Author: Joanie Mann

As the CTO for Mendelson Consulting and Director of Cloud Services for Noobeh, Joanie Mann provides support and guidance for businesses seeking to implement cloud solutions and services in their IT environments.
Posted on

Cybersecurity and Retail Should Always Go Together

Retail cybersecurity is a critical concern for every business in the retail industry, which is why cybersecurity and retail should always go together. Retailers are prime targets for cyberattacks due to the valuable customer data they collect, which usually includes personally identifiable information (PII) and credit card numbers. Retailers can handle large volumes of customer data, which becomes an attractive target for cybercriminals seeking to profit from selling it on the dark web.

Recent statistics from various sources suggest that more than 24% of cyberattacks specifically target retailers, making it one of the most heavily targeted industries. Roughly one third of retailers cite cybersecurity concerns as their primary obstacle in transitioning to e-commerce, with cost and technology barriers coming close behind.

For the bad guys, however, it is all about the money. Almost all retail cyberattacks are driven by financial motives. When consumer data is compromised, most of the information exposed consists of payment information and personally identifiable data which can fetch a good price on the dark web.

Retail cybersecurity threats occur because the environment tends to have a lot of elements. The hybrid nature of many retail businesses introduces additional risk, where brick-and-mortar stores are combined with e-commerce platforms and services.

NFC (Near Field Communications) vulnerabilities exist in some payment systems, and many Point of Sale (POS) systems still do not use point-to-point encryption for their communications. Even if communication streams are encrypted, it makes little difference if the software has known vulnerabilities or if insecure plugins or add-ons are being used.

Cloud-based storage and mobile apps increase the presence of stored data online, which increasingly leads to new threat vectors like cloud-based botnets and more.

The key is for businesses to prioritize security and invest in platforms and solutions that will help protect customer and business data. Critical in this effort is the implementation of IT best practices in regularly updating operating system and application software, limiting the access users have for installing or modifying software on their devices, and always monitoring the systems for vulnerabilities.

Like cybersecurity and retailers, Noobeh and secure IT go together. We help retail and other businesses proactively address cybersecurity challenges so they can protect both their business and their customers. Noobeh cloud services helps retailers secure their business servers and systems, delivering scalable, high availability and highly agile solutions that keep business and finance operations running.

Noobeh provides services for Microsoft 365 and Microsoft Azure platform and deploys solutions for manufacturing, inventory management, multi-channel commerce, EDI, financial and more. Get together with Noobeh and find out how we can help your business operate more securely and with better, more agile and resilient IT.

jm bunny feetMake Sense?

J

Posted on

Prey or Empowered? Small Businesses and IT Security

Now more than ever, small businesses need to be vigilant with their information technology security. Small businesses may not be the big fish in the sea, but there are plenty of them out there to catch. Small businesses tend to make the best targets because they often fail to perform security audits, they may not be willing to invest in the resources needed to protect themselves, and they frequently don’t even carry the right insurance coverages. To hackers, small businesses are easy prey.

“Don’t think you are too small to be affected,” says Erik Knight, the founder and CEO of SimpleWAN. “Every place you have an employee or office is a potential entry point. Take it seriously; if you have something worth taking, a hacker will try to take it.”

https://www.forbes.com/…

There are a few things every business can do to improve the security and privacy of their data. It isn’t an option any longer; these are essential elements in an overall security strategy that can make the difference between staying in business and not.

Use strong passwords, not easy-to-guess words, phrases or sequences (1234 is not a strong password). Passwords should be unique, more than 8 characters in length, and have a mix of numbers, letters, and special characters.

Keep software updated. Whether it is the operating system on your computer or the software you use to write letters, having up-to-date software matters. Developers don’t just upgrade software to fix bugs or introduce new features; software often gets updated because of security issues or vulnerabilities.

Keep networks and connected devices secure to make sure that the computers and connections aren’t introducing weaknesses into your system. Not only are password controls and software updates needed, but firewall security and good anti-virus/anti-malware solutions are also a must. Keeping an eye on the server matters, but the connecting points and end points are where many vulnerabilities exist.

Set up two-factor or multi-factor authentication to further secure logins. 2FA and MFA is like having ID besides just your driver’s license to prove you are who you say you are. Your password, like your DL, is just one factor; you need one more thing to prove your identity for 2FA, like a code from your phone or maybe your fingerprint. The point is that there should be more than just a username and password to access important data.

Restrict use of personal email or social media on work devices. This gets a little trickier with smaller businesses, as many don’t or can’t support providing users with all company-owned devices. There are tradeoffs to allowing users to bring their own devices (byod) versus using company-owned devices. When mobile devices are part of the mix along with desktop and portable computers, it becomes even more complicated and the risk potential increases.

Use encryption for data in transit and data at rest. Encryption is like scrambling the data and then unscrambling it when you access it. In transit, data may be encrypted by a VPN so that it is protected over the wire (in motion) as it is sent and received on the network. RDP is also encrypted, but this remote access method’s main purpose is to keep the data from leaving the server in the first place. At rest, like when it is sitting on a hard drive or other storage location, data can also be encrypted. To open the file or file system, you need a key to decrypt it.

Keep all data backed up and create a way to rapidly recover your server and systems in the event of failure or compromise. Backups are great right up until you find they are as damaged or unrecoverable as your main system, so make sure to have a policy of testing your backups periodically. There are many ways to back up and protect your data, including external drives and cloud storage. If data gets lost or corrupted, you want to be able to restore it from a backup. Regularly audit your backup and data security practices to help identify weaknesses that make the business vulnerable.

Educating employees on the importance of cyber security is among the most important steps a business can take to protect itself. Keeping passwords secure and secret, knowing how to spot a phishing email and what to do and not do with it, not clicking on suspicious links in emails, not sharing personal or confidential information online, and what to do in the event of a breach are all things that should be regularly discussed with workers and supported by written policies.

Managed Azure cloud servers from Noobeh help you keep your business information more secure. Our services demand high levels of security and privacy, and we help our customers keep their data and systems safer and more secure by handling some of the requirements for them.

  1. Strong password policies and MFA is our standard setup, and software updates and patching are part of the service.
  2. Working on the cloud server keeps data on the server and not traversing the network or downloading to individual PCs, so information stays secure and separate from whatever a user runs on their local devices.
  3. Data on the Azure virtual machines is encrypted at rest, and additional encryption is available to add more layers of protection. Data in motion is encrypted, but very little data actually traverses the wire.
  4. Servers and data are backed up regularly with snapshots and file level backups, allowing for simple file restores as well as comprehensive system recovery.

For small businesses, Noobeh has the solution for creating a more secure and better protected IT environment where applications and data can be available to those who need them without compromising the investments already made in training and process development. Moving software and data to a private cloud server allows companies to continue using the software they rely on, just in a better way. Instead of being easy prey to hackers, our customers benefit from higher levels of IT administration, management and protection that empowers them to work the way they need to – any time, anywhere.

jm bunny feetMake Sense?

J

Posted on

Data Gets Lonely When It’s Isolated

EDI Helps Manufacturers Increase Efficiency and Improve Profitability

More efficient processes yield more revenue, it’s that simple. Imagine being able to seamlessly integrate data across the entire supply chain and then imagine how that integration could increase the efficiency and deliver more revenue to each link in the chain.

Every manufacturing CEO wants to increase operational efficiency and lower costs, helping to boost revenues and improve profitability. Yet there is an area which has often been overlooked by businesses, and this is the area of B2B integration. While some methods have delivered degrees of success, broad-based solutions remain elusive to many.

The problem is in the number and types of data sources a manufacturer deals with on a regular basis. With a network of partners and suppliers, each using their own data formats and transfer methods, the volume and variety of information flowing can be overwhelming. The result is siloed data, increased pressure on information technology and management resources, disconnected workflows and slower processes.

IDC’s Manufacturing Insights’ webcast IDC FutureScape: Worldwide Manufacturing Predictions once suggested that nearly 30% of manufacturers would make significant investments toward increasing visibility and analysis of information exchange and business processes, within the company and with partners. That was in 2015. Today, data integration and process improvements continue at a fevered pace as technology is helping businesses gain new data that brings new insight and sparks change.

The integration of Electronic Data Interchange (EDI) is a fundamental first step in improving how a business works with trading partners as well as internally. EDI has been around for many years and refers to the transfer of structured data between two organizations or “trading partners” using a set of standards that define common information formats to facilitate the exchange. By adhering to the same standards, two different organizations can electronically exchange documents (POs, invoices, shipping notices etc), seamlessly and regardless of geographic location.

Simplifying business processes, reducing operating costs, increasing end-to-end visibility, reducing errors, and speeding up operations and responsiveness… these are the many benefits to be experienced when EDI and non-EDI information streams are processed in the same manner when it comes visibility, exception-handling, notifications, role-based access etc.

Unfortunately, not all trading partners use EDI (or implement it in the same manner). To get their documents into a usable format, manufacturers find themselves using manual processes or writing custom scripts. Either way, it means that documents are flowing through entirely different processes for EDI and non-EDI business partners, which significantly complicates matters and adds unexpected costs and complications. Addressing this is one of the reasons why modern manufacturers are finding an increased need for connecting with organizations like Mendelson Consulting who can help identify and address situations that out-of-the-box EDI does not.

The pressure is mounting for manufacturers to produce more with less resources. Mendelson Consulting understands what makes EDI complicated and has the experience and expertise to help growing enterprises overcome challenges in design and implementation, making broader integration possible and greater improvement achievable.

jm bunny feetMake Sense?

J

Posted on

Better QuickBooks Hosting with Noobeh

QuickBooks hosting is a type of service that allows small businesses to access their QuickBooks Desktop accounting software and data from anywhere with an internet connection. QuickBooks hosting fits into the modern cloud computing world by providing small businesses with a flexible and cost-effective way to manage their accounting and financial operations.

In the past, small businesses would need to install QuickBooks software on their own computers and maintain their own IT infrastructure to manage their accounting and financial data. This requires a significant investment in hardware, software, and IT staff, and makes it difficult for the business to scale their accounting operations as their business grows.

With QuickBooks hosting, small businesses can avoid these challenges by moving their accounting operations to the cloud. Yet not all QuickBooks hosting providers offer the same level of service or protection for your data.

Most QuickBooks hosting providers run the QuickBooks software and store the QuickBooks data on their own servers, renting space on the servers to its business customers. In most cases, many businesses will share the servers, which increases risk.

Noobeh works only with private environments where customers do not share servers or other resources. Each customer has their own private account and environment which is accessible to only their users via the Internet. This eliminates the need for small businesses to maintain their own IT infrastructure and allows them to scale their accounting and business operations up or down as needed.

QuickBooks hosting from Noobeh provides businesses with a number of other benefits, including:

Increased Security: Noobeh’s QuickBooks on Azure deliveries have advanced security measures in place to protect customer data from unauthorized access, data breaches, and other security threats.

Enhanced Collaboration: Noobeh’s QuickBooks on Azure allows multiple users to access and work on the same QuickBooks data at the same time, which can improve collaboration and productivity.

Automatic Backups: Noobeh’s QuickBooks on Azure performs regular backups of customer data, which can help ensure that important financial data is not lost in the event of a disaster or system failure.

Anytime, Anywhere Access: Noobeh’s QuickBooks on Azure allows small businesses to access their accounting data from anywhere with an internet connection, which can be especially useful for remote or distributed teams.

Totally Private: Noobeh’s QuickBooks on Azure runs on the Microsoft Azure platform and uses private Microsoft accounts, keeping things absolutely private for your business.

Noobeh’s QuickBooks on Azure hosting is a modern cloud computing solution that can help small businesses streamline their accounting and financial operations, reduce costs, and improve their overall efficiency.

jm bunny feetMake Sense?

J

Posted on

Intuit Makes Moves to Push Low-End QuickBooks Users to Online Edition

QuickBooks Pro and Premier Subscriptions No Longer Available After July, and It’s Bye Bye for QuickBooks for Mac

 

Final sale date for QuickBooks Pro and Premier

On November 30 of this year, Intuit notified its partners and customers that the final date for new sales of QuickBooks Desktop Pro, Desktop Premier, Mac, and Desktop Enhanced Payroll is July 31, 2024. Starting in August, QuickBooks Pro and Premier subscriptions, along with Mac versions and desktop payroll services, will no longer be available for purchase. QuickBooks Enterprise, which is a desktop edition, is the only QuickBooks version that will remain available for new subscriptions. 

For several years, Intuit has been improving their online version of the product while migrating as many customers as possible to that platform. Now, businesses that have invested years of user training and business process development are forced to decide if the online version of QuickBooks will meet the needs that the desktop editions have for years, and they must look at the realities of potentially re-training users and re-developing workflows and processes. 

QuickBooks Enterprise is a viable alternative 

The alternative is that businesses adopt QuickBooks Enterprise edition and retain the value of user knowledge and process support by remaining in desktop QuickBooks. For businesses that manage multiple company files, QuickBooks Enterprise provides the same multi-company capabilities that Pro and Premier do, something the online edition does not currently support. 

There is no change to QuickBooks Desktop Enterprise subscriptions. All QuickBooks Desktop Enterprise subscriptions (Silver, Gold, Platinum, and Diamond) will continue to be available for purchase for new customers. QuickBooks Enterprise Gold, Platinum, and Diamond subscriptions include integrated payroll. 

Flexibility of Desktop Applications on the Cloud 

With the announcement, many accounting professionals and their clients are not sure what the best path forward is. While there is momentum behind the online application, there are options for staying with QuickBooks Desktop and still take advantage of the cloud. 

For businesses that want the flexibility of using the cloud but that need the features and functionality of desktop QuickBooks, Noobeh cloud offers QuickBooks on Azure services. This empowers businesses to use their QuickBooks Desktop software – Pro, Premier, or Enterprise – along with all their add-ons and integrations, and to run it all securely on the Microsoft cloud. Note that Noobeh’s hosting service also works with Mac devices, so even Mac and iOS users can work in hosted Windows versions of QuickBooks. 

QuickBooks Desktop is Not Dead 

The retirement of QuickBooks Desktop Pro, Premier, Mac and Payroll products currently impacts only new customers looking for those solutions, or existing customers that do not have current subscription licenses. If a business has an existing QuickBooks Desktop Pro Plus, Premier Plus, Mac Plus, or Enhanced Payroll subscription, they can continue to renew their subscription after July 31, 2024. Intuit will continue to provide security updates, product updates, and support for existing subscribers. 

Intuit will also allow accountants to continue purchasing QuickBooks Accountant Desktop Solutions, including ProAdvisor bundles, directly through the QuickBooks Accountant Sales team. 

What to Do 

To avoid losing access to QuickBooks desktop, businesses should purchase a QuickBooks Desktop Pro Plus, Premier Plus, or Mac Plus subscription through the QuickBooks Accountant Sales team before July 31, 2024. Businesses that need a desktop payroll solution should consider purchasing a QuickBooks Enhanced Payroll subscription before July 31, 2024, or upgrade to QuickBooks Enterprise Gold, Platinum, or Diamond, all of which include integrated payroll and can still be purchased after July 31, 2024.  

Mendelson Consulting, Intuit’s first solution provider and the go-to experts on QuickBooks Desktop and QuickBooks Online, are perfectly positioned to provide businesses with the help they need to decide which path to take with their QuickBooks software. Recognized as specialists in working with larger businesses using QuickBooks Enterprise and as top performer with QuickBooks Online, Mendelson Consulting’s team has the depth and breadth of knowledge and expertise to make sure your business makes the best possible choice for its financial systems. 

jm bunny feetMake Sense?

J

Posted on

ZERO TRUST – Every Email is Suspect

Electronic mail has become a standard for communications around the globe. Email can contain not just text, but can deliver documents, photos and videos and other media. Email allows people to contact others at any time and respond on their own schedule. Where previous methods of communicating with someone far away were expensive and time-consuming, email allows people to stay in touch no matter where they are as long as they can connect to the internet.

Yet email is not a fully secure communication medium, and a lot of people are just now figuring out just how vulnerable they may be. What was once considered a trusted means of communication has now become something to be suspicious of. For most users today, it is best to approach emails with a high degree of suspicion (zero trust), especially if they ask for personal information or contain links or attachments.

With email, someone could intercept the messages or even store messages without your knowledge or control. The smallest human error can have ripple effects that turn into waves of trouble because messages cannot usually be taken back. And then there are the threat actors, of which there are too many and they are far too clever.

Phishing has become a highly popular method of cyber-attack, probably because it works so well. It involves tricking people into giving away sensitive information like credit card numbers, social security numbers, and passwords. Phishing is fueling (phueling?) opportunities for malware infections and identity theft which can lead to financial loss, reputation damage and more. Any information an attacker can gain helps them get even more information and go deeper into the organization.

Protecting against phishing attacks requires vigilance and following best practices such as using strong and complex passwords, and two-factor or multi-factor authentication (MFA). Also, it is crucial that users avoid clicking on links in emails, and everyone should verify the email authenticity before responding, especially if sensitive information is involved.

To check the identity of the sender, mouse over (put your cursor over) the email address and it may show you the actual sender address. While the email may say the message came from somebody you know, you may find that the actual sender address is an obscure email address you don’t recognize.

Mouse over links in the email but don’t click on them. When you hover your cursor over the link, it may show you the actual url the link goes to. Like with email addresses, links can be named something other than the actual url. If it is a url or website name you recognize and trust, then type the url into your browser instead of clicking on the link, just in case.

Use multiple channels for communication. This means you should not just communicate with co-workers and others using email. It is always a good idea to have some other form of trusted means of communicating with someone, such as via telephone or a messaging application. When you receive an email requesting sensitive information or an email with file attachments, you should communicate with the sender on one of your other communication channels to verify the authenticity of the email or attachment.

Never ask the sender to verify their identity over the same channel as the original communication. If it is a hacker, you’ve just verified to them that they reached their target.

jm bunny feetMake Sense?

J