Category: small business trends

Posted on

Cybersecurity Terms Every Business Owner Should Know, and Zombies are Bad

The world of cybersecurity constantly changes, making ongoing education the key to understanding the threats businesses face and how to possibly deal with them.

Cybersecurity is often defined as a set of techniques for protecting an organization’s digital infrastructure – the networks, systems, and applications – from being compromised by attackers and other threat actors. Cybersecurity is comprised of the efforts to design, implement, and maintain security for any organization network which is connected to the Internet.

Cybersecurity is made up of the technology, people, and processes which create strategies to protect sensitive data, ensure business continuity, and safeguard against financial loss.

To understand what cybersecurity entails, it is important to have a basic understanding of the relevant terminology.

Starting with a few that are frequently misused, here are some cybersecurity terms to add to your business vocabulary.

Data are the bits and bytes. When multiple bits and bytes are combined, they make up information. Knowledge is required to turn information into action.

A threat is the possibility that something bad that might happen, while a risk includes the probability of the bad thing happening and the possible result.

Risk Management is the process of responding to the possibility that something bad might happen. Traditionally, there are four options for managing risk in the business: accept it, transfer it to someone else, avoid it altogether, or mitigate it (reduce the severity).  To manage cybersecurity risk, many businesses establish requirements or controls to identify activities, processes, practices, or capabilities an organization may have. Controls may or may not be mandatory, but requirements generally are.

Information Security, or Information Assurance, is the protection of facts, news, knowledge, or data in any form. Information Assurance is an important aspect of preserving business resources and is often combined with cybersecurity, although it isn’t squarely in that area. Where cyber addresses digital, information security must also address non-digital such as paper, human knowledge or memorized, stone tablets, pictures, and signals or whatever.

Authentication is the process of proving an individual is who they say they are (claiming an identity and then proving it), whereas authorization is the use of access controls to determines and enforces what authenticated users are permitted to do within a computer system. Access Controls are the means and mechanisms of managing access to and use of resources by users.

Audits, in cybersecurity, are usually performed after a security incident. In general, an audit is an official inspection of some type. An assessment is often more like a health check for gauging capability or status. Audits may be performed internally or by outside entities. Compliance is meeting a requirement, whether internal or external. Sometimes these are regulatory requirements where a certification or attestation of some type is shown. Both audits and assessments may be required to be compliant with certain standards or designations.

A cyberattack is any attempt to violate the security perimeter of a logical environment. This could be a single computer system, a local or wide-area network, a cloud server, etc. – whatever is within your “perimeter” and is interconnected with your systems, regardless of location in the physical world. Cyberespionage, on the other hand, is the unlawful and unethical act of violating the privacy and security of an organization for the purposes of leaking data or disclosing internal, confidential, or private information.

And then there’s malware (malicious software), which includes any code that is written for the specific purpose of causing harm, disclosing information or in some other way violating the security or stability of a system. The malware category includes lots of different types of terrible and potentially damaging programs including virus, worm, Trojan horse, logic bomb, backdoor, Remote Access Trojan (RAT), rootkit, ransomware, and spyware/adware and more.

To better-secure your systems, multi-factor or two-factor authentication is suggested. Multi-(multiple) factor and two-factor authentication are a means of verifying a “claimed” identity using two or more types of proof (authentication factors). The password is typically the initial proof provided, and the other factor/method might be SMS to your phone or possibly an authenticator app.

For example: You claim that the email address is your identity, and you verify that by entering your password. That is one “factor” that proves your identity. But if your password gets hacked or revealed, it would be good to have another layer of protection on that login. Two is better than one in this case; MFA (multi-factor) and 2FA (two-factor) authentication is considered stronger than any single factor authentication and requires another method (factor) of identification to prove your identity.

Finally, there are zombies. Yes, Zombies. This is a term that relates to the concept of a malicious network of “bots” (a botnet). Botnets are made up of poor, innocent computers that are compromised by malicious code so that they can run remote control or other agents. The agents give the attackers the ability to use the system’s resources to do nefarious things, like perform illicit or criminal actions. The zombie can be the system that hosts the malware agent of the botnet, or it could be the malware agent itself. Either way, zombies are bad.

Security is an essential consideration for every business, and the Internet and the interconnected design of today’s technology has made things so much more complicated. The most important thing is to be aware of the threat and how that landscape is changing, and to educate team members so that everyone in the company participates in keeping the system, and the business, protected.

jm bunny feetMake Sense?

J

Posted on

The Question You Never Want to Have to Ask

Why MFA Shouldn’t Be Optional

“Do you offer any help for decrypting files due to ransomware?”

This is a question we are asked with more frequency than ever before. And, sadly, it is often followed up with the information that their files were on “an internal server that was missed in the backup protocol by IT”.

Email phishing and brute force attacks are the most common methods cyber criminals use to get into your business network where they can set up to initiate ransomware attacks. The ransomware (malware) encrypts your data, which becomes unrecoverable without the decryption key. Usually, the only way to recover from a malware/ransomware attack is to rebuild systems and restore data from backups. If you have backups.

A “brute force” attack is typically used to get personal information such as passwords or passphrases, usernames, and Personal Identification Numbers (PINS). Scripts or specialized apps are used to carry out a string of continuous attempts to get the information desired. Cybersecurity researchers at Coveware analyzed ransomware attacks during the second quarter of 2021 and found that phishing and brute force attacks on unsecured desktops (remote and local) are among the most popular entry points for starting ransomware attacks. This is at least partly because it is relatively cheap and can be highly effective.

Phishing attacks are when cyber criminals send emails containing a malicious file attachment or hyperlink directing to a compromised website that delivers ransomware. Attacks against desktop logins include methods where cyber criminals use brute force to leverage weak or default usernames and passwords – or even get access because they got legitimate login credentials via a phishing email.

Software vulnerabilities and web-based application services are also among the popular vectors for delivering ransomware or exposing corporate networks to cyber criminals. While this type of attack is somewhat less frequent than the others, they are often leveraged by some of the most sophisticated and disruptive ransomware groups and nation/state bad actors.

  • Sodinokibi – also known as REvil – is responsible for some of the most high-profile ransomware attacks this year, including the massive ransomware attack on customers of Kaseya.
  • Contij – one of the most high-profile attacks by the group was the attack against the Irish healthcare system. Healthcare services across Ireland remained disrupted for months.
  • Avaddon – ransomware distributed via phishing emails.
  • Mespinoza and Hello Kitty are new forms of ransomware recently identified.

All of these have a common purpose in that they take advantage of weaknesses in security and exploit phishing tactics to lay the foundation for an attack on your network and possibly others.

Keeping systems updated, applying security patches and application software updates is an important aspect to keeping things secure. Known vulnerabilities can be exploited to gain access to the network, so keeping up with updates as the vendor supplies them has become more important than ever.

To help protect networks from being compromised, businesses should also apply multi-factor authentication (MFA) to desktop and applications.

MFA is an important tool to help stop intruders from breaching accounts and gaining access to the corporate network, and it can be the difference between keeping your data safe and working or discovering your files are digitally encrypted and completely unusable. Data encryption changes the data into code, and only the decryption key can read the code and return the data to a useable form. If you don’t have the key, the data typically cannot be decrypted.

Cyberattacks continue to evolve in their sophistication and frequency, and consequences of such attacks are growing. Private companies and public agencies alike must adapt their security techniques and embrace new security technologies while providing more end-user education and training.

Mendelson Consulting and NOOBEH Cloud Services take security very seriously and we have the experience and expertise to assist businesses with transforming their operations to be more efficient and effective. Our cloud team works exclusively with private tenant accounts on Microsoft Azure, and offers MFA security and other solutions to protect local and remote resources, helping keep your valuable information safe and available when you need it.

“How can we get started?” is the question you should be asking.

jm bunny feetMake Sense?
J

Posted on

Considering Cybersecurity as Cloud Work Expands

When the pandemic forced many business users to move to remote work, it also forced the network security “boundary” to expand greatly and with great speed. Companies quickly adapted their tools and work so that it could be done somewhat effectively even as the employee working environment changed.  But new security models to match with new working models have not as quickly been adopted.

Business cloud workloads grew, by some estimates, as much as 20% just in the first 6 months of 2020. Yet many of those businesses electing to bring cloud working models to their business also made of the mistake of not expanding their security as they expanded the cloud network. This leaves systems and information vulnerable. Phishing, ransomware, credential theft and web app attacks have increased, catching businesses in their vulnerable states.

“In April to June of 2020 alone, security incidents increased by 188%.”

Even more than on-premises systems, it was the external cloud-based data and applications that were under attack because so many companies expanded their use of cloud services without enhanced security as part of the plan. Any expansion to include the cloud as network also significantly increases security risks. One report found that 35% of businesses made their cloud storage openly accessible to the public, allowing anyone to access it via the internet.

Don’t let your critical information be exposed or put at risk. When you begin using a cloud service, make sure to also address security for the new working mode or it could lead to lost or leaked information or a system breach.

Mendelson Consulting and NOOBEH cloud services take security very seriously. We help our clients keep their applications and data working properly and have a focus on methods to keep information safe regardless of what cloud you work on.

jm bunny feetMake Sense?

J

1 ( https://duo.com/blog/growing-security-safely-in-canada )

Posted on

Finance Department Participation in Supply Chain Management

When most businesses approach Supply Chain Management, the focus is on the item or product – the physical thing that ultimately gets delivered somewhere, somehow. What many businesses do not consider is that the orchestration and timing of “supply chain” activities can have significant impacts on financial performance, reporting and cash flow. The current processes could just be working just “okay”, and not delivering the financial benefit that might be obtained through modernization of technologies and transformations in approaches. The key is to get the right people involved.

One big aspect of seeking to integrate electronic commerce and collaboration with customers, suppliers and payment services is the recognition that supply chain activities involving orders, invoices, payments, and remittances are directly related to finances, revenue recognition and cash management.

For any project to be successful, it should include execs from both the supply chain and finance areas so that all concerns relating to event timing may be addressed to allow proper treatment in the financial statements. After all, the same things that trigger supply chain activities (orders etc) are the same documents which drive finance. When the information is accurate and timely, and when the inefficient manual processes can be replaced with electronic workflows, the business is best positioned to improve cash flow and overall financial performance as well as business value.

Unfortunately, few business owners have a real understanding of the costs associated with manual entry activities and how the direct financial impacts they have. The speed and accuracy of processing orders and invoicing customers means faster cash in, and leveraging the speed of electronic data interchange with suppliers so that “just in time” orders may be placed and logistics processes more fully enabled means cash out when necessary and not ahead of time.

… using a digital transaction for payments allowed [businesses] to hold on to cash longer and better control the timing of the release of funds, something more difficult to control when mailing a physical check. Check fraud remains rampant across many industries. According to an AFP payment fraud and control survey, 70% of U.S. organizations reported check fraud in 2019, responsible for more than $18 billion in losses.” –

source: What Every CFO Needs to Know About Supply Chains; Study published by DiCentral and Lehigh University; 2012

For example, there are many studies which show that purchase orders that are not sent digitally are most often manually processed, and that this manual processing may be done by any number of departments in the company – but most often the job falls to finance. Rather than looking to eliminate the manual entry of data and the errors and delays that come along with it, businesses execs first looked to where the lowest labor cost rests and had them handle the extra data input.

A digital strategy that transforms inefficient manual process into efficient electronic workflows is the better solution. While many companies have approached streamlining of activities by exchanging manual entry operations for data file formatting and imports, they still have not solved the problem as would be with an integration that takes even less human time and effort.

The real goal of any business improvement effort is to improve overall business value. By bringing in finance along with supply chain execs to the “digital transformation” discussion, the business is much better positioned to make real progress in areas that directly impact cash performance as well as long-term business value. It comes down to having all the information and being able to weigh the risks against the potential rewards to be gained from the contemplated changes.

jm bunny feetMake Sense?

J

Posted on

It’s Not Easy Being Small – Thoughts on the Disruption and Rethinking Business Priorities

The global pandemic has been the source of disruption to business and personal lives for over a year now and businesses have found that, regardless of the challenges they face, business must continue.

With operations and supply chains strained and positive cash flow at a premium, companies everywhere are focusing on the fundamentals while enabling work-from-home and distancing mandates. COVID-19 has, in many ways, become the event that is forcing many businesses (and entire industries!) to rethink how they operate, and to look to transform their global supply chain models.

A fact that can’t be argued with is that the pandemic has exposed where many businesses are vulnerable, being heavily dependent on supplies of raw materials or finished products that are no longer readily available.

What’s also been exposed is the lack of agility in business I.T. infrastructure, as operations struggle to find ways of continuing operations with reduced personnel or users working from various locations and finding that their systems aren’t really helping in those efforts.

“Supporting small manufacturers has probably never been more important that it is now”, said a panelist at the “National Conversation with Manufacturers” session hosted by the National Institute of Standards and Technology’s Hollings Manufacturing Extension Partnership (NIST MEP). While larger companies are certainly impacted by what’s happened this year, small manufacturers face the challenge of running a company with a smaller available base of resources, technology and supporting tools.

“The conversation’s participants represented very small manufacturing companies with fewer than 20 workers. They all recounted a mad scramble over the past six months. First, they had to figure out whether their operations were essential enough to stay open under their state-mandated shutdown orders.

Then began the efforts to keep their workers safe, implement cleaning regimens, source protective materials, respond to public health protocols that evolved during the pandemic, determine what emergency support they qualified for, and go through the steps to access funds. All of this was being done with a small staff that needed also to continue getting product out and deal with obstacles to normal operations. Hurdles included delays and disarray in the supply chain, disruption in cash flow, with both account receivable extensions and overnight changes in credit terms, shipping impediments and customers still expecting on-time deliveries.”

https://www.nist.gov/blogs/manufacturing-innovation-blog/sometimes-its-not-easy-being-small-manufacturer?utm_medium=email&utm_source=marketingcloud&utm_campaign=

To add to the troubles, disruptions in global trade with China have created significant impact in supply chains worldwide. Companies who rely on direct and secondary suppliers in China are currently experiencing significant disruption, and this is likely to continue. But it isn’t just China… countries around the globe are experiencing challenges with having enough personnel, materials and technology to deliver their goods.

For so many years, businesses have focused on optimizing their supply chains to minimize costs, reduce inventories, and increase asset utilization. This streamlining has also removed the buffers and the flexibility to absorb disruption. COVID-19 has shown that many companies aren’t aware of their vulnerability when supply chains suffer from a global shock of some type.

So, how can organizations respond to the immediate challenge?

There are steps that businesses can take to help address the changing conditions facing businesses today, and a major item that should be addressed is the alignment of IT systems and support to evolving work requirements. Further, enhancements in operational systems should be made to illuminate the extended supply network and enhance inbound materials visibility, and a new focus on production scheduling agility as well as evaluating alternative outbound logistics options should be approached.

NOOBEH’s cloud solutions have been the foundation for business continuity and operational support throughout these difficult times.

We’ve helped companies around the country implement Microsoft Azure cloud servers where they are able to run their entire operations. From order entry, manufacturing, inventory management, pack and ship, and through to accounting and finance – businesses run their applications, integrations and services that allow them to keep the business operating even with reduced personnel or as their users are forced to work from home. OneDrive and SharePoint file storage, and TEAMS for closer collaboration and simplified access to information, helps hybrid working models and distributed workgroups stay in step with projects and business goals.

As a Microsoft Cloud Solution Provider, Mendelson Consulting and NOOBEH provide and administer Microsoft 365 and Azure services, enabling us to more closely manage the licensing and computing platform to make sure it works in the best possible way for your business. With NOOBEH managing your services, you get predictable performance at predictable costs, allowing your business to operate without interruption or subscription overages.

As the past year has proven, life is unpredictable. Let Mendelson Consulting and NOOBEH help your business implement the cloud services and technologies that will give your organization the ability to adjust to changing conditions because you’ll have the most agile IT platform available.

jm bunny feet

Make Sense?

J

Posted on

Intuit Reduces Migration and Support Options For Moving From QuickBooks Online to QuickBooks Desktop

Mendelson Consulting Offers Cloud and Migration Options

Need to convert data in QuickBooks Desktop to QuickBooks Online? You can get help from Intuit with this. Need to go the other way and convert from QuickBooks Online to QuickBooks Desktop? Not so much… So please read on.

In a surprise (and very quiet) announcement to QuickBooks Solution Providers, Intuit recently announced that it no longer freely provides data export functionality that allows businesses to convert their data from QuickBooks Online to QuickBooks Desktop. As of 12/18/2020, if you want to move your data from QuickBooks Online to QuickBooks Desktop, you have different options for how to do it and will get less support from Intuit in the process.

It is no great surprise that Intuit made this move. Even prior to ending the service, exports from QuickBooks Online to 2021 versions of QuickBooks Desktop had become quite difficult anyway. Requiring users to login to their Intuit account to create a new company file interrupts the QuickBooks Online attempt to create a new file in QuickBooks Desktop during the conversion, so the entire process became broken. (Note: Our solution is to create the new QuickBooks Desktop file in an earlier version of QuickBooks that does not force the Intuit account login, for example 2019, and subsequently upgrade to the latest version 2021).

The QuickBooks Online web-based service locks you into a subscription, delivering recurring revenue to Intuit. Logic follows that now it has become more difficult to get the data back out of QuickBooks Online in a useful way.

Intuit is still allowing businesses to migrate list data out of QuickBooks Online (think Customers, Vendors, Items lists only), but this is not a very clean process for migrating an entire company data set. Particularly since it involves exporting lists to Excel, manipulating or massaging the data and then importing into QuickBooks Desktop. You can see how this introduces a variety of ways to mess it up. And still this does not get the historical transaction data.

Another consideration is that QBO allows businesses to alter the screens and data stored in the product, and to use that data in ways that QuickBooks Desktop doesn’t necessarily understand. For example, simply adding a field called “job” to invoices in QBO does not mean that QuickBooks desktop would see that data and recognize it as a Customer:Job. That field in QBO doesn’t actually mean anything other than to the user so it isn’t something that could be automatically understood in a conversion. For any conversion of data to be done properly, there needs to be a clear understanding of what data is stored in QB Online, how it is used, and how that data needs to be translated to QB desktop.

Mendelson Consulting has a team of experts available to help with converting your QuickBooks Online information into useful QuickBooks desktop data, offering a thorough review of QBO is being used and mapping that information to how QuickBooks desktop should be set up and the data migrated. Better than a blindly automated process, this option for converting your QBO data to QBD provides a much greater assurance that the financial and other business data is migrated correctly and properly.

What about cloud? There is actually a better option than QBO for businesses that want to benefit from managed infrastructure and anytime/anywhere cloud models, and it does not require that the business lock itself and its future in a web-based application like QuickBooks Online. The better option is to have QuickBooks Desktop and other applications in a private cloud, as with NOOBEH’s QuickBooks on Azure service.

Our options for QuickBooks Desktop in the cloud offer far more than just QuickBooks. NOOBEH does not lock you in to any specific software application, version or working model. Rather, we provide businesses with the ability to run all their applications and manage their data in a familiar Windows environment, but not be tied to any hardware or physical location.

Running applications and data on private Microsoft Azure cloud servers lets even the smallest of businesses benefit from enterprise-class technology and IT platforms and get them affordably. The best part is that there is no vendor lock-in and no limitations on moving to other applications or services. If business needs change, NOOBEH can help the environment adjust to what the business needs, and not the other way around.

When the business needs more functionality, more application support, more process support and more flexibility to meet changing needs and conditions, then the business needs Mendelson Consulting and Noobeh.

jm bunny feetMake Sense?

J