Volume III | January 2019
2019 DFK/USA Executive Commitee Members
Friedman LLP
President Elect
Abdo Eick & Meyers
Shea Labagh Dobberstein
Secretary of Recruitment & Retention
Ellin & Tucker
Vice President
Ianuzzi Manetta & Co
Vice President
Bohlmann Accounting Group
Vice President
Bennett Thrasher
Steve Parkhill
Immediate Past President
Tom Donahue
Vice President of International Relations
Piercy Bowler Taylor & Kern
Maureen Dillmore
Executive Director
DFK International/USA
Rachel Green
Membership Coordinator
DFK International/USA
Letter From the President:

Dear DFK International/USA Members:

When looking back on the many strides we’ve accomplished this year, one particular African proverb comes to mind, “if you want to go fast, go alone. If you want to go far, go together.” 2018 was an exceptional year of growth, collaboration and innovation for DFK/USA.

I’m proud to say that our membership has reached a record breaking 28 firms. Four new firms joined DFK/USA this year alone: Lauterbach & Amen Naperville, IL, Reynolds & Rowella, LLP in Ridgefield, CT, Ridout Barrett CPAs & Business Consultants in San Antonio, TX and Lambert Johnson with several office locations. We are a vibrant, collegiate group that welcomes each other as treasured friends and colleagues. As such, we are constantly exploring ways to engage each member through lively conferences, cutting-edge trainings, regular committee calls and meetings at the managing partner and executive committee levels.

This year, we hosted our first ever Women In Leadership Luncheon in collaboration with DFK/International—a demonstration of our commitment to empowering our members. This eventful occasion was marked by an overwhelming attendance during which we shared personal stories about navigating and prospering in the public accounting industry. Members also explored new ways to better mentor rising female leaders across firms and in DFK. This group is committed to promoting female development in the workplace and beyond through internal mentorship and through charitable partnerships that positively impact women on a national and international scale. Be on the lookout for ways to get involved in the upcoming celebration of International Women’s Day.

Another exciting event this year was our North America Conference held in the Ritz Carlton in Orlando, Florida. This highly anticipated gathering was a huge success, with over 90 registered attendees and 35 accompanying guests. Attendees convened from throughout the U.S., Canada, Mexico, London, Dublin and even as far as Australia. Two member firms discussed a specialty practice area that will deliver more resources to our members.

I welcome you to explore the opportunities available to you by attending the AGN and DFK meeting in 2019. Last August, the DFK A group met with AGN and plan to hold a second annual meeting in 2019. In the spirit of collaboration, I suggest that groups B and C consider holding a joint event as well.
Further, our 2019 year includes a May Managing Partner Conference in St. Louis, MO, a DFK International Conference in Singapore and our most anticipated North American Annual Conference in October in Maui, Hawaii.

Please reach out to me or other executive committee members with ideas, comments and concerns as we are a group run by members for members. There is strength in community. There’s no question in my mind that the momentum we’ve created together will carry us full steam ahead into the new year.

Have a safe, happy and healthy year in 2019.

Harriet Greenberg
DFK International/USA President
Friedman LLP Co-Managing Partner  

New Year - New Website
The New Year is always a great time for a fresh start, so we figured there's no better time then now to debut our new website! Featuring new member benefits including a place for you to share your News with the membership and a spot for career seekers.
The next step include a new interactive members only website that we hope to reveal early this year.

If you'd like to see your news or job opportunities shared on the website, please send them to Rachel at rgreen@dfk.com.
New DFK/USA Promotional Video

A new DFK promotional video was released in November. Share with clients, potential new members, or firm employees so that they can gain a better understanding of the true value of DFK membership.
October was a busy month as I attended the Latin American Conference and North American conference.
Meetings with the Mexican, Canadian and USA executives/boards highlighted the strength of our National Groups.

We were very pleased to see representatives from Miami, Irvine and New York in Mexico along with Anne Brady EMEA VP.
Global participation is always a benefit of attending NACC as many countries were represented at the tax seminar and conference.
Jumping ahead to July 2020 where it will be our turn to welcome the world as we join the DFK International Conference in Panama .

It promises to combine the best of the North American/Latin American and International conference.

Mark you calendars  - July 2020 The Americas Welcome the World!

Paul Panabaker
VP Americas
Recent Conferences & Meetings
DFK North American Annual Conference, Orlando
In October, DFK delegates from the USA, Canada, the UK, and Australia gathered in Orlando for a week of education and networking at the 2019 North American Annual Conference.

DFK members were treated to sessions from leaders in the industry such as Roman Kepczyk and Mark Koziel. The wealth of knowledge within DFK was also featured in presentations from Friedman CyZen and EEPB InnovaTax.

The magic of Disney wasn't wasted as the attendees had the opportunity for an exclusive behind the scenes tour of the magic kingdom and a buy-out event at a restaurant in Universal Studios.

For more pictures of the conference, click HERE
DFK/USA Executive Committee Strategic Planning Meeting
Each year, in addition to the meetings held at the Managing Partners Conference and North American Annual Conference, the DFK/USA Executive Committee meets for a full day to discuss the past year and lay the ground work for the future. This year, the meeting was held at the DFK Executive Office in Denver, CO. A great time was had by all and the team looks forward to 2019 with anticipation!
DFK/USA New Managers and DFKUniversity for Tax & Audit Seniors
This December, Austin, TX was the host to 90 Seniors & New Managers from our US Member firms. In addition to high quality training, we provided plenty of networking opportunities for for the next generation of DFK leaders to get to know one another. See what attendees had to say about the meetings:

"I had a great experience at DFK. I felt I learned a lot of new things that I can bring back to our firm. Would definitely recommend to other staff in my firm." - DFK Audit Senior from EEPB

"Very tangible tools to help with marketing, communication, business development, firm management, etc. Also, instructor was very engaging with industry specific examples and experience." - DFK New Manager from Geffen Manager

"Our instructor Chuck is really good. I love all of his stories, situations and small talks through out the course. The material is also good with I think I can keep it at my desk to remind me to get better as a senior." - DFK Tax Senior from Gursey Schneider

Click HERE to see more pictures from the event.
DFK/USA Save the Dates

Managing Partners Conference | 15-17 May | St. Louis, MO | Add to My Calendar
Who to send: DFK Managing Partners and DFK/USA “Champion”
More Information to come in early 2019
New Managers Part II | 3-5 June | Denver, CO | Add to My Calendar
Registration closed. Attendees from the December session can register for their Denver hotel room HERE
Leadership Symposium | 24-26 June | Salt Lake City, UT | Add to My Calendar
Who to send: DFK Managers and Partners
More Information to come in early 2019
DFK International Conference | 10-12 July | Singapore | Add to My Calendar
More Information to come in early 2019
DFK/AGN Major Firms Meeting | 4-5 August | Denver, CO | Add to My Calendar
More Information to come in early 2019
North American Annual Conference | 29 October – 1 November | Maui, HI | Add to My Calendar
Who to send: DFK Partners
More Information to come in May 2019
New Managers Training/DFK University | 10-13 December | Austin, TX | Add to My Calendar
Who to send: New Managers, Beginning in Charge Tax & Audit Seniors
More Information to come in Spring 2019

DFK International/USA | 571-232-5472 | mdillmore@dfk.com | www.dfkusa.com
Committees and Interest Groups
DFK NFP Committee Fly-In
Hosted by Gursey Schneider
January 16-18, Los Angeles

Wednesday January 16 th – Fly in with group dinner
Thursday January 17 th – All day meeting discussing industry developments, technical pronouncements and business development opportunities followed by group dinner
Friday January 18 th – Morning wrap up/departures to airports depending on flight schedules

We are currently in the process of updating our committee/list serve rosters, assigning chairs and creating the call schedules. In the meantime, if you have a Request for Assistance for any of our groups, you can use the emails below to reach out, or send your request to rgreen@dfk.com

DFK Marketing Committee

DFK HR Committee

DFK A&A SEC Committee

DFK Tax Committee

DFK Audit SEC Committee

DFK Construction & Real Estate Committee

DFK EPB Committee

DFK Health Care Committee

DFK Human Resources Committee

DFK International Tax Committee

DFK Marketing Committee

DFK NFP Committee

DFK SALT Committee

DFK Tax Committee

DFK Technology Committee

DFK Forensic & Valuation Committee

DFK Manufacturing Committee

DFK Government Committee

DFK Business Development Committee

Email rgreen@dfk.com with agenda sug gestions
From our firms...

As the world becomes increasingly interconnected, it’s critical for your organization to take a multi-layered approach to cybersecurity. The basic security measures of deploying a firewall and assuming you are protected is no longer enough to mitigate the ever-changing threats. This article will outline some best practices your company can start executing now to safeguard your critical assets.
Secure remote access to your company and its resources
In today’s mobile workforce, the ability for company employees to access the resources they need from anywhere is crucial to successful business operations. Many of these resources are located in the cloud and within the company’s internal environment. Unfortunately, making these resources available to your employees from anywhere also makes them a target for cyber-attack. The most common and effective way to secure these resources is by implementing two-factor authentication, which can create a protective layer between your company’s valuable information and cyber attackers. When deciding to implement two-factor authentication (“2FA”), it’s important to remember that not all implementations are equal. Companies should evaluate the strengths and weaknesses of each 2FA tool. For example, using 2FA with text messages (“SMS”) is less secure than using 2FA with push notification, security keys, or authenticator applications (i.e. Google Authenticator, Duo). The reason for this, is that SMS 2FA is susceptible to “SIM Card Porting” attacks, where the attacker calls your service provider and switches your phone service to a phone they control. At this point, they are able to receive the 2FA text messages used to secure your accounts. 2FA implementations that use authenticator apps are susceptible to phishing attacks, where an attacker provides a victim with a logon portal similar to one familiar to the user. The user unsuspectingly enters their credentials, including the pin provided by an authenticator app. The fake portal forwards the information to the actual site and the attacker now has access to it. The most secure forms of 2FA include the push notification and the security keys, both of which are not susceptible to phishing attacks. Besides 2FA, Whitelisting is also an effective means of ensuring that only someone in the office is accessing things such as your website/blog and adding an extra layer of security to 2FA.
Know your assets
Another great challenge, even outside of the world of IT, is asset management. It’s not always easy to track who assets belong to and where they live. Construct a streamlined strategy that properly tracks your inventory and makes change manageable when securing assets such as data, hardware and software. At any given moment, your team must be able to answer who the owners/users are, where the asset lives/ belongs and what it’s used for. These questions will help you effectively track and monitor your assets. Once your IT assets are identified you can add layers of visibility and anomaly detection through the use of many available tools and platforms (such as a Surface Equipment Inventory Management). These tools and platforms are designed to help add value beyond just knowing your assets—you can actually protect them in a meaningful way.
Navigating a sea of vulnerabilities
Building on the ideas of tracking and managing assets, organizations need to focus on the lens of known vulnerabilities. Technical vulnerabilities in your company come from two basic areas: outdated software/hardware and misconfigurations. In previous years, individuals with decades of field experience were needed. Today, vulnerability scanners have made locating risks much easier. These are automated scanning devices, which should be regularly deployed in your environment—especially if a new big vulnerability hits the news. Vulnerability scanners can list a myriad of valuable information and help IT professionals make sense of things, such as: what systems are most at risk, the impact of the risk, criticality of a vulnerability and outlined remediation steps.
IT admins should deploy a routine and robust patching schedule, as well as a vulnerability management program that runs quarterly at a minimum to identify gaps in patched systems. This ensures that the organization will identify and take action on these vulnerabilities that are discovered by industry professionals on a daily basis. After a few rounds of vulnerability scanning and remediation, a company can gain value from a penetration test. This test is used by skilled professionals who attempt to breach in manually by manipulation of broadcast traffic, as well as using other advanced techniques that may not be identified by vulnerability scanners.
Protect your employees and their devices—at all costs
One of the biggest risks to an organization is spearphishing. Spearphishing emails not only harvest credentials, but often deploy dangerous malware that can spread through the network, giving remote attackers a way in to steal data and compromise resources of an organization. Dealing with malware and spearphishing emails not only requires a layered approach, it also requires awareness of your users. One of the best defenses in bringing down the percentage of users who click on malicious malware is spearphishing training. Training should be done routinely, and is proven to raise awareness and reduce the risk. Like many other cybersecurity solutions, training should be accompanied by automation. Luckily for the good guys and gals, endpoint protection has made leaps and bounds in actually blocking malware.
Old school anti-virus solutions were very clunky, resource heavy and ineffective when it came to actually blocking the most malicious files. Most old AV solutions were only signature based, meaning it had to know that something’s file signature was bad before it took action in identifying and blocking it. Newer solutions dubbed as “Next-Gen AV” are heuristic based. This means they are hands-on and interactively searching for bad signatures and addresses. They achieve this by looking at what the malware is doing and judging it against a baseline of normalcy before preventing an action (such as pulling passwords from memory) which is typical of malware and not something a normal user would initiate.
Planning for a rainy day
Setting up a proactive layered defense is certainly worth the effort—the next step is strategizing an execution plan if an incident happens. Ransomware and other sophisticated malware certainly has brought many organizations and business to a screeching halt. Companies should establish cybersecurity policies that are in line with their business goals and should declare what to do if there is a cybersecurity incident. It is important that employees know who needs to be notified and how issues should be escalated within an organization. If a company does not fall under any regulatory bodies such as PCI DSS and HIPPA, both ISO and NIST frameworks do an excellent job of creating guidelines that a company can follow to create a solid program. Having a clear policy can help bake in features for companies housing European data and will help with GDPR regulations internationally. Policies should clearly outline a formal incident response plan (“IRP”) that outline processes and clear steps for employees to help contain and get through a cybersecurity breach while trying to limit the impact. 

For more information about this exclusive offering or to learn more about how you and your clients can benefit from Friedman CyZen’s customized approach to cyber security, contact Jacob Lehmann at jlehmann@FriedmanCyZen.com .