Category: risk management

Posted on

Preparing Your Business for Exploding Growth

Preparing for exploding growth in a business requires careful planning and strategic decision-making. To develop the information necessary to support these activities, businesses must implement their processes and systems to properly collect the data required. Unfortunately, many organizations fail to develop the systems which will support increased activity and business growth, only recognizing after the fact that the process support and the data they need isn’t there. To prevent being caught off guard with more business demand and not enough organization to support it, follow these recommendations to set the business up for success over the long run.

Set clear goals and adjust as required. You need to know what the business purpose is… the objective you hope to achieve with all this activity. Establish SMART goals – specific, measurable, achievable, relevant, and time-bound. With a set of smart goals and a well-defined objective, the business has a clear direction and a guide to assist in decision-making.

Build infrastructure that is scalable. If the business infrastructure can’t handle increased demand, the business can’t grow effectively. Scalable information technology and software systems, robust production capabilities with adequate human resource availability, and increased efficiency in supply chains will help the business meet increasing demand, while improved reporting and business intelligence helps to anticipate potential bottlenecks, allowing for plans to be developed to address them.

Make sure finance and accounting are set for growth. Strengthen overall financial management and review your financial processes to ensure they can accommodate growth. Implementing the right systems and software is necessary to not just optimize production and operations, but to provide a foundation for establishing sound accounting and financial practices which will help the business secure funding and manage cash flow effectively. A good way to evaluate your preparedness for growth is to prepare financial forecasts and stress tests to gauge your business’s financial resilience under various growth scenarios.

Streamline operations and automate where it makes sense. Evaluation of businesses processes is an ongoing task if your business is to continuously work to improve efficiency and effectiveness. Where opportunities for optimization and improvement exist, consider using automation and technology solutions to help streamline operations and reduce manual effort while remaining focused on enhancing customer experience and satisfaction through streamlined processes and improved service delivery.

Plan for Risk and Contingencies. You should try to identify potential risks and challenges associated with rapid growth, such as increased competition, supply chain disruptions, or changes in customer preferences. Develop contingency plans to mitigate these risks and ensure continuity of the business and operation. It may even make sense to consider diversifying your revenue streams to reduce dependency on a single market or product.

Monitor, adjust and adapt as needed. Key performance indicators (KPIs) should be regularly monitored, as should market trends, to stay informed about your business’s progress and to stay on top of industry developments. Use data analytics and reporting tools to gain insights and make data-driven decisions instead of operating on emotion. The business that plans for growth must remain agile and adaptable, adjusting strategies and operations as needed to accommodate changes in demand as they occur.

Preparation for rapid growth requires a proactive approach and continuous evaluation of your business’s readiness. Regularly reassess your strategies, make necessary adjustments, and stay focused on delivering value to customers as you scale.

Mendelson Consulting and the Noobeh cloud services teams are advisors and consultants with expertise in scaling businesses, and can provide valuable insights, guidance, and support throughout the growth process and beyond.

jm bunny feetMake Sense?

J

Posted on

Good and Proper Accounting for Small Business

There are many reasons why a small business needs to have quality accounting, and it isn’t just about the cash. Especially when a business is small or growing, a strong financial management and reporting process will benefit the business in a number of important ways. Managing the cashflow and keeping money in the bank to cover payroll and inventory is critical, but good accounting data helps support better decision-making for more than just cash management.

Accounting and financial systems help small businesses keep track of their financial performance. This includes monitoring income and expenses (money in and money out) and creating financial statements. By having accurate and up-to-date financial information, small businesses can make informed decisions about how to allocate resources and grow the business.

Tax compliance is another area where good accounting data is essential. Small businesses are required to file taxes just like larger ones, and proper recordkeeping helps small businesses stay compliant with tax laws and regulations and to avoid penalties and fines.
Securing funding for operations and growth is another area where quality accounting data is critical. Banks and investors usually require financial statements and other financial information before providing any funding. By having accurate and well-organized financial records, small businesses can demonstrate their financial health and increase their chances of securing funding.

Knowing more about the business is always helpful, but being able to look at trends and understand what the numbers indicate is the real power. From budgeting and forecasting to identifying and reducing areas of risk, accounting data is the foundation for developing a true understanding of business activity and performance and finding ways to improve.

Track business performance, remain compliant with taxes, and get funding or investment when it’s needed. With good and proper accounting supporting management decisions, decisions become more informed and relevant and are likely to bring a better result.

jm bunny feetMake Sense?

J

Posted on

The Question You Never Want to Have to Ask

Why MFA Shouldn’t Be Optional

“Do you offer any help for decrypting files due to ransomware?”

This is a question we are asked with more frequency than ever before. And, sadly, it is often followed up with the information that their files were on “an internal server that was missed in the backup protocol by IT”.

Email phishing and brute force attacks are the most common methods cyber criminals use to get into your business network where they can set up to initiate ransomware attacks. The ransomware (malware) encrypts your data, which becomes unrecoverable without the decryption key. Usually, the only way to recover from a malware/ransomware attack is to rebuild systems and restore data from backups. If you have backups.

A “brute force” attack is typically used to get personal information such as passwords or passphrases, usernames, and Personal Identification Numbers (PINS). Scripts or specialized apps are used to carry out a string of continuous attempts to get the information desired. Cybersecurity researchers at Coveware analyzed ransomware attacks during the second quarter of 2021 and found that phishing and brute force attacks on unsecured desktops (remote and local) are among the most popular entry points for starting ransomware attacks. This is at least partly because it is relatively cheap and can be highly effective.

Phishing attacks are when cyber criminals send emails containing a malicious file attachment or hyperlink directing to a compromised website that delivers ransomware. Attacks against desktop logins include methods where cyber criminals use brute force to leverage weak or default usernames and passwords – or even get access because they got legitimate login credentials via a phishing email.

Software vulnerabilities and web-based application services are also among the popular vectors for delivering ransomware or exposing corporate networks to cyber criminals. While this type of attack is somewhat less frequent than the others, they are often leveraged by some of the most sophisticated and disruptive ransomware groups and nation/state bad actors.

  • Sodinokibi – also known as REvil – is responsible for some of the most high-profile ransomware attacks this year, including the massive ransomware attack on customers of Kaseya.
  • Contij – one of the most high-profile attacks by the group was the attack against the Irish healthcare system. Healthcare services across Ireland remained disrupted for months.
  • Avaddon – ransomware distributed via phishing emails.
  • Mespinoza and Hello Kitty are new forms of ransomware recently identified.

All of these have a common purpose in that they take advantage of weaknesses in security and exploit phishing tactics to lay the foundation for an attack on your network and possibly others.

Keeping systems updated, applying security patches and application software updates is an important aspect to keeping things secure. Known vulnerabilities can be exploited to gain access to the network, so keeping up with updates as the vendor supplies them has become more important than ever.

To help protect networks from being compromised, businesses should also apply multi-factor authentication (MFA) to desktop and applications.

MFA is an important tool to help stop intruders from breaching accounts and gaining access to the corporate network, and it can be the difference between keeping your data safe and working or discovering your files are digitally encrypted and completely unusable. Data encryption changes the data into code, and only the decryption key can read the code and return the data to a useable form. If you don’t have the key, the data typically cannot be decrypted.

Cyberattacks continue to evolve in their sophistication and frequency, and consequences of such attacks are growing. Private companies and public agencies alike must adapt their security techniques and embrace new security technologies while providing more end-user education and training.

Mendelson Consulting and NOOBEH Cloud Services take security very seriously and we have the experience and expertise to assist businesses with transforming their operations to be more efficient and effective. Our cloud team works exclusively with private tenant accounts on Microsoft Azure, and offers MFA security and other solutions to protect local and remote resources, helping keep your valuable information safe and available when you need it.

“How can we get started?” is the question you should be asking.

jm bunny feetMake Sense?
J

Posted on

Considering Cybersecurity as Cloud Work Expands

When the pandemic forced many business users to move to remote work, it also forced the network security “boundary” to expand greatly and with great speed. Companies quickly adapted their tools and work so that it could be done somewhat effectively even as the employee working environment changed.  But new security models to match with new working models have not as quickly been adopted.

Business cloud workloads grew, by some estimates, as much as 20% just in the first 6 months of 2020. Yet many of those businesses electing to bring cloud working models to their business also made of the mistake of not expanding their security as they expanded the cloud network. This leaves systems and information vulnerable. Phishing, ransomware, credential theft and web app attacks have increased, catching businesses in their vulnerable states.

“In April to June of 2020 alone, security incidents increased by 188%.”

Even more than on-premises systems, it was the external cloud-based data and applications that were under attack because so many companies expanded their use of cloud services without enhanced security as part of the plan. Any expansion to include the cloud as network also significantly increases security risks. One report found that 35% of businesses made their cloud storage openly accessible to the public, allowing anyone to access it via the internet.

Don’t let your critical information be exposed or put at risk. When you begin using a cloud service, make sure to also address security for the new working mode or it could lead to lost or leaked information or a system breach.

Mendelson Consulting and NOOBEH cloud services take security very seriously. We help our clients keep their applications and data working properly and have a focus on methods to keep information safe regardless of what cloud you work on.

jm bunny feetMake Sense?

J

1 ( https://duo.com/blog/growing-security-safely-in-canada )

Posted on

Finance Department Participation in Supply Chain Management

When most businesses approach Supply Chain Management, the focus is on the item or product – the physical thing that ultimately gets delivered somewhere, somehow. What many businesses do not consider is that the orchestration and timing of “supply chain” activities can have significant impacts on financial performance, reporting and cash flow. The current processes could just be working just “okay”, and not delivering the financial benefit that might be obtained through modernization of technologies and transformations in approaches. The key is to get the right people involved.

One big aspect of seeking to integrate electronic commerce and collaboration with customers, suppliers and payment services is the recognition that supply chain activities involving orders, invoices, payments, and remittances are directly related to finances, revenue recognition and cash management.

For any project to be successful, it should include execs from both the supply chain and finance areas so that all concerns relating to event timing may be addressed to allow proper treatment in the financial statements. After all, the same things that trigger supply chain activities (orders etc) are the same documents which drive finance. When the information is accurate and timely, and when the inefficient manual processes can be replaced with electronic workflows, the business is best positioned to improve cash flow and overall financial performance as well as business value.

Unfortunately, few business owners have a real understanding of the costs associated with manual entry activities and how the direct financial impacts they have. The speed and accuracy of processing orders and invoicing customers means faster cash in, and leveraging the speed of electronic data interchange with suppliers so that “just in time” orders may be placed and logistics processes more fully enabled means cash out when necessary and not ahead of time.

… using a digital transaction for payments allowed [businesses] to hold on to cash longer and better control the timing of the release of funds, something more difficult to control when mailing a physical check. Check fraud remains rampant across many industries. According to an AFP payment fraud and control survey, 70% of U.S. organizations reported check fraud in 2019, responsible for more than $18 billion in losses.” –

source: What Every CFO Needs to Know About Supply Chains; Study published by DiCentral and Lehigh University; 2012

For example, there are many studies which show that purchase orders that are not sent digitally are most often manually processed, and that this manual processing may be done by any number of departments in the company – but most often the job falls to finance. Rather than looking to eliminate the manual entry of data and the errors and delays that come along with it, businesses execs first looked to where the lowest labor cost rests and had them handle the extra data input.

A digital strategy that transforms inefficient manual process into efficient electronic workflows is the better solution. While many companies have approached streamlining of activities by exchanging manual entry operations for data file formatting and imports, they still have not solved the problem as would be with an integration that takes even less human time and effort.

The real goal of any business improvement effort is to improve overall business value. By bringing in finance along with supply chain execs to the “digital transformation” discussion, the business is much better positioned to make real progress in areas that directly impact cash performance as well as long-term business value. It comes down to having all the information and being able to weigh the risks against the potential rewards to be gained from the contemplated changes.

jm bunny feetMake Sense?

J

Posted on

Update your Mac to keep getting Office application updates

Microsoft’s upcoming November 2020 update has some direct impacts to users running macOS, especially if running macOS 10.31 or earlier. As of November 10, 2020, existing Microsoft 365 for Mac users running macOS 10.13 or earlier will not receive any further Office application updates. If the machine is upgraded to macOS10.14 or later, updates will be allowed to proceed on that computer.

With the Microsoft 365 for Mac November 2020 update, users running macOS must be running 10.14 Mojave or later in order to continue to receive updates for Office applications, and any new installs of Microsoft 365 for Mac will require macOS 10.14 or later.

Word, Excel, PowerPoint, Outlook and OneNote are the applications included which will no longer receive updates – including security updates – if the macOS they’re running on is too outdated.

Among the benefits of using Microsoft 365 is that the software is always kept up to date, including enhancements and new features as well as security and safety updates that help keep the software (and the associated data) more secure. You may continue with the older version of macOS, and your Office applications will continue to work. But losing out on updates not only keeps you from benefitting from the most current capabilities of the software (and getting full value from your subscription), but it also puts your security and compliance at risk.

Microsoft 365 applications are continuously updated with new features, connected services and enhancements to security. Modern operating system platforms are necessary to support some of these improvements, requiring users to update their computer operating systems as well as the applications running on them. With the Microsoft 365 November update, Mac users need to be running one of the three most recent versions of macOS to keep their Office applications recent, too.

Make Sense?

J