Category Archives: My Two Cents

Three Words for 2018? We Got This!

IMG_2843

Over the last week, I have been thinking about 2018. I don’t know about you, but 2018 snuck up on me. One moment I was caught up in the day-to-day of 2017 and the next moment 2018 was just a couple of weeks away! After my initial panic, I thought – well, it’s great because I get to think of my three words. Three words? Well, if you haven’t been on this journey with me before, I shall explain. In 2012, I met and was inspired by Tom Hood and he introduced me to the Three Words approach, which came from Chris Brogan. At the start of every year, now, I sit and think about what three words I would like to guide me through that year. During the year, I come back to those words, to help center, direct and motivate me. Over the last few days, I have thought about how to make this work better for me, and I determined that I must display these words to remind me, even when I am not thinking about being reminded, to move me when I feel stuck and to hold me accountable. I say this in part because, 2017 was a challenging year for me and I found that I often lost track of my guiding lights. Involved in, and sometimes overwhelmed by, the moment, I often forgot to even look for my words. Putting the words everywhere, will go a long way to keeping me mindful of that.

Last year, I started looking back over my year and I have found this to be a great way to assess how things went and to help me set my intentions for 2018. My three words:

Imagine. This is the first word that came to me. During 2017, in part through work and volunteering with the New York State Society of CPAs and the AICPA, I have had some truly new experiences. I have learnt how to play poker and how poker skills can benefit me in the workplace; I have worked with a team to consciously inch towards better health – physically, emotionally, and spiritually – and that has included laughing more and skating in Byrant Park; I have collaborated with incredible people and presented in various spaces, from a national conferences to a college campus. During the year, I have been involved in conversations that have opened my eyes, that have ventured into spaces that are often afraid to even tiptoe into, that have renewed my hope when things have seemed bleak. I have often reminded myself to listen and to hear because that is when I find the moments that hit me hard and that get me to imagine and those moments are incredible. When we imagine, and step outside of what we know, we can find brilliance, we can find understanding and, just as important, we can also see and revise the not so great. In 2018, I want to imagine without fear of where my imagination will lead me. I want to imagine and be okay with when what I imagine doesn’t always work out. I also want to make sure that I make the time and space for my imagination. Back in 2015, I tried to create space for me to be bored, which is a big part of creating the space for imagination and, as the exercise stated, brilliance. It did free my mind in great ways and, looking back and looking at now, I know I need a lot more boredom in my life. And I still haven’t finished my Starry Night jigsaw puzzle!

Innovate. During 2017, I listened and took part in conversations about change. The conversations were about artificial intelligence (AI) about blockchain (and cryptocurrencies, like Bitcoin) and about cybersecurity. Other conversations were about what diversity, inclusion, and belonging mean and if and why it is important. We had conversations about what to do about all the change happening in our professions, in our world and in our lives. We talked about how we react to it and how we can embrace, be ahead of and even create greatness out of all the change. Beyond the conversations, we brainstormed and tried new things. We looked at the new approaches other took and ran with them. I spend a lot of time looking at challenges and how, sometimes, people take the same approach to resolving them and see minuscule results. As much as we tout how “change is good”, it is a human thing to resist changing the status quo. During this year, I want to innovate. I want to collaborate and brainstorm and determine to try something new. I want to embrace the difficult conversations, appreciate and improve upon feedback and, on my part, provide truly constructive feedback. I want to remember the power of synergy and never forget that the best innovations come through a community of people sharing, listening and taking risks.

Act. My third word came to me after I wrote and thought about my 2017 look back. When it comes to training, I have established and go with what gets me to success. If I have a race, I print up a daily timetable that includes rest days, cross training days and exactly what I shall do on each day (distance, goals, tempos if needed). The night before every training, I put out exactly what I am going to wear on the day and I determine my route. I think about and take away all my excuses so that, when I wake up, I just do exactly as planned and that gets me a step closer to where I need to go. I keep my schedule on the wall and tick off each day as I go along. During 2017, I often did not apply this approach. As a result, especially where I felt the stakes were high, I became adept at getting cold feet, at second-guessing myself and at putting things off until I decided it was too late to do them. There are many reasons why this happened but knowing the reasons and doing nothing about them is not helpful. I am going to do more acting in 2018. To help me do this, I am going to find the ways to take away my excuses, and I am also going to be more realistic about what I can get done, so that I don’t end up doing many things in a mediocre manner that only serves to disappoint me and others. I also must remember to be kinder to myself when I act and to see the power in action. I must remember that it is through action that I can bring value and have impact.

Before diving into 2018, I want to take a moment and meditate upon my previous three words:

2013 – Change, Discover & Motivate
2014 – Transform, Pursue & Collaborate
2015 – Receptive, Synergy & Service
2016 – Learn Fear & Community
2017 – Embrace, Persevere & Monchu

Several years ago, I went to Hawaii with friends and decided to take surfing lessons. I was a couple of months out of surgery and hesitated before I went out – I wasn’t at full strength, everyone else was going on a fun outing and I would be doing this solo, as no one else was interested. But, I had been thinking about taking a surfing lesson and I had told my surfing neighbor (who ultimately became my husband) that I was going to take a lesson and that made me feel accountable. During the lesson, I fell countless times, I scraped my knee and sometimes even got to the point where I was able to ride a wave while kneeling on the board. Then, I stood, and rode, and didn’t fall off. It was glorious and totally worth every fall, and the skin missing from my leg. When I finally fell off the board, I rose out of the water with a victorious yell! It is this that I must remember – it is a journey but it can only happen if I Imagine, Innovate AND Act.

Happy and wordy 2018 to you! Please share with me – what are your words for 2018?

Advertisements
Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Fare Thee Well!

IMG_1800

“2017 was an intense year”. That’s the news alert that I received on 26 December. You’re not kidding me! – that was my response. This year has been a more challenging year than I expected it to be. Last year, I decided to do a year in review. Looking back helped me think more about my plans for the future. I have decided to do the same thing again. It is important to take stock. Without that, how can one think about the future?

As the year began, I decided to deal with minor health issues that turned out to be way more tedious and drawn out than I ever expected. Something that I thought would not take much time at all ended up lasting through July. What a drag. A trip that my husband and I had been planning, to visit my grandmother, was postponed. Then, on 10 June, my grandmother passed away. It was devastating news and made more so because, being in the midst of my own treatments, I could not travel for her funeral. The silver lining in this was that I discovered something I had never known. My family in Zimbabwe shared the above photo and I was stunned to see just how much I look like my grandmother.

Despite the challenges that came with the new year, I was honored and excited to be an instrumental part of a new committee with the New York State Society of CPAs – the Diversity & Inclusion Committee. It has been an eye-opening and insightful year, working to provide programming to our members to improve diversity & inclusion in our profession and to have frank and enlightening discussions and events around the topic. I have had fun times with members and those who have attended events and I like to think that, one little step at a time, we are making progress.

I have continued with the cello lessons that I started a year ago. I have woken up on Saturday mornings, exhausted after a long week at work, drained and not looking forward to the long drive back to downtown Brooklyn and the horror that is looking for a parking spot. However, once I get into class, I find joy. Our cello instructor started an adult orchestra and I have already had two recitals. A year ago I was learning how to play “Twinkle, Twinkle” and that was an important milestone. A couple of weeks ago, our orchestra played the theme to Jurassic Park AND I played a solo!! I’m no Yo-yo Ma (and never plan to be) but I always welcome the opportunity to work my brain and heart in new ways. I believe it makes me a better person, a happier person and a much better CPA!

I have continued to be inspired by high school and college students. These interactions renew my energy to work to build the pipeline to our profession – there is so much incredible talent out there and some of that talent should be a part of our profession. I speak with young people who are full of passion and promise and it fills me with joy!

I spoke at the AICPA’s Forensic & Valuation Services Conference. I met an incredible range of fellow professionals and came away feeling as though my brain had expanded a little bit. Every year, I look forward to sharing thoughts and insights and learning from Forensic & Valuation professionals and this year did not disappoint.

During the year, something I struggled to do was run. A couple of years ago, while taking out the trash, I tripped over a concrete block in my parking lot and fell, hard. I fell hard enough to fracture my leg and spent several months in a brace. As I failed to make a comeback, I went to see a doctor and found out that I had a torn meniscus. I closed out the year a procedure to fix the meniscus. That is all sorted out, but it turns out that, through that fall, where I wasn’t even running away from a rabid raccoon, I managed to do more damage to my knee that may need to be sorted out. The sad part of this is that I have been told to give up running. Honestly, I was gutted. Running has become a large part of who I am. My runs are my quiet time, they are my meditation and my medication. I have run through a Times Square that is cleared of traffic and pretended that I am trying to escape zombies. I have run through all five boroughs of New York City, during the marathon, and found delight and strength from those lining the route. To be told, “no more” is a difficult thing to swallow. I keep faith that I shall find new adventures and hold the secret (not so much now) hope in my heart that I shall run again.

  • I skated in Bryant Park and even let go of the railing!
  • I spent time with friends and family at the beach (I live here now!)
  • I went to an interactive screening of The Big Lebowski. There were a lot of bathrobes and even more spandex.
  • I have met new people who have made my life better.
  • I continue to be extremely grateful for all those I have known, who have given me hope, joy and support, sometimes even when they don’t realize they are doing so.

Yes, 2017 was a year with pain and disappointment but 2017 was also a year of inspiration and joy and it is important to see the progress that we have made, the work that has been done and the relationships that have been formed and built upon. I am ready for next year because I know I have great things to carry forward with me.

It is two days before 2018 – a year that will bring the Winter Olympics and the FIFA World Cup! I already have three words for 2018 – Bring It On!!!

Tagged , , , , , , , ,

Oh, Not So Much Fun…

ice-sculpture-1935357_1920

On Christmas day, I was chatting with my niece, during family celebrations. My phone buzzed and I saw a notification that she had just sent me a message. That was truly odd, because, as I mentioned, we were chatting and, unless she was using her telepathic skills, she was not texting at the same time. Nevertheless, I asked her if she had sent me a message. She looked at me as though I had lost my mind, but double checked her phone and shrugged. It wasn’t me, she said and carried on with her day. Since she was engaging with people and not her phone, and because we were having a fun time with family, I decided that the likely bad news could wait.

I attended a talk earlier in the year where the speaker told us – There are two types of people: those who have been hacked, and those that don’t know it yet. By the time we got home, my niece had gone from being in the latter group to being a panicked person in the former. Often, a person finds out that they have been hacked when, as happened to my niece, their contacts complain about spam messages that they have received from that person. However, more and more often, people don’t know that they have effectively been hacked because the party hacked is a company that is holding people’s information.

In 2017, the most notorious example was, on 17 September, when the credit reporting agency, Equifax was hacked. Initially, the information was that about 143 million people might have been impacted. However, that number has climbed and what kind of information was accessed was vague. When people tried to check with Equifax, they often got different responses each time that they tried. Also, as the months have gone by, the number of people impacted has climbed. If Yahoo! is anything to go by, who knows what the final count will be. The best advice to take right now, is to assume you have been impacted and to take preventative steps and, if you have not already done so, freeze your credit with all four of the major credit reporting agencies.

What is unsettling about how companies announce that they have been hacked is how long it takes for the news to come out. Equifax claimed that it discovered their breach at the end of July but they only made a public announcement in the middle of September. It was only in October 2017 that Yahoo announced that all of its accounts were hacked in 2013. That’s not a typo; they are telling us that if you had Yahoo, Flickr, Tumblr, or any other account owned by Yahoo, you were hacked in 2013. What is anyone supposed to do with that information, four years later? This is worse than a “Look out for falling ice” sign. In November, we found out that Uber had been hacked in 2016 and that the company had opted to pay off the hackers to destroy the information and keep the hack quiet.

The big takeaway is that it may be a while before anyone lets you know that you have been hacked and, unless you live completely off the grid, it is smart, and safe, to assume that you have been hacked. That said, there are steps that you can take to try to minimize the damage that can be caused by hacking:

  • Freeze your credit with the major credit bureaus. Learning about the Equifax breach was especially frustrating because people do not choose to share their information with the credit bureaus. I rolled my eyes at a headline that referred to “customers” being compromised. The best one can do right now (beyond not having a credit history of any kind) is to try to limit how much information gets out.
  • Check your credit regularly. Do this at least quarterly, to make sure that cards have not been opened in your name and without your permission. Annual Credit Report is the only website, authorized by federal law to provide you with a free credit report from a credit reporting agency every twelve months. A great way to spread out the checking over the year is to get a report from one of the agencies every 4 months (instead of getting all three in one fell swoop).
  • Use two factor authentication. This gives extra security over only using a password. The most common method of two factor authentication is having a company send you a text with a unique code, before you can complete logging into an account.
  • Don’t click on every link you come across. If you receive an email with a link and it is not something you have been expecting (and sometimes even if it is something you have been expecting) don’t click on a link because it is there. Check the email to make sure you recognize where the message is coming from.
  • If you trust the link and have clicked on it, still be careful about what information that you share. If you start to feel as though a company is asking for too much – either over the phone or through a website, stop sharing information. Find out, independently, if you really need to share that information and, again, make sure you know who you are sharing your information with and why.

Try to include these in your list of New Year’s resolutions. It won’t stop you from being hacked but at least, it may improve your chances of finding out about it early and taking appropriate steps.

Tagged , , , , , , , , ,

If Lost… Then What?

img_1715.jpg

At the end of May, I was on my way to an event, when a flash of pink on the sidewalk caught my attention. I stopped and realized that I was looking at a small square of leather. I bent down, picked it up and turned it over in my hands. It was a wallet with a MetroCard, some credit and debit cards and a driver’s license in it. I pulled out the license, looked it over, and walked over to the restaurant that was a few feet away from where I had just found the wallet. I must have made a few people nervous, staring at them and then down at the license, to see if anyone there resembled the photo. No luck. I then pulled out my phone and tried a few quick searches, online, to see if I could figure out how to contact this woman. Her name was more common than I imagined; several options came up and none appeared to be her. Yes, her license had an address on it but, the license had been issued several years earlier and people in New York City can move around quite a bit, in search of amenities such as a view, an elevator or affordable rent. As I was running late, I decided to go to my event and put my search off until later. On my way, I spotted a parked police car. I got excited, thinking that I may be able to hand over the wallet, but the excitement faded when I got close to the car and found that there was no one sitting in it.

When I got home and had more time to do so, I hunted down the woman whose wallet I had found and delivered it to her. Even if she had cancelled her cards, I am sure she was happy to get her stuff back – who knows maybe her MetroCard still had 29 days of use left on it. That experience reminded me of a time, years ago, when someone stole my handbag at the airport. I was livid that someone had invaded my space and even stood yelling, in the terminal, for the thief to just take my cash and give me back my stuff. Suffice to say, that did not happen. I did, fortunately, have a kind gentleman give me money to get the train back home. However, a few weeks later, my phone rang and it was the airport, calling to tell me that my bag had been found. They had been able to contact me because I happened to have a dry-cleaning slip in my wallet, and my phone number was on it. I was lucky that I had that slip in my bag but these two events really got me thinking about recovery plans, not just in business, in other aspects of our lives.

With a wallet, for instance, you can keep a business card in the wallet, or put a small card in your wallet with an email address and/or phone number so that, should you be unlucky enough to lose the wallet and a kind stranger picks it up, they can contact you and figure out how to get it back to you. It is an easy thing to do and could be hugely useful. It doesn’t even have to be your usual email address, if you have fears about your inbox being inundated by unwanted email, you can create an email address that you keep for moments such as this.

We never think that we will either lose our stuff or have it stolen from us but it can happen to any of us. It can be personal or it can be a business loss, such as a system crash, or theft and, in all cases, having a recovery plan will go a long way to make recovery less stressful and less expensive. If, at this very moment, you lost everything on your computer, what would you do? Does the thought give you heart palpitations because you would lose very important data, with no way of getting it back? Would you have to shell out a lot of money and spend valuable time working to try to recover everything? Would you wonder whether or not your business could survive such a loss? If this thought is a scary one to you, you should be thinking about sitting down with trusted professionals, to create and put a comprehensive protection and recovery plan in place. You should review various scenarios, even if you think it wouldn’t happen to you. Things to consider when doing this:

  • Are you backing up your data on a regular basis? Automating this process is a great way to make sure that it happens – you don’t want it to all depend on your remembering to do it.
  • Where are you keeping your backups? Do you keep a backup offsite and unconnected to your current system? You don’t want your backup corrupted, should your system go down.
  • Are you checking the integrity of your backups? It isn’t helpful to think you have been creating backups and find out, when you need the backup, that the process was not occurring.
  • Now that you have backups, do you have a recovery plan? Do you know what you are going to do should things go awry? Does your staff know? Do you have the plan in writing and in a space where it can be easily accessed? Have you trained your staff in this recovery process?

There are people who are well-trained in helping you create a backup and recovery plan and that can start with your CPA. You want someone who has experience and knowledge regarding best practices that are practical, useful and effective.

We are humans who work with technology that we have built and we must, therefore acknowledge that we are not infallible and we must therefore create, review and update our contingency plans. And that plan can never just be relying on the kindness of strangers.

Tagged , , , , , ,

Now That I Think About It…

408H

When we talk about fraud and how it tends to happen, the classic fraud triangle is most commonly used to help us understand how it all happens. The sides of this triangle represent opportunity, pressure and rationalization. In this triangle there is a person, just a regular old person, like you and me. Fraud can happen to anyone and fraudsters are often regular people who find themselves under pressure, faced with the opportunity to perpetrate a fraud and the ability to rationalize it all.

Sometimes this person may face pressures. Maybe she has a family member who gets sick and now they have to deal with massive bills. Maybe the person has a gambling problem. Maybe he wants to live the jet set life that he sees his friends living. Whatever the reason may be, these people feel under a lot of pressure to get their hands on more money than they are currently earning.

Pressure or not, maybe this person sees an opportunity to defraud. Perhaps he can sign checks, AND, he has custody of the checkbook AND he performs the company’s bank reconciliations. He has all this access and responsibility and no one checking his work. So, now he has access to the money and he can doctor the books to cover up his wrongdoing. However it works out, these people see a weakness that they can take advantage of.

The third leg of this triangle is rationalization. This is where a person tells himself that there is a justification for what he is doing. Maybe she tells herself that she really needs the money to deal with this one emergency and this will happen only once. Maybe she then tells herself that this will happen only once and, to boot, she has been a loyal employee for a while so the company really owes her a little leeway for all that she has done. Maybe she tells herself that once she is out of this spot of trouble, she will pay the company back and it will be like it never happened in the first place. Maybe he tells himself that he is underpaid and that what he is doing is merely taking the money that he is rightly owed for all the hard work and time that he puts into the business. The rationalizations that people use are practically endless.

Earlier this year, I listened to the podcast “Ponzi Supernova”, a podcast about Bernie Madoff’s Ponzi scheme and what has happened since. One thing that was fascinating about this series was the conversations that Steve Fishman, journalist and narrator of the series, had with Bernie Madoff, infamous perpetrator of a massive Ponzi scheme. Bernie talked about his childhood and how affected he was by his father’s financial failures. Bernie tells Steve that, after seeing his father lose a lot of money and what it did to the family, Bernie swore he would never let that happen to him (perhaps one could see this as a pressure looming over his life). In the early 1960’s, Bernie Madoff violated market regulations and his clients’ trust by losing their money on risky deals. Instead of letting them know that this had happened, he lied to his clients, borrowed money from his father-in-law and carried on as though he was a brilliant investor. Speaking with Fishman, Madoff made it sound as though, because he did not want to fail as his father had, he took these steps so that he could continue to, at least, appear to be successful and very talented.

Bernie Madoff spoke with Steve Fishman a couple of years after he was caught (though, in some versions of his story, he claims he quit). Bernie Madoff also spoke with Diana Henriques, who wrote the book The Wizard of Lies, which is now an HBO Film by the same title. Their interactions also occurred a couple of years after Madoff’s fraud was discovered. After he had plead guilty to his crime. Yet, over and over again, Madoff seemed to continue to make excuses for his behavior and try to minimize what he did. Even though, when pleading guilty, he claimed that he acted alone, he has since changed his tune and as co-conspirators have testified against him, he then seems to say, “well, except for that person, I acted alone”. So, it seems that even after being caught, he is only sharing as much of the truth as he needs to and, what I have found to be most interesting, is that he appears to continue to rationalize what he did.

In an ideal world, one would imagine that having a fraud exposed and pleading guilty would bring a fraudster to his senses. When we imagine a person committing fraud as a regular person who has fallen into irregular behavior, the hope is that putting an end to this irregular behavior will bring this person to her senses and get them to admit that what they did was without excuses; that, even though they rationalized their actions when they perpetuated the fraud, they now saw the error of their ways and realized that the rationalizations were all without merit. During the hearing when he plead guilty, Madoff read a prepared statement where he apologized to his victims. However, even that apology came with a “but” attached. “While I never promised a specific rate of return to any client, I felt compelled to satisfy my clients’ expectations, at any cost.” Yet, listening to Ponzi Supernova, you learn that some clients would demand an adjustment to their statements when they did not receive the return they had been promised. Madoff has also placed blame on his victims, claiming that they knew, or should have known, what they were getting into, that he had warned them and that they did not lose as much as they claimed. And, I have found that it is not just Madoff who does this. The Association of Certified Fraud Examiners talks to people who were convicted of fraud and, in video after video, the perpetrators found ways to hold others responsible for what they did – and this is after they had been found guilty and served their sentences. For instance, one blamed her supervisor for being too trusting, “I don’t blame them but…” she started her sentence. Another stated, “I asked you for help and you said no”, while yet another said “I won’t get caught again”, not “I won’t do it again because I realize it was wrong.

It may be human to not want to admit full responsibility. Perhaps it is too hard for most of us to admit that we have done terrible things. Who really wants to be a monster, blamed for ruining lives, even when those lives are laid out in front for you? And if we are not harshly judging ourselves, even when caught, then can we really adjust our behaviors to do right and get back on the straight and narrow? I don’t know the answers to this but it is something I think about as I perform my work as a forensic accountant. If a person is not able to strip away rationalization and admit that they were just wrong when they perpetuated their fraud, then what are the chances that it won’t be so difficult to do it again?

Tagged , , , , , , , , , , , , , , , ,

Makes You WannaCry

ransomware

A couple of years ago a lawyer friend told me about clients who were coming to her office, panicked because their computers had been locked by parties claiming to be the FBI. In order to get their machines unlocked, these fake FBI agents demanded to be paid a ransom. On Friday, over 200,000 machines were locked by people (I assume it was more than one person) who did not even pretend to be good. They encrypted the information on these machines and demanded $300 to $600 per machine or, they threatened, all the data on those machines would be destroyed. This type of attack is called a ransomware attack. A program is introduced into the machine, and it locks and encrypts all the data on the machine. A message pops up on the infected machine demanding that money be paid, almost always via bitcoin. Once the ransom has been paid, the message says, a method to unlock the machine will be sent. If the ransom is not paid within the time demanded, all the data on the machine will be erased. So much of our lives, both personal and business, is stored on computers; can you imagine what would happen if your computer was locked? The mere thought makes my heart speed up.

Earlier this year, a hacker crew called Shadow Brokers released several tools used by the National Security Agency (NSA). Among these tools was one called EternalBlue and this tool exploited a flaw in Microsoft Windows. Armed with the information that was leaked, Microsoft created a patch to fix this flaw and released this patch in March. Perhaps you have now read this far and you are wondering, if the patch was released in March, how did this massive attack happen in May? How many times has a message popped up on your machine while you are in the middle of something. The message tells you that an update is available for your machine. You see it, but you are in the middle of something important. You close the window and delay the update. This can happen over and over again. Some people, irritated by the notices, turn off the alerts altogether. Now, these automatic alerts are only available on versions of Windows that Microsoft is still actively supporting. So, if you have an older version of Windows, such as XP, Windows 8 or Windows Server 2003, you no longer receive alerts for updates. Either way, there are millions of machines that were vulnerable to attack on Friday. And on Friday, ransomware aptly called WannaCry, wreaked havoc all over the world.

It is believed that the attackers gained access to computers and systems using infected zip files attached to emails. People opened emails and clicked on attachments. These emails did not come from friends and the people clicked on attachments, not knowing what they were opening. Taking advantage of the fact that many organizations store their computer information on servers, making all users interconnected. The WannaCry ransomware, once released by one user, made its way through the interconnected systems and attacked other machines, even those belonging to people who did not click on the infected attachments.

This attack has made many things apparent:

  • Keeping secrets can sometimes go very wrong. The NSA knew that there was a vulnerability in Microsoft Windows. If it was not for the Shadow Brokers leak, Microsoft may not have discovered this vulnerability and they would not have developed a patch to fix it. One can also argue that, if Shadow Brokers had not leaked this information, the hackers may not have known to create WannaCry and none of this would have happened in the first place. I have found, though, that generally speaking, secrets are not kept that way forever.
  • When I wrote about the fake FBI attacks, I stated the importance of keeping your computers up to date. I cannot stress this enough. When the reminders pop up on your machine to update your software, update your software. Install the security fixes. If you don’t want to be disturbed, set up a timetable so that your machine will automatically check for and install updates on a regular basis. Remember, also, to restart your machine on a regular basis. Many installations are not complete without a restart and some updates are triggered by a restart.
  • We live in a time where everyone receives more email than they want to deal with. We run the risk of making careless mistakes, opening up emails and clicking on attachments when we have no idea who sent the email and what is in the attachment. Nowadays, you are almost lucky if the only thing that the attachment does is send out a lot of spam to your friends. More often, click on that attachment can lead to hackers stealing information from you or holding your machine hostage. Sometimes, even when I receive an email, with an attachment, that appears to be from a friend, I will double-check with the friend to make sure that they have sent the email and their account has not been hacked. The extra step may seem tedious but, enough times I have found out that my friend was hacked, so I keep asking when I am suspicious.
  • If your operating system is no longer supported, you should consider getting new software that is. I say this with mixed feelings. Like most people, I hate being forced to buy something when what I already have has been working well for me and when I don’t like the new version. I feel scammed being made to spend that extra money and if the world only contained righteous people I would tell you to keep your software and change it when you are ready. But, we live in a world where people are ready to take advantage of an opportunity to get money out of you. Microsoft stopped providing support for Windows XP in 2014. This ransomware is specifically taking advantage of this fact. It’s a shame, but it is the way it is.
  • Back up, Back up and back up some more. If you are regularly backing up your machine and keeping the backup either in the cloud or on an external drive, you know what you can do when your machine is held for ransom? You can ignore the ransom demand because you have your data saved some place safe. The clock can tick down, the files on your machine can all be delete and, even though it will suck to restore everything, you can do so.

On Monday morning, people are going to go to work and turn on their machines and many machines running Windows XP or that have not been updated in months will be open to attack. Many of those that are attacked will want to pay the ransom because their data has not been backed. Just weeks ago, articles were written about how British hospitals spent nothing on cyber-defense.  On Friday, they could barely function. Maybe they had started having meetings and started discussing taking steps to protect their systems. But, like we all do when that warning popped up, they put it off. I am sure right now they are wishing they had done something to protect themselves because they had to scramble to fix a disaster.

Tagged , , , , , , , ,

2017! Three Words! Let’s Go!

img_1043-2Yesterday, I took a moment to look back at 2016 and I am glad that I did. After that exercise in honoring history, I actually changed one of my words for 2017. My words for 2017? That may be what you are wondering. Let me explain. In 2013, Tom Hood introduced me to the concept of Three Words (and that concept came from Chris Brogan). I use these three words to give the year ahead a theme, almost like a rhythm that I can dance to as I go through the year; and isn’t everything better with dance? The process of thinking about my three words and then coming back to them throughout the year, help consolidate, direct and give confidence to what I do and how I do it. As I read over yesterday’s post, I saw my 2016 Three Words dancing over my year, in ways that I had not thought about as I was writing the post – Learn. Fear. Community.

For several days, I thought about what my words for 2017 would be – and how those words would serve to seal my intentions for the days ahead. I think I have it now.

Embrace: In previous years I have written about changing things in my life. Transform was one of my words in 2014. Then, in 2015, Receptive was a word of mine. Last year we moved to a new neighborhood. When I was a kid, due to politics and other adventures in their lives, we moved around a lot. Between first and third grade, I went to four different schools in three different countries, in four different cities. During my first two years in New York City, I lost count of how many places I lived in. I even spent a couple of months camping out on a (very amazing) friend’s couch on weekends, while I worked in Florida during the week. Last year, I talked transformation and I was receptive to talk of moving but, now that I am here, I realize that it is not going to work until I embrace it. This is where I am now with my move, with my work, with my life. I can talk about how great innovations in my line of work are; I can marvel at how awesome some of the tools that are available to us are; I can wax lyrical about the incredible people who cross my path and make me better at what I do, but all of that is not worth much unless I dive in there, snuggle in and just embrace it all.

Persevere: When I started training to run long distance, I learnt about the power of a mantra. The mantra was invaluable to me, when doing hill repeats. I would chug up a hill and repeat, over and over again, “I love hills.” I will say this, I reached the top of that hill and many others AND I hate hills less and appreciate their value. I actually surprised myself when I told a cousin that I wished there were a few more hills around my new home. In 2015, I embarked on a new journey of sorts. I started my own business and decided that I wanted to do work that made me look forward to getting out of bed every day. I loved that my husband’s work, as a photographer, was something he also did for fun. I admired how excited he got about his projects and I wanted some of that. At times I would talk to some people about what I wanted to do and how I wanted to do it and they would tell me, “that will never work.” Fortunately, my incredible community (2016 word, hello!) took over and repeated the mantra I had not yet learnt to say myself. However, as the year came to an end, I started to believe. So this year, I shall remember to say to myself, “You got this. You can do this,” not just when I am running, or doing pull-ups. I shall tell myself this as I am serving my clients, community and the public.

Monchu: My last word is a word that I have borrowed from Chris Brogan. Chris tells us Monchu is an Okinawan word that means “one family”. It essentially means that we treat people who are not our blood as though they are family. I have benefited from this concept forever. As someone who lives very far away from most of my blood, I just don’t know where I would be with my one family. For instance, I just wrote about how I was able to crash on a friend’s couch when I first moved to New York. I didn’t mention that I had only known her for months and she offered her home to me, and her husband and adorable daughter didn’t seem to mind either. That is just one of a million of my stories. I know that I could do a way better job of keeping in touch with people to let them know that they are part of my one family. I know that this philosophy will guide me to be better at what I do and how I do it. I hope to also inspire others around me to embrace this philosophy.

As I share my words for 2017, I want to acknowledge my words from previous years:

2013 – Change, Discover & Motivate
2014 – Transform, Pursue & Collaborate
2015 – Receptive, Synergy & Service
2016 – Learn, Fear & Community

And now for 2017 – Embrace, Persevere & Monchu. I am excited for the year ahead and I know that the view from my new home will help me do so. You see it up above, I can see forever now. I got this.

Tell me, what are your words?

I hope 2017 is your best year ever!

Tagged , , , , , , , , , , , , , , , , , ,

Over My Shoulder

img_1069

I was in high school before I realized how much I love history. Even though I read many historical adventures and would get so caught up in stories that I would find myself being moved in ways movies and television could, I never attached that excitement to any history I ever learnt in school. There was a separation of story and history until I ended up with a history teacher who was so gifted at bringing history to life that I didn’t even really feel as though I was in class.

What has taken a while to sink in is that history is not just about other people’s stories and what they might mean, but it is also about my own stories (along with people around me) and how what I have done, thought and felt in the past is something that I should not only want to record, remember and recognize but also find importance in. In 2013, I started a new approach to beginning my year. Since then, I have given my year a theme, encapsulated in three words. In order to better think on what I would like to make as my theme for next year, looking back at where I have been is invaluable. So, I am taking a moment to take a look at how 2016 went – to learn, to appreciate and to give myself a pat on the back where needed.

Throughout my year, I continued to be amazed by and grateful for the people I crossed paths with – friends, strangers and those in between. It may have been someone telling me not to give up at moments when the thought was threatening to become action. It may have been someone sharing words of wisdom that kept me and my fear, anger or ego acting out irrationally.

In 2016:

  • I moved to a new neighborhood. This was a big deal as I had lived in the same neighborhood for 16 years (my husband had been there for 20), we had many friends that lived conveniently close and more amenities than we knew what to do with. I miss it all AND I am excited about our new path forward.
  • A college friend invited me to take cello lessons with her and another friends and I said yes. We love it – we dream big and take small steps every week toward living those dreams. I know those around us, who get to hear us practicing, hope that we live those dreams sooner rather than later.
  • I was accepted into New York Community Trust Leadership Fellows, a program in nonprofit leadership that has both expanded my mind and exposed me to some truly inspiring, passionate and motivating people and organizations.
  • I had great conversations with high school students, college students and fellow professionals about forensic accounting, careers in accounting and working to do what we love, even when we have doubts about it.
  • I was part of a very exciting launch of the New York State Society of  CPAs Women’s Initiative and, at the end of the year, I became the Chair of the NYSSCPA Diversity and Inclusion Committee. Through the efforts and enthusiasm of my colleagues and the NYSSCPA, I am fortunate to be involved with such important initiatives and committees.
  • I have seen friends stand up for what they believe is right; I have experienced my communities come together in ways that renew my belief in humanity; I have applauded the sheer awesomeness of my people!

The night of 31 December 2016 turned out to be an incredibly windy one. My husband and I had planned on walking around the neighborhood, discovering the various New Year’s Eve celebrations in our new space. However, gale force winds led to a change of plan (isn’t that how life works?) We made dinner and spent the evening talking, laughing and watching various celebrations on television. I made sure to dance before and after midnight

Growing up, my father gave me a diary for Christmas, every year. I was always excited to get mine and, even as I moved away for college and started living away from home, I still got my diary. In yet another chapter of – Parents are Sneaky and Wise – I have discovered the power and importance of being able to look back and how much that helps in looking forward. So, farewell 2016! I am now turning my head to look ahead to 2017. Hello!

 

Tagged , , , , , , ,

Massive Betrayal of Trust

7198648678_7a3c5905d8_b

Photo by Mamnaimie Piotr

On September 8, the Consumer Financial Protection Bureau (CFPB) put out a press release that it was fining Wells Fargo Bank $100 million for secretly opening deposit and credit card accounts, without customer approval. In addition to the CFPB fine, Wells Fargo was fined $35 million by the Office of the Comptroller of the Currency, $50 million by the City and Country of Los Angeles and will have to pay approximately $5 million in restitution to customers. This fraudulent behavior occurred on a massive scale and, based on the CFPB’s investigation, resulted in:

  • Employees opening 1,534,280 unauthorized deposit accounts;
  • Employees submitting applications for 565,443 credit-card accounts, without the knowledge or consent of the people in whose names the applications were made;
  • Employees creating fake email addresses in order to enroll consumers in online-banking services;
  • Employees requesting debit cards for customers, without the customers’ knowledge or consent, and creating PINs to activate these cards.

All of the above has happened only since January 1, 2011. That is about five years in which these shenanigans were going on. During this time, Wells Fargo fired about 5,300 employees but it does not appear that the bank did a lot more than that to change the culture and systems in order to keep these practices from recurring, or that it took any steps to do right by the customers who were affected. To boot, the executive who oversaw the unit where this all happened left without having to pay back any of the almost $125 million that she earned with the bank. To understand why employees engaged in these dishonest practices, it is important to understand how they benefitted.

Wells Fargo is valued at over $250 billion, making it the most valuable bank in United States, by this yardstick. Wells Fargo was also considered to be the king of cross-selling. Cross-selling is a practice where banks sell more than one service to a customer. For instance, say you open a checking account with Wells Fargo. If the person that you open your account with convinces you to then open a savings account, a credit card account and a mortgage, all of that is cross-selling. At Wells Fargo, employees were paid and received bonuses based on the number of different services they were able to sell to customers. At times, employees would have to work unpaid overtime hours in order to reach these goals and would be threatened with losing their jobs if they did not do enough cross-selling. These employees were told to do “whatever it takes” in order to meet sales goals and this turned out to include engaging in the fraudulent behaviors I noted above.

With the pressure to perform in order to increase earnings, through bonuses, or merely keep a job, the retail employees, at least 5,300 of them, found many opportunities to game the system. Controls at Wells Fargo, when it came to ensuring accounts were valid and authorized by customers, appears to have been very lax. For instance:

  • Employees were able to sign up customers for banking services and would use fake email addresses that used wellsfargo.com as the domain name, such as 1234@wellsfargo.com or none@wellsfargo.com. Doesn’t that seem rather brazen? It also seems like a security shortfall on the part of the bank, that the application process wouldn’t flag an email that doesn’t exist in your own system.
  • When employees opened fake deposit accounts, they would fund these accounts by transferring a customers money from an authorized account to the fake account. Sometimes, as a result of the transfer, the authorized account would incur insufficient balance and overdraft fees. Also, the fake accounts would also incur fees and Wells Fargo would withdraw money from the authorized accounts in order to pay these fees.
  • In a similar manner, credit card accounts opened, without the approval or knowledge of customers, would incur annual and other fees. At times, these customers would find that they were in collections and their credit scores had been affected by accounts that they did not even know they had.
  • Some customers actually received credit cards for accounts that they had not authorized. When these customers contacted Wells Fargo to complain about these cards, they were told to simply destroy the cards. Destroying a credit card does not close the credit card account, nor does the shredding of a card do anything as far as the shredding that your credit profile may have taken.
  • In order to meet quarterly goals, employees would hold back applications for account openings. The manual applications, that included sensitive personal information, would be stockpiled in an unsecured manner and the accounts would only be opened in the next sales goal period, in a practice referred to as sandbagging.
  • Wells Fargo also misled customers by telling them that they could not get one service without getting a bundle of other included services. That would be like opening a checking account and being told that you cannot do so unless you open a savings account and get a credit card with the bank.

With how widespread these practices were, it seems that employees were sharing knowledge about how to best bulk up their cross-selling numbers, without actually cross-selling. Also, when customers complained about fees, it is unclear how much of a follow-up there was to discover if what had happened was a mistake or not. Then, when Wells Fargo discovered this behavior and fired an employee, the bank did not take any steps to let the impacted customers know that their information had been used to open accounts in their name and, if applicable, charge them fees. The bank did not go back and refund customers the fees they had been charged, unless the customer raised a stink about them. When I was discussing this case with my husband and explaining how customers were negatively affected, he had a tale of his own. He has a credit card (not Wells Fargo) and the company changed his credit card information, without letting him know. When he sent payment on his account, they accepted the payment, without telling him that the account was closed, and then charged him interest and fees on the balance that had been moved to a new account. He, not the credit card company, had to figure out what had happened and he, not the credit card company had to calculate the monies that needed to be refunded to him and make sure that the company was not just holding money on a nonexistent account but actually crediting it to his account.

As a result of this case, in addition to the fines that Wells Fargo has been ordered to pay, there are steps the bank has been ordered to take in order to improve the culture and strengthen the system so that this kind of behavior can be prevented, detected and corrected in the future. This includes:

  • Employee training to prevent “Improper Sales Practices” and improve integrity at the bank;
  • Creating monitoring processes and policies to effectively deal with customer complaints;
  • Creating systems to ensure that customer approval is received before accounts are opened on their behalf;
  • Revising the basis for how employees are paid and reviewing sales goals to ensure that they are not unrealistic and do not impose unreasonable pressure on employees.

Wells Fargo will continue to be monitored for five years, to make sure that they comply with the CFPB’s consent order.

On your part, with all your accounts, you can check to make sure that they accounts that you have are ones that you have authorized and that transactions made in your name are valid. Some steps that you can take are:

  • Review your credit report on a regular basis to make sure that all accounts listed are ones that you know about. Several financial institutions offer free credit reports to customers. If this is not an option for you, you can visit the Annual Credit Report website. On this website, you are entitled to credit report per year, from each of the three major credit reporting companies. A strategy to employ is to check a report with one agency every four months;
  • Check your bank statements regularly (at least monthly) for any transactions that are incorrect. Even if it is a small amount, look into a transaction. That small amount could be an indication of something bigger;
  • If you receive a card in the mail that you did not apply for it, follow-up on it and make sure that it is cancelled. Then check your credit report again.

On the Wells Fargo website, the Chairman and CEO states that “Everything we do is built on trust.” It seems that many employees have been playing lip service to that value and we know that, even with trust, it is important to verify. Take the time to check in on your finances. There may be mistakes that need fixing and there may also be pressured employees who are trying to get ahead or merely hold onto their jobs by engaging in dishonest practices.

Tagged , , , , , , , , , , , ,

Two Hours… And Counting

woman-1447084_1920

Oh man! I may need treatment to recover from working out my health care expenses. For several years now, my shoulder has hurt. I have had it looked at by a doctor and I went through physical therapy until I had used up all that I was allowed to use, and treatment didn’t really work. My shoulder still hurt a lot. I then got sidetracked by all kinds of other things going on in my life and so I pretty much lived with the pain (eased a bit by massage, ibuprofen and Salonpas). Finally, I decided that enough was enough and that life should not be lived in pain, so I went to see the doctor who helped me out when I fractured my knee. I love his guy. He is absolutely awesome. And it is a great and special thing when you establish and relationship where you are treated like an adult with a brain and all your questions are answered and things are good. You feel great, until you start to talk money. Then you feel all kinds of unwell again.

I am a person with health insurance and I believe it is pretty good insurance because it is pretty widely accepted and my co-payments are decent. I understand that choosing an out of network doctor is bound to be very pricey. However, several years ago, I had some pretty terrible experiences when I went with in-network doctors that were recommended to me by my insurance website and not by a fellow medical profession. Now, when I find someone who treats me with respect and seems to have a vested interest in my being healthy and fully recovered, I tend to stick with that person. I understand that this can come with a premium; I just wanted to know what this premium might be. So, there I was, discussing a treatment plan and then payment plans. The treatment plan ended up being the easier part of things to understand. Let me tell my tale…

Looking at a schedule of my health insurance benefits is like solving a complex math problem, where suddenly I need my calculator and a whole lot of patience. I have to factor in a deductible and then calculate the split between what insurance will then cover and what I have as an out-of-pocket expense. I sat down with the office manager at my doctor’s office and he went through the various costs of my treatment and then he pulled up the Fair Health Consumer website. The office manager then explained to me that, because my doctor was out of network, we should go over what the treatment could, potentially, cost me. He explained to me that even though my insurance would cover a percentage of my “eligible expenses”, what that meant could make a huge difference to my wallet. I found out, this week, that things can get very complicated and expensive.

First of all, the health insurance company will determine the reasonable and customary cost of a procedure. This is the average fee charged in a particular geographic area. Then, for out of network providers, regardless of what the provider charges, the health insurance company will cover costs based on the reasonable and customary cost. However, a health insurance plan may determine what they will cover, based on a published rate allowed by Medicare. This rate has nothing to do with the average cost of a procedure in the part of the country where your treatment occurs. This rate can be wildly different from the reasonable and customary rate and this can result in a big difference in how your wallet looks at the end of the day. For example, you could have a procedure that has a reasonable and customary cost of $10,000. If your health insurance covers 60% of this rate, your out-of-pocket expense will be $4,000 or 40% (I am, for the sake of simplicity, assuming that there is no deductible). Now, if your health insurance uses the Medicare based rate, they could reimburse you only about $300 (this is a comparison that I actually did on the Fair Health Consumer website, and not something that I made up, as extreme as the difference is). That means here, your out-of-pocket expense will be $9,700. That is a significant difference. So it is very important to have an idea of what you are going to pay beforehand, Otherwise the doctor’s bill may give you a heart attack, in addition to all your other issues. The health insurance companies say that they have switched to the Medicare rate in order to push out of network doctors to become in network doctors in order to get better reimbursement rates from them, but what I have read of how this rate came about does not appear to support that claim. However, it seems to me that the patients are the ones who are suffering, being that they are the ones who then get the gigantic bills from the provider that they have chosen to use. And this could be because they have looked at their explanation of benefits and calculated their out-of-pocket based a reasonable cost. Imagine that.

With this in mind, the office manager gave me a list of information, including the codes for the treatment and suggested that, beyond visiting my insurer’s website and reading their explanation of benefits, I actually call and have conversations about what exactly the explanations mean. So began my adventures in telephone conversations regarding my health insurance benefits. I made my first call, thinking I would be on the phone for a few minutes but I didn’t hang up until over an hour later and I was still clueless. The man I spoke to was very friendly and polite and he took my information but then as we got into what I should expect my out-of-pocket expense to be, things became very murky and confusing. It appeared that he could not access out of network information for what my cost would be and, he was not clear on what rate my out-of-pocket expenses would be based. After an hour of us hanging out on the phone, trying to figure things out, he found a form that I could submit in order to get a quote from the health insurer but he seemed to not know how to get it to me. So he said he would call me back or email me before the end of the day. He did neither.

The next morning I called again and, even though this particular insurance company representative seemed to have access to a little more information, she too was very vague and kept telling me that she could not tell me how much things might cost me or what would be reimbursed. That is a bit scary since I was calling to make sure that I would have as few surprises as possible. About an hour into a very frustrating and circular conversation, I mentioned that the day before, the representative had mentioned a form and a client advocate. She claimed she had never heard of such a thing but she put me on hold as she went to investigate. She came back on the line and said she had found this form but she could only either fax it to me or send it via snail mail (I could go into a whole rant about why, in 2016, people can’t email you something and, instead, you have to figure out how to get your hands on a fax machine).

So, now I am at a point where I have sent information in to the insurance company and I am now waiting (for 2-3 business days, per the form) for a response on the eligible expense for my treatment – the first step in calculating out-of-pocket expenses. I am hoping that my future does not hold more protracted conversations where things end up even more confusing than they were going in. I would feel dumb, but the health insurance representatives seemed to know about as much as I did about what my insurance policy does and does not cover. I hope that I can get to a point where I can make an informed decision about what to do next. And my lesson, almost, learnt that I am sharing here – don’t take the website blurb at face value; don’t take the information booklet at face value; don’t assume you know what is going on. Keep asking questions, even if you get so frustrated that you want to throw your phone across the room. If what you are being told about your insurance doesn’t make sense, ask to speak to someone else. I could tell you what I think about all of this, but I am going to stick with telling you to ask the questions until you get clarity (even if it is very expensive clarity). Insurance is a very murky space and those dark spots could turn out to be a lot of money coming out of your pocket.

 

Tagged , ,
Advertisements