Replies (4)
Please login or register to join the discussion.
Refunds
Did it take the agent this long to realise there was a problem because of the length of time it is taking to get refunds sent out.....?
RE: Security of tax agents’ systems
Hi
As a technology vendor I am disappointed with the quality of information detailed in the above post. Whilst at a high level it is correct, this in its self could be misleading to many non technical readers.
Examples -
'The firewall needs to be switched on' - True, however an incorrectly configured firewall that has been switched on could provide little or no protection at all and this risk should also be highlighted . Firewalls need to be configured and checked by someone who knows what they are doing. Default firewall configurations on Microsoft/Windows PC's etc are not always correct and need checking.
Even with a correctly configured firewall certain 'ports' need to be open for email, browsing etc and if servers/PC's behind the firewall are not fully patched an up to date these applications/services will be open to being hacked.
Even if you don't ask Windows to remember your user name/password if you have used it once it will still be stored in the memory/cache of your PC/Server and available to a hacker so it is critical that your network/PC security is bullet proof.
Around 14 months ago we ran a 'penetration test' (ethical hacking to test how secure a network is) on 100 small business networks (including a few Accountants and Solicitors) as a research project and we were able to hack in to 84 networks very quickly and gain access to all sorts of information and many of these businesses were confident that their information was safe/secure.
Many IT consultants/support companies are pretty clueless when it comes to IT security and short cuts taken when setting networks up can create problems so the only real solution is to use the services of a specialist security company (known as 'Ethical Hackers') who will be able to use a range of tools/techniques to test your security, audit the findings and fix any weaknesses. The catch is that engaging security specialists even for a very small business is likely to cost £1k to £3k per audit (this should really be done annually as a minimum) and for this reason many businesses will choose to ignore the potential risks.
Best Regards
Mark Hutchinson
Consider alternative software
Changing anything is obviously a PITA, but as information is the new money, using software that has an intrinsically better security model has got to be a good idea.
And there is no doubt that the better model is the one used by GNU/Linux.
Of course, if you leave all the doors open it's easy to walk in, but with GNU/Linux you've got to try very hard to leave the doors open. And there is no software in the world that will protect you from claiming your winnings in a Spanish lottery. Nor can it protect you from downloading the contents of a compressed file from a dodgy server.
However, and contrary to official advice talking about "all software", GNU/Linux saves you from yourself when you click on those dubious links. You can't accidentally or unknowingly install anything.
And anything you do download (I thought it was "dark side of the moon" not...) doesn't end up in some unknown and hidden folder somewhere.
I am aware that not all of your favourite software has its FOSS equivalents, and unfortunately, its the accounting packages, but take a look here, (it's a UN publication and it's already out of date, but it's indicative) http://www.apdip.net/publications/fosseprimers/foss-edu.pdf
But if the industry body cannot persuade the applications vendors to develop versions for GNU/Linux, surely it's big enough and ugly enough to fund the development of new or improve existing accounting applications?
One model for this development is google summer of code http://code.google.com/soc/ delete google insert accountancy bodies.
Usability studies have long since shown that changing from what you currently use to a desktop based on GNU/Linux is no more difficult than overcoming the problems encountered when one of your current suppliers upgrades an existing package.
The desktops are increasing pretty, for example: http://arstechnica.com/open-source/reviews/2009/08/hands-on-kde-43-deliv...
Everyone knows the servers are secure.
No it's not a pain free decision, but the pain is a one off experience. And then, if you use FOSS, no one will be auditing you to check for software licence compliance, no one cares if you use another copy of anything you use, no one will ask you for any money, either initially or for upgrades. It doesn't need such powerful hardware to run.
Of course you could choose to pay for support, but then you might choose to pay to have a washer changed on your tap.
Gerry Gavigan