Dirigo Software Solutions

Power Query – Accountants and Bookkeepers Are You Using It?

Recently, I have been trying to connect with accountants and bookkeepers to get their input on automation and ai. One of the things that surprised me was that many were not aware of what Power Query could offer them.

So, I put together a simple blog post to show case some of it's features. It may seem to be simplistic, but that is the point.

Not every solution or tool needs to be complicated or save the world. It needs to save you time and effort, even if that is just 20 to 30 minutes a day.

The goal is to put more time back in your hands, not put on the Greatest Show on Earth.

Accountants and bookkeepers please let me know what you think about Power Query or what you would like to know more about.

P.S. I am still looking to interview accountants and bookkeepers, please DM me or email me at [email protected] if you would be willing to help me out.

Blog Post -

Power Query: Accountants and Bookkeepers Are You Using It? | Automate This Next! You already have Excel open almost every day. It can be used for reports, reconciliations, or even a simple database. Here’s the question: are you really taking advantage of what’s built inside it? I recently have been talking with accountants and bookkeepers about their struggles with technolog...

Recency Bias - QR Codes

I just got an email from Bit.ly about their new resource on using QR codes - https://bitly.com/pages/qr-code-survey. Seems like I am seeing cool use-cases for QR codes everywhere now. Not an exciting technology, but I am not about how cool something is, but how useful it is. So, here I am putting the word out. Happy automating!

Security with Zapier MCP – Practice Least Privilege

I recently learning about using Zapier MCP, but a post by General Analysis (link below) about Supabase leaking database information got me thinking. It wasn’t Supabase that was the issue, it was that the AI had more access than it should’ve.

This is a classic "least privilege" issue. In software development, “least privilege” means giving any system or user only the minimum access they need to do their job and that is it.

In the case shared, the AI should never have been able to access tables unrelated to the task at hand. But it could because someone gave it broad access! That’s the risk. You also can't assume that the default settings are least privilege as not all software follows the "secure by default" methodology. Yes, this can be a pain as you might have to use different tools to make sure you are not putting your data at risk, but getting breached is much more inconvenient!

And this doesn’t just apply to AI. Any automation can become a liability if it’s got more access than necessary. Every process should be reviewed through the lens of "what is the bare minimum this tool needs to do its job?"

Ok, enough of the premise here are some ways to make your Zapier MCP more secure.

- Avoid allowing it to send emails directly on your behalf, allow it to only create drafts. This prevents bad actors from being able to exfiltrate your data.

- Avoid using a personal email account. Create one specific to the MCP, so someone can't access sensitive data in your email account. If you need to have something come from your account, you could have the MCP account email your account and let a rule forward it to where it needs to go.

- When you set up a tool in Zapier MCP you can decide which actions it can take. Don't select all of them. Only select the one's you need. This will prevent bad actors from using an action to do something you weren't aware of or in a way you didn't expect.

- Following up on the previous item, when you select an action, you can determine what parameters AI can use or hard code values. This allows you to limit the discretion the AI has. for example, I want to access a spreadsheet of students. So, when I setup the Sheet action, I only allow it to access the specific sheet I am using. Or if I need to access different sheets, I will only allow the action to use a specific Google drive folder with sheets I need. Keeping my more sensitive files from being accessed by accident.

- If you are done with a tool or action, remove it from the MCP server.

Now, this is not an exhaustive list and I am sure others can other items. So, I would love to hear any suggestions on what I should add to the list. Keep safe out there and as always feel free to contact me with questions. Technology is supposed to make our lives better, not scarier. Happy automating!

Link to General Analysis's Article -

Supabase MCP can leak your entire SQL database | General Analysis In this post, we show how an attacker can exploit Supabase’s MCP integration to leak a developer’s private SQL tables. Model Context Protocol (MCP) has emerged as a standard way for LLMs to interact with external tools. While this unlocks new capabilities, it also introduces new risk surfaces.