If you devote all your business’s security resources to fending off hackers and other cybercriminals, you may be unlocking the door, literally, to more basic types of theft. “Creepers” are criminals who gain access to offices or other physical facilities via unlocked doors and social engineering tactics. Once in, they steal proprietary information, inventory, computers and personal property, or gather information that makes it easier to hack your network.

Creepers in action

A major energy company’s Houston office was infiltrated by a creeper who’s believed to have stolen sensitive information, possibly to sell to a rival company or foreign government. Surveillance footage released by the FBI shows a man walking through an unlocked door in the middle of the night. He’s wearing office-appropriate clothing and moves confidently, like an employee who has a right to be there.

A Washington D.C. creeper also looked like she belonged where she didn’t. She walked into many supposedly secure government offices by chatting with employees outside the office, then following them through the door. When questioned, she claimed she’d left her badge at her desk.

In other cases, creepers use uniforms and props such as mops, toolboxes and clipboards to suggest they’re cleaners or that they work for building maintenance. They may wear stolen or forged ID badges, assuming that no one will examine them too closely.

Exercising vigilance

To protect your business’s and its employees’ property, keep all doors locked, even during work hours. Issue keycards and photo-ID badges to workers and instruct them to be on the lookout for possible intruders. They shouldn’t automatically assume, for example, that someone wearing coveralls and carrying a ladder is authorized to be there. And they shouldn’t unlock the door for anyone — even if that person seems like an employee — unless they know for certain he or she is.

If workers are uncomfortable approaching a possible intruder, they should immediately report the person to your office manager, HR director or building security. The stranger in question may well be an authorized visitor, but it’s better to be safe than sorry. Also ask employees to report the presence of former employees, who sometimes are recruited to carry out corporate espionage.

Even if you don’t keep high-value inventory or electronics on the premises, install security cameras. And instruct employees to lock up purses and wallets and to password-protect computers whenever they leave their workspaces — even if it’s only for a few minutes.

Virtual vs. physical threats

Obviously, IT security must remain a priority for all organizations. But don’t let virtual threats blind you to the need to protect against physical ones. Contact us for help preventing fraud and other forms of theft.

© 2019 Covenant CPA

Today’s business technology is both powerful and restive. No matter how “feature rich” a software solution or hardware asset may be, there’s always another upgrade around the corner. In other words, it’s just a matter of time before your company’s next IT project.

When that day arrives, watch out for “scope creep.” This term refers to the tendency of a project’s objective (or “scope”) to gradually expand while the job is underway. As a result, the schedule may drag and dollars may go to waste.

Common culprits

A variety of things can cause scope creep. In many cases, too few users give input during the planning stage. Or misunderstandings may occur between the project team and users, obscuring the purpose of the job.

Excessive implementation time undoes many projects as well. As weeks and months go by, business processes, policies and priorities tend to change. For a new system to meet the needs of the business, the project’s scope needs to be executable within a reasonable time frame.

Ineffective project management is another common culprit. Scope creep often arises when a project manager underestimates the complexity of the tasks at hand or fails to adequately motivate his or her team.

5 steps to success

To stop or at least minimize scope creep, follow these five steps:

1. Distinguish “must-haves” from “nice-to-haves.” Draw a red line between the functionalities your business absolutely must have and any added features that would be nice to have. Schedule the prioritized requirements in the form of phased deliverables during the project’s life cycle. Add “nice-to-haves” to the final phase or, better yet, defer them to future projects.

2. Put agreed-on deliverables in writing. Use a Statement of Work document to clearly outline the stated project requirements. Be sure to cover both those that are included and those that aren’t. Have everyone involved sign off on this document.

3. Divide and conquer. Segregate the project into small, manageable phases. As it proceeds, continue to review and sign off on each phase as it’s delivered, following an adequate testing period.

4. Introduce a formal change management process. If someone demands a change, ask him or her to rationalize the request in writing on a change order form. Then analyze the potential impact, estimate the added cost and time, and obtain consensus before proceeding. Adhering to this step typically eliminates many low-priority demands.

5. Anticipate some scope creep. It’s a rare project, if any, that proceeds exactly as planned. Allow for some scope creep in your budget and timeline.

Head-on approach

Improving your company’s technology should be cause for excitement and, eventually, celebration. Unfortunately, it too often brings anxiety and conflict. Tackling scope creep head on can help ensure that your IT projects go more smoothly. Our firm can help you assess the financial impact of any technology solution you’re considering and, if you decide to proceed, set a budget for the job. Contact us at 205-345-9898 or info@covenantcpa.com

© 2019 Covenant CPA

One thing in plentiful supply in today’s business world is help. Orbiting every industry are providers, consultancies and independent contractors offering a wide array of support services. Simply put, it’s never been easier to outsource certain business functions so you can better focus on fulfilling your company’s mission and growing its bottom line. Here are four such functions to consider:

1. Information technology. This is the most obvious and time-tested choice. Bringing in an outside firm or consultant to handle your IT systems can provide the benefits we’ve mentioned — particularly in the sense of enabling you to stay on task and not get diverted by technology’s constant changes. A competent provider will stay on top of the latest, optimal hardware and software for your business, as well as help you better access, store and protect your data.

2. Payroll and other HR functions. These areas are subject to many complex regulations and laws that change frequently — as does the software needed to track and respond to the revisions. A worthy vendor will be able to not only adjust to these changes, but also give you and your staff online access to payroll and HR data that allows employees to get immediate answers to their questions.

3. Customer service. This may seem an unlikely candidate because you might believe that, for someone to represent your company, he or she must work for it. But this isn’t necessarily so — internal customer service departments often have a high turnover rate, which drives up the costs of maintaining them and drives down customer satisfaction. Outsourcing to a provider with a more stable, loyal staff can make everyone happier.

4. Accounting. You could bring in an outside expert to handle your accounting and financial reporting. A reputable provider can manage your books, collect payments, pay invoices and keep your accounting technology up to date. The right provider can also help generate financial statements that will meet the desired standards of management, investors and lenders.

Naturally, there are potential downsides to outsourcing these or other functions. You’ll incur a substantial and regular cost in engaging a provider. It will be critical to get an acceptable return on that investment. You’ll also have to place considerable trust in any vendor — there’s always a chance that trust could be misplaced. Last, even a good outsourcing arrangement will entail some time and energy on your part to maintain the relationship.

Is this the year your business dips its toe in the vast waters of outsourced services? Maybe. Our firm can help you answer this question, choose the right function to outsource (if the answer is yes) and identify a provider likely to offer the best value. Call us at 205-345-9898.

© 2019 Covenant CPA