Category: Online Accounting Technologies

Posted on

Run Your [New, Small, Growing] Business from Anywhere

The office for a small business used to be where all the work got done.  The hub of activity and productivity for a small business, the office was where you could connect with team members and co-workers and generally keep on the same page with what was going on in the business.  Customer orders are taken, those orders are fulfilled, and bills are paid – all from the small business office.  Yet today’s small business isn’t tied to the office location any longer.fishingpoles

Mobility and the cloud now provide businesses with mobile office options that allow users to get their jobs done no matter where they happen to be.  Business moves at a fast pace, and mobility and remote access solutions help companies be more nimble.  Collaborating while on the go and exchanging ideas and concepts quickly helps businesses be more agile and better-able to meet changing customer needs.  Successful small business owners leverage mobility and action to beat the competition.

The cloud and Internet-based computing lets small businesses access and benefit from IT solutions that were previously only available to enterprise organizations.  Better IT means being more competitive, giving smaller businesses a leg up and positioning them among even the largest of competitors. For the business owner, the freedom of being able to manage the entire business from anywhere delivers a freedom and flexibility previously unimagined.

Here are some ways hosted and cloud-based IT can help small businesses overcome everyday business challenges:

Reduce or Eliminate the Need for a Physical Office

Starting a business is tough, and many small business owners decide to use their own homes as a business location rather than forking over a bunch of lease money to a commercial realtor.  Using hosting application services and cloud technologies can help keep team members and co-workers working together, no matter where they are located.  Many businesses are able to get off the ground and operating successfully without ever having an established office.

Work when it Works for You

Remote desktops and hosted applications deliver functionality to users no matter where or when they need to work.  With ready access to everything needed to get the job done, workers are able to be productive even when they’re not at a desk (or even a computer!).  Smartphone and tablet apps can make working from a mobile device highly effective, extending productivity and capability to workers whenever and wherever it is required.

Keep Everyone on the Same Page

When systems are centrally located and accessed, it is easy to keep everyone on the same version, the same edition, and the same page.  No matter where users are located, documents and application data are kept in sync, ensuring that everyone is working on the most current information available.  Mobile access to applications and data keeps information from being distributed to various devices, making revision control easier and providing better protection for valuable business information.

Mobile computing and the cloud make it easy for small businesses to have better IT that enhances productivity and supports growth.  Reducing capital costs and exchanging large technology investments with affordable monthly subscription service gives small businesses the boost they need to implement the solutions and services which will develop and improve collaboration, streamline workflows, and reduce overhead costs while enabling a fast-paced and agile business ready to meet any challenge.

jmbunnyfeetMake Sense?

J

Posted on

Securing Business Data When Mobility is the Target

driving1-ANIMATIONToday’s workforce is a mobile workforce. Technology has enabled businesses to allow their employees to reach beyond the office walls, doing business and operating effectively from just about any location.  SaaS, online access to business data, and smart phone technologies have brought flexibility in working models previously only imagined by the workforce tethered to business locations and office computers. Yet this flexibility comes at a price if the business is to keep up with securing and protecting data assets as readily as it extends access to them.  The bad guys are well aware that mobile computing and remote access working models are growing in adoption with businesses, and are finding ways to take ever-greater advantage of the situation.

Teleworking, which is not quite the same thing as telecommuting, is on the rise and it doesn’t look to be a trend that will slow down any time soon. According to GlobalWorkplaceanalytics.com, “telework is defined as the substitution of technology for travel”.  Those who work sometimes from an office, but sometimes not, are teleworkers. Working at the office during the day and then taking work home at night makes you a teleworker. The primary tool of the teleworkforce is the smart phone – the mobile computer with built-in connectivity and enough processing power to handle many basic office workloads.

  • 50% of the US workforce holds a job that is compatible with at least partial telework and approximately 20-25% of the workforce teleworks at some frequency
  • 80% to 90% of the US workforce says they would like to telework at least part-time. Two to three days a week seems to be the sweet spot that allows for a balance of concentrative work (at home) and collaborative work (at the office).
  • Fortune 1000 companies around the globe are entirely revamping their space around the fact that employees are already mobile. Studies repeatedly show they are not at their desk 50-60% of the time.  http://globalworkplaceanalytics.com/telecommuting-statistics

The number of teleworking employees is on the rise, and so is the variety of devices used to facilitate mobile working.  Smartphones, tablets and phablets and, of course, laptop computers are used by mobile workers – often in addition to the company-supplied desktop in the office. The variety and number of computing devices per user is growing. Knowing this, businesses must take increasingly expansive steps to strengthen and secure remote access systems and business data, yet many organizations are just beginning to fully realize that the mobility they extend to their users is part of the reason for the increasing number of data breaches and attacks against business information systems.

Cybercriminals and their crafty programs are often able to steal important information or access a network by first infecting computers and devices used for telework.  Many of the devices available to the attackers are not company-owned, but are introduced to the system by contractors, vendors and employees (BYOD or bring-your-own-device users).

Even if the device isn’t a vehicle delivering a nasty payload into the network, data breaches may still occur when business information is stored on an improperly secured device. Most people who work with computers have some recognition of the potential for virus attacks and malware, but far fewer recognize the threat potential of attacks against mobile devices such as phones and tablets, and even fewer may implement meaningful protections on those devices.

“To prevent breaches when people are teleworking, organizations need to have stronger control over their sensitive data that can be accessed by, or stored on, telework devices,” said Murugiah Souppaya, a NIST computer scientist. [1]

Providing guidance and information to the public on such topics, NIST (National Institute of Standards and Technology) is revising its publications on telework to cover growing use of BYOD and how contractor and vendor devices are increasingly used to access company information resources.  Two new publications – one for organizations and one for users – are now available for review and comment.  You can find them here.

“As one of the major research components of the National Institute of Standards and Technology, the Information Technology Laboratory (ITL) has the broad mission to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology through research and development in information technology, mathematics, and statistics.”  [NIST Information Technology Laboratory Mission]

The rising number of threats, attacks and breaches caused by compromised devices used for teleworking is nothing to take lightly, and protecting against them shouldn’t be approached as a merely perfunctory obligation. Organizations must create and consistently update policies and requirements relating to protecting information accessible by remote workers if they intend to reduce business risk and provide assurances to stakeholders and customers that the information is adequately guarded.  But it doesn’t stop with the policy; businesses must also make an effort to properly educate their users (employees, contractors, vendors, etc.) on those policies, ensuring that all parties involved understand the responsibilities and requirements and strictly adhere to them.

jmbunnyfeetMake Sense?

J

[1] http://www.nist.gov/itl/csd/attackers-honing-in-on-teleworkers-how-organizations-can-secure-their-datata.cfm
Posted on

Is this email legitimate? QuickBooks Payroll ACH ID Changes go live on the 22nd!

Is this email legitimate? QuickBooks Payroll ACH ID Changes go live on the 22nd!

Trusted QuickBooks Advisors – here’s another thing for you to help your clients with

Intuit recently sent an e-mail to QuickBooks Online Payroll (QBOP) and QuickBooks Full Service Payroll (QBFSP) customers about an ACH ID change.  It kind of looks like a phishing thing, but it is really a legitimate email from Intuit, and it is important to pay attention if your company uses the impacted services and a banking feature called “debit filtering”.  There isn’t much time to act, either, because the changes go live in 3 days (February 22, 2016).

Impacted services are QuickBooks Online Payroll and QuickBooks Full Service Payroll, so it is pretty important to address.  Nobody wants their business payroll processes interrupted, and this could easily do just that.

Intuit has added some new ACH ID numbers for use with direct deposit and other processes which work with the bank, so customers using a fraud-prevention method known as “debit filtering” will need to contact their banks to add the new IDs or their bank transactions will fail.

Debit filtering allows customers to tell their banks which ACH IDs are allowed to perform transactions with the bank account, like removing or depositing funds.  It is an extra level of fraud security that protects the bank account from unauthorized access, but it is also something that can work against the business if it is not managed.  In this case, contacting the bank to add the new IDs is critical to keeping things processing and flowing smoothly.  It is also important that the old IDs not be removed yet, as they may be tied to historic transactions that must be tracked and reported on for tax and other purposes.

“Is this really from Intuit? It seems like Intuit would have a better way to make such changes than to ask millions of subscribers to contact their bank”

Source: Is this email legitimate? ACH ID Changes; – QuickBooks Learn & Support

QuickBooks users don’t have much time to reach their banks and supply the new IDs, so pull the email out of the SPAM folder and call the bank right away. Intuit won’t be sending notices to the banks, and they have no authority to add different IDs to your approved list, anyway… which is a good thing.  If just anyone could add an approved ACH ID on your account, then just anyone could get to your funds.  Better to make the phone call yourself.

jmbunnyfeetMake Sense?

J

Posted on

No REST for QuickBooks Desktop Integration Developers

No REST for QuickBooks Desktop Integration Developers

elastic-cloudIntuit, the maker of QuickBooks small business accounting software (among other things), is discontinuing service for the REST API and the Sync Manager on March 1, 2016 [1].  Developers with applications which integrate with the desktop editions of QuickBooks using this method must change their approach right away or risk having their integrations simply stop functioning.  It’s not that Intuit will DO something on March 1st.  Rather, they’ll stop doing something – like handling Sync Manager integrations.

There are a lot of different types of businesses in the world, and each of them produces and consumes a lot of information.   From sales to human resources; from operations to finance – every business generates and manages information to support the various processes which make up the business activities.  Computer systems and software represent the tools businesses use to develop and manage information, and often become foundations for structuring the information which flows through the organization. Just as there may be different people in the business, each with their own responsibilities and job functions, there are likely software applications which are similarly oriented to support different processes within the business.  Integrating or connecting different applications and processes within the business helps the organization be more efficient with information usage, generally increasing the quality of access and reporting throughout the business while at the same time reducing or eliminating redundant data entry and the potential for errors.  Software integrations are a big thing to many businesses, which is why the discontinuation of Intuit’s Sync Manager for QuickBooks Desktop editions is a big deal.

Intuit’s Sync Manager was the big thing just a few short years ago.  Providing developers with a seamless method for accessing QuickBooks company data and passing it to/from web-based and other applications was a boon to the online application model and paved the way for many disk-based integrated solutions to migrate to SaaS offerings instead.  Developers who saw success operating in Intuit’s QuickBooks marketplace as recognized add-ons were encouraged to use Sync Manager so that they would be able to seamlessly market to, subscribe and onboard new users who purchased QuickBooks products. Whether or not the developer participated in Intuit’s application marketplace, the Sync Manager and the REST API provided them with some very important capabilities and supported new methods now recognized as “standards” for development of web-based solutions and services.

The World Wide Web has succeeded in large part because its software architecture has been designed to meet the needs of an Internet-scale distributed hypermedia system. The modern Web architecture emphasizes scalability of component interactions, generality of interfaces, independent deployment of components, and intermediary components to reduce interaction latency, enforce security, and encapsulate legacy systems. http://dl.acm.org/citation.cfm?doid=337180.337228

In order to integrate a solution with QuickBooks desktop products, there are two essential problems to solve.  First, there must be access to the QuickBooks data.  Few products are able to directly access the data in a QuickBooks data file; generally, the QuickBooks program itself is used to ‘broker’ access to the company file. So, developers need a way to work inside of QuickBooks to use it to access the data their applications need.  Second, the data must be transported (via the Internet) to allow for data to come from QuickBooks into another app, or to allow data from the other app to come to QuickBooks.  The REST API and the Sync Manager addressed both of those problems and provided developers with the mechanisms required to facilitate the data integration as well as transport the data.

REST (representational state transfer) is “the software architectural style of the World Wide Web [2]” and represents a standard for creating scalable, distributed system interactions.  Using this method, developers were able to make their online solutions access, read and write data in QuickBooks desktop products because Intuit had first sync’d the data to its servers, so developers needed only to reach the Intuit servers to reach the data.  The Sync Manager provided the transport, carrying the data to/from the desktop installation where the Sync Manager service was running.  And, because the Sync Manager was basically built-in to QuickBooks, there was no additional software to install and maintain on the computer because it was all part of the QuickBooks installation.

Intuit did a fantastic job of getting developers to move to the API integration method, positioning all those lovely 3rd party solutions for linkage via an Intuit.com account and, now, to QuickBooks Online.  Intuit is clearly favoring the QuickBooks Online edition and the API integration method available with that platform, and is telling developers that they must convert their customers to QBO in order to retain the easy connective ability they had with the desktop editions via Sync Manager.

Now that Intuit has announced the discontinuation of the REST API and the Sync Manager, what options do QuickBooks integration developers have, and how can customers using 3rd party integrations keep using them?  Options do remain, and they aren’t all that bad.  In fact, the options which remain continue to be the methods of choice for certain developers. These developers recognized early on that Intuit’s somewhat “lightweight” methods couldn’t handle the complexity or full functionality of their integrations facilitated their solutions using the SDK and never looked back (and still don’t).  For this community of developers – many of whom likely never considered trying to market their solutions in the Intuit app marketplace – the elimination of the REST API and Sync Manager don’t really matter.  They didn’t bother with them in the first place, just as they aren’t bothering with QBO.  Those solutions don’t fit their customers, anyway.

The QuickBooks desktop SDK (Software Development Kit) has been around for years, and using the SDK developers have been able to craft tight integrations between their solutions and the QuickBooks desktop products.  From payment plug-ins to fully integrated sales, customer relationship, inventory and manufacturing solutions – a broad range of integrated applications built with the SDK have been successfully deployed to QuickBooks customers all over the world.   Many applications which integrate with QuickBooks desktop solutions are desktop products themselves and are designed to work within the same desktop and network environment as QuickBooks, so there is no need to worry about “transport” of the data over the Internet.

For other solutions, such as online applications and services, there may be a need to exchange data via the Web. The QuickBooks Web Connector has also been a very popular solution for developers of applications that integrate data with QuickBooks.  The Web Connector is just what its name implies: it is a way to connect QuickBooks to the web and vice versa. With the Web Connector application and a web connector configuration file, developers could provide a method of exchanging data between QuickBooks desktop and another solution fairly simply.  While the Web Connector is quite useful in providing a means to transport integrated data to/from the QuickBooks desktop to an external system (like an online application), it only allows access to whatever data Intuit decides.  For this reason, many developers use both an SDK application and the Web Connector so their applications can access all data required and also have a web service available to transport it.

There are numerous implications relating to the sunset of QuickBooks REST API and Sync Manager, and another among them is the impact in hosted environments.  For customers who are (or might) benefit from hosted QuickBooks delivery models, what does the end-of-life of the Sync Manager mean?  Since the Sync Manager was basically built into QuickBooks desktop editions, it meant that there wasn’t any extra software to install or manage when a company wanted to adopt a Sync Manager-based 3rd party integrated solution. In a hosting environment, this means that the customer could easily add integrated applications to work with their hosted QuickBooks and the service provider might never even know it was being done.  There would be no additional software to install on the host servers; so many providers would simply be unaware that their customers were using these other solutions.

As developers return to SDK and Web Connector implementations in order to integrate with QuickBooks desktop, customers will ask their hosting providers to install the QWC (QuickBooks Web Connector) and/or integration software in their service.  In shared service delivery models, this may be virtually impossible to do without potential compromise to existing customers using those servers or other applications resident on the systems.  Hosting customers will not always understand that a “simple plug-in” actually represents installable software that must be secured, maintained, managed, and kept from improperly interacting with other software in the environment.  Some providers may not even be willing to work with the new integration software, while others may allow it but will not take adequate precautions to ensure proper and secure function.

Intuit has said to many constituent groups that its focus on desktop editions of QuickBooks will continue, and new certifications and benefits for desktop ProAdvisors (and continued development of interoperability with other solutions, like the Revel POS integration for QuickBooks desktop) give support to those statements.  Yet developers who support integrations with QuickBooks desktop are once again adjusting to the not infrequent changes Intuit makes to developer programs and philosophies.  The push to QBO and connected apps may be the focus for QuickBooks marketing dollars, but there are still quite a number of (very busy!) developers supplying solutions to businesses who don’t shop inside their QuickBooks software.

Joanie Mann Bunny FeetMake Sense?

J

[1] https://developer.intuit.com/blog/2014/09/08/timeline-to-discontinue-the-quickbooks-desktop-rest-api

[2] https://en.wikipedia.org/wiki/Representational_state_transfer

Paperless_468x80

Posted on

Mobilizing QuickBooks Desktops

 Hosted QuickBooks for Remote and Mobile Access

There was a time not too long ago when the “thought leaders” in information technology said that the desktop is dead, and all software will be accessed via the web. (Note: I put “thought leaders” in quotes because industry thought leaders are often those with the greatest media influence.  After all, you can’t lead them if you can’t reach them, right?). The whole no software thing is a dramatic oversimplification of what is happening with computer software, but one thing is kind of coming true: nobody wants to be tied to their desktop.  It’s not that the desktop is dead… it’s just not all there is. For users of the desktop editions of Intuit QuickBooks software, the question really isn’t whether they intend to give up their familiar and trusted software to use a different, online solution. The question is how to use the QuickBooks desktop software they want in the cloud so they can use it on desktops that aren’t the primary desktop computer, or on mobile devices.

Computing technology has finally reached a level of accessibility that was previously only imagined in science fiction stories.  Communicating instantaneously with anyone anywhere around the world; accessing extensive (limitless?) libraries of information, art and music with a simple handheld device – these are the things that people do every day without a second thought.  Business users may even be able to access their business documents, email, contacts and appointments etc. from mobile devices, enabling a productive and functional mobile workforce.
desktop-appsYet the desktop remains as the primary workhorse for most business users. This is where the productivity applications live, where large spreadsheets and full-screen applications are run, and where keyboarders and production data entry users operate.  Tablets, touchscreens and mobile devices just don’t provide the same capabilities unless you tether them to full size monitors and keyboards.  Even then they may not because they might not run the same OS as the desktop.  The point is that the desktop hasn’t gone away and isn’t likely to any time soon.  Users may use more mobile apps and devices, but this isn’t diminishing use on the desktop as much as it augmenting it.  This is what fuels the interest in application hosting and virtual desktop computing models – the desire to mobilize desktop and network applications and working environments.

Hosting applications and data gives businesses the flexibility of working in desktop applications and accessing data just as if they were in the office, yet users may be located anywhere there is Internet connectivity. When the applications and the associated data are managed in the datacenter, businesses are able to centralize their information assets and manage them more effectively than if the data were distributed among multiple computers.  While most sync and share solutions require files to be downloaded to local computers in order to open and edit, a hosted application service with virtual desktops and file sharing provides a security model which keeps business data secure yet available for user access without compromising security by downloading information to the user device.

A hosted solution approach can make license utilization more efficient and compliance easier to maintain, too.  By enabling access to applications on a centralized platform and eliminating the installation and maintenance of software on individual computers, businesses reduce the reliance on local IT personnel to install and update applications and user accounts, and improve their ability to control application assignments and usage.

Hosting helps businesses take advantage of technology that would otherwise be unaffordable, and delivers the mobility and centralized management required to boost productivity and contain costs.  There is a high cost to managing a business network, and creating secure mobile access to that network can represent an exponential increase in IT spending (just to initially set up, not to mention ongoing costs for security management, monitoring and support). Rather than taking on the entire burden of service management and delivery directly, businesses electing to work with hosting providers find that they are able to focus more on business operation, strategy and growth – and spend less time worrying about the IT supporting them.  Costs are reduced, workers are empowered, and capabilities are increased while knowledge and process investments are preserved.  When it comes to mobilizing business applications like QuickBooks desktop editions, it all starts with a hosted approach.

Joanie Mann Bunny FeetMake Sense?

J

Posted on

Payment Card Roll Call: “Not Present” fraud likely to increase as EMV takes hold

Payment Card Roll Call: “Not Present” fraud likely to increase as EMV takes hold

rollingballNo retailer wants to become the next Target (pun intended).  Payment card fraud costs businesses and consumers billions of dollars every year.  What’s even more frightening, many of the breaches in the news are the result of innocent participants inadvertently granting access to the bad guys.  The Target breach in 2013 exposed the data of 110 million payment cards.  Hackers got into the network using perfectly good credentials of the HVAC company.  Sometimes password security just isn’t enough, which might bring in to question the security of all those SaaS subscriptions and online shopping sites folks use these days.

EMV chip technology, the standard around the world which has just recently become a standard in the United States, has done a lot to stem the tide of credit card fraud in other countries.  As it was implemented in various countries, guess where it pushed the fraudsters?  Where the anti-fraud technology wasn’t, of course! The United States was among the laggards in requiring EMV chip technology for payment cards, opening the door for bad guys and turning the US into a veritable haven for credit card fraud, “accounting for nearly 50% of global fraud losses, according to the Nilson Report[1]”.

EMV chip (or chip and pin) technology will go a long way to prevent credit card fraud for businesses accepting payment cards… in-person and counterfeit card fraud, anyway. Online retail, on the other hand, not so much.  A chip on the card doesn’t really help when the transaction is completed with the card not present (CNP).  Some industry analysts suggest that CNP fraud losses will exceed $6 billion within the next few years, making e-commerce and online payment security a high stakes game for even the smallest of retailers.  As it gets more difficult to hack the payment system when the card is presented, bad guys will fall back in even greater numbers to the card-not-present model to find their victims.

Online retailers and service providers must take additional steps to secure their systems and protect customers and business partners, and face the challenge with the understanding that effort must be ongoing as new threats emerge. Tokenization is a prime method of layering the system with security, making the merchant system somewhat less of a worthy target by not storing the card data in the system.  Even if the system becomes compromised, the bad guys wouldn’t find customer payment card information.  There are numerous other steps a business can take to secure the CNP sales, including applying behavioral analytics which might identify rogue activities, or using 3D Secure to authenticate a cardholder’s identity at the time of purchase.   The point is that CNP fraud is likely to spike as EMV technology takes a firm hold in the US.

Card fraud is already escalating rapidly for ecommerce retailers and other card not present channels – it didn’t take EMV to start on that roll but it will surely give it a push.  Paperless payment systems, SaaS subscription services and online application service usage are increasing dramatically and there’s no chip to get in the way of these transactions.  Sellers of any and every service utilizing online payments need to now pay particular attention to system and information security.  The risk has always been there, and EMV chips and other shifts in pay card technology simply give it a push.

jmbunnyfeetMake Sense?

J

 

[1] Chipping away at Credit Card Fraud with EMV; Information Week Tech Digest powered by Dark Reading, Nov 2015; NilsonReport http://www.nilsonreport.com/publication_newsletter_archive_issue.php?issue=1071