Category: compliance

Posted on

Why Small Businesses Need Proactive Accounting

It has been demonstrated time and again that businesses working with experienced accounting professionals can benefit from the strategic financial guidance and compliance support they may provide. Yet these factors alone are often not enough to make the business owner happy. For most small business owners and growing enterprise stakeholders, the lack of proactive advice compounded by slow responses to business requests are the primary reasons for leaving their CPA.

Even if they don’t know how to ask for it, small businesses want proactive attention from their accounting professionals. Small businesses want and need to get information when it matters, and they need help deciphering what the information really means.

It is common for professional accounting firms to simply wait for their clients to provide after-the-fact information from which reports are prepared and delivered long after their relevance has passed. These firms often see no sense of urgency in helping clients address the business issues facing them in real-time.

Business owners attempting to grow a small enterprise from their budding small business especially need the benefit of experienced insight into operational metrics, cash flows and overall business performance. Without this meaningful data and advice delivered in real-time, stakeholders don’t really know what is going on or if they’re on the right path.

Advice on business planning and financial strategies should come to business owners from their accounting professionals, but it often does not. It is interesting that so many firms list business planning and strategy among the services promoted on their websites, yet they just sit back and wait for clients to ask for help.

Regulatory and reporting requirements for businesses are ever-increasing, so it makes some sense that many professional practices continue to focus on taxes and compliance work. Firms may find it challenging enough to keep up with changes to these core services provided. Yet this is why practitioners should take notice and accept that their ability to meet changing market and customer demands is wrapped in their ability to leverage technology to do what people and process can’t do alone.

Information technology is needed to speed up the bookkeeping, accounting and reporting processes, and it takes even more technology to help turn data into relevant and useful information. This is where Mendelson Consulting and Noobeh cloud services can help.
Working with businesses of all sizes and encouraging participation by the accounting professional, Mendelson and Noobeh help businesses implement the technology that facilitates faster collection of information throughout the business and then applying solutions that reflect those numbers in ways that helps users visualize the meaning of the data.

Mendelson and Noobeh help CPAs and accounting professionals remove threats of competition and irrelevance by helping them work closer with and deliver greater value to their small business clients. Applying proven, innovative technologies with improved processing methods and controls leads to better information provided in a timelier manner, which returns to the client as a better result offering greater insight. This is what small businesses want from their CPA, and Mendelson Consulting and Noobeh Cloud Services helps professionals deliver it.

jm bunny feetMake sense?

J

Posted on

Prey or Empowered? Small Businesses and IT Security

Now more than ever, small businesses need to be vigilant with their information technology security. Small businesses may not be the big fish in the sea, but there are plenty of them out there to catch. Small businesses tend to make the best targets because they often fail to perform security audits, they may not be willing to invest in the resources needed to protect themselves, and they frequently don’t even carry the right insurance coverages. To hackers, small businesses are easy prey.

“Don’t think you are too small to be affected,” says Erik Knight, the founder and CEO of SimpleWAN. “Every place you have an employee or office is a potential entry point. Take it seriously; if you have something worth taking, a hacker will try to take it.”

https://www.forbes.com/…

There are a few things every business can do to improve the security and privacy of their data. It isn’t an option any longer; these are essential elements in an overall security strategy that can make the difference between staying in business and not.

Use strong passwords, not easy-to-guess words, phrases or sequences (1234 is not a strong password). Passwords should be unique, more than 8 characters in length, and have a mix of numbers, letters, and special characters.

Keep software updated. Whether it is the operating system on your computer or the software you use to write letters, having up-to-date software matters. Developers don’t just upgrade software to fix bugs or introduce new features; software often gets updated because of security issues or vulnerabilities.

Keep networks and connected devices secure to make sure that the computers and connections aren’t introducing weaknesses into your system. Not only are password controls and software updates needed, but firewall security and good anti-virus/anti-malware solutions are also a must. Keeping an eye on the server matters, but the connecting points and end points are where many vulnerabilities exist.

Set up two-factor or multi-factor authentication to further secure logins. 2FA and MFA is like having ID besides just your driver’s license to prove you are who you say you are. Your password, like your DL, is just one factor; you need one more thing to prove your identity for 2FA, like a code from your phone or maybe your fingerprint. The point is that there should be more than just a username and password to access important data.

Restrict use of personal email or social media on work devices. This gets a little trickier with smaller businesses, as many don’t or can’t support providing users with all company-owned devices. There are tradeoffs to allowing users to bring their own devices (byod) versus using company-owned devices. When mobile devices are part of the mix along with desktop and portable computers, it becomes even more complicated and the risk potential increases.

Use encryption for data in transit and data at rest. Encryption is like scrambling the data and then unscrambling it when you access it. In transit, data may be encrypted by a VPN so that it is protected over the wire (in motion) as it is sent and received on the network. RDP is also encrypted, but this remote access method’s main purpose is to keep the data from leaving the server in the first place. At rest, like when it is sitting on a hard drive or other storage location, data can also be encrypted. To open the file or file system, you need a key to decrypt it.

Keep all data backed up and create a way to rapidly recover your server and systems in the event of failure or compromise. Backups are great right up until you find they are as damaged or unrecoverable as your main system, so make sure to have a policy of testing your backups periodically. There are many ways to back up and protect your data, including external drives and cloud storage. If data gets lost or corrupted, you want to be able to restore it from a backup. Regularly audit your backup and data security practices to help identify weaknesses that make the business vulnerable.

Educating employees on the importance of cyber security is among the most important steps a business can take to protect itself. Keeping passwords secure and secret, knowing how to spot a phishing email and what to do and not do with it, not clicking on suspicious links in emails, not sharing personal or confidential information online, and what to do in the event of a breach are all things that should be regularly discussed with workers and supported by written policies.

Managed Azure cloud servers from Noobeh help you keep your business information more secure. Our services demand high levels of security and privacy, and we help our customers keep their data and systems safer and more secure by handling some of the requirements for them.

  1. Strong password policies and MFA is our standard setup, and software updates and patching are part of the service.
  2. Working on the cloud server keeps data on the server and not traversing the network or downloading to individual PCs, so information stays secure and separate from whatever a user runs on their local devices.
  3. Data on the Azure virtual machines is encrypted at rest, and additional encryption is available to add more layers of protection. Data in motion is encrypted, but very little data actually traverses the wire.
  4. Servers and data are backed up regularly with snapshots and file level backups, allowing for simple file restores as well as comprehensive system recovery.

For small businesses, Noobeh has the solution for creating a more secure and better protected IT environment where applications and data can be available to those who need them without compromising the investments already made in training and process development. Moving software and data to a private cloud server allows companies to continue using the software they rely on, just in a better way. Instead of being easy prey to hackers, our customers benefit from higher levels of IT administration, management and protection that empowers them to work the way they need to – any time, anywhere.

jm bunny feetMake Sense?

J

Posted on

Good and Proper Accounting for Small Business

There are many reasons why a small business needs to have quality accounting, and it isn’t just about the cash. Especially when a business is small or growing, a strong financial management and reporting process will benefit the business in a number of important ways. Managing the cashflow and keeping money in the bank to cover payroll and inventory is critical, but good accounting data helps support better decision-making for more than just cash management.

Accounting and financial systems help small businesses keep track of their financial performance. This includes monitoring income and expenses (money in and money out) and creating financial statements. By having accurate and up-to-date financial information, small businesses can make informed decisions about how to allocate resources and grow the business.

Tax compliance is another area where good accounting data is essential. Small businesses are required to file taxes just like larger ones, and proper recordkeeping helps small businesses stay compliant with tax laws and regulations and to avoid penalties and fines.
Securing funding for operations and growth is another area where quality accounting data is critical. Banks and investors usually require financial statements and other financial information before providing any funding. By having accurate and well-organized financial records, small businesses can demonstrate their financial health and increase their chances of securing funding.

Knowing more about the business is always helpful, but being able to look at trends and understand what the numbers indicate is the real power. From budgeting and forecasting to identifying and reducing areas of risk, accounting data is the foundation for developing a true understanding of business activity and performance and finding ways to improve.

Track business performance, remain compliant with taxes, and get funding or investment when it’s needed. With good and proper accounting supporting management decisions, decisions become more informed and relevant and are likely to bring a better result.

jm bunny feetMake Sense?

J

Posted on

Competitive and Profitable Construction: What’s it take to get there and stay there?

The short answer is… update your operations and transform the business. It’s time to modernize and embrace the cloud.

Construction firms need to be more data-driven, analyzing and responding to conditions revealed by the various systems supporting the business operation. Turning a profit on complex projects means applying automation to manual processes and workflows, introducing more collaborative tools, and delivering real-time data to gain greater insight into the operation’s performance and profitability. The foundation for all of this is the cloud platform, extending connectedness beyond traditional boundaries.

Digital transformation and the adoption of agile and connected cloud platforms can result in productivity gains of 14 to 15 percent and reduce costs from 4 to 6 percent. These improvements are the way to address fading profits even as the pace of business increases. https://www.mckinsey.com/business-functions/operations/our-insights/decoding-digital-transformation-in-construction

There are several factors that typically weigh down the operation and cause profits to fade. Strained IT resources is a big item for most construction companies, where technical people spend far too much time building and maintaining on-premises servers and networks. Maintaining on-premises servers adds up fast. A single IT manager can easily cost around $150,000 per year, and the “cost of cybersecurity compliance raises the price by an additional $200,000.” (5 Reasons Contractors Need to Modernize Their Operations to Stay Competitive and Profitable by Trimble Viewpoint)

Even when you factor in the costs of hardware, software and IT personnel, those costs don’t include the hidden expenses that come with the use of on-premises servers, like disconnected and siloed data that requires manual processes to use, duplicated data entry requirements (increasing the potential for human error) and more costs for labor. When you figure in all the capital costs and expenditures, on-premises solutions can cost up to four times as much as their original purchase price. On the other hand, NOOBEH cloud servers, deployed on the Microsoft Azure platform, offer reliable, cost-effective solutions to support the variety of important business applications and integrations that high-performance operations require.

NOOBEH cloud services focuses on addressing the pain points businesses have with their IT. We help businesses implement services that promote real collaboration for real use-cases, and we look for ways to connect projects and operational data so it can be analyzed to unlock greater value across the entire enterprise.

Disconnects cause inefficiency, delays, errors, and reduced productivity. Lack of insight on the labor and equipment side leads to uncontrolled resource utilization and a lack of predictability. Jobs get delayed and profits fade. Lost productivity due to duplicate entry of information is leveled at 10%-30% (or more), and these rates are not uncommon. https://www.eckerson.com/articles/hidden-costs-of-duplicate-data.

Clearly, automation, connected workflows, cloud platforms and real-time data are essentials in the transformation and improvement effort. Let in-house IT focus on activities that bring value to the business, finding ways to innovate and improve how things get done. Replace cumbersome, manual processes with software and systems that facilitate greater automation and integration, eliminating redundant data entry and improving the quality of information.

Construction projects are becoming larger and more complex, and project owners want the latest technologies, real-time reporting, and comprehensive approaches to compliance. Today, industry-leading contractors are embracing connected cloud technologies so they can scale and future-proof their businesses.

The modern contractor takes advantage of connected platforms, automation and real-time data that feeds data analysis and business intelligence… innovations only available with the cloud. That’s what NOOBEH delivers.

jm bunny feetMake Sense?

J

Posted on

Love It or Leave It? QuickBooks Desktop Needs Internet Explorer 11 and Microsoft Uninstalls It.

We all know that software companies recommend running current versions of their frameworks and applications. Often for security reasons, software developers regularly update their products to make them more capable of avoiding or fending off attack of various kinds. New feature and integration delivery and updated compatibility requirements are also big drivers of software updates. Especially as online threats increase and attack potential skyrockets, businesses need to keep their systems updated and secure, and a regular cadence of updates and upgrades makes good sense… but only when the potential impacts of the upgrade have been thoroughly explored. With Windows 10 and 11 and the improved Edge browser (improved over IE), users are loving the enhancements and features. QuickBooks desktop users, on the other hand, might have preferred that Microsoft just leave Windows browsers alone.

The Internet Explorer 11 desktop application will be retired and go out of support on June 15, 2022

Microsoft is removing Internet Explorer 11 on some Windows 10 computers, and it doesn’t come with Windows 11. According to Microsoft:

The future of Internet Explorer (“IE”) on Windows 10 is in Microsoft Edge. What does this mean for commercial organizations, IT admins, developers, and end users? Microsoft Edge brings you a faster, more secure, and more modern web experience than Internet Explorer. Also, Microsoft Edge with Internet Explorer mode (“IE mode”), is the only browser with built-in compatibility for legacy IE-based sites and apps.

As announced today, Microsoft Edge with IE mode is officially replacing the Internet Explorer 11 desktop application on Windows 10. As a result, the Internet Explorer 11 desktop application will go out of support and be retired on June 15, 2022 for certain versions of Windows 10.

Internet Explorer 11 has been an old technology browser for many years now, so it isn’t surprising that Microsoft is moving ahead with Edge. Browsers are used for far more than just viewing static web pages or bulletin-board chat rooms, so they have grown into frameworks that support a wide variety of processes and procedures. As browsers go, IE11 just doesn’t cut it any longer. But there is a hitch that can really mess up the (literally) millions of QuickBooks desktop users out there who innocently update their computers when Microsoft pushes it via Windows update.

IE11 gets removed from the machine, but QuickBooks desktop 2021 and earlier are dependent on IE11 to run

A little dependency is unavoidable in any good relationship where cooperation and compromise are involved. But being a little too dependent on another can be unhealthy and put a lot of stress on the relationship. Dependencies are among the things to consider any time a software update or upgrade is about to be installed. What relationship does the software about to be updated have to other applications or services installed? Is the new version going to get along with the other applications on the system, or will it even run on the current system? These are the things which should be closely looked at to avoid problems post-update.

Many users are already reporting problems opening their QuickBooks desktop software due to IE being removed from their Windows 10 computers. Microsoft has announced the retirement of IE11, but most users either don’t pay attention to those notices or they don’t really understand the implications. These are among the things that Mendelson Consulting and the NOOBEH cloud services teams pay attention to for you, so that we can help you avoid the things that keep your business from doing business.

If you find that your QuickBooks desktop software will no longer run due to IE having been disabled or removed on your computer, you can link here to find instructions on how to disable and enable Internet Explorer on Windows 10. This will get IE re-installed on your computer so that you can make your QuickBooks desktop software work again.

QuickBooks Desktop 2022 versions are compatible with Windows 11 and Edge browser

QuickBooks Desktop 2022 versions, including Pro, Premier and Enterprise editions, are certified as fully compatible with Windows 11 64-bit, but only if you have installed R3 or later. Other year versions of QuickBooks (and QB 2022 desktop running a prior update release level) may experience unexpected issues including problems with browser compatibility.

What’s the benefit of modernizing if it breaks your business?

Updating application software often means also updating your operating platforms. To keep your business running smoothly, you need to make sure to keep your computers and your application software up to date. It makes no sense to fix a vulnerability in one place but leave another open. Yet sometimes your software vendors don’t do things in an order that works for you, and you end up breaking something that the business depends on. This is where companies find additional value in what Mendelson Consulting and NOOBEH cloud services offer.

For customers running their QuickBooks desktop applications on the Microsoft cloud with NOOBEH, we got you covered. Among the many benefits of working with Mendelson Consulting and NOOBEH cloud services is that we help keep your business software and systems working for you, not against you. We stay up to date with the latest changes to platforms and software systems to ensure that compatibility and performance isn’t compromised. We help businesses leave their old systems and migrate to modern, agile cloud platforms that businesses love.

jm bunny feetMake Sense?

J

Posted on

Cybersecurity Terms Every Business Owner Should Know, and Zombies are Bad

The world of cybersecurity constantly changes, making ongoing education the key to understanding the threats businesses face and how to possibly deal with them.

Cybersecurity is often defined as a set of techniques for protecting an organization’s digital infrastructure – the networks, systems, and applications – from being compromised by attackers and other threat actors. Cybersecurity is comprised of the efforts to design, implement, and maintain security for any organization network which is connected to the Internet.

Cybersecurity is made up of the technology, people, and processes which create strategies to protect sensitive data, ensure business continuity, and safeguard against financial loss.

To understand what cybersecurity entails, it is important to have a basic understanding of the relevant terminology.

Starting with a few that are frequently misused, here are some cybersecurity terms to add to your business vocabulary.

Data are the bits and bytes. When multiple bits and bytes are combined, they make up information. Knowledge is required to turn information into action.

A threat is the possibility that something bad that might happen, while a risk includes the probability of the bad thing happening and the possible result.

Risk Management is the process of responding to the possibility that something bad might happen. Traditionally, there are four options for managing risk in the business: accept it, transfer it to someone else, avoid it altogether, or mitigate it (reduce the severity).  To manage cybersecurity risk, many businesses establish requirements or controls to identify activities, processes, practices, or capabilities an organization may have. Controls may or may not be mandatory, but requirements generally are.

Information Security, or Information Assurance, is the protection of facts, news, knowledge, or data in any form. Information Assurance is an important aspect of preserving business resources and is often combined with cybersecurity, although it isn’t squarely in that area. Where cyber addresses digital, information security must also address non-digital such as paper, human knowledge or memorized, stone tablets, pictures, and signals or whatever.

Authentication is the process of proving an individual is who they say they are (claiming an identity and then proving it), whereas authorization is the use of access controls to determines and enforces what authenticated users are permitted to do within a computer system. Access Controls are the means and mechanisms of managing access to and use of resources by users.

Audits, in cybersecurity, are usually performed after a security incident. In general, an audit is an official inspection of some type. An assessment is often more like a health check for gauging capability or status. Audits may be performed internally or by outside entities. Compliance is meeting a requirement, whether internal or external. Sometimes these are regulatory requirements where a certification or attestation of some type is shown. Both audits and assessments may be required to be compliant with certain standards or designations.

A cyberattack is any attempt to violate the security perimeter of a logical environment. This could be a single computer system, a local or wide-area network, a cloud server, etc. – whatever is within your “perimeter” and is interconnected with your systems, regardless of location in the physical world. Cyberespionage, on the other hand, is the unlawful and unethical act of violating the privacy and security of an organization for the purposes of leaking data or disclosing internal, confidential, or private information.

And then there’s malware (malicious software), which includes any code that is written for the specific purpose of causing harm, disclosing information or in some other way violating the security or stability of a system. The malware category includes lots of different types of terrible and potentially damaging programs including virus, worm, Trojan horse, logic bomb, backdoor, Remote Access Trojan (RAT), rootkit, ransomware, and spyware/adware and more.

To better-secure your systems, multi-factor or two-factor authentication is suggested. Multi-(multiple) factor and two-factor authentication are a means of verifying a “claimed” identity using two or more types of proof (authentication factors). The password is typically the initial proof provided, and the other factor/method might be SMS to your phone or possibly an authenticator app.

For example: You claim that the email address is your identity, and you verify that by entering your password. That is one “factor” that proves your identity. But if your password gets hacked or revealed, it would be good to have another layer of protection on that login. Two is better than one in this case; MFA (multi-factor) and 2FA (two-factor) authentication is considered stronger than any single factor authentication and requires another method (factor) of identification to prove your identity.

Finally, there are zombies. Yes, Zombies. This is a term that relates to the concept of a malicious network of “bots” (a botnet). Botnets are made up of poor, innocent computers that are compromised by malicious code so that they can run remote control or other agents. The agents give the attackers the ability to use the system’s resources to do nefarious things, like perform illicit or criminal actions. The zombie can be the system that hosts the malware agent of the botnet, or it could be the malware agent itself. Either way, zombies are bad.

Security is an essential consideration for every business, and the Internet and the interconnected design of today’s technology has made things so much more complicated. The most important thing is to be aware of the threat and how that landscape is changing, and to educate team members so that everyone in the company participates in keeping the system, and the business, protected.

jm bunny feetMake Sense?

J