find along the way, and how it can be applied to the accounting sector.

 

<< Back to Media