Internet security has never been more important, as we spend more time online conducting transactions and communicating from a variety of connected devices. As the days go by, more of our personal information and business intellectual property is transmitted online, and hackers and thieves attempt to access that data for a host of nefarious reasons.
International, state and, in the future, potentially federal data security and privacy measures are frequently developed, enacted and amended in an attempt to keep sensitive information from falling into the wrong hands. However, criminals are unrelenting, and their tactics are also typically more advanced than most protective measures.
In a scenario in which the bad guys seemingly outnumber the good guys, The Shadowserver Foundation is a leading force to make the internet more secure for everyone. Founded in 2004, Shadowserver is a nonprofit organization consisting of leading security experts, researchers and engineers that actively investigate malicious internet activity and collect information about misconfigured, potentially compromised or infected computer systems globally. It reports abuse data each day for free to any network owner.
While Shadowserver was founded in the United States, its important work has expanded overseas. The organization was also registered in the Netherlands in 2014, maintains a location in the United Kingdom and maintains a global infrastructure spanning 80 countries.
The organization works directly with national governments, network providers, enterprises, financial and academic institutions, law enforcement agencies, and others to detail any discovered internet security vulnerabilities as well as any malicious activity so they can be remediated.
The goal of making the internet secure for everyone is daunting, but the amount of work Shadowserver performs toward its mission is staggering. For example, the foundation scans 4 billion internet addresses 45 times per day and ingests and analyzes 713,000 unique new malware samples daily, with 1.3 billion samples in their malware repository.
Unfortunately, similar to many middle market organizations, Shadowserver operates with a limited number of internal staff. A few years ago, multiple significant events occurred simultaneously to threaten the sustainability of the organization.
Accounting missteps and tragedy take a toll on Shadowserver
From the inception of the foundation, it conducted its bookkeeping and recordkeeping within Quickbooks and multiple spreadsheets. It also worked with outside accountants to help the organization prepare taxes and manage nonprofit guidelines. However, the day-to-day operations were heavily reliant on one person, Shadowserver’s director, Richard Perlotto.
“Everything was manual—everything was relying on me,” commented Perlotto. “If we had to do invoices or anything with the finances outside of taxes, it was 100% reliant on me.”
Some issues started to emerge with the foundation’s accountants. They made changes without properly communicating what they had done, and tax considerations such as deductions were irregular and inconsistent when they should have been standardized.
At the same time, Perlotto suffered a tragic death in the family, and understandably stepped away from the organization to focus on his family. However, with so much of the business operations dependent on Perlotto, Shadowserver found itself in a situation where nobody was running the organization and following up with the accounting firm in his absence.
By the time Perlotto returned to the organization, the amount of accounting issues and inaccuracies had caught up to Shadowserver, with books and records that were lacking in several areas. With the accountant not performing as intended, the organization was not up to date from a federal and state tax filing standpoint and the federal government consequently revoked Shadowserver’s 501(c)(3) nonprofit status.
Perlotto quickly determined that he needed a business partner to help get the organization’s financials back in order and chart a course for success in the future.
“I wanted someone that I could have a permanent relationship with,” said Perlotto. “We will probably never have internal finance people, so we needed someone with the history and the expertise to meet our complexities, being three nonprofits, not a single nonprofit.”
Catching up and building a brighter future
Shadowserver chose to work with RSM US LLP to revise financial statements and refile its tax returns from 2015–2018, work to regain its nonprofit status, and perhaps most importantly, implement a back-office structure that wasn’t reliant on a single person and could persist beyond a potential catastrophic event.
“I interviewed several companies—small corporations and the large corporations,” said Perlotto. “RSM scratched several of the itches that I had right away. They were able to bring in several 501(c)(3) experts right away, and they had a variety of experts from within the organization that they were able to bring into the equation quickly to answer my questions.”
Shadowserver and RSM worked together for nearly a year performing the accounting cleanup, developing a very close, friendly relationship. That process represented a tremendous amount of work, with a typical week consisting of three meetings and roughly a dozen emails exchanged to scrutinize how items were accounted for.
“The process of fixing the accounting and going through the taxes proved the point of what I was looking for,” commented Perlotto. “I wanted an organization that could bring in people as necessary—experts that could deal with the exact problems that I was having. This was not a new thing for RSM, and that gave me confidence moving forward.”
RSM’s tax team filed the new tax returns and communicated with the IRS to restore Shadowserver’s nonprofit status. In addition, the finance and accounting outsourcing group began work on establishing a new, consistent back-office framework to help the organization optimize critical financial processes.
Shadowserver took a major step forward with the FAO platform, gaining automation capabilities within several key functions, including transaction processing, financial reporting, month-end close, and financial planning and analysis. By replacing the previous manual financial processes with scalable technology solutions, Shadowserver has gained more consistency and real-time insight it never had in the past.
The new technology framework is able to better manage the complexity of how Shadowserver’s financials must be prepared, due to its international sister corporations. The U.S.-based organization provides a significant amount of support for those entities abroad, so the accounting and reporting must be presented in a different way, which is much more easily captured within the automated approach than in the previous manual structure.
“I have gone from one person to a team,” said Perlotto. “Every time there was a question about something, RSM had an appropriately skilled person to answer those questions. While this was going on, RSM was educating me. I have run very large departments in the past, but how you run a department is vastly different than the things you need to consider for an entire corporation, and more specifically a nonprofit.”