Category: small business trends

Posted on

Contractors Adopting Hybrid Working Models

Companies across the country have pivoted to hybrid working models since the COVID-19 pandemic began, with some users doing their job “in person” and some doing the work remotely. According to new data, the construction industry looks to be adopting the trend, as well

OpenSpace, a construction technology company, surveyed its customers about the working models they have applied in their businesses, now and prior to the pandemic.

Of those responding, 52% said their teams that work in the field had never done their work remotely (e.g., they did the work in person, in the field). Now, with changes adopted due to the pandemic, 92% of the survey respondents said they allow remote work.

The OpenSpace survey found that hybrid and remote working models are becoming more acceptable for construction. While it is usually thought of as a completely in-person type of business, many companies are finding benefits in adopting a combination of on-site and remote work for field teams as well as administrative personnel. 80% of the survey respondents said that they were “just as productive or more productive when working remotely, compared to only 20% who saw productivity decline”.

Here are some of the benefits of remote work that respondents identified:

  • Time and money saved with reduced travel to and from sites (72%).
  • Improved work-life balance (72%).
  • Teams more easily allowed access to the best candidates (35%).
  • Enabled putting the best people on more jobs

It doesn’t matter if you use cloud-based applications or not. Your desktop solutions are cloud-ready when you run them on the Microsoft Azure cloud with NOOBEH, the cloud services arm of Mendelson Consulting. Work can get done, whether users are on-site, at the office or working from home. Everyone operates when and where they need to, and the business benefits from keeping everyone connected and “tooled up”, no matter where they’re working from. The real benefits for the business extend far beyond just collaboration, and touch on almost every aspect of the operation.

Mendelson Consulting’s experts have the right tools and technologies to help your business transform, transitioning from manual and paper-based processes to digital workflows, and to help you make the move from on-premises to the most agile of cloud platforms. Contact us today to learn more about how your business can benefit with a better IT solution and the flexibility to work where and when it is needed.

jm bunny feetMake Sense?

J

Posted on

Considering Deploying Microsoft365 for Your Entire Organization? Success is in the details.

Technology is ever advancing, and even the smallest of businesses must keep in step to remain competitive. Efficiency is the key to modern, effective operations, yet keeping teams aligned and working towards the common goal can be tougher than ever when members are remote working. Microsoft solutions can help the business increase productivity and modernize their operations, and at the same time provide stronger security and enhanced protection.

For just about every business, it makes sense to consider using Microsoft 365 services. But there are a lot to choose from, and not all services work as you might expect, so here is a little information that might help with making service selection a little easier.

Does it make sense to implement Microsoft Teams for intra-company calls, meetings, and collaboration?

Teams is great for calling your co-workers, sharing screens, presenting content, and collaborating in workgroups or with the whole company. But be warned that Teams meetings don’t work for everyone, particularly those outside your organization or for users that don’t have useful Internet connectivity.

  • To use Teams with people outside the company, or even for users that don’t have Internet connectivity, you’ll need to also have a calling plan for each user.
  • A calling plan allows Teams to connect a phone number to the Teams meeting, creating a means for non-Teams users and those without internet to connect to the meeting audio.

Should you migrate employee email inboxes to MS365 (Outlook Desktop and/or Outlook Online)?

Using Microsoft for email services make a ton of sense, especially with the advanced phishing and threat protection that comes standard with the service. It is pretty much foolproof for most businesses and is a great value. If your business is migrating to Microsoft from a legacy email platform or from a different mail provider, there are a few things to consider.

  • Many companies use their desktop Outlook email folders as a sort of file cabinet, storing and categorizing emails for future use. In older MS Exchange environments, Public Folders were also used, enabling company-wide access to certain email folders and the file attachments within.
  • MS365/Office365 email services don’t support public folders, and every email box comes with a storage quota. If the business is used to saving lots of emails, then it might create difficulties with mailbox management.
  • Outlook Desktop still has limitations on the file size it can reasonably handle. This means that Outlook, when connected to hosted Exchange mail (Microsoft365), should run in cached mode, keeping only recent data in the Outlook file on the computer and leaving the rest of the mail on the server. Mail on the server is still available for search by Outlook; the program will simply search in the local data file first.

Can you, or should you, migrate your company’s files to the Microsoft cloud?

Keeping your files on the “cloud” is a concept that sounds convenient, but it isn’t quite as straightforward as it sounds. In this case, the idea is to migrate files from PCs and servers to Microsoft OneDrive or SharePoint, where the files can be available to all users regardless of where the user is working from.

  • Putting a big hard drive on your PC or server can be relatively inexpensive. “Storage is cheap” we hear quite often. Yet all storage facilities are not alike. It might be a cheap option to add a big hard drive or USB drive to your local system but paying for storage space on the web becomes a different deal. You may find that safe, protected storage for your files is not quite as inexpensive as you thought, especially over time. When you must pay every month for the storage you use, you rapidly realize why file housekeeping is essential.
  • File and folder permissions do not translate from your Windows file system to a SharePoint or OneDrive. You must create your own groups and set file and folder permissions as you want them AFTER the data is uploaded to the cloud platform.
  • Once the files are in the cloud platform, each user must determine what and how the files will sync with their local computers. There may be an option to “sync on demand” (depends on device platform) that can allow users to selectively sync files to/from their computers, but the fact remains that the data is being downloaded to the local computer so that it can be worked on. This still means that the local computer must have the necessary software installed, and the PC should be protected with backup, anti-virus and anti-malware and MFA.
  • Database files cannot work in a web file location. This means that programs that have associated database/data files must still have their files located on a network server for users to access them. QuickBooks, tax software, trial balance software, workpapers and fixed assets, inventory management or manufacturing, and more may require the server to serve the application and/or data to the users. This means that servers and networks and the need to manage the network and the individual computers remains in full.
  • If all other data is stored on the cloud platform, then you now have data and resources to manage both places.

What does the new Microsoft365 Cloud PC mean for small businesses?

  • The new Cloud PC from Microsoft365 can solve a tremendous problem for the very small business in that it can become the IT infrastructure and it is fully cloud platform.
  • Cloud PC is meant to replace your local PC as your operating environment. Rather than installing software and storing data on your local device, the idea is that your software gets installed on your Cloud PC and your data is stored, ideally, in your OneDrive, or maybe on the drive of your Cloud PC.
  • This makes the Cloud PC a perfect solution for that single user that needs to run their QuickBooks or other applications from anywhere.
  • The thing with the small business Cloud PC is that it cannot be networked. It may be able to “see” and work with your local device hard drive or even mapped drives that your local device is connected to, but it isn’t able to work with a network server or share like a local PC would.
  • This means that you may be able to store and retrieve files from servers or other drives on your local PC or network, but you won’t be able to access databases or other server or network-based applications that need the network to function.
  • This also means that you can’t share data on one cloud PC to another cloud PC… they aren’t networked together.

Why NOOBEH’s Cloud Service model is better

There’s a reason why businesses adopt NOOBEH QuickBooks on Azure services, and the benefits are as great as ever. Businesses work with NOOBEH and our QuickBooks on Azure services because we have the flexibility to do what the business needs, and to offer a comprehensive approach that doesn’t leave applications, services and data hanging around on local networks or unprotected computers.

Where the Microsoft365 Cloud PC is a great answer for the single-user, NOOBEH’s cloud servers are designed for multiple users needing access to common applications and/or data. Multi-user QuickBooks desktop applications, Sage or AccountEdge, MISys Manufacturing or Acctivate Inventory, ShipGear or Starship, Fedex or UPS and much more… we host the applications that businesses use every day.

NOOBEH keeps the applications and data securely running on private Microsoft Azure cloud servers. Centralized, server-based management of applications and data means that software does not have to be installed and maintained on individual computers, so the need for local PC backups and anti-virus and malware protection is also minimized. All users work on the same version of the same software, and everyone accesses the same data in real time. Version control issues and sync problems are entirely avoided when everyone is working in the live system with live data, and Microsoft’s Azure platform ensures that issues due to transient hardware failures are a thing of the past.

When the company has workers that must operate from their local computers, NOOBEH can enable a solution to keep SharePoint in sync with the cloud server, ensuring that workers on and off the server are able to reach the most current version of the files. Users working in QuickBooks can interact directly with SharePoint files and folders by using the native Windows File Explorer where users operating on their local PCs access SharePoint via OneDrive or via the web. This approach delivers the best of both worlds to businesses who need more flexible modes of operating.

Contact us today to find out more about how we can help your business do more in less time, improve efficiency and work more effectively with a system that works where and when you need it.

jm bunny feetMake Sense?

J

Posted on

Cybersecurity Terms Every Business Owner Should Know, and Zombies are Bad

The world of cybersecurity constantly changes, making ongoing education the key to understanding the threats businesses face and how to possibly deal with them.

Cybersecurity is often defined as a set of techniques for protecting an organization’s digital infrastructure – the networks, systems, and applications – from being compromised by attackers and other threat actors. Cybersecurity is comprised of the efforts to design, implement, and maintain security for any organization network which is connected to the Internet.

Cybersecurity is made up of the technology, people, and processes which create strategies to protect sensitive data, ensure business continuity, and safeguard against financial loss.

To understand what cybersecurity entails, it is important to have a basic understanding of the relevant terminology.

Starting with a few that are frequently misused, here are some cybersecurity terms to add to your business vocabulary.

Data are the bits and bytes. When multiple bits and bytes are combined, they make up information. Knowledge is required to turn information into action.

A threat is the possibility that something bad that might happen, while a risk includes the probability of the bad thing happening and the possible result.

Risk Management is the process of responding to the possibility that something bad might happen. Traditionally, there are four options for managing risk in the business: accept it, transfer it to someone else, avoid it altogether, or mitigate it (reduce the severity).  To manage cybersecurity risk, many businesses establish requirements or controls to identify activities, processes, practices, or capabilities an organization may have. Controls may or may not be mandatory, but requirements generally are.

Information Security, or Information Assurance, is the protection of facts, news, knowledge, or data in any form. Information Assurance is an important aspect of preserving business resources and is often combined with cybersecurity, although it isn’t squarely in that area. Where cyber addresses digital, information security must also address non-digital such as paper, human knowledge or memorized, stone tablets, pictures, and signals or whatever.

Authentication is the process of proving an individual is who they say they are (claiming an identity and then proving it), whereas authorization is the use of access controls to determines and enforces what authenticated users are permitted to do within a computer system. Access Controls are the means and mechanisms of managing access to and use of resources by users.

Audits, in cybersecurity, are usually performed after a security incident. In general, an audit is an official inspection of some type. An assessment is often more like a health check for gauging capability or status. Audits may be performed internally or by outside entities. Compliance is meeting a requirement, whether internal or external. Sometimes these are regulatory requirements where a certification or attestation of some type is shown. Both audits and assessments may be required to be compliant with certain standards or designations.

A cyberattack is any attempt to violate the security perimeter of a logical environment. This could be a single computer system, a local or wide-area network, a cloud server, etc. – whatever is within your “perimeter” and is interconnected with your systems, regardless of location in the physical world. Cyberespionage, on the other hand, is the unlawful and unethical act of violating the privacy and security of an organization for the purposes of leaking data or disclosing internal, confidential, or private information.

And then there’s malware (malicious software), which includes any code that is written for the specific purpose of causing harm, disclosing information or in some other way violating the security or stability of a system. The malware category includes lots of different types of terrible and potentially damaging programs including virus, worm, Trojan horse, logic bomb, backdoor, Remote Access Trojan (RAT), rootkit, ransomware, and spyware/adware and more.

To better-secure your systems, multi-factor or two-factor authentication is suggested. Multi-(multiple) factor and two-factor authentication are a means of verifying a “claimed” identity using two or more types of proof (authentication factors). The password is typically the initial proof provided, and the other factor/method might be SMS to your phone or possibly an authenticator app.

For example: You claim that the email address is your identity, and you verify that by entering your password. That is one “factor” that proves your identity. But if your password gets hacked or revealed, it would be good to have another layer of protection on that login. Two is better than one in this case; MFA (multi-factor) and 2FA (two-factor) authentication is considered stronger than any single factor authentication and requires another method (factor) of identification to prove your identity.

Finally, there are zombies. Yes, Zombies. This is a term that relates to the concept of a malicious network of “bots” (a botnet). Botnets are made up of poor, innocent computers that are compromised by malicious code so that they can run remote control or other agents. The agents give the attackers the ability to use the system’s resources to do nefarious things, like perform illicit or criminal actions. The zombie can be the system that hosts the malware agent of the botnet, or it could be the malware agent itself. Either way, zombies are bad.

Security is an essential consideration for every business, and the Internet and the interconnected design of today’s technology has made things so much more complicated. The most important thing is to be aware of the threat and how that landscape is changing, and to educate team members so that everyone in the company participates in keeping the system, and the business, protected.

jm bunny feetMake Sense?

J

Posted on

The Question You Never Want to Have to Ask

Why MFA Shouldn’t Be Optional

“Do you offer any help for decrypting files due to ransomware?”

This is a question we are asked with more frequency than ever before. And, sadly, it is often followed up with the information that their files were on “an internal server that was missed in the backup protocol by IT”.

Email phishing and brute force attacks are the most common methods cyber criminals use to get into your business network where they can set up to initiate ransomware attacks. The ransomware (malware) encrypts your data, which becomes unrecoverable without the decryption key. Usually, the only way to recover from a malware/ransomware attack is to rebuild systems and restore data from backups. If you have backups.

A “brute force” attack is typically used to get personal information such as passwords or passphrases, usernames, and Personal Identification Numbers (PINS). Scripts or specialized apps are used to carry out a string of continuous attempts to get the information desired. Cybersecurity researchers at Coveware analyzed ransomware attacks during the second quarter of 2021 and found that phishing and brute force attacks on unsecured desktops (remote and local) are among the most popular entry points for starting ransomware attacks. This is at least partly because it is relatively cheap and can be highly effective.

Phishing attacks are when cyber criminals send emails containing a malicious file attachment or hyperlink directing to a compromised website that delivers ransomware. Attacks against desktop logins include methods where cyber criminals use brute force to leverage weak or default usernames and passwords – or even get access because they got legitimate login credentials via a phishing email.

Software vulnerabilities and web-based application services are also among the popular vectors for delivering ransomware or exposing corporate networks to cyber criminals. While this type of attack is somewhat less frequent than the others, they are often leveraged by some of the most sophisticated and disruptive ransomware groups and nation/state bad actors.

  • Sodinokibi – also known as REvil – is responsible for some of the most high-profile ransomware attacks this year, including the massive ransomware attack on customers of Kaseya.
  • Contij – one of the most high-profile attacks by the group was the attack against the Irish healthcare system. Healthcare services across Ireland remained disrupted for months.
  • Avaddon – ransomware distributed via phishing emails.
  • Mespinoza and Hello Kitty are new forms of ransomware recently identified.

All of these have a common purpose in that they take advantage of weaknesses in security and exploit phishing tactics to lay the foundation for an attack on your network and possibly others.

Keeping systems updated, applying security patches and application software updates is an important aspect to keeping things secure. Known vulnerabilities can be exploited to gain access to the network, so keeping up with updates as the vendor supplies them has become more important than ever.

To help protect networks from being compromised, businesses should also apply multi-factor authentication (MFA) to desktop and applications.

MFA is an important tool to help stop intruders from breaching accounts and gaining access to the corporate network, and it can be the difference between keeping your data safe and working or discovering your files are digitally encrypted and completely unusable. Data encryption changes the data into code, and only the decryption key can read the code and return the data to a useable form. If you don’t have the key, the data typically cannot be decrypted.

Cyberattacks continue to evolve in their sophistication and frequency, and consequences of such attacks are growing. Private companies and public agencies alike must adapt their security techniques and embrace new security technologies while providing more end-user education and training.

Mendelson Consulting and NOOBEH Cloud Services take security very seriously and we have the experience and expertise to assist businesses with transforming their operations to be more efficient and effective. Our cloud team works exclusively with private tenant accounts on Microsoft Azure, and offers MFA security and other solutions to protect local and remote resources, helping keep your valuable information safe and available when you need it.

“How can we get started?” is the question you should be asking.

jm bunny feetMake Sense?
J

Posted on

Considering Cybersecurity as Cloud Work Expands

When the pandemic forced many business users to move to remote work, it also forced the network security “boundary” to expand greatly and with great speed. Companies quickly adapted their tools and work so that it could be done somewhat effectively even as the employee working environment changed.  But new security models to match with new working models have not as quickly been adopted.

Business cloud workloads grew, by some estimates, as much as 20% just in the first 6 months of 2020. Yet many of those businesses electing to bring cloud working models to their business also made of the mistake of not expanding their security as they expanded the cloud network. This leaves systems and information vulnerable. Phishing, ransomware, credential theft and web app attacks have increased, catching businesses in their vulnerable states.

“In April to June of 2020 alone, security incidents increased by 188%.”

Even more than on-premises systems, it was the external cloud-based data and applications that were under attack because so many companies expanded their use of cloud services without enhanced security as part of the plan. Any expansion to include the cloud as network also significantly increases security risks. One report found that 35% of businesses made their cloud storage openly accessible to the public, allowing anyone to access it via the internet.

Don’t let your critical information be exposed or put at risk. When you begin using a cloud service, make sure to also address security for the new working mode or it could lead to lost or leaked information or a system breach.

Mendelson Consulting and NOOBEH cloud services take security very seriously. We help our clients keep their applications and data working properly and have a focus on methods to keep information safe regardless of what cloud you work on.

jm bunny feetMake Sense?

J

1 ( https://duo.com/blog/growing-security-safely-in-canada )

Posted on

Finance Department Participation in Supply Chain Management

When most businesses approach Supply Chain Management, the focus is on the item or product – the physical thing that ultimately gets delivered somewhere, somehow. What many businesses do not consider is that the orchestration and timing of “supply chain” activities can have significant impacts on financial performance, reporting and cash flow. The current processes could just be working just “okay”, and not delivering the financial benefit that might be obtained through modernization of technologies and transformations in approaches. The key is to get the right people involved.

One big aspect of seeking to integrate electronic commerce and collaboration with customers, suppliers and payment services is the recognition that supply chain activities involving orders, invoices, payments, and remittances are directly related to finances, revenue recognition and cash management.

For any project to be successful, it should include execs from both the supply chain and finance areas so that all concerns relating to event timing may be addressed to allow proper treatment in the financial statements. After all, the same things that trigger supply chain activities (orders etc) are the same documents which drive finance. When the information is accurate and timely, and when the inefficient manual processes can be replaced with electronic workflows, the business is best positioned to improve cash flow and overall financial performance as well as business value.

Unfortunately, few business owners have a real understanding of the costs associated with manual entry activities and how the direct financial impacts they have. The speed and accuracy of processing orders and invoicing customers means faster cash in, and leveraging the speed of electronic data interchange with suppliers so that “just in time” orders may be placed and logistics processes more fully enabled means cash out when necessary and not ahead of time.

… using a digital transaction for payments allowed [businesses] to hold on to cash longer and better control the timing of the release of funds, something more difficult to control when mailing a physical check. Check fraud remains rampant across many industries. According to an AFP payment fraud and control survey, 70% of U.S. organizations reported check fraud in 2019, responsible for more than $18 billion in losses.” –

source: What Every CFO Needs to Know About Supply Chains; Study published by DiCentral and Lehigh University; 2012

For example, there are many studies which show that purchase orders that are not sent digitally are most often manually processed, and that this manual processing may be done by any number of departments in the company – but most often the job falls to finance. Rather than looking to eliminate the manual entry of data and the errors and delays that come along with it, businesses execs first looked to where the lowest labor cost rests and had them handle the extra data input.

A digital strategy that transforms inefficient manual process into efficient electronic workflows is the better solution. While many companies have approached streamlining of activities by exchanging manual entry operations for data file formatting and imports, they still have not solved the problem as would be with an integration that takes even less human time and effort.

The real goal of any business improvement effort is to improve overall business value. By bringing in finance along with supply chain execs to the “digital transformation” discussion, the business is much better positioned to make real progress in areas that directly impact cash performance as well as long-term business value. It comes down to having all the information and being able to weigh the risks against the potential rewards to be gained from the contemplated changes.

jm bunny feetMake Sense?

J