Has Artificial Intelligence improved your finance department yet?
- Jamie Black
- 15 February, 2018
- Finance Evolved
- minute(s)Finance has always utilized technology. From the humble abacus (2700 - 2300 BCE) to adding machines (1642 CE), to today's PCs. The last 40 years have seen even ‘Moore’ (excuse the pun, couldn’t resist) spectacular technological advancement, as discussed in our Tech for Execs: Ignorance is not bliss article. The questions we tackle here are what will the future bring, how disruptive will this change be for the finance department and what can we do today? Future Technology - Artificial Intelligence (AI) In short, AI refers to a device that perceives its environment and takes actions that maximize its chance of successfully achieving its goals. This definition is intentionally broad as AI could refer to a software application designed to perform bank reconciliations or Terminator robots. When we think about AI in terms of software, one guide is that the application can do things that it was not specifically programmed to do. It learns based on the outcome of previous events. There are two categories of artificial intelligence: 1) Narrow AI Narrow AI is focused on one very specific topic. Still, in its early stages, we can already see developments in narrow AI. AlphaGo Zero is a computer program that taught itself the board game Go by playing against itself. Within days it was better than the best Go-playing applications which themselves beat the best human Go players. Then in 4 hours it taught itself Chess and could beat the best Chess programs in the world (the ones that beat the best humans). Finally, it taught itself Shogi (a Japanese version of Chess played on a bigger board) in 2 hours and was better than the world's best Shogi program. Some other interesting examples: Google's self-taught Go playing AI crushes the best human player, AI in Tesla will predict your destination, MIT's autonomous cheetahs figure out how to navigate obstacles entirely on their own, Boston Dynamics SpotMini locating, recognizing and opening a door, Amazon's use of AI to improve their business processes 2) General AI General AI (sometimes called Artificial General Intelligence or AGI) is a hypothetical machine that exhibits behavior at least as skillful and flexible as humans across a broad set of topics. This is the Hollywood sci-fi that many people immediately think of. Should AGI become a reality, it promises to change every aspect of our world fundamentally. Many experts in the field are in fact worried that it will lead to disaster. To learn more, I recommend an excellent Ted Talk by Sam Harris (below) or Nick Bostram's excellent book on the topic. AI & the finance department What will AI (narrow or general) mean for the finance department? In the near term, repetitive and time-consuming tasks are being automated at an accelerating pace driving massive improvements in efficiency. These advancements tend to be less risky and relatively low cost and thus are immediately appealing. The benefits are enormous, freeing your team from the mundane, repetitive work allowing them to tackle the difficult, often more rewarding tasks that they may not have time to tackle today. As the technology improves, analyzing data and making decisions based on this analysis are also likely to be automated. We expect that the move to rely on AI for these most complex and difficult tasks - the ones that require years or decades of experience in humans - will be initially slow and cautious. Nearly all studies suggest that the entire finance function (like many others) will be entirely automated by AI exclusively or a human-AI hybrid. The process has begun. Recent research indicates 46% of CFOs in large companies already use narrow AI in some role in their organization and another 30% are investigating its use. Today's Technology - Robotic Process Automation (RPA) For decades finance departments leveraged spreadsheets and more recently databases. These technologies allow for simplistic automation such as calculations or manipulating manually defined groups of data. While basic, this automation has allowed finance departments to complete larger & more complicated tasks with fewer hours of investment. RPA takes automation to the next level and can be considered a pre-cursor to AI. The three characteristics generally associated with RPA: It does not require programming skills on the part of end users, It does not require complex, disruptive integration with existing systems, It is designed to be managed and even implemented by a business user, Some simplistic examples: data analytics & monitoring systems that check thousands of variables in the way it’s been taught, against the benchmarks that have been provided. When exceptions are identified appropriate individuals are notified automatically and escalations occur at pre-determined intervals. automation of reconciliations between any data sources with automated adjustments when common deviations (think bank charges in the context of a bank rec) occur. automated modification of language in your MD&A based on the significance of an identified variance. So if the variance between actual and budget is greater than a predetermined threshold, entire sections of the report turn on and standard analysis is performed, automated analysis of documents to find violations of integrity, automated balancing of amounts across large complex documents. Take advantage now It's clear that technology has, does & will continue to influence the role of finance. While the exact timeline may be difficult to predict, the importance of continuously evaluating and embracing technology is indisputable. It is likely that many of the tools you use today include RPA functionality that is not being utilized. Further, you can expect to see a lot of narrow AI tools specifically targeted at finance in the very near future. Spending a bit of time to leverage these tools can provide your finance department with significant benefits at a very low cost.
AI is coming and it will dramatically improve your finance department's efficiency. It is already starting and many of us don't know it yet.READ MORE
Windows Security Basics for the Finance Professional
- Waldo Nell
- 17 January, 2018
- Tech for Execs
- minute(s)Finance professionals interact with Windows security every day when they provide a username and password to login to their computer/network. Another common interaction occurs when they want to install a new application and are stopped and forced to call IT. Finance professionals can struggle when security prevents them from accomplishing necessary tasks. As we have argued elsewhere, it is useful to have a bit of insight into how Information Technology works so you can either: solve the problem yourself or better communicate with IT. Just as we did with passwords, we also hope to provide finance professionals in small organizations with a better perspective on how their IT department (often outsourced to consultants) ought to leverage File Access Permissions to help mitigate risk. There are many different kinds of security involved on a typical computer helping protect you or your organization from problems (malware infecting your network, unauthorized access to company files, etc.). One such security mechanism is called File Access Permissions. Please note that this topic is actually complex and varies by specific operating system. Thus to keep it brief we will simplify some topics (while being largely accurate) and assume a recent Windows operating system. Access Control Lists and Permissions Each file, folder, and network share have an associated Access Control List (ACL). An ACL is a list of users/groups that have specified access rights to the file/folder/share dictating what they can do with it (called Permissions). Common permissions include Read and Write. ACL entries might look like this: File: Inventory2017.xlsx User Bob: read permission User Mary: read/write permission Assuming no other rights are granted elsewhere, user Bob has permissions to read the file, but only user Mary is allowed to both read the file and make changes to it. If user Bob tries to save the file, he will get an error. In a well-designed network, ACLs are usually defined a bit differently as the above example is quite brittle and hard to maintain. If you had to assign access rights file by file imagine how much work this would be and how easy it would be to make a mistake. Active Directory, Security Groups, Files and Folders In a typical Windows-based network, information on all employees, consultants, and computers are stored in a central directory called Active Directory (AD). As you can see from the image below, it is nothing mysterious. It is a hierarchical tree (like an organizational chart) grouping users and storing details such as your login name, password, email address, etc. The grouping feature is valuable. The idea is simple - a security group is a collection of people that share similar access rights. For instance, HR staff may need access to specific files while Accounting may need access to different files. By creating an HR group and an Accounting group, and adding all HR staff to the HR group and Accounting staff to their group, the IT administrator can now apply security policies based on groups, and not individual users. When an HR employee leaves the company, and a new one is hired, the employee only need be added to the right group and all access permissions will automatically apply to this user. Thus, a well-designed ACL list will leverage these groups and might look like this: Folder: E:\data\human resources Group HR Staff: read permissions Group HR Managers: read/write permissions Two benefits of the above approach: The ACL is applied to the whole folder, ensuring that all files and folders stored in that folder have the same permissions. New files will automatically share the same permissions as the folder. Permissions are assigned to groups. Thus anyone belonging to the HR Staff group to have read-only access to the files and folders, and HR Management to have full access. This reduces the workload on IT and ensures consistency. Network Shares and Conflicting Rights In addition to file and folder level ACL entries, a network share can have a separate set of permissions. In the example above, assume the location is shared on the network under the name "human resources", then the share itself can have an ACL associated with it similar to the following: Share: \\server\data\human resources Group Everyone: read If the ACL on the share were configured as above, nobody would be able to write to that folder. Both the share and the file/folder based ACL need to allow access. They are defined in two different locations and are not related to each other in any way. The best way to think of this is the most restrictive permission set wins. One other permission that you should know of besides Read, and Write is Execute. A program file requires you to have the Execute permission before you may launch it. Attributes Lastly, files and folders may have certain attributes. The Read Only attribute is significant to end users as this flag may override any write permissions set on the file. If a file is marked as Read Only, the user will be unable to modify it even if they have the write permission in the ACL and the shared folder permissions that we discussed above. This flag can usually be removed by the end user as long as the user has write access to the file. Once the flag has been removed, the file can be written to assuming the user has write access based on the ACL set. Security Warnings on Downloaded Files One last issue you may run in to from time to time has to do with files downloaded from the internet. If you are using Windows 7 or later, your computer keeps track of the source of the file and will protect you from files that originated outside of your organization. Windows uses a feature called "Alternative Data Streams" (ADS) to remember which files originated from external network sources. When Windows detects you trying to open one of these files, it will warn you. If your IT department allows you, Windows will ask for your explicit permission to open it. However, your IT department can set up your permissions so that you do not have any choice and are simply blocked from opening these file In conclusion, then - accessing files and folders in Windows is broken down into several layers of protection: 1. File/Folder based ACL assigned to Groups/Users 2. Network Share-based ACL assigned to Groups/Users 3. File-based Attributes such as Read Only 4. Downloaded file based ADS blocking access All four layers need to grant you access before you can work with a file. Also, access might be partial such as read-only or read/write only but not delete. What you should try if you have access issues: To check whether you have access to a file or folder, open File Explorer and navigate to the file/folder in question, right click and select Properties. 1. For file-based ACL rights, go to the Security tab. Click on your name or the AD group you belong to (you may need to ask IT if you do not know this) and check your permissions. 2. For network share-based ACL, locate the mapped network drive, right-click the drive and select Properties. The Security tab will show the ACL for the network share. 3. For file-based Attributes, review the General tab and check if Read-only is ticked. 4. To see if a downloaded file is being blocked (assuming you have write access to the file) right click it, select Properties and then unblock it at the bottom of the Properties window.
Have you been denied access by Windows to a file you need? Here are the Windows Security basics to aid finance in fixing the issue or communicating with IT.READ MORE
Palmetto proves automating the CAFR benefits small organizations too
- Jamie Black
- 20 November, 2017
- Success Stories
- minute(s)Palmetto is a waterfront community located on the Gulf Coast of Florida, midway between Tampa to the north and Sarasota to the south. With a population of just over 14,000 residents, the City has seen dramatic growth in recent years while maintaining the “Old Florida” charm that residents and visitors have come to love. The Challenge The primary challenges for the City's Finance Department were three-fold, they needed to: Reduce Time Reduce the Risk of Errors Formalize Processes Everyone wants to reduce the time it takes to produce the CAFR & mitigate the risk of errors. Of particular concern for Palmetto was the impending retirement of the City's Finance Director. The finance department, made up of just four members, was very concerned about how this loss & associated "brain drain" would affect the department going forward. The Wrong Turns Not one to wait for a small problem to become large, the Finance Director anticipated the problems that would arise from her departure and took steps to mitigate them immediately. After extensive research, the finance department eliminated all spreadsheet-based applications and decided to proceed with a CAFR focused solution. Unfortunately, two-thirds of the way through implementing the solution, the City was abandoned by the provider. Sometimes even the best-laid plans go awry due to circumstances beyond your control. The Solution Convinced a better solution was still 'out there', the evaluation of vendors resumed. This time CaseWare International was the victor, a combination of the Working Papers & GASB Financial solution were just what the department needed. Perceived Road Blocks When asked why CaseWare was eliminated for consideration initially, the answer was simply “it was way too big for what we needed.” The perception was that the program was too large & complex, it would take too long to implement. In steps CaseWare authorized implementers F.H.Black & Company Incorporated. The Results Reduced time required to produce the CAFR including over 50% reduction in the time it takes to prepare Fund Statements, Reduced risk of errors, Documented, simplified & formalized processes that will ease the transition to a new Finance Director, Centralized-database for single location modification, Positioned to reclaim Government-Wide statement creation from auditors. A word of wisdom from the expert Karen Simpson, Finance Director, shared that no matter the size, “the same amount of work still has to be done.” As the number and complexity of regulations and requirements for financial reporting continue to increase, municipalities of all sizes are quickly realizing that spreadsheets and word processing software that have been used in the past to prepare financial reports are no longer sufficient. Read the full success story here.
The City of Palmetto proves that automating the CAFR with CaseWare provides time, cost & operational savings for smaller local governments too.READ MORE
CaseWare Updates Now Available for 2017 Version of Connector
- Jamie Black
- 17 November, 2017
- What's New
- minute(s)Software: Connector Prior Version: 2017.00. New Version: 2017.00.055 Release Date: November 16, 2017. You may have received an email from CaseWare International announcing the release of, and inviting you to download, an update for CaseWare's 2017 Connector product. The update has been made available for CaseWare users in their MyCase portals. If however, you did not receive the email or cannot locate the download in your MyCase account contact the CaseWare Sales department at +1 (416) 867-9504 or email@example.com to request your download. Details: This new version includes the following fixes: Fixes related to: File extensions Connector stability Links/protected documents User-defined functions. Look for more blog posts and Feature Spotlight articles from FHB in the coming weeks and months talking about the enhancements and improvements in the latest version of the software.
CaseWare has just released an update to it's 2017 Connector product. Download the update to apply software fixes.READ MORE
CaseWare Updates Now Available for 2017 Versions of Working Papers & ...
- Jamie Black
- 17 November, 2017
- What's New
- minute(s)Software: Working Papers & Working Papers with SmartSync Prior Version: 2017.00.225 New Version: 2017.00.245 Release Date: November 16, 2017. You may have received an email from CaseWare International announcing the release of, and inviting you to download, an update for CaseWare's 2017 Working Papers & Working Papers with smart-sync products. The update has been made available for CaseWare users in their MyCase portals. If however, you did not receive the email or cannot locate the download in your MyCase account contact the CaseWare Sales department at +1 (416) 867-9504 or firstname.lastname@example.org to request your download. Details: This new version includes the following enhancements & fixes: Enhancements related to: Fixes related to: Imports Data Store Administration Tool Tax integration Interface Page numbering/printing Synchronization functionality Automatic Documents Document Management Look for more blog posts and Feature Spotlight articles from FHB in the coming weeks and months identifying the enhancements and improvements in the latest version of the software.
CaseWare has just released updates to it's 2017 Working Papers & SmartSync products. Make sure to update for the latest enhancements and fixes.READ MORE
Important Notice -CaseWare Financials Template (ASPE) Users
- Darryl Parker
- 27 October, 2017
- What's New
- minute(s)On Thursday, October 26th, CaseWare International sent out a email to all users that have downloaded the ASPE variant of their Financials template. This email informed users that an issue has been identified with the v15 update which was originally released in August of this year. The email did not describe the nature of the problem uncovered, but did give some detailed scenarios and steps to address the problem. Note that this problem only relates to users of the Canadian ASPE Financials template who have already performed an upgrade to v15. If you use the IFRS, US GAAP, or US GASB Financials template, there is no issue for you and no need for you to take any action. We have learned that the problem relates only to users who have added customized content to the Knowledge Libraries of the template. Unfortunately, that affects nearly every one of FHB's clients. The problem is best if caught before any additional content is added to the updated v15 template. If you have recently updated, it is strongly recommended that you revert back to your last v14 CWP file, and re-update using the newest build of the v15 upgrade patch. Complete instructions were sent in email, but of course all of our clients are invited to book a support call with one of our consultants who will be happy to discuss the issue with you and assist in taking the appropriate steps to make sure you are protected.
CaseWare Working Papers users - CaseWare International announced a CRITICAL update for the ASPE Financials template. Get this update before busy season!READ MORE
CaseWare Working Papers 2017 - Infrastructure Requirements
- Darryl Parker
- 26 October, 2017
- Best Practices
- minute(s)Back in 2015, we gave you 3 tips for how to ensure maximum performance from CaseWare Working Papers. With the recent release of Working Papers 2017, we revisit the topic and update our recommendations. Operating System Working Papers runs on the Microsoft Windows operating system. Windows 7 SP1, 8, and 10 can all be used. Users with Apple or GNU/Linux cannot run Working Papers natively; you will need to run a Virtual Machine system with one of the supported versions of Microsoft Windows installed in it. Hardware At the date of writing, CaseWare International lists these as the minimum technical requirements of the program: 1 GHz 64-bit (x64) processor. Minimum 2 GB of RAM. Program requires 1 GB free hard drive space. A monitor with 1024 x 768 resolution or higher. Internet access is required during the installation of Working Papers. Additional Components Microsoft Internet Explorer 11.0 or higher, as per the Internet Explorer life cycle. Adobe Acrobat Reader version 10.0 or higher. Microsoft Office 2007 Service Pack 3, 2010, 2013, 2016, or the desktop version of Microsoft Office 365. Security and permissions Installation requires local administrative rights to the workstation. Use of Working Papers requires read/write access to the program folder and any folders containing client files. You want maximum performance so these minimum specifications should be taken with a grain of salt as they may provide poor performance in some circumstances (large files, many users etc.). Key Factors in Better Working Papers Performance The following are key considerations for performance of Working Papers: 1) Location of the Data File Many people work with their CaseWare Working Papers file located on a remote, networked file system. This has many advantages, most importantly the ability to backup and protect the files. However, networked storage is often much, much slower than the hard drive located on your computer. For users working on their files located on a remote file system, the number one thing you can do to improve performance is to move the file on to the computer that is running Working Papers. This can be accomplished either by: Using CaseWare SmartSync Using a Thin Client solution Using CaseWare's Sign-Out feature. 2) Processor CaseWare Working Papers is not written to take advantage of multiple cores in your computer's CPU. Frequently, modern processors are designed with many lower-speed cores, and Working Papers does not perform well on these chips. For optimum Working Papers performance, focus on maximizing single-core speed. 3) RAM As a 64-bit application CaseWare Working Papers is able to make use of a large amount of RAM. For this reason, we recommend at least 8 GB of memory. Plan for the future. Considering the low cost of RAM, follow the "More is Better" rule. Hardware specifications for IT If you were asked to choose all new hardware and were just thinking about maximizing CaseWare speed, we would recommend the following. Desktop Configuration: To maximize the performance of large / complex Working Papers files running on the desktop: 64-bit version of Windows 8 or Windows 10 Get a current generation i5 or i7 processor with a base clock speed of 3.2 Ghz or higher Order 16GB or more of RAM Ask for a SSD (solid state drive) if the Working Papers data file is going to be on the local computer Thin Client Configuration: If you will be using a thin client approach to providing large / complex Working Papers files to end users, recommendations become a little more complicated. Below are our recommendations for configuration of the Thin-Client server, assuming 20 concurrent CaseWare users: Opt for Windows 2012 R2 Standard or better. Get a Xeon E5-xxxx v3 or newer processor with at least 8 cores, no slower than 3 Ghz in a dual processor setup. Order 64GB or more RAM. Ask for an enterprise-grade SSD (solid state drive) in a RAID array Locate all Working Papers data files on this server directly. Some assumptions about these Thin Client recommendations: As user count increases, systems resources must also increase No virtualization is anticipated in the above specification. If virtualization is to occur, more RAM may be required Network interface must be at least Gigabit
Maximizing CaseWare Working Papers 2017 performance requires both the right hardware and the right configuration.READ MORE
Career Opportunity: Technical Consultant
- Jamie Black
- 02 October, 2017
- About FHB
- minute(s)We need another world-class professional to join our team We are looking for a motivated, creative, highly technically-skilled individual with excellent time-management skills capable of working in a consultant role with minimal supervision who is excited about a challenge and wants to work remotely. About Us: Our firm implements, integrates and optimizes industry leading tools and best practices to improve our clients’ finance function. Our mission is to enable finance to improve their efficiency, effectiveness, and reliability. Our clients are governments, universities, corporations and public practice accounting firms across Canada and the United States. We have partnered with CaseWare International to provide consultation and training for their products. We are the sole authorized organization to provide these services to government and education finance departments in Canada. About You: Do you: Thrive on challenges? Dislike "the same-old-same-old"? Like to work outside your comfort zone, doing interesting and difficult things? Often find yourself saying "There has to be a better way of doing this"? Need to be learning new things and working with new people all the time? Achieve great satisfaction in helping others and providing creative solutions to challenging problems? Want to be lead not micro-managed? Value flexibility? Flexibility to live anywhere in the world and the freedom to relocate whenever it suits you? Hate commuting and being stuck in traffic, wasting your time? If you answered yes to all the above, you are a great fit for our firm's culture and should read on. Still here? Now, how about your technical attributes? You possess: 3 to 5 years experience working in in public practice accounting, or public sector or corporate finance, A minimum 3 years of work experience with CaseWare Working Papers, 2+ years experience building custom CaseView documents, A proven ability to learn and master technology, The capacity to solve complex challenges, within a defined framework and time line, Outstanding verbal, written and presentation skills. You are a regular, clear, concise and professional communicator, The ability to effectively use the entire MS Office Suite including Outlook, Excel, Word & PowerPoint, A knack for building solid relationships; people want to work with you, Impeccable attention to detail and high standards for quality and creativity, Solid time management skills, we don’t believe in micro-managing our people, Sensitivity to confidential matters. The perfect candidate will also possess: An accounting designation, Significant experience with: CaseWare's Financials & Audit templates CaseWare Connector Experience programming with JScript, Experience with HTML & CSS, Fluency in French, both written and oral Job Duties: As a technical consultant, you will work on a team to improve our client's financial reporting. Specifically, you will be responsible for: Implementation and support respecting industry leading tools. In particular, CaseWare Working Papers, Financials, Connector, Idea, Monitor and certain other add-ons. Development and delivery of standard and customized training Diverse, ongoing consulting services Benefits: Competitive salary & profit sharing bonuses Work remotely - from home or with a laptop & WiFi from wherever you can take a VOIP call! Comprehensive benefits package including medical, dental and vision care coverage Fitness and professional development reimbursement
We need to add a technical consultant to our team who will help deliver our client's industry leading financial reporting automation solutions with CaseWare.READ MORE
CaseWare Working Papers 2017 Released
- Jamie Black
- 21 July, 2017
- What's New
- minute(s)Software: Working Papers Prior Version: 2016.00.181 New Version: 2017 Release Date: Ongoing A new version of CaseWare Working Papers is currently being rolled out on a staged basis to users. Remember that once you open a Working Papers file in the 2017 version, it cannot be accessed using the older 2016 software. For this reason, all of your staff who collaborate on files in common should be upgraded at the same time. You may have received an email from CaseWare International announcing the release and inviting you to download the installation files. If, however, you do not have that email, contact the CaseWare Sales department at +1 (416) 867-9504 or email@example.com to request your download. Details: This new version includes many enhancements & fixes: Enhancements related to: Fixes related to: Cloud Integration Cloud Integration SmartSync & SmartSync Sever SmartSync & SmartSync Sever Roles Interface Tracker Imports Performance & Stability Document Management PDF exports Automatic Documents Mapping & grouping Calculations Document Management Cells Automatic Documents Calculations Export Interface Cells Graphs Look for more blog posts and Feature Spotlight articles from FHB in the coming weeks and months talking about the enhancements and improvements in the latest version of the software.
CaseWare Working Papers 2017 was just released with many fixes and enhancements.READ MORE
What You NEED To Know About Password Security
- Waldo Nell
- 11 July, 2017
- Tech for Execs
- minute(s)As we have discussed previously, a little knowledge about technology & security can go a long way to mitigating risk. That is especially true of one very important and fundamental topic: passwords. There are three basic methods to authenticate yourself to a 3rd party (e.g. a website, an application, or your network): What you have refers to something in your physical possession - a key, a phone, an access card. What you are usually refers to biometrics. Items like your fingerprint, your retina, voiceprint, DNA etc. What you know typically means a password but could also refer to security questions like, "What is your mother's maiden name?" This article considers two important aspects related to the use of passwords in the modern day: 1. How secure is your password? 2. What can you do to improve your digital security? Most corporate systems today still ignore the first two authentication methods. They are protected by the venerable password - a combination of letters, digits and symbols that act as the key to unlock some digital asset. The strength of the password system relies on the assumption that you have chosen some combination of characters that can be easily remembered by you, but not easily guessed by a bad guy trying to access your asset. We use the term “asset” since passwords are used to protect various different things such as online banking and email accounts, social media accounts, the login to your office PC, documents that are password protected, the PIN on your bank card and so on. How secure is your password? Stop and think about the password you used to log in to your own computer today. Most systems have some basic rules like "At least 8 characters long with at least one upper case letter, at least one lower case letter, and at least one number." Your password might look a lot like "passw0rd". (Don't be embarrassed, it's a very common password.) If I wanted to break into your computer, how could I guess that password? There are several ways to approach this problem. Let’s consider just one approach: a brute force attack. The computer program we will use starts based on a specific character set. Let's simplify and assume the character set consists of all lowercase and uppercase letters and digits. So we have a-z, A-Z and 0-9. The program will start its first guess by trying “a” as your password. It will fail and the computer will try “b” and so on until it gets to “z”. It will then try “A”, “B”, …”Z”, “0”, “1”, … “9”. It will then move on to “aa”, “ab”, “ac” and so on until it gets to “99999999”. A simple calculation shows that the program has to guess (26 + 26 + 10)8 = 218,340,105,584,896 combinations of characters to try all of the possible 8-character passwords. 218 trillion combinations! It sounds so large as to be impenetrable. An average office PC from 2005 would take about 170 years to break this password. But on a high-end desktop computer of today, such a password can be cracked within an hour. You may be wondering how bad guys can make so many guesses in an hour without getting detected? The trick is that bad guys rarely directly try to log in as you. Instead, they exploit system vulnerabilities and download large lists of scrambled passwords for thousands/millions of accounts. Once they have the list on their local system, they can try to guess the passwords (using brute force and other methods) at their leisure. Once they have worked out what the passwords are, they then try to log in using the compromised credentials. In real life, bad guys very rarely revert to brute force attacks for longer passwords. Instead, they build up huge word lists consisting of previously cracked passwords from breaches such as Yahoo, LinkedIn, DropBox, Ashley Madison and so on. Since many people reuse passwords across sites, these lists allow bad guys to quickly crack passwords on many sites. What can you do to improve your digital security? Security is hard to get right. The best we can do at this time is to make use of something called defense in depth. The general idea is to not rely on one single measure to protect you but to add multiple layers that in combination dramatically mitigate overall risk. Here are 7 recommendations designed to do just that: Use better passwords - Never use the names of your children, birth dates or anything personal in your passwords. Pick a random 12 character or longer password which mixes lower case, upper case, and digits. Doing this one step would increase the time to crack the password from under an hour for a random 8 character password, to nearly 41,000 YEARS for a 12 character password! Add special characters (%,$,# ) to increase it even more. Be unique, do not share & do not write - Furthermore, do not share your passwords. Never reuse passwords between accounts because cracking one password gives access to many other assets. Do not write your passwords down unless you can store them where they you can guarantee their physical security. Increase the length of your passwords every 3 years - Make sure to revisit your passwords every two to three years. Remember, as long as Moore’s law* holds, passwords that are considered secure today will become weaker in the future. A general rule is to increase the length of your password by 1 character every 3 years Use password management software - Most of us have dozens of accounts, and remembering dozens of different, random passwords is near impossible. Fortunately, there is a solution to this dilemma. Password Managers are applications that you install on your computer/phone, that will remember and manage your passwords for all the various sites you frequent. Your passwords are stored in a secure, encrypted vault which you protect with a single master password (one that is long and hard to guess but easy for you to remember). This one master password protects all the other random passwords. Examples of good password managers are 1Password and LastPass. Two Factor Authentication - Fortunately, many sites & software today allow you to set up something called 2FA (Two Factor Authentication). In addition to providing your password when you try to log on to a service, a short number is sent to your phone by the site as a challenge for you to repeat. By typing in the correct code, you verify what you know (password) as well as what you have (ownership of your phone). It is much harder in general for a bad guy to both know your password and have control over your phone. If your service provides this feature - enable it. It usually costs nothing extra to enable Use fake answers to security questions - Many sites require you to provide one or more security answers in case you lost your password and have to reset it. Providing real answers significantly weakens the security of the account, as it is trivial in today's connected world for a bad guy to scour Facebook / Twitter / Google and find out what your mother's maiden name is or the name of your high school. Best is to use pronounceable but obscure, false answers and store them in your password manager. Restrict remote logins - If practical, have IT prevent remote logins by default for all users. In other words, all users must be in one of your offices to access your systems. As most folks won't want to risk sauntering into your office and sitting at your computer, this improves your security considerably. For those users that do work remotely, have IT limit access for those users to specific authorized locations (IP addresses), or make use of a VPN. *Back in 1975, a guy by the name of Gordon Moore (working at Intel), predicted that the number of transistors in an integrated circuit would double every two years. This translates loosely to a doubling of processing power once every two years, also known as exponential growth. This prediction has held true for four decades, and the implication on our digital security is significant. The computer you buy in two years can crack longer passwords in less time than the one you have today.
Finance officers rely on technology & trust their passwords to provide security for confidential data. These 7 tips ensure your passwords are up to the task.READ MORE