BTerrell Group Blog

Super Powers of the Cloud: The Security of Concur’s Cloud

Posted by Info Info on Wed, Jun 11, 2014

Read More

Tags: security, expense tracking, cloud, concur

Creating IT Process Standards

Posted by Info Info on Thu, May 29, 2014

by Chris Karnes

As new employees join the company and other employees leave, do you have processes in place for enabling access for onboarding employees and denying access for exiting employees? Are there multiple logins and systems (Office 365, domain login, phone systems, office printers, etc.) that your new employee needs in their daily functions? Most of us rely on the IT department to do this. But, what happens if you have a single IT employee, and that’s the employee that just left? Do you have the processes documented so that you can disable and/or remove the various user accounts for the former employee and create the new accounts for any incoming employee? Improving and creating processes are critical for completing things efficiently, as well as tightening the security surrounding your business files.

Onboarding a New Employee

Document your processes, and review them periodically so they are updated as your technology changes. Your documentation can be as simple as a Word document with the first page listing what every new user would need. The following pages detail how to setup each account using screenshots and a brief explanation of the requirements. If your business has domain access for networked servers, Office 365 with email, Intacct, Sage CRM, a VoIP phone system, and a Multifunction Office printer with the ability to email scanned items, each system needs to be set up for everything to work correctly. The scanner won’t email if you don’t set up the Office 365 account since the user won’t have a valid email address, and the employee can’t log into their computer if you haven’t set up their domain access.

With so many logins and setup for one new user, you need a standard for creating usernames. Three of the most commonly used standards are first initial last name, first name last initial, and firstname.lastname. Use the same user name standard across as many accounts as possible to avoid having an employee email address of john.smith@xyz.com while his domain login is jsmith@xyz.com. That gets confusing, time consuming, leads to failed logins (and accidently lock someone out of their account), and leads to mistakes, such as John giving a prospective client the wrong email address. Software such as Intacct and Sage CRM may be administered by multiple or different people who specialize in that specific software. They must be aware of the company username standards. My personal favorite is firstname.lastname. You occasionally may have two people with similar first and last names, but most of the time there will be a slight difference in spelling between them, for example John Smith and Jon Smith. If two people have the exact same spelling, include a middle initial for the newest employee (jon.z.smith).

Deleting Access for Exiting Employees

You also want to create and document a standard for how to deny access for employees leaving the company. Do you want to disable, delete, archive, forward, or monitor the email account? If that employee had several projects in progress and the departure was sudden, you may not want to delete or disable the account, as any client attempting to email your company have their email denied. You want to reset the password and either forward the emails to another employee or manager to review, or add that mailbox to an employee’s mailbox until you communicate the new contact to clients. Same goes with the phone extension. You need to document how to forward the extension to another employee’s extension, while taking the physical phone offline. This will help ensure that you do not accidently drop the ball while transitioning as you always have someone monitoring any incoming contacts from clients. Then document how to delete or disable the employees’ domain account and remove them from the multifunction office printer.

 

If you don’t know what the processes are, or if they are documented, get with your IT department and ensure these are set up so that those with administrative access can properly handle adding new users and removing former employees. If they are not, make sure to create these processes and document them. 

Read More

Tags: security, IT process, Information Manager

Debunking the Myths of Cloud-based Accounting Solutions: Security

Posted by Keith Karnes on Mon, Jul 01, 2013

Over a period of time, we will address several of the issues or concerns raised about viability of cloud-based accounting (ERP) solutions.

Read More

Tags: security, Intacct, cloud, cloud erp, cloud accounting software