The Intersection of Tech Security and Accounting

Today, our guest is Andrew Lassise. Andrew is, first off, a great guy—Andrew and I have known each other for a few years. I’ve been on his podcast a couple of times, just found out I’m one of the few people that’s been a two-time guest on Tech Talk for Accountants, which is a lot of—a fun show. Andrew, for the last 10 years, had a company, which is Tech4Accountants, with the number four on it, which was pretty cool. And just this last year, he merged his firm in with Rightworks, and a lot of that is what we’re going to talk about today. And before we do that, Andrew, welcome to The Unique CPA. 

Well, thank you for having me. Big fan of you and everything that you do, which is why you are in the two-timers club. And I think you were actually going to be the three-timer club, but you got COVID. 

Yeah. So we’re still going to do that, right?  Oh, was this just like two weeks ago or three weeks ago? 

Yeah, this was not long ago. I’m not sure if it was for this, or for that, but we were supposed to connect and COVID got in the way.

I was out at an event that Michael Ly out in Arizona put together and got COVID. So I’m blaming Michael, even though he didn’t have COVID. And it was very mild, so I was very fortunate. It was, I honestly got home on a Tuesday and was out camping on Friday cause I felt pretty good. And so not too bad, but alright, so we didn’t come here to talk about my ailments, but we could do that for a long time. 

I have a great Arizona COVID story. 

Well, before we jump into it, let’s hear—no, we can’t hear that yet. Before we do that, I want to talk about Rightworks a little bit, because we have our conference coming up at the end of July—July 22nd, 23rd and 24th in Rosemont, Illinois, which is basically O’Hare Airport—The Bridging the Gap Conference, which, uh, you were at, I think, a last second attendee last year because wasn’t there a childbirth happening right about that time?

Yeah, yeah, I had told you, I was like, I would love, if there’s any opportunity—here’s the catch though: I’m having a daughter like two weeks beforehand. So I am a big supporter of everything Randy does.

Well, we got you there. So the daughter must’ve been born, everything was good, and you came out and you actually spoke, you were on a panel at the conference. 

Yeah, I was on the panel with Blake Oliver and Ellen Choi on AI, and we found this out that night, and I wish I had known it in the morning, the day we spoke about AI, it is actually the same date, whatever it was, like August, October, the date that Skynet becomes self aware in The Terminator, it was the same date that we spoke on it. 

Oh wow.

I didn’t find it out until afterwards, it’s like, gosh, that’s so good. 

Oh, that would have been awesome to tie that in. You’re so good at that stuff. I don’t—I know nothing. I just talk and go on to the next thing. Alright, let me keep going on this. So the conference, like I said, end of July, Andrew will be out there speaking again this year. Excited about that. And also excited about the fact that RightWorks is our platinum sponsor this year. So we greatly appreciate that, which is one of our top tier sponsors and really looking forward to seeing Andrew there. And any other Rightworks people coming out with you? 

I believe so, but that’s above my pay grade. I just get told, you’re going to that thing in Chicago. You’re going to talk about security and WISP, and there will be other stuff there that is in other departments. You don’t have to worry about it. Which is actually great because in Tech4Accountants world, I had to orchestrate everything and I hated orchestrating everything. And now coming back around, I remember, so my daughter was born, I said, the only thing I could do would be go and speak, however, we can’t put together all the sponsorship and having people out there and things. But if you’d like me to chip in somewhere, be happy to. And you’re like, do you know anything about AI? Alright, just talk with Blake and Ellen. 

There you go. You could do it. And actually I ran into Ellen last week in San Diego and I’m not sure she’s coming out this year. I’m hoping she is, but yeah, she’s a lot of fun. And Blake, the three of you did a great job out there. 

And then, so last year you were out there, last second, not even as a sponsor, which is great because like I said, at the beginning, we’re friends, but this year I’m actually contractually obligated to talk to you because of your sponsorship,—just a joke, because I would talk to you anytime, anywhere. And RightWorks is a pretty amazing company doing really cool things. So let’s go into that a little bit. You know, you had Tech4Accountants for years, and this actually surprised me. I didn’t realize this was happening. So, you know, it’s a shame on you for not letting me know what was happening out there. 

Yeah. Speaking of contractual obligations and lots of lawyers.

Yeah, I’m sure. But before we even start talking about what you’re doing at RightWorks, let’s get into the decision, and why this, and why Rightworks and the whole process you went through and decision making on this merger. 

Yeah, so in the accountant-only niche, as far as the cyber security world goes, or at least the ones that you’ll see at conferences, you’ll see Tech4Accountants, you’ll see Right Networks, formerly Right Networks, now Rightworks, you’ll see Tech Guru IT, you’ll see Practice Protect, those are the four. And then Randy Johnson, K2 Enterprises, they’re around as well, but more on the MSP for the small business accounting firms, 45-50 and under is really where you see us four. And being in that world, I know where each person, or each company is very strong and very weak. So we all kind of worked together anyways with a, okay, you’re not going to be the right fit for us, however, you should talk to these people and vice versa. So it was actually a really small world that we were part of. 

And RightWorks approached me in May ’23, and they said basically, “I am trying to have a WISP department, so the Written Information Security Plan, everybody with a PTIN is required to have one, and so we’re really looking to augment our current offering, and apparently you’re the only person that is doing this. I found an article on CPA Practice Advisor that didn’t have your name attached to it, and then I read the article and the article was about you.” 

So I was basically the top 10 results for IRS WISP for accounting firms, accountants, CPAs, enrolled agents, it’s just a very, very narrow niche thing that in 2019, the IRS started requiring. My own accountant reached out to me and he was like, hey, could you do me a favor? I need this WISP thing. Can you help? I’m like, yeah, sure. And he’s not even a client, but he’s just like, can you do me a favor? And then so, sure, how hard can it be? I’m an IT professional. It took me a week to put together this favor for him. And I was kind of resentful because it was just a sure, let me do it, and I’m putting together the hourly that I should have charged him. But then I kind of came to the conclusion, I took a step back, I was like, if it was this hard for me, and I know what I’m doing, there’s no way that people that don’t know what they are doing will be able to do this without having some sort of assistance. 

And so I started creating a lot of free content around it. I created the first template that accountants could use, downloaded, over 70,000 different firms have downloaded it at this point. So just kind of carved it out for myself and so Rightworks said we’re looking to do WISP, and it makes more sense if we just work together with you, and it’s not going to be just a Tech4Accountants and Right Networks just pass business back and forth. What we’re really looking for is to grow our own organization and so, since you’re pretty much the only person by default, you are the best and worst, and so we’d like to work together. 

And I kind of saw the opportunity there because the reality in just the Tech4Accountants world, the 10 and under firms, when I was talking about where each organization sort of dominates in this space, really the 15 and under will have some crossover with Tech Guru, and they would be the 10 plus, and we’re the 15 under, sort of each of our sweet spots. And then, but Right Networks with 700 employees has the ability to service so many more than we were able to with a lot of really, really smart people. So I kind of saw the, this is a really good opportunity and for the smaller firms, nobody’s really figured it out except for us, and so it augments into them. And then with the larger firms that we used to have issues with—not issues, but it wasn’t, it didn’t fit the model as well as the smaller ones did. 

And so having an organization that’s like, if it’s less than a hundred, that’s our sweet spot, having people that know what they’re doing, really, really smart people, like that was another one of the things that had attracted me to them, was the people that I speak to through the process of the due diligence and acquisition—really, really smart people that started questioning our own numbers from QuickBooks based off of models. And I was very, very reluctant to release any information because I mean, the reality, if the deal doesn’t happen, I can’t give them the ammunition to compete with us. So until really the spot where I was like, this has to be real, was the guy that was spearheading it. It said, you know, we were running all these models and projections and we’re looking at the numbers and, do you think you could go back in and just kind of audit this category? It doesn’t match any of our models that we’ve created with your very general information. 

And I’m like, you’re crazy. It’s straight from QuickBooks. We have our accountant that looks at it. We have internal people that look at. And he was right. And I was like, there is no way you put in that much effort, or even mentioned this, if this was not something that you all were 100 percent serious about and not just saying, well, this would be a great opportunity, think about it, because they have 700 employees, we have 12. It’s not that hard to recreate 12. But they don’t have me and my team that’s only done this for the last five years of specifically accounting firms. 

Yeah. That’s pretty awesome. And it sounds like obviously they’re very serious and, and just seeing the tools that they have in place when they’re analyzing things, uh, pretty amazing. So let’s, before I move on to anything else—other reasons, other positives, things that, uh, you know, have been like surprises, yeah, this has been awesome in the, in the whole process? 

So I’ve only worked at complete chaos companies before I started my own, and even that was craziness for the first couple years of just trying to figure out how it worked. So I’ve never seen how organizations—at our peak, we had 50 employees when we were everything to everyone—and COVID and poor management, poor leadership on my part, down to 12, but then really started ramping up and focusing on how to grow the company and grow a real company, not just something that can make money, but something that can make a difference.

So I had worked at large organizations before that were just pure chaos. I worked at a company that had 500 employees and our ticketing system was, use your personal Gmail and email your boss about how the customer—what was going on? And that’s all I knew. So coming into, I mean, we figured it out along the way ourselves, but then seeing how a real company operates and the systems they have in place, and I had a feeling that I would learn this. And just for my own knowledge, I’ve never worked inside of another company, and seeing how they do things and navigate things. And then in retrospect, thinking, gosh, if we had done this, we would have been making so much more money if I knew how to be smart like these people. 

Oh, that’s a huge lesson. As business owners, and this is probably something I’ve talked about on the podcast—as business owners, we often don’t realize that we have shortcomings, that there’s things we don’t like doing because we think we need to do everything. And so one of the biggest benefits for me when I stepped down as managing partner is realizing, I didn’t have to do everything. And there’s people that do things so much better than I do. And having them in those positions has just made our business so much better, processes being one of them. And so I was going to ask you if that, you know, if you’ve seen, you know, the light that way that, yeah, there are people that should be doing things that I shouldn’t be doing.

Yeah. Well, there’s things that were in our company that were just favors that people would do that have entire departments. So we do cybersecurity for thousands of firms. So my lead tech, I tell ’em, do our cybersecurity too. And we’re just another client that we manage. And then here, here are the 20 people on the internal cyber security team and there’s 20 full time employees doing what was a favor from our person. So really understanding how you can segment different aspects of the company and grow it, like you said, having specialists that aren’t just, can you do me a favor? 

Right. 

Because we all had our main roles, but there were a lot of favors and side things. Our marketing person is also a tech that just takes some stuff that I do and just, he’s very organized and it’s like, you know, a lot of places have marketing departments, or at least a person that’s in charge of this. So I learned a lot just in seeing how it operates. And so it’s good just for my own knowledge of really understanding the inner workings of a good, strong company. And not to say that we weren’t strong, but really understanding what systems look like, checks and balances, and a lot of the due diligence. They would ask questions where I’d be like, it’s about this, and they’re like, can you show me the actual numbers? I mean, you know, in the past, historically in this company, I just say something and everyone just accepts it. 

Alright! So, well, by the way, it sounds like RightWorks has their stuff together, has their works together—I don’t know if that’s a good way to say it, but they’ve got their stuff together. 

The right way.

Ooh, the right way. Look at us. We can, we can play off this RightWorks all the time. Now, with you going in there and all that, there’s the WISP, and you know, some key service offerings that you are at with RightWorks are rolling out or getting moving. So let’s just expand then on the services that are the key things that you’re rolling out with RightWorks.

So the main offering, sort of what spearheaded all of this would be the WISP. And for those that maybe had heard of it, but aren’t really familiar, so the WISP, the Written Information Security Plan, if you’re renewing your PTIN, one of the questions that you’d see either on the website or if you’re filling out the W-12 says, “I am aware that I am required to have”—they use the word “data security plan” on the form, and then WISP on everything front-facing, because the IRS needs to make things complicated. So they have that requirement for when you’re renewing a PTIN. And then when you sign off for it, it says, “I understand under the penalties of perjury and criminal charges and losing my license, that all this information is correct and accurate.” 

So just how human beings work, and we see this all the time with, here is the service agreement to the software that you’re buying. Do you accept it all? And it’s, well, if I want the software, I have to say yes, don’t I? So if I want my PTIN to get renewed, I have to say yes, so that I can get to the finish line. But there’s a lot of consequences that are tied with not being truthful on that when you accept the terms. And yes, it’s a piece of compliance, but it’s also, it’s good business practice to be protecting your clients’ data. Accountants are one of the most trusted professionals in anyone’s corner. So yes, you are legally required to be doing this, but also, I mean, on the tech side, we are not legally required to be protecting client data, which I think is insane—different story for a different time—but we’re not legally required to protect our clients’ data. Of course, we do, but we’re not required to. So could you imagine the flip side of, well, yeah, we don’t spend money to protect your data. We’re not required to though. How would you feel, right? 

Nope. Right. 

So step one, the WISP is really taking a look at what you currently have in place, and nobody’s going to be 100,000% perfect when it comes to cyber security and even the gigantic organizations, it’s still just a 99.99999%, but having the awareness of your things that could happen, and should this worst case scenario happen, what are the steps that we need to take so that when there’s a fire in this analogy, there’s a fire, you know how to use the fire extinguisher, and aren’t just figuring it out when there is a fire and the stakes are really high. 

Yep. 

So it kind of plays into that. And so that’s the first product that RightWorks, we just launched a couple of weeks ago, mid May. So you get the awareness of here is what you have, here’s what you’re doing well, here are some places that you could improve. And then our other offering, which is called the Total Security, is going to basically plug those holes as well as, we’re hitting another legal requirement—this isn’t on the IRS side, but the FTC put in place the Safeguards Rule, which says not only do you need to have this plan in place for how you’re protecting your clients’ data, but how are you actually doing it? And you are required to have this security in place so people can come to us to get the awareness, and take that information, do with it what you will, as well as have problems remediated that are also in alignment with another piece of compliance from the FTC Safeguards Rule. And essentially most people that hire us do not have a strong understanding of it, just when I hire an accountant, I know enough to get by—I know that a write off doesn’t mean that it’s free money, but aside from that, I’m not the expert of experts, so I hire somebody to do it.

And my accountant says, well, here’s the 1040 that I’ve prepared and your 1120-S, what do you think? And I say, well, I think I hired you as a professional, so, looks right to me. And we see that on the IT side too. So people get peace of mind where we just white glove, do everything for you so that, you know all of the compliance boxes are checked and that you’re protecting your client data. So not just because you’re legally required, but also that you care. 

Yep. And so it’s not just the, hey, we have, you know, we use a portal that’s secure and all that. It’s like, okay, but if it’s not, if somebody breaks into your computer or somebody, you know, hacks something, what are the steps you’re going to do? You’d have to be able to flip the switch and go, boom, we need to do this, this, this, this, this, go, go, go. So it’s as much of the technology in place, it sounds like, and you can correct me as it is the, what do we do if still, because nobody’s ever be a hundred percent, you know, safe with their data. Is that kind of a synopsis of it? 

That’s a perfect synopsis of it. In sports, the WISP is the playbook and the total security is actually playing the game. So you can have all of the things on paper for, in a perfect world, this is what’s going to happen and how we are going to avoid all of these potential issues. But things happen, and that’s just the reality of the world. 

Dell just got hacked a couple weeks ago. They’re a pretty big company, you know? So, and then they get class action lawsuits and all these things. But when these things happen, the biggest part on the—and think about it, you’re the victim of a crime too—and then you have to prove why you’re an innocent victim versus a participating, negligent victim that caused this to happen. But afterwards, it’s putting together the story of, here are all the things that I did to prevent something like this from happening, and from there is really where the penalties start to get assessed. And if you’ve done everything, I forget the exact legal term, but it’s something that a reasonable person for an organization of this size could and would put in place. Did you do that? And then there’s disclosure laws for each state where you have clients. And so all these things are laid out in the WISP so that, okay, I am located in Florida. I have 30 days to disclose this to my clients while I remediate this. 

And a lot of the guys that have gotten hit really hard, their big thing that they get hit on, and in firms when it comes to fines and fees, along with being the victim of a crime and having to remediate that, the big ones that happen are the failure to disclose to their clients that it happened, which you would think—it was something that was kind of interesting to me. I mean, it’s just, okay. I have to tell people, I mean, it’s embarrassing and horrible, terrible. Hey, by the way, your data was stolen and it’s my fault. See you in April for getting your things done again. 

Or sooner for the lawsuit. 

Yeah. Well, and I mean the cost for remediation, the losses that can come from it, and the loss of trust, if someone is googling you and doing research before deciding to work with you, so you’ve got opportunity costs, lost opportunity costs, clients that say, okay, you were not protecting me, I no longer want to keep doing business with you. And, you know, the internet, it’s, it’s permanently on there. You could Google “CPA firm data breach” and there’s a handful of them that six figure plus settlements off of, you didn’t tell anyone in time. 

Oh man.

That’s not good. 

Okay. So obviously, you know, you can put everything in place and do what you do and have your processes, but you know, bottom line is you still—security, cybersecurity in general is important, and so how do you try to mitigate these types of things happening? How do you work with firms to make sure that you minimize the potential of this? 

Yeah, common misconception, and we hear this all day, every day: “Well, I have Norton, so we’re protected.” And just take a step back. Okay, Dell got hacked. You think they forgot Norton? Do you think that was “the thing?” So there’s a million different ways that things can go wrong. So it’s about having all the different things in place. 

This is another thing we see a lot. Say you use the same email and password in a bunch of different spots. And I know most people are guilty of this. So, but you have a crazy good password. But you use the same password for your work email as you do on the Justin Bieber fan site. The Justin Bieber fan site gets hacked, and they didn’t have proper protection on your password, so now that is out in the open, and something called a credential stuffing attack where you have this email address and this password combination, let’s try it in your email. Let’s try it on Bank of America.com. Let’s try it on Wells Fargo.com. Let’s try all these different banks to see where we can get in. And so having different passwords in everything that you do, but how do you memorize it? So then we have a password manager to help mitigate that.

But suppose, okay, the Justin Bieber fan site isn’t the one that got hacked, and your work email was the thing that got hacked, and they can see the passwords that you were using. Well, now if we have two factor authentication on top of that, even if they have the username and password, you’re still protected. It was a close call, but we’re still protected. So these are things, okay, Norton wouldn’t be able to stop that from happening because that’s not a virus. And there’s countless other examples of ways that their actors could get in and do a lot of damage. And I use the example of email. Most people think, okay, you got into my email. You can see my back and forth. My clients don’t email me sensitive information, which is a lie. They all do. Nobody uses your portal. But pretend that they all did. And there wasn’t sensitive information in your email. Well, there’s an email from Bank of America for your statement. So you have a bank of America account. I go to Bank of America. Well, you didn’t use the same password. Great job. I’m going to click that forgot password button. And where does the reset go? 

Right. My email. 

Yeah. So there’s just so many different ways that having the proper security in place where you don’t have to think about these things. I think about them because I’ve seen probably every horrible scenario that can happen to somebody when we get new clients that aren’t thinking, “I need to be proactive about this, but my entire company got encrypted and I lost all my data. What can you do for me?” It’s like, well, if we can build a time machine and set up a proper backup, then we could mitigate this. Otherwise, we’ve got a giant problem on our hands, giant disclosures that need to be made, a lot of uncomfortable phone calls, emails, talking to regulatory authorities, and all these things that, again, you are the victim of a crime and then getting punished for being the victim. 

Right.

But there are things that you can do to mitigate these things. So again, on that analogy, maybe don’t go into shady streets in the middle of the night. We were in Antigua a couple of years ago, and went down one street and it was dark outside and we were like, I don’t think walking down this street anymore is a good idea, so let’s go back to the main square where there’s lots of lights and lots of people that are happy, not this street that has just four scary looking people a couple hundred yards ahead. So avoiding these things from happening, there are precautions that you can take. And whether or not you’re aware of them, that’s why having an expert helps make it easy for you. You don’t have to think about it, know about it. 

It’s what you are. You are an expert. 

I know a thing or two.

You do. I’ve always been impressed. So let’s go back to WISP for a second, because this is not like, this wasn’t yesterday that people had to do this. This originally started, I think, in 2019, and then what you said in last year, this is when they made it sound like, hey, you’re going to go to jail if you don’t do this. So they really realized people weren’t taking it serious. And so this is not, there’s no de minimis rule on this—hey, I do five tax returns, and so I don’t have to do this. I mean, right? This is anybody, has a PTIN. 

The only caveat is if you have an Enrolled Agent designation and do not do any returns, is the only exception to it, which I guess that makes sense if you’re just staying an Enrolled Agent for the love of the game, but not doing returns. That’s the only exception for it. 

So wait, enrolled agent only. What if you’re a CPA and don’t do any returns? 

Enrolled agent is what the IRS states. 

Really? 

Yeah. 

Alright, so even if I don’t do—I’m a CPA—I have to have, I mean, through Tri-Merit, I’m sure we have this in place and all that company wide an individual doesn’t need to have this. The company that they work for needs to have this, right? 

So an individual does need to have it, but what a lot of organizations do, especially if you have the same security across the board for all of your employees, it’s for the most part, a copy paste, change the name, because your clients are all located in the same place, your company policy is the same across the board, your usage policies, all these things are the same for employees, ABCD onward. So you can pretty much copy paste, change a couple things for each person, but compliance requirements is for each individual person that holds a PTIN, with the exception of Enrolled Agent designation that does not do a single return, is what the compliance requirements are.

Okay, my renewal is September. I guess I’m not renewing my CPA this year. I’m done. 

I guess so. 

I’m 62. It’s time to let it go anyways. 

What’s the worst that’ll happen? 

I don’t know. I won’t be able to have letters after my name anymore. Can I put former CPA? 

Why not? 

That’s not your expertise. 

Yeah, that’s what I pay very expensive lawyers for, to answer certain questions. The requirements though, so on the WISP, that’s where the requirements fall, but then we spoke on the Total Security FTC Safeguards Rule, which does have two different thresholds: There’s 5,000 consumer records. That is not 5 000 customers, 5,000 consumer records, and up has higher requirements than 5,000 consumer records and below. So a lot of people confuse the word “consumer record” with customer. I paid a very expensive former FTC prosecutor to get me the answer to this question because it’s, okay, why would you use the word “consumer record?” Customer would make sense. So consumer record is basically, if you have QuickBooks online for a handful of customers and can see their vendors, see their employees, if you’re doing payroll, If you have access to the client’s customers and vendors and employees, each one of those counts as one record.

So for instance, our own QuickBooks Online has 26,000 customers inside of it. So my accountant, if we were his only client, has access to those 26,000 records, plus all of our vendors and things like that. So he’s subject to it just because there’s over 5,000. So the people that really don’t fall into it or the companies that don’t fall into it would be the mom and pop, I do returns for my friends and family, no business returns. alright. You do ten 1040s a year as a favor for some friends, sure. There’s still requirements for it as far as encryption and protection goes, but it’s not the full thing that the FTC is requiring for, basically, if you’re doing a return for an organization, you’re probably going to have access to all these things.

Right. So you’re saying, this is the data security end of things or cybersecurity end of things, the WISP is still, you got a PTIN, you do a return, you need to do it. And if you’ve got a PTIN and you’re a CPA and don’t do returns, you have to do it. If you have your EA and have a PTIN and don’t do returns, you don’t have to. I think I got it though. 

That’s, yeah, that’s how it currently reads because most people, okay, I’m only doing a handful of returns, this doesn’t apply to me. And again, it’s not just, well, it’s legally required, but it’s also kind of doing a good thing for your—

Good practice.

But I understand too, it costs money. You’ve never had this problem happen before. Nobody likes spending money on things that they don’t think that apply to them. I mean, that’s a fair way to feel about it. 

Okay. So I’m going to need you to call my parents and tell them I can’t do their tax return anymore. 

Well, if you’re not charging them, then you wouldn’t technically need a PTIN. I mean, anybody can do anybody’s taxes, right? 

Oh, see, I didn’t know there was that loophole. I just could do a bunch of free taxes.

And not have a PTIN. 

And not have a PTIN. 

Yeah, because you need the PTIN to be able to charge to do people’s taxes. 

Got it. 

Anybody can do anything. I mean, my father, he passed a couple of years ago and I got to see his return that he did himself by hand that the IRS politely said, your math, your addition isn’t even correct. I’m looking at it—there’s free things that could do this so much better than you could. 

Yes. Did he put cents on the end of it? Did he round it? Cause I’ve seen it where people put, you know, 22 cents. 

I don’t recall. I mean, his estate, I could find out. I don’t think that he put cents, but the return was done by hand incorrectly. 

Alright. Well, we have lots of people out there that can help people that are doing that. Alright. We’re going down the rabbit hole now. So we should probably wrap it up and I’m going to do a quick wrap, but then I’ll let you do anything too. So the bottom line is, anytime I talk to you about this stuff, you scare the heck out of me. And so, but for a good reason, this is things we need to follow. These are best practices, but not just best practices. These are legally, we’re legally obligated to do this. And if we don’t, this is where we can have massive issues. I mean, there’s just moral issues too. Hey, we just let people’s data go. We didn’t tell them about it. And now we’re responsible for this. So from that standpoint. This is very important. People need to take this serious. It’s not just to check the box, like you said, uh, when you get your PTIN. Yeah, we’re good. I’ve done all this. You have to, yeah, almost even just go through an audit of the processes and everything that you’re doing.

So what I’m going to highly recommend everybody do, it’s two things: One, come to Bridging the Gap Conference, because Andrew’s going to be there, and other people with RightWorks, and you’ll be able to talk to them there, but reach out to Andrew before that, even, if you have any questions about anything that’s going on, because this is not—I don’t want to do a scare factor, but bottom line is you have to do this. And if you haven’t looked at yet and you don’t feel you’ve got the right processes in place already, it has to happen. So, you know, if you can, RightWorks is, like I said before, a platinum sponsor of our conference. It’s really exciting to have them there. They’ll be there to answer any questions, but in reality, you know, if you have any concerns, don’t wait till there. Do it now, reach out to Andrew. Alright, let me give you a chance. I just wanted to get that in there.

Alright. So a final plug. Yeah, you can find me on LinkedIn, Andrew Lassise, or you can go to Tech4Accountants.net, and there’s a lot of resources there. We can do an audit for you just for peace of mind to let you know this is where you stand. We won’t put together everything for you, but just a, here, we did a quick run through and we’ve done a million of these, so it doesn’t take us long to put the pieces together, to just give you some awareness of where you currently stand. And a requirement that it’s almost like the FTC wrote it for IT companies—one of the requirements is you have to hire a qualified individual with real world experience. So you’re also legally not allowed to DIY, which is on the IT company side, it’s like, thank you, but I see on my side, it’s kind of, you aren’t legally required to hire somebody to do your taxes, but you really ought to.

Yes, you should. Alright. And then just to clarify on that. So even though you’re with Rightworks now, Tech4Accountants is still a live website and that’s where you go for the WISP information. 

You can go to either of them. I’m just, honestly, I’m more familiar on the Tech4Accountants side. So, I can tell you if you go to Solutions and “download free WISP template,” that will get you a lot of access and a lot of good resources. And on the RightWorks side, they have pretty much the same thing, but since I’m not involved with the day to day in there, I wouldn’t even know who to talk to, to make sure that it goes through. 

Got it. Understandable. Alright, so people know where to go. They can go to the Rightworks, they can go to Tech4Accountants, they can see you on LinkedIn, they can go listen to the podcast, which is…

Tech Talk for Accountants.

Tech Talk—not Ted talk—Tech Talk for Accountants. And then last question. We got all that data out there. Really looking forward to seeing you in July, for sure. We actually, I swear you were on the podcast before. ’Cause I swear I asked you this question before, but every guest gets this question. So we just talked about a lot of really cool stuff,  at least for, uh, tech geeks and accountants and accountant geeks. I’m going to put geeks in the same category. But it’s stuff we need to know. When you’re not thinking tech, when you’re not figuring out ways to safeguard this profession, what do you do for fun? What are your outside of work passions?

Outside of work, currently, I’m training for my fifth marathon. And I hadn’t thought about it till you just asked this. I’m going to be at the Chicago marathon in October. 

Oh, wow.

I’ll stop by and say hi. And then my wife is turning into a trip, travel a lot. We’re leaving for Europe in a couple of days. And I cook a mean steak. I was just at a really expensive steakhouse the other day and was almost like, alright, you’re, you’re charging $30 an ounce, and me at home is so much better than you guys are. So those are the things that I’ve currently been geeking out on. Probably will be for a while. 

Alright. Running, travel and steak cooking. Nice. I like the combo. I haven’t had that combo before as an answer. So that’s a nice one.

Yeah. They don’t play that well into each other, but traveling, food, and doing things for a really long time that nobody else cares about or appreciates. That’s where I fall.

Well, you’re the expert at that, which is nice. You have to have an expertise besides the tech. You’ve got all this other outside of work passion. So, well, Andrew, fun as always, always great talking to you. We’re going to have to schedule. I want to be a three peat guest now on your podcast. So I’m very competitive. So I need to get that third one under my belt. So we’ll talk about that. 

I would love for you to be the first, I think you were the first two-peat guest. It’s possible. It was either you or Joe Woodard. I think Woodard might’ve beat you for two times. But, you could beat him for three times. 

Nice. I was just on his podcast. I love talking to Joe. He’s a great guy. 

He’s so, when you talk to him, it’s just like, oh, you’re the best person on earth. He speaks so well. 

Yeah. No, he definitely knows the stuff, so that’s pretty cool. Alright. Well, Andrew, thanks again. We’ll see you in less than two months. We’re recording on May 29th, just so anybody knows we’ll probably release this in the next two weeks, but we’ll be seeing Andrew soon and hopefully to see all you at the Bridging the Gap Conference in July. 

Awesome. Well, Randy, thank you so much for having me. It was a pleasure. 

Always a pleasure!