QuickBooks Live Could be a Top 100 Firm by 2020, Fake Bots from Google, Roger Raises $7.35M to Automate Accounting with AI, and Why the NSA Might be to Blame for the CCH Malware Attack

Blake crunches the numbers and figures that if Intuit meets its publicly stated goals, QuickBooks Live will likely be a $60 million per year accounting firm by 2020, (depending on whether or not you’d call an on-demand bookkeeping service an accounting firm, of course). Also, Roger, the accounting automation tool, has raised a $7.35M Series A. Guess who is one of the investors? Dan Wernikoff, the former GM of QuickBooks and TurboTax. Google admitted that it’s AI still needs human help, but you’ve got to listen to a recording of a call from Google Duplex (a bot) to a restaurant to book a dinner reservation. Next, the New York Times details how a leaked N.S.A. hacking tool might be responsible for the recent malware attacks on CCH, Centrom (a provider of cloud hosting to CPA firms) and the City of Baltimore. Speaking about security, did you know that a surprising percentage of people will apparently give out their passwords in exchange for… chocolate? All this and more insanity in this episode of the Cloud Accounting Podcast with Blake Oliver and David Leary.


Show Notes

  • 02:34 -- Blake crunches the numbers and figures that if Intuit meets its publicly stated goals, QuickBooks Live will likely be a $60 million per year accounting firm by 2020, putting it at 73 on Accounting Today’s Top 100 Accounting Firms list. 
  • 06:56 -- Sholto Macpherson asks, is QuickBooks Live a "Watershed moment or BAU?" — Twitter
  • 10:02 -- Google’s Duplex Uses A.I. to Mimic Humans (Sometimes) — The New York Times — Google admitted that it’s AI still needs human help, but you’ve got to listen to a recording of a call from Google Duplex (a bot) to a restaurant to book a dinner reservation.
  • 17:13 -- Roger, the accounting automation tool, raises $7.35M Series A — TechCrunch (Guess who is one of the investors? Dan Wernikoff, the former GM of QuickBooks and TurboTax.)
  • 20:02 -- Firms lose cloud access after Cetrom systems breach — Journal of Accountancy — Centrom, a provider of cloud hosting to CPA firms, fell victim to an attack using similar malware to the one that caused the CCH outage.
  • 21:23 -- In Baltimore and Beyond, a Stolen N.S.A. Tool Wreaks Havoc — The New York Times — The New York Times details how a leaked N.S.A. hacking tool might be responsible for the recent malware attacks on CCH, Centrom (a provider of cloud hosting to CPA firms) and the City of Baltimore.
  • 25:53 -- Social engineering: Password in exchange for chocolate — ScienceDaily — A disturbing percentage of people will give out their password to strangers in exchange for little value.
  • 29:38 -- Hands On: The Twin-Screen Asus ZenBook Pro Duo Is a Laptop From the 2020s — PC Magazine — With two built-in screens, David predicts this laptop could be the ideal computer for accountants and bookkeepers on the go.
  • 32:04 -- When You Raise Prices More Than a Smidge ... They At Least Look At Another Vendor — SaaStr — The author cautions software companies that rase prices to dramatically. Meanwhile, David was hit by a 100%+ price increase on his QuickBooks subscription!

Get in Touch

Thanks for listening! Follow and tweet @BlakeTOliver and @DavidLeary. Find us on Facebook and, if you like what you hear, do us a favor and write a review on iTunes

Interested in sponsoring the Cloud Accounting Podcast? We have some open sponsorship dates available for the summer season. We also have some “conference special” sponsorship opportunities available, for example, the week of June 16 we’ll be doing 4 daily “conference crossover” episodes covering Scaling New Heights and Xerocon. For details and pricing, read the prospectus.



This episode of The Cloud Accounting Podcast is sponsored by Xero. Did you miss the Xero Roadshow when it came to your city? What if I told you you could still attend a Xero Roadshow event? On June 4, 5, or 6, you can attend the Xero Roadshow Online. That's right. You can attend a Roadshow event via your web browser.

At the Xero Roadshow Online, you'll learn how your practice can benefit from the full power of the Xero platform, and even earn CPE credit. To register for free, head over to CloudAccountingPodcast.promo/xeroroadshow. That is Cloud Accounting Podcast dot promo forward slash X-E-R-O-R-O-A-D-S-H-O-W. Don't forget to register for Xerocon!
Blake Oliver: Welcome to The Cloud Accounting Podcast. I'm Blake Oliver-
David Leary: And I'm David Leary.
Blake Oliver: What's new, David? 
David Leary: What's new? Short week, right? 
Blake Oliver: Yeah.
David Leary: I feel like there was not a lot of major-major-major-major [00:01:00] news. There was a event, though. QuickBooks Connect happened in Australia.
Blake Oliver: Yes! 
David Leary: It was in Melbourne, this time; not Sydney.
Blake Oliver: We've got some news about QuickBooks Live, the gift that keeps on giving. It's coming to Australia.
David Leary: Wow, so another new week, another major QuickBooks Live announcement. Yes, that's big.
Blake Oliver: I really wanna touch on those numbers that we talked about last week, because it's been sitting with me, since Friday, how big this is, right? 
David Leary: Could we pause you there, before [00:01:30] you get into how big it is? Could we get into ... We have two reviews that came in.
Blake Oliver: Okay, yeah. What are the reviews? 
David Leary: We got two reviews. I'll read this one. It's from Jazfun2. It's five stars. "'And now you know the rest of the story.' David and Blake, in true Paul Harvey style, show us the behind the scenes details of the topical headline stories from most media outlets. The insight and depth of knowledge is refreshing, and to hear a podcast where they can laugh at themselves, as well as the industry, makes the listening lively. In an industry fueled by technology - AI -Blockchain frenzy - [00:02:00] Blake and David give us honest perspective. Always waiting for the next one to drop so I can catch up. The Cloud Accounting Podcast is a must-listen if you really want a reality check on what's happening in the cloud."
Blake Oliver: Awesome!
David Leary: Thank you, Jazfun!
Blake Oliver: That's Jan, right? 
David Leary: I think so.
Blake Oliver: Thanks, Jan. We got another review, as well. "Two great guys keeping you updated on relevant accounting stuff. What a great podcast; fine for staying up to date on all things accounting. I especially have appreciated the accounting-app news updates. Keep them coming. Your fan, MM." Thank you, MM! 
David Leary: Absolutely. [00:02:30] All right, now you can give me your big numbers.
Blake Oliver: All right. Sorry, yeah, I jumped the gun there. We were talking about QuickBooks Live last week, and the news that Rich Preece  announced on The QB Live Show that QB Live is expanding from the current 50 ProAdvisors to 500 ProAdvisors within about a year. Is that right, David? Did I get that right?
David Leary: I think he mentioned like within the next nine months.
Blake Oliver: Okay, within the next nine months-
David Leary: Which is crazy-fast. 
Blake Oliver: Yeah, that's the goal. These ProAdvisors, of course, are not gonna all be working in the Boise [00:03:00] office; they're gonna be distributed around the country, like TurboTax Live. Similar.
David Leary: Well, specifically, they're gonna use ... The first 500 are gonna use existing TurboTax Live ProAdvisors, because they're set up, and ready to go.
Blake Oliver: Got it. 500 ProAdvisors ... Rich Preece gave us some numbers about the number of customers they have. It looks like the ratio of ProAdvisor to customer is something around 22-23. Let's just call it 25. Let's say ProAdvisor on QB Live could [00:03:30] serve 25 customers. Each of these customers pays $400 per month. 500 times 25 is 12,500 QuickBooks Live customers paying $400 per month; that equals $5 million per month, which is $60 million per year in QuickBooks Live revenue. That would put QuickBooks Live at number 73 on the 2019 List of Top 100 Accounting Firms, according to Accounting Today, right behind SingerLewak, which has 10 [00:04:00] offices, 43 partners, and 305 total employees.
David Leary: Okay, so just to be clear, last week ... Last week, two weeks ago, three weeks ago, a month ago, whatever, Intuit was not a bookkeeper, or an accounting firm.
Blake Oliver: No. Software developer.
David Leary: Now, they're becoming ... Now, they basically are becoming a bookkeeping firm, in a strange way.
Blake Oliver: Yeah. 
David Leary: Accounting firm ... They're going to be one of the biggest, instantly. Well, within nine months.
Blake Oliver: Yeah, a Top 100 firm within nine months.
David Leary: Wow ...  [00:04:30]
Blake Oliver: They're not calling themselves an accounting firm, though, because it's a ...  I don't know exactly what they're describing it as; I don't really recall. It's kind of indefinite, but a platform to connect businesses, and ProAdvisors. Hey, isn't that what an accounting firm is, anyway? It's a brand that connects ... In most cases, it connects a business owner who needs services - tax, accounting, consulting - to a service provider, typically a partner in the firm, who, in a traditional firm, owns their own book of business. This is basically [00:05:00] the same concept [cross talk]
David Leary: Right, same model, because if I have a firm, I have my own in-house ProAdvisors that I might be paying 40 bucks an hour to do the books for my clients.
Blake Oliver: Yeah. 
David Leary: Then I'm taking a piece of whatever I'm charging the client.
Blake Oliver: Whatever they call it, I'm calling it an accounting firm. I think that's what it is.
David Leary: I could agree with your point of view on that.
Blake Oliver: Yeah, so- 
David Leary: Even if it's a slightly number, cuz I think your estimate is going off of each ProAdvisor is handling 25 customers ... I think, right now, the current numbers they released - we talked about it last episode - it's [00:05:30] at about 19 to 20. Even with those numbers, it's probably gonna still be about a $50-million-a-year business. Where does that put them on the Top 100? Is it still Top 100?
Blake Oliver: Oh, yeah, definitely in the Top 100.
David Leary: Wow. So, just for fun, project this out, year two, and year three. Just quickly, off the top of your head, are they a Top-10 accounting firm in year two?
Blake Oliver: Well, I just know to get up to the 50, you gotta to be over 100 million. Yeah, I could easily see Intuit becoming a Top-25 firm. [00:06:00]
David Leary: Who does this disrupt, then? Is this disrupting the average ProAdvisor, or is this disrupting bigger firms that are trying to do 3,000, 5,000, 6,000 clients? 
Blake Oliver: I don't think it's disrupting the big firms, because I don't think most of them are dealing with small clients like this. Their fees are coming from mid-sized businesses, large businesses [cross talk] It will undercut them in that they're not gonna be able to get a foothold in this space. What [00:06:30] it really is doing is taking all of these small ProAdvisors and aggregating them into what is essentially a large firm. That's what it seems like to me.
David Leary: Got it. 
Blake Oliver: It's disrupting the independent bookkeepers, for sure. I think it's gonna be very hard for independent bookkeepers to compete with QuickBooks Live, and small firms, small CPA firms, small EAs, just bookkeeping firms, competing. How do you compete with $400 a month for bookkeeping? This is why the discussion going on in Australia right now is [00:07:00] interesting. 
You sent me a tweet from Sholto Macpherson, our friend over in Australia, asking ... He asked you, David, he said, "What is your take on QuickBooks Live? Is it a watershed moment, or business as usual? Will it replicate the impact of TurboTax Live?" Knowing what I know about the cost of labor in Australia, I feel like it's gonna be even harder for Australian bookkeepers to compete with QuickBooks Live, if it goes out there at the price of $400 [00:07:30] per month, US. Maybe I'm wrong.
David Leary: Just to put some context on that, it looks like Sholto tweeted this during QuickBooks Connect, during one of the keynote talks. A futurist was on stage talking about disruption, and he just found it ironic that it was minutes after Intuit just talked about QuickBooks Live being launched in Australia. He feels like that's kinda gonna be disruptive to the people sitting in the audience. There's a little back and forth between Sholto, and Paul Messner about maybe this is not gonna [00:08:00] impact that audience, et cetera. When he asked me what my take is, I think one thing I would say Australians don't understand about QuickBooks Live is how successful TurboTax Live was. We talked about that last week on the podcast, right? 
Blake Oliver: Right.
David Leary: TurboTax Live might be the most successful TurboTax offering in 25 years. Call it a bundle; call it whatever you want, it's a way to sell TurboTax, and it's selling better than ever. The other thing I think they don't understand is the marketing machine of Intuit. Everywhere [00:08:30] you turned, you saw TurboTax Live. It was on all the Super Bowl commercials; it was on all the college football championship bowl games. For about a six-week period, you saw TurboTax Live everywhere. I don't think they understand the Intuit machine, and how those wheels get going, and it's gonna happen. Acting like this won't have an impact, I think, is very naïve.
Blake Oliver: We'll find out.
David Leary: Going to your comment as far as the cost of labor in Australia, and the pricing model [for that] ... In [00:09:00] a way, this could actually possibly disrupt Australia more. The logic on that is I think a lot of these firms in Australia, they're outsourcing a lot of labor already.
Blake Oliver: Yeah. 
David Leary: A lot of them are doing- they're using some sort of outsourced labor to run their firm. Now, in a way, this is competing directly with those.
Blake Oliver: Right.
David Leary: If you have a bookkeeping firm, and you're using outsourced labor to control, and keep your costs down, you probably actually have a bigger competitor against you now, than if you were just an independent ProAdvisor that actually [00:09:30] could say, "Hey, I'll take some of the work from QB Live."  This could actually disrupt Australia even more, and then- 
Blake Oliver: Yeah, I think you have something there. 
David Leary: Then, we were talking about, last week, how TurboTax Live is bringing in new customers. This could help Intuit get a stake in the ground in Australia, because this could get new people to use QuickBooks Online in Australia. We'll see, but there's a lotta discussion about whether ... Now the discussion on this is like ... Now that everybody understands, and believes it's coming, and know it's [00:10:00] coming, now, people are wondering, who's it gonna disrupt? 
Blake Oliver: David, we haven't talked about bots in a while. I've got a bot story for you. Fake bots.
David Leary: Fake bots? Okay. 
Blake Oliver: Yes, and this is not some startup. This is a big company. This is a story in The New York Times about Google Duplex. Have we talked about Google Duplex on the podcast? I love using it as an example of AI. 
David Leary: We may not have talked about it, but I'm familiar with it. I could maybe try to give an example.
Blake Oliver: The big Google Duplex story was last [00:10:30] year, when Sundar Pichai, the CEO of Google, gave a demonstration of Google Duplex, which is the name they have for their AI voice assistant, calling a hair salon, and booking an appointment on behalf of a Google customer, all by itself. The audience was just blown away that this AI could call the hair salon, talk to a human being, deal with some unusual stuff that happened, in terms of the booking, and make the appointment. Some people were so [00:11:00] blown away; thought it was not real at all. It couldn't be real; it had to have been fake.
David Leary: My understanding is that Google is also using the same technology to just call small businesses randomly, and say, "What are your hours this week?" or "What are your hours today?" That's how the update the Google searches. You know, when you search for a small business, and it shows the hours they're open? 
Blake Oliver: Yep. 
David Leary: Google's- apparently they're using this same robot to go and gather information about small businesses - their hours of operation, et cetera.
Blake Oliver: Makes so much sense, right? This is the customer-facing [00:11:30] aspect of it they're experimenting with. You can actually use Google Duplex right now. If you download the Google Assistant on your IOS, or your Android device, you can ask it to make a dinner reservation for you, and it will call a local restaurant, and do it. The New York Times decided, "Hey, let's test this out. Let's see if it works." They did an experiment, and they made four bookings. Here's the rub. Out of four successful bookings with Duplex, only one [00:12:00] was done by a robot. Three were done by people. Google is using a call center to augment Google Duplex, and to help it when it fails. Does this is sound familiar, David? It's fake bots, or it's human-assisted bots.
David Leary: It's the same story that was ran ... Was it Bloomberg who ran that three or four weeks ago, about Siri, and Amazon Echo, or about Alexa? Everybody's using [00:12:30] humans to help process some of this.
Blake Oliver: Right, because the AI's impressive, but it still can't do everything. The New York Times reached out to Google, and asked  them, after they discovered that humans were assisting the AI, how many of the calls are actually being done by a human? Google said that about 25 percent of calls placed through Duplex start with a human, and that about 15 percent of those that began with an automated system had a human intervene at some point.
Now, The New York Times in their testing, they only had- it [00:13:00] flipped. They had 75 percent of their four calls were actually done by a human, and only one of them was completed successfully by an AI, all by itself. This is a fake-bot story, but it's also amazing because they posted the recording of the AI, in its conversation with a restaurant owner - the one that worked; the 25-percent example, where the AI worked successfully - and it is super-impressive. I wanna play it for you. Do you wanna listen? 
David Leary: Yeah, absolutely.
Blake Oliver: You gotta hear this!
Recording-Restaurant: Hello, [inaudible], may I help you? [00:13:30]
Recording-Google AI: Hello?
Recording-Restaurant: Hello.
Recording-Google AI: Hi, I'm calling to make a reservation. I'm Google's automated booking service, so I'll record the call. Could I book a table for Tuesday, the 21st?
Recording-Restaurant: Okay. Hello? 
Recording-Google AI: I'd like to make a reservation for a client for Tuesday, the 21st.
Recording-Restaurant: Okay, actually, how many people? [00:14:00]
Recording-Google AI: It's for 10 people.
Recording-Restaurant: 10 people. Okay, what time? 
Recording-Google AI: At 7:00 p.m..
Recording-Restaurant: 7:00 p.m., okay. 
Recording-Google AI: I need a table for 7:00 p.m..
Recording-Restaurant: Okay, 7:00 p.m., okay, and then- 
Recording-Google AI: Yeah. 
Recording-Restaurant: -are there any kids? 
Recording-Google AI: I'm actually booking on behalf of a client, so, I'm not too sure.
Recording-Restaurant: Not too sure? Okay, got it. Okay, so, please be on time. That's 7:00 p.m., on Tuesday, right? [00:14:30]
Recording-Google AI: Yes. 
Recording-Restaurant: Okay. I can put you in the reservation book, so, see you on Tuesday. 
Recording-Google AI: Oh, would you like the client's name now? 
Recording-Restaurant: Yes.
Recording-Google AI: The first name is Kate.
Recording-Restaurant: Okay, Kate. What is the last name? 
Recording-Google AI: Last name Metz. 
Recording-Restaurant: Metz? Okay. What [00:15:00] is the telephone number? 
Blake Oliver: That was an AI. That was not a human being.
David Leary: What's interesting about that ... I think short interactions like that are very predictable - how that conversation's gonna go. It's like scanning OCR in a business card. Very, very easy because once you figure out where the zip code is, you can work backwards, and there's the rest of the address. You look for a certain pattern. A reservation phone call's always gonna have some pattern to it, in general, that [00:15:30] they can do that.
Blake Oliver: Yep. 
David Leary: What I find really interesting is, at the same time, if you're gonna automate that from this side, if I'm a restaurant owner, and I'm using an app like OpenTable, when's OpenTable gonna have a bot answering those phone calls, and handle it? Why is that restaurant owner answering the phone, and talking to another bot? The bots could just talk to each other, and then you just show up for your reservation. 
Blake Oliver: The bots talking to each other. That's funny.
David Leary: It almost makes more sense for the restaurant owner to have a bot answering calls for taking in reservations.
Blake Oliver: Well, I was out [00:16:00] looking at apartments, yesterday, and when I called one of the large corporate complexes, they told me that if I pressed one, they would text me, so that I didn't have to stay on the phone, and I could book my whole appointment that way. I pressed one, and I got a text message, and I was able to book the whole appointment via text-message exchange. It's possible that was all a completely automated system that was reading my responses and finding time in [00:16:30] the calendar; because, when I got to the leasing office, the guy who was sitting there at the desk had no idea that I, in particular, was coming in, and the appointment had been booked for him. 
That could be a call center somewhere, so maybe human-assisted, maybe artificial intelligence, or a mix; it could be both. That's the thing that I think - the take-away from this story, and all the other coverage of bots that we have done - is that, right now, AI is getting really good, but it's still a mix of human, and machine, and it's really hard to know when. I [00:17:00] think it's important, as businesses, that we ask, and that we find out. Maybe as consumers, we don't care, but as businesses, accountants protecting people's data, we need to know when humans are looking at this stuff, and when it's not humans.
David Leary: There's another product, it's called Roger AI. They are an accounting-automation tool that- they just raised $7.35 million. A couple of interesting things I think from this is who is part of the raise. Everybody, [00:17:30] remember Dan Wernikoff, the former GM of QuickBooks? 
Blake Oliver: Ah, he's investing.
David Leary: And TurboTax. He's investing. He's backed this Series A. This is a company out of Denmark. Now, they obviously did their round in San Francisco, so we know they have a San Francisco office. Looking at their website, looking at the product, it kind of feels like ... Obviously, I have not tried it. I haven't played with it, but it feels a little bit like a Zapier, or an If This Then That (IFTTT) type product, and a little bit like an AutoEntry, and a Bill.com, and some [00:18:00] Expensify- some OCR products. Then, you can build custom workflows on top of your accounting system, and integrations.
Blake Oliver: Well, what does it do? Give me an example. 
David Leary: Let's say I take a picture of a receipt. The receipt needs to be categorized and get into my QuickBooks. Maybe that receipt also needs to have three people approve it before it gets billed to a customer for some job, I don't know.
Blake Oliver: Mm-hmm. 
David Leary: You can automate all these processes, and then maybe it kicks it over to Slack, and then, somebody in Slack can say, "Yes, approve that." I think it's [00:18:30] still pretty rudimentary. They don't integrate with many things as of yet. It's like Dropbox, QuickBooks ... Like six apps it integrates with, so the depth of the integrations is not a lot. They're playing it up to: "Hey, you can use this to automate processes inside your small business, but then you, as the accountant, could use this to automate processes you're doing for your clients." 
If I really step back and think about this, if you look back to when we had the Botkeeper demo, and internally, Enrico and his team at Botkeeper [00:19:00] are building all these automation tools, in-house, to massage data, touch data, move data, kick off processes. That's how Botkeeper's able to augment the humans that are helping out. They have these automation tools helping out along the way. Imagine if Botkeeper took all those automation tools, whatever their tech stack is, and said, "Hey, we're gonna just sell that as a separate product," and you could buy tools that smell-taste similar to what Botkeeper showed us. That kind of feels like what Roger AI is here. [00:19:30] Other than that ... I'm only judging from what I've seen on the website. There's no video. I explored around the integrations, kicked around, but I have not signed up. It's so new, like the QuickBooks-Xero integrations say, "Coming soon." The Bill.com integration says "Coming soon" [cross talk]
Blake Oliver: They don't have any-
David Leary: Every integration- all the integrations say it's "Coming soon," so I don't know what it actually connects to at this point. I just thought it was interesting that Dan Wernikoff jumped in on this.
Blake Oliver: If you're interested in checking it out for yourself, head over to their website at Roger.AI; R-O-G-E-R DOT A-I. I've [00:20:00] got some follow-up on the security issues we talked about last week. We talked about the City of Baltimore getting hacked.
David Leary: Okay. 
Blake Oliver: We've been talking about Wolters Kluwer getting hacked. Well, another cloud-hosting provider, called Centrum, has reported a systems breach. This was an article in The Journal of Accountancy, published on Thursday. the 30th of May. Apparently, a [00:20:30] whole week ago, on Friday the 24th, Centrum was hit by a malware attack. Now, Centrum - this is the first time I'm hearing about it - seems to be a virtual desktop/other cloud-hosting provider for CPA firms-
David Leary: Okay, so they do specialize in our space.
Blake Oliver: Yes, specialize in accounting. On Thursday, they posted an official statement on their website, describing this malware attack that happened a whole week before. Very similar to Wolters Kluwer, and they actually said in their statement that it appears to be similar to the one that hit CCH, Citrix, Baltimore, [00:21:00] and Philadelphia. I was curious to know, well, what is this virus that has hit CCH? Because we still don't know. Wolters Kluwer hasn't told us what it is, and what-
David Leary: We projected ... I think we talked about that; I found that second article that was out there of that other malware, two or three weeks ago, I think we had a link to it. I'll see if I can find it. 
Blake Oliver: Yeah. Apparently, there's a connection between all of these malware attacks - Baltimore, CCH, and [00:21:30] this one now, with Centrum. The New York Times, again doing some really great investigative journalism, has a story up on their site called, "In Baltimore and Beyond, a Stolen N.S.A. Tool Wreaks Havoc." Apparently, all of these attacks are linked to tool, a hacking tool that the NSA developed called EternalBlue. That's a key component in all of these malware attacks. Before it leaked ... They lost control of it in 2017. I [00:22:00] had kind of heard about this before, but now this is really refreshing my memory. I can't believe what a disaster this has been.
Apparently, "before it leaked, EternalBlue was one of the most useful exploits in the NSA's cyberarsenal. According to three former NSA operators, who spoke on the condition of anonymity, analysts spent almost a year finding a flaw in Microsoft software, and writing the code to target it." "EternalBlue was so valuable, former NSA employees said, that the agency never seriously considered alerting Microsoft about the vulnerabilities, [00:22:30] and held onto it for more than five years, before the breach forced its hand."
This EternalBlue hack has been used by state hackers in North Korea, Russia, and China. It was behind the WannaCry attack in 2017, which destroyed systems in the British healthcare system, German railroads, 200,000 organizations around the world. Russia used it as part of the NotPetya attack, which cost FedEx more than $400 million, and cost Merck, the pharmaceutical company, $670 million dollars. One [00:23:00] of the cybersecurity experts interviewed in the story called this whole episode, "The most destructive, and costly NSA breach in history. More damaging than the better known leak in 2013 from Edward Snowden." The NSA, and the FBI have declined to comment for the story in The New York Times, and have basically denied responsibility, or that they should be held accountable.
Admiral Michael S. Rogers, who was Director of the NSA during this whole leak, suggested in remarks [00:23:30] that the agency shouldn't be blamed. He compared it to Toyota. He said, "If Toyota makes pickup trucks, and someone takes a pickup truck, welds an explosive device on to the front, crashes it through a perimeter, and into a crowd of people, is that Toyota's responsibility?" Then he continues, "The NSA wrote an exploit that was never designed to do what was done." This is amazing to me. This is known, and we're just kinda okay with it? 
David Leary: Nobody's talking about [00:24:00] it. This will never make mainstream media. This is kind of a big deal, because this is like ... If it's that powerful the tool that we created - we being our country- 
Blake Oliver: Yeah.
David Leary: Things our taxpayers pay for, that means everybody's at risk, right? 
Blake Oliver: Oh, yeah. For our international listeners, who are not familiar with the NSA, they are the most secretive spy agency we've got in the United States; probably using their artificial intelligence, and bots to listen in on this podcast right now. The [00:24:30] National Security Administration.
David Leary: Good find! What a story! Very, very amazing story there. The other interesting thing, I think I'd tie this back to is maybe this is an argument of not upgrading the IRS's computer system.
Blake Oliver: Oh, because they are using mainframes that are not susceptible to modern hacking? Yeah.
David Leary: Yes. Right? It's so much legacy technology that nobody has the technical skills to hack them.
Blake Oliver: Well, here's the thing is that the flaw in Windows [00:25:00] that allowed these attacks to happen, that this exploit utilizes has been patched; Microsoft patched it. The problem is that there are so many systems out there that have not been patched, that have not been upgraded by the people responsible for security, that it still exists. You can still use this tool to hack into computers all over the world.
David Leary: Okay. I'm not gonna cuss, but I wanna slap my hand on the desk. That is a bunch of crap. I'm an accounting firm. I know that running my own IT is a risk. I [00:25:30] have to keep all my machines updated; I have to keep all my patches. I'm gonna go outsource this to a hosting company, because they promised me to be my IT department, and they're not #$%&ing patching machines? You're gonna have to bleep that. 
Blake Oliver: Yeah, and this is the thing. We don't know for sure, but if Wolters Kluwer, CCH, was the victim of this hack, that means that they weren't properly patching their PCs. I've got another story [cross talk] 
David Leary: I have no comments on it. Sorry. Don't get me fired up more now. Come on, now.
Blake Oliver: I've got another story that'll [00:26:00] make your blood boil, or maybe it'll just make you give up on humanity. This is another security one. Are you familiar with the concept of social engineering? 
David Leary: Yeah, so I'm like, "Hey, Mare ..." I called up this front desk of an office. I'm like, "Hey, Mary. I was wondering, can you give me your password, because of blah-blah-blah?" They just give it to me.
Blake Oliver: Yeah.
David Leary: It's what happened to Podesta, basically, with the Clinton emails.
Blake Oliver: Right, cuz people are the weakest link in the chain of security. Psychologists at the University of Luxembourg have been studying social engineering as [00:26:30] a way of hacking - how effective is it? They did a large-scale study involving over 1,200 people to investigate how people are manipulated into sharing their passwords with complete strangers in return for small gifts.
What they did is they stood out on the University of Luxembourg campus wearing University of Luxembourg branded bags. They looked like they were affiliated with the university, and they randomly selected passersby, and asked them about their attitude toward computer [00:27:00] security, and then also asked them for their password. They were carrying- the study, the people conducting the study were carrying University of Luxembourg bags, but were otherwise unknown to the respondents. Now, David, guess how many people gave out their passwords? 
David Leary: I'd say it's about 50 percent. I'm just guessing ... 
Blake Oliver: Yeah, well, because I already hinted that it's so bad, right? They varied the experiment. To some people, they just asked them for their passwords. Some people, they gave them chocolate, and they would do it before, [00:27:30] or after, or during the interview. Here's the crazy part - 30 percent of participants revealed their passwords in exchange for chocolate.
David Leary: "Hey, here's a piece of candy. Give me your password." "Okay ..." That's the test- the scenario.
Blake Oliver: That was if they received the chocolate after the question was asked. Like I'm gonna ... "Hey, will you give me your password? We've got chocolate here." If the chocolate was given beforehand, 43.5 percent of the respondents [00:28:00] shared their password with the interviewer. The willingness to divulge passwords increased further if the chocolate was offered immediately before the participants were asked to disclose their password. Anywhere between- depending on how you do it ... If you give people chocolate, you can get their passwords, 30 to 48 percent of the time, which is just insane to me that it's that easy to get people to give up their passwords.
David Leary: It seems like a very cost-efficient way to hack into things. 
Blake Oliver: Right. If you wanna hack into a city, like [00:28:30] the City of Baltimore, just go to a government building, set up a table, put on a City of Baltimore T-shirt, and hand out chocolate in exchange for people's passwords. This is absolutely mind-numbingly insane.
David Leary: It makes that NSA tool that we probably spent billions of dollars of taxpayers' money on to hack into people's computers ... They could have just done this.
Blake Oliver: It shows the importance ... You harp on this every single time we talk about security - of multi-factor authentication. It's not [00:29:00] just because somebody might steal your password, it's because your people working in your firm, or at your tech company might be dumb enough, and are ... I don't know, maybe dumb is harsh, but just people are not thinking. They're just willing to give away these passwords, and we have to protect our companies from our own staff more than anyone else.
David Leary: People need to put their passwords at the level of their loved ones. Like, "Hey, would you trade me your child for some chocolate?" 
Blake Oliver: Yeah, education ... We [00:29:30] need some education here. This is just ridiculous. That is my crazy, ridiculous security news for the week.
David Leary: Wow. Okay, I have something cool I saw this week- 
Blake Oliver: All right [cross talk] 
David Leary: I think it's pretty cool. You're an accountant, or bookkeeper. You like to use two screens, right? 
Blake Oliver: Yep.
David Leary: What happens when you go to Starbucks? 
I have to bring my giant screen with me, and find a plug ... I've seen people doing that.
David Leary: You're one of those guys? You're one of those guys that bring the huge 22-inch screen to ... I've seen that, as well, playing a video game [cross talk] Anyways, ASUS has a new [00:30:00] ZenBook Pro Duo. We'll have it in the show links. You can see the photos, everything. It looks like it might be the coolest-
Blake Oliver: Oh, this is so cool.
David Leary: This is the accountant's/bookkeeper's laptop. Imagine if you took the keyboard, slid it down towards your belly, and in that upper half of where the keyboard is, you now have a half-size screen. Then, to the right, you have a touchpad that's also like a screen. Now, you have a 10-key, still, as well.
Blake Oliver: Wow. [00:30:30]
David Leary: You could have the bottom half- maybe that's the e-mail that came in, and you're reviewing it, while at the top half, you have QuickBooks open, and you're doing some data entry, or whatever ... I'm assuming you're still doing data entry, right? 
Blake Oliver: Yeah. 
David Leary: You really get that benefit of a huge ... Basically, it's like a monitor and a half, but you still have the same form factor of a laptop.
Blake Oliver: What I like about this is that it solves a problem, which is you need two screens, but you don't necessarily need a full-sized second screen. You just need [00:31:00] a place where you can put something that you're referencing - part of a document, or part of a web page that you're looking at, while you work on a full-size screen. This is really cool. The picture looks amazing. It's called the ASUS ZenBook Pro Duo. Click on the link in the show notes and check out the pictures of this thing. It looks fantastic. This is the sort of thing that might actually get me to switch off my Mac.
David Leary: Yeah. This is a bookkeeper's laptop, or accountant's laptop, by far. This is a totally slick. ASUS, if [00:31:30] you would like to send a review copy, please contact us on Twitter.
Blake Oliver: Yeah, send one to David, and send one to Blake.
David Leary: Even for the podcast, because I could have the stories I'm talking about up there, but our recording software could be running on the bottom half.
Blake Oliver: Yes. Yes. That's beautiful, and you can be monitoring it. I love it. 
David Leary: This becomes a business expense now. We have to buy these for us. Yes, get one of these, for sure.
Blake Oliver: All right. What else?
David Leary: What else do I have? I have a- oh, I [00:32:00] have a story about raising prices.
Blake Oliver: Let's hear about that.
David Leary: Okay, two things happened this week. One, I saw this article in SaaStr. SaaStr is a website community for people that build SaaS software. All the app developers would probably go to SaaStr and read the blog posts there.
Blake Oliver: Right.
David Leary: Makes sense, right? This article is titled, "When You Raise Prices More Than a Smidge ... They At Least Look At Another Vendor." I think the take-away in this article is that ... I'm just gonna quote it. "What [00:32:30] I think is most important is how material price increases make your customers ... look. Look at other solutions ... You've just planted a seed. You've sent them on a fact-finding mission to talk to your competitors." The premise is if you're just charging for your SaaS app every month - X price - and people are just happily using it, they're never gonna pause, and think, "What's the value I'm getting out of that product?" They're just gonna keep chugging away, right?
Blake Oliver: Right.
David Leary: They could maybe incrementally raise it a little bit here, a little bit here, a [00:33:00] little bit here, but if you do a material raise, people are going to question it, and then- 
Blake Oliver: Yeah. 
David Leary: Coincidentally, me personally, I had that experience this week.
Blake Oliver: Oh, what happened? 
David Leary: I got an email from Intuit about my QuickBooks subscription.
Blake Oliver: Oh, no; you got hit with an increase-
David Leary: I got hit with a price increase. My price is going- I think I'm paying- right now, it's $29 a month for my QuickBooks Online Plus. On July 1, I've been told it's going up to $70 a month.
Blake Oliver: That's a steep increase.
David Leary: It's [00:33:30] over 100-percent increase. For me, I feel like I probably get $360 of value a year from QBO, but when I start stepping back, and I look at $840 for a year, that all of a sudden becomes my biggest business expense. It's more expensive than the podcasting software we're using. It's more expensive than the social-media tools I used to create the artwork for the podcast. It's more expensive than Canva. It's [00:34:00] the most expensive ... Microsoft Office I got all year for 99 bucks, or 106, or whatever that is. All of a sudden, QuickBooks is my most expensive business expense. With that said, I'm not gonna change. I'm too old to learn a new product. I'm not gonna shift, right?
Blake Oliver: Oh, David, don't cut yourself short.
David Leary: I don't have the energy for it, but I'm gonna try and downgrade my plan, because I'm not using the features at that level. The only feature I am using is the 1099 Subcontractor feature. [00:34:30] Are you familiar with that in QBO? 
Blake Oliver: Yeah, you sent me one, because-
David Leary: Oh, yeah. That's right.
Blake Oliver: -you had to pay me some money, and it was over the $600-
David Leary: Threshold.
Blake Oliver: -threshold, so ... Yeah, actually, that's one of the coolest things, I have to say, about QuickBooks Online is I got an email saying, "I need your W9," and I just clicked the button, and I put that in, and it went right into your QBO file, right? 
David Leary: It's a really cool feature, but ultimately, what that's really doing ... It's driving subcontractors [00:35:00] to sign up for QuickBooks Online Self-Employed.
Blake Oliver: Right. Brilliant; brilliant. 
David Leary: I would argue that feature should just be free on all QBO plans, because I used it with somebody else, and she signed up for QB Self-Employed.
Blake Oliver: Right.
David Leary: That's the one feature I'm using of Plus that I'd argue should be a free feature. Then, not to mention, and this is, I think, the kicker for me, when I think about the value: I send everything through AutoEntry. AutoEntry's essentially doing all the work for twelve bucks a month and shoving the transactions into QBO. It's such [00:35:30] a huge price increase, it's just- the reaction to it, I'm just like ... Then I saw somebody reply to my tweet about this, and they said, "Oh, you can't downgrade." 
Blake Oliver: You can't. 
David Leary: I guess I'm paying it.
Blake Oliver: Or, bringing it back to this article on SaaStr, maybe you shop around. Hey, I'm sure that there's somebody at our episode sponsor, Xero, who would really love to talk to you, David. This [00:36:00] is a really good question: when is it good to raise prices, and when does it do more harm than good? In the software world, I think it is debatable that ... Sometimes, you just want to take your legacy customers, and leave them at the price they were at, rather than disrupt things the way that ... Your relationship with QuickBooks is ... You're questioning it at this point, given the massive doubling of the cost- 
David Leary: I mean, $840 of value. I don't see that. That value is hard to measure. [00:36:30]
Blake Oliver: I think it is important for tech companies to really think carefully, before they raise prices, because the incremental cost to serve a customer for Intuit, for most SaaS companies is not that much. Your cost of sales is not very high, once you've got a customer. In the accounting world, if we're talking about raising prices in your accounting firm, or bookkeeping firm, in my experience - and I was guilty of this myself - most firms are really bad about raising prices and are seriously underpricing their legacy [00:37:00] customers. By legacy, I just mean customers you've had for a long time. We are not good at raising prices every year, especially the way that Intuit has been, and we need to do more of it. In that case, you actually want your customers to go out, and shop for other options. It's really an easy equation. You just look at your customer base, and you say, "All right, if I raise prices across the board by 20 percent, would I lose 20 percent of my customers?" If the answer is no, that you would lose less than 20 percent, you should [00:37:30] raise your prices.
David Leary: Yeah, and I think that's probably the equation Intuit's doing-  we talked about that with the QuickBooks Advanced [cross talk]
Blake Oliver: Right. Exactly. It's important to be raising prices, always, because you need to create capacity in your firm for taking on new clients. It's way easier to create capacity by raising prices and shifting some of your customers to other firms that are willing to service them for less, for instance, than to go out, and hire new people. It's just a very easy [00:38:00] way to increase your revenue, and your margins without having to grow your firm. It's so much more efficient.
David Leary: Yeah. 
Blake Oliver: The problem is most firms don't do ... They don't take the time, and they have these personal relationships with their clients. They feel bad doing it, especially ... I find so many bookkeepers feel bad about charging what they're really worth, and they don't. That's why they're just not making a lot of money.
David Leary: Yeah, and I think ... I'm getting a 60-day [00:38:30] warning about this, or whatever it is, from the email ... Somebody said this at the AICPA Executive Roundtable, and I don't know ... It was from the mid-sized firms - small- to mid-sized firms. I don't know who said it, and I apologize if you're listening. If you said it, tweet at me, and let me know. Essentially, this accountant said that they're okay with companies raising prices.
It's okay to do, but give people a 12-month heads up, because right now, if you're an accountant, or bookkeeper, if you've gone to a fixed-pricing model, and [00:39:00] you've calculated your costs, and you're rolling those out your client, you need a year window to re-up those contracts you have with your own clients. You can't just give them a 60-day warning; be like, "Hey, by the way, QuickBooks went up in price, so I need charge you more, right? 
Blake Oliver: Yeah. 
David Leary: Price increases are gonna happen. I think everybody knows that, except them. It's just 100-percent price increases do feel a little on the crazy side.
Blake Oliver: It'd be a lot. 
David Leary: Yeah, it's a teeny bit upsetting to have to bite [00:39:30] the bullet on that, but I probably will still pay it, because I just ... The headache of switching-
Blake Oliver: Right. Yeah. 
David Leary: -would be too much.
Blake Oliver: Yeah. It's a huge pain to change your accounting system. Well, David, that's all I've got this week. How about you?
David Leary: I think that kind of wraps things up here. I think that's it.
Blake Oliver: If folks want to get in touch with you online, David, where's the best place for them to go?
David Leary: To use the Twitter. I'm @DavidLeary-
Blake Oliver: And I am @BlakeTOliver. You can connect with us on [00:40:00] LinkedIn; on Facebook. You can follow The Cloud Accounting Podcast on Facebook, just search for us there. If you are going to be at Xerocon, we'll be there in June.
David Leary: I'll also be at Scaling New Heights, so, if you want a Cloud Accounting sticker, Podcast sticker, come find me.
Blake Oliver: I will be at AICPA Engage, starting on the 10th of June. If you're gonna be at any of those conferences, reach out to us on Twitter, or message us elsewhere, and let us know. We'd love to ... I'd love to meet up with our listeners, and chat [00:40:30] with you all in person. it's fun.
David Leary: We can buy beers for every listener. No, I'm kidding! I didn't say that. We won't do that. I think that's a wrap this week.
Blake Oliver: That's it for me. I'll see you next week, David.
David Leary: All right, bye, everybody.
Blake Oliver: Bye. 

Join our newsletter!

Get notified about new episodes and other updates from Blake and David

Got it. You're on the list!
Podchaser - Cloud Accounting Podcast

Copyright © 2020 Blake Oliver