DFK/USA - 2019 News and Info

Volume III | January 2019

Visit our Website

2019 DFK/USA Executive Commitee Members

Harriet Greenberg

President

Friedman LLP

Steven McDonald

President Elect

Abdo Eick & Meyers

Jim Dobberstein

Treasurer

Shea Labagh Dobberstein

Streett Baldwin

Secretary of Recruitment & Retention

Ellin & Tucker

Frank Ianuzzi

Vice President

Ianuzzi Manetta & Co

Benjamin Bohlmann

Vice President

Bohlmann Accounting Group

Will Eckerson

Vice President

Bennett Thrasher

Steve Parkhill

Immediate Past President

EEPB

Tom Donahue

Vice President of International Relations

Piercy Bowler Taylor & Kern

Maureen Dillmore

Executive Director

DFK International/USA

Rachel Green

Membership Coordinator

DFK International/USA

Letter From the President:

Dear DFK International/USA Members:

When looking back on the many strides we’ve accomplished this year, one particular African proverb comes to mind, “if you want to go fast, go alone. If you want to go far, go together.” 2018 was an exceptional year of growth, collaboration and innovation for DFK/USA.

I’m proud to say that our membership has reached a record breaking 28 firms. Four new firms joined DFK/USA this year alone: Lauterbach & Amen Naperville, IL, Reynolds & Rowella, LLP in Ridgefield, CT, Ridout Barrett CPAs & Business Consultants in San Antonio, TX and Lambert Johnson with several office locations. We are a vibrant, collegiate group that welcomes each other as treasured friends and colleagues. As such, we are constantly exploring ways to engage each member through lively conferences, cutting-edge trainings, regular committee calls and meetings at the managing partner and executive committee levels.

This year, we hosted our first ever Women In Leadership Luncheon in collaboration with DFK/International—a demonstration of our commitment to empowering our members. This eventful occasion was marked by an overwhelming attendance during which we shared personal stories about navigating and prospering in the public accounting industry. Members also explored new ways to better mentor rising female leaders across firms and in DFK. This group is committed to promoting female development in the workplace and beyond through internal mentorship and through charitable partnerships that positively impact women on a national and international scale. Be on the lookout for ways to get involved in the upcoming celebration of International Women’s Day.

Another exciting event this year was our North America Conference held in the Ritz Carlton in Orlando, Florida. This highly anticipated gathering was a huge success, with over 90 registered attendees and 35 accompanying guests. Attendees convened from throughout the U.S., Canada, Mexico, London, Dublin and even as far as Australia. Two member firms discussed a specialty practice area that will deliver more resources to our members.

I welcome you to explore the opportunities available to you by attending the AGN and DFK meeting in 2019. Last August, the DFK A group met with AGN and plan to hold a second annual meeting in 2019. In the spirit of collaboration, I suggest that groups B and C consider holding a joint event as well.

Further, our 2019 year includes a May Managing Partner Conference in St. Louis, MO, a DFK International Conference in Singapore and our most anticipated North American Annual Conference in October in Maui, Hawaii.

Please reach out to me or other executive committee members with ideas, comments and concerns as we are a group run by members for members. There is strength in community. There’s no question in my mind that the momentum we’ve created together will carry us full steam ahead into the new year.

Have a safe, happy and healthy year in 2019.

Harriet Greenberg

DFK International/USA President

Friedman LLP Co-Managing Partner

New Year - New Website

The New Year is always a great time for a fresh start, so we figured there's no better time then now to debut our new website! Featuring new member benefits including a place for you to share your News with the membership and a spot for career seekers.

The next step include a new interactive members only website that we hope to reveal early this year.

If you'd like to see your news or job opportunities shared on the website, please send them to Rachel at rgreen@dfk.com.

New DFK/USA Promotional Video

A new DFK promotional video was released in November. Share with clients, potential new members, or firm employees so that they can gain a better understanding of the true value of DFK membership.

VP AMERICAS Report

October was a busy month as I attended the Latin American Conference and North American conference.

Meetings with the Mexican, Canadian and USA executives/boards highlighted the strength of our National Groups.

We were very pleased to see representatives from Miami, Irvine and New York in Mexico along with Anne Brady EMEA VP.

Global participation is always a benefit of attending NACC as many countries were represented at the tax seminar and conference.

Jumping ahead to July 2020 where it will be our turn to welcome the world as we join the DFK International Conference in Panama .

It promises to combine the best of the North American/Latin American and International conference.

Mark you calendars - July 2020 The Americas Welcome the World!

Paul Panabaker

VP Americas

Recent Conferences & Meetings

DFK North American Annual Conference, Orlando

In October, DFK delegates from the USA, Canada, the UK, and Australia gathered in Orlando for a week of education and networking at the 2019 North American Annual Conference.

DFK members were treated to sessions from leaders in the industry such as Roman Kepczyk and Mark Koziel. The wealth of knowledge within DFK was also featured in presentations from Friedman CyZen and EEPB InnovaTax.

The magic of Disney wasn't wasted as the attendees had the opportunity for an exclusive behind the scenes tour of the magic kingdom and a buy-out event at a restaurant in Universal Studios.

For more pictures of the conference, click HERE

DFK/USA Executive Committee Strategic Planning Meeting

Each year, in addition to the meetings held at the Managing Partners Conference and North American Annual Conference, the DFK/USA Executive Committee meets for a full day to discuss the past year and lay the ground work for the future. This year, the meeting was held at the DFK Executive Office in Denver, CO. A great time was had by all and the team looks forward to 2019 with anticipation!

DFK/USA New Managers and DFKUniversity for Tax & Audit Seniors

This December, Austin, TX was the host to 90 Seniors & New Managers from our US Member firms. In addition to high quality training, we provided plenty of networking opportunities for for the next generation of DFK leaders to get to know one another. See what attendees had to say about the meetings:

"I had a great experience at DFK. I felt I learned a lot of new things that I can bring back to our firm. Would definitely recommend to other staff in my firm." - DFK Audit Senior from EEPB

"Very tangible tools to help with marketing, communication, business development, firm management, etc. Also, instructor was very engaging with industry specific examples and experience." - DFK New Manager from Geffen Manager

"Our instructor Chuck is really good. I love all of his stories, situations and small talks through out the course. The material is also good with I think I can keep it at my desk to remind me to get better as a senior." - DFK Tax Senior from Gursey Schneider

Click HERE to see more pictures from the event.

DFK/USA Save the Dates

Managing Partners Conference | 15-17 May | St. Louis, MO | Add to My Calendar

Who to send: DFK Managing Partners and DFK/USA “Champion”

More Information to come in early 2019

New Managers Part II | 3-5 June | Denver, CO | Add to My Calendar

Registration closed. Attendees from the December session can register for their Denver hotel room HERE

Leadership Symposium | 24-26 June | Salt Lake City, UT | Add to My Calendar

Who to send: DFK Managers and Partners

More Information to come in early 2019

DFK International Conference | 10-12 July | Singapore | Add to My Calendar

More Information to come in early 2019

DFK/AGN Major Firms Meeting | 4-5 August | Denver, CO | Add to My Calendar

More Information to come in early 2019

North American Annual Conference | 29 October – 1 November | Maui, HI | Add to My Calendar

Who to send: DFK Partners

More Information to come in May 2019

New Managers Training/DFK University | 10-13 December | Austin, TX | Add to My Calendar

Who to send: New Managers, Beginning in Charge Tax & Audit Seniors

More Information to come in Spring 2019

DFK International/USA | 571-232-5472 | mdillmore@dfk.com | www.dfkusa.com

Committees and Interest Groups

DFK NFP Committee Fly-In

Hosted by Gursey Schneider

January 16-18, Los Angeles

Wednesday January 16 ^th – Fly in with group dinner

Thursday January 17 ^th – All day meeting discussing industry developments, technical pronouncements and business development opportunities followed by group dinner

Friday January 18 ^th – Morning wrap up/departures to airports depending on flight schedules

We are currently in the process of updating our committee/list serve rosters, assigning chairs and creating the call schedules. In the meantime, if you have a Request for Assistance for any of our groups, you can use the emails below to reach out, or send your request to rgreen@dfk.com

DFK Marketing Committee

DFKMarketingCommittee@dfk.com

DFK HR Committee

DFKUSAHRCommittee@dfk.com

DFK A&A SEC Committee

DFKAASECCommittee@dfk.com

DFK Tax Committee

DFKTaxCommittee@dfk.com

DFK Audit SEC Committee

dfkaaseccommittee@dfk.com

DFK Construction & Real Estate Committee

dfkconstructionrealestatecommittee@dfk.com

DFK EPB Committee

dfkepbcommittee@dfk.com

DFK Health Care Committee

dfkusahealthcarecommittee@dfk.com

DFK Human Resources Committee

dfkusahrcommittee@dfk.com

DFK International Tax Committee

dfkusainternationaltaxcommittee@dfk.com

DFK Marketing Committee

dfkmarketingcommittee@dfk.com

DFK NFP Committee

dfknfpcommittee@dfk.com

DFK SALT Committee

dfksaltcommittee@dfk.com

DFK Tax Committee

dfktaxcommittee@dfk.com

DFK Technology Committee

dfkitcommittee@dfk.com

DFK Forensic & Valuation Committee

dfkusaforensicandvaluationservicescommittee@dfk.com

DFK Manufacturing Committee

dfkmanufacturingcommittee@dfk.com

DFK Government Committee

dfkgovernmentcommittee@dfk.com

DFK Business Development Committee

dfkbusinessdevelopmentcommittee@dfk.com

Email rgreen@dfk.com with agenda sug gestions

From our firms...

As the world becomes increasingly interconnected, it’s critical for your organization to take a multi-layered approach to cybersecurity. The basic security measures of deploying a firewall and assuming you are protected is no longer enough to mitigate the ever-changing threats. This article will outline some best practices your company can start executing now to safeguard your critical assets.

Secure remote access to your company and its resources

In today’s mobile workforce, the ability for company employees to access the resources they need from anywhere is crucial to successful business operations. Many of these resources are located in the cloud and within the company’s internal environment. Unfortunately, making these resources available to your employees from anywhere also makes them a target for cyber-attack. The most common and effective way to secure these resources is by implementing two-factor authentication, which can create a protective layer between your company’s valuable information and cyber attackers. When deciding to implement two-factor authentication (“2FA”), it’s important to remember that not all implementations are equal. Companies should evaluate the strengths and weaknesses of each 2FA tool. For example, using 2FA with text messages (“SMS”) is less secure than using 2FA with push notification, security keys, or authenticator applications (i.e. Google Authenticator, Duo). The reason for this, is that SMS 2FA is susceptible to “SIM Card Porting” attacks, where the attacker calls your service provider and switches your phone service to a phone they control. At this point, they are able to receive the 2FA text messages used to secure your accounts. 2FA implementations that use authenticator apps are susceptible to phishing attacks, where an attacker provides a victim with a logon portal similar to one familiar to the user. The user unsuspectingly enters their credentials, including the pin provided by an authenticator app. The fake portal forwards the information to the actual site and the attacker now has access to it. The most secure forms of 2FA include the push notification and the security keys, both of which are not susceptible to phishing attacks. Besides 2FA, Whitelisting is also an effective means of ensuring that only someone in the office is accessing things such as your website/blog and adding an extra layer of security to 2FA.

Know your assets

Another great challenge, even outside of the world of IT, is asset management. It’s not always easy to track who assets belong to and where they live. Construct a streamlined strategy that properly tracks your inventory and makes change manageable when securing assets such as data, hardware and software. At any given moment, your team must be able to answer who the owners/users are, where the asset lives/ belongs and what it’s used for. These questions will help you effectively track and monitor your assets. Once your IT assets are identified you can add layers of visibility and anomaly detection through the use of many available tools and platforms (such as a Surface Equipment Inventory Management). These tools and platforms are designed to help add value beyond just knowing your assets—you can actually protect them in a meaningful way.

Navigating a sea of vulnerabilities

Building on the ideas of tracking and managing assets, organizations need to focus on the lens of known vulnerabilities. Technical vulnerabilities in your company come from two basic areas: outdated software/hardware and misconfigurations. In previous years, individuals with decades of field experience were needed. Today, vulnerability scanners have made locating risks much easier. These are automated scanning devices, which should be regularly deployed in your environment—especially if a new big vulnerability hits the news. Vulnerability scanners can list a myriad of valuable information and help IT professionals make sense of things, such as: what systems are most at risk, the impact of the risk, criticality of a vulnerability and outlined remediation steps.

IT admins should deploy a routine and robust patching schedule, as well as a vulnerability management program that runs quarterly at a minimum to identify gaps in patched systems. This ensures that the organization will identify and take action on these vulnerabilities that are discovered by industry professionals on a daily basis. After a few rounds of vulnerability scanning and remediation, a company can gain value from a penetration test. This test is used by skilled professionals who attempt to breach in manually by manipulation of broadcast traffic, as well as using other advanced techniques that may not be identified by vulnerability scanners.

Protect your employees and their devices—at all costs

One of the biggest risks to an organization is spearphishing. Spearphishing emails not only harvest credentials, but often deploy dangerous malware that can spread through the network, giving remote attackers a way in to steal data and compromise resources of an organization. Dealing with malware and spearphishing emails not only requires a layered approach, it also requires awareness of your users. One of the best defenses in bringing down the percentage of users who click on malicious malware is spearphishing training. Training should be done routinely, and is proven to raise awareness and reduce the risk. Like many other cybersecurity solutions, training should be accompanied by automation. Luckily for the good guys and gals, endpoint protection has made leaps and bounds in actually blocking malware.

Old school anti-virus solutions were very clunky, resource heavy and ineffective when it came to actually blocking the most malicious files. Most old AV solutions were only signature based, meaning it had to know that something’s file signature was bad before it took action in identifying and blocking it. Newer solutions dubbed as “Next-Gen AV” are heuristic based. This means they are hands-on and interactively searching for bad signatures and addresses. They achieve this by looking at what the malware is doing and judging it against a baseline of normalcy before preventing an action (such as pulling passwords from memory) which is typical of malware and not something a normal user would initiate.

Planning for a rainy day

Setting up a proactive layered defense is certainly worth the effort—the next step is strategizing an execution plan if an incident happens. Ransomware and other sophisticated malware certainly has brought many organizations and business to a screeching halt. Companies should establish cybersecurity policies that are in line with their business goals and should declare what to do if there is a cybersecurity incident. It is important that employees know who needs to be notified and how issues should be escalated within an organization. If a company does not fall under any regulatory bodies such as PCI DSS and HIPPA, both ISO and NIST frameworks do an excellent job of creating guidelines that a company can follow to create a solid program. Having a clear policy can help bake in features for companies housing European data and will help with GDPR regulations internationally. Policies should clearly outline a formal incident response plan (“IRP”) that outline processes and clear steps for employees to help contain and get through a cybersecurity breach while trying to limit the impact.

For more information about this exclusive offering or to learn more about how you and your clients can benefit from Friedman CyZen’s customized approach to cyber security, contact Jacob Lehmann at jlehmann@FriedmanCyZen.com .