Category: software

Posted on

The nasty surprises hackers have in store for us in 2018

“Hackers are constantly finding new targets and refining the tools they use to break through cyberdefenses. The following are some significant threats to look out for this year.

More huge data breaches

The cyberattack on the Equifax credit reporting agency in 2017, which led to the theft of Social Security numbers, birth dates, and other data on almost half the U.S. population, was a stark reminder that hackers are thinking big when it comes to targets. ..

Ransomware in the cloud

… The biggest cloud operators, like Google, Amazon, and IBM, have hired some of the brightest minds in digital security, so they won’t be easy to crack. But smaller companies are likely to be more vulnerable, and even a modest breach could lead to a big payday for the hackers involved.

The weaponization of AI

This year will see the emergence of an AI-driven arms race. Security firms and researchers have been using machine-learning models, neural networks, and other AI technologies for a while to better anticipate attacks, and to spot ones already under way. It’s highly likely that hackers are adopting the same technology to strike back…”

Source: The nasty surprises hackers have in store for us in 2018

Posted on

‘Tis the (Filing) Season – Time for W2s and 1099 Reporting

1099-santa-hatEvery year-end brings with it not just the holiday spirit, but also the underlying dread felt by small business owners – a creepy and back-of-your-neck hair-raising feeling associated with annual business tax reporting and filing. That old saying about “death and taxes” has a lot of validity to it; sometimes they feel like the same thing to a small business owner. And this is the filing season. Ho ho ho.

The reporting requirements for small businesses seem to be growing at a rapid pace, and business owners are struggling to find the information and tools that ease the adjustment to increasingly burdensome reporting and compliance. The IRS has implemented a number of measures to increase tax revenues and enforce compliance, including stricter 1099 reporting requirements. With information provided at both ends of the “transaction” it is easier to identify those discrepancies which trigger audits.   With this type of business intelligence, the IRS has developed a fairly strong weapon to combat non-compliance, so small business owners need to really pay attention (the IRS is).  If the feds are tooling up, then business owners should, too.

Just to add to the seasonal festivities, make sure you upgrade your accounting software in time to benefit from the right rules and forms. If you run a small business and keep most of your information on spreadsheets (still? really?), that’s OK because there are solutions available which draw the information from spreadsheets, eliminating the need to re-enter data. Seriously, though, you should consider using actual bookkeeping or accounting software.

It is also important to remember that payroll tax filing dates for W-2s and 1099 forms were changed for 2016 taxes, and these changes continue for 2017. The filing deadline for 2017 W-2s and 1099 forms (including Form 1099-MISC) is January 31, 2018, which is a month earlier than the pre-2017 filing date. Thankfully, the deadline for providing W-2 forms to employees and 1099-MISC forms to other workers for 2017 has not changed. This deadline is still January 31, 2018. 

Using a cloud-based service to file 1099s online should be something your business considers doing if it isn’t already. Because most services include form and feature updates, users don’t have to go looking for the right documents or worry that they are using an outdated form.  In an online or hosted solution, users benefit from updates without downloads and get stricter security around their data than would likely be present on their own PC.  As it relates to your accounting software, make sure it has the capabilities you need in this area and don’t settle for limited functionality.

Here are some features you’ll want to look for in your e-filing solution this year:

  • The ability to print and/or mail forms to recipients as well as e-filing forms directly with the IRS or SSA
  • Have Form 1096 or W-3 automatically calculated and transmitted electronically with the detail forms
  • Upload volumes of data with Excel templates or import from your accounting software (saves time and reduces input errors)
  • Store data securely and provide full access to filed forms for multiple years
  • Maintain payer and recipient records securely for use year after year.
  • Encrypt data upon submission and keep it encrypted throughout the entire process
  • Supports 1099 Corrections (should allow filing of corrected forms regardless of how the original form was filed)
  • Accountants, Bookkeepers and Tax Preparers should be able to set up multiple payers and file on behalf of many clients from a single account, even filing for all clients at once or via batch submission

Year-end tax filing, especially dealing with 1099s and W2s, is an arduous task for most small businesses and their professional service providers, yet it is one of those things that simply can’t be put off.  Where there is a single income tax return there could be literally hundreds of associated 1099s or W2s to file.  1099 filing in particular has become more of a focus as authorities crack down on contractor versus employer classifications and seek to develop easier identification of audit candidates (something every business owner wants to avoid).

The point of the discussion is that there are cloud-based tools which are highly useful, feature rich, and very affordable… and business owners and their accountants or bookkeepers would be wise to take a look rather than assuming that the general accounting software will do the trick this year and the next.  Remember that tax filing season is an annual event, and being able to rely on a consistently useful solution can make the season a bit merrier (or at least a little less stressful) for all.

jmbunnyfeetMake Sense?

J

Hi! I was looking for the Frangos.

Posted on

QuickBooks 2018 Updates and Enhancements

QuickBooks 2018: Changes You See and Updates You Can’t See

QuickBooks 2018 has been released, and there are a number of beneficial enhancements and changes to the application that many will find very useful.  Sometimes it is the little things – like a past-due stamp that can be printed on invoices when they are re-sent to a customer – that can make getting the work done just a bit easier. Being able to search the chart of accounts is another thing that doesn’t sound like a big deal, but becomes one when you just can’t remember the account number you’re looking for. Frequently having to scroll through the list of accounts is taking more of your time than you’d think it would.

For the most part, it looks like there are some nice and needed changes that come with QuickBooks 2018. These changes address some functionality and usability issues (like supporting multiple monitors) and are visible to the user.  There are also other important changes that come with QB 2018 editions that aren’t quite as visible.

All editions (Pro, Premier and Enterprise) in the US, Canada and UK got some common updates, including:

  • Multiple monitor support
  • Search in the Chart of Accounts
  • Cash/Accrual toggle on reports
  • Past Due Stamp
  • Keyboard shortcuts for copy/paste lines in transactions
  • Secure Webmail option

For folks using payroll, there are now useful reminders for payroll tax liabilities, and for accountant edition users there is now the ability to merge multiple vendor records.  An exciting feature for many users of QB Enterprise is improvement to the sales order fulfillment process, including support for mobile (un-tethered) barcode scanners.

The changes that remain less visible to the user are primarily component updates and security improvements.  Additional encryption for certain PII (personally identifiable information) fields, version updates of framework and database components, and reliance on Internet Explorer v11 are among the items addressed. While these are not visible changes that impact the program functionality directly, they are necessary to keep the product up to date with Windows platform and to modernize the security in the product. In particular, users should pay attention to the requirement for Internet Explorer v11.  While Microsoft continues to promote Edge as the power browser for Windows 10, it is Internet Explorer v11 that QuickBooks requires.

It is important to note that Intuit‘s support for 3rd party applications is sometimes impacted with QuickBooks updates, particularly when it comes to security, encryption and unattended access to QuickBooks data.  Changes made to how QuickBooks encrypts stored credentials (among other things) caused many 3rd party solutions to lose their ability to connect to and sync data with QuickBooks while unattended (like a middle of the night sync, when nobody else is working).  Many applications had to return to a user-attended sync process, where a user in QuickBooks had to manually initiate the sync which allows the application to connect to QuickBooks and run.  With the release of QuickBooks 2018 this issue remains, which means that you should check with your 3rd party software provider regarding any possible automation changes or additional configuration that might be required due to the update.

For those running QuickBooks in a server-based or hosted environment, there are a few additional considerations regarding some of the changes in QuickBooks 2018. Some of these items represent known technical limitations of working in a terminal server/RDS/hosted environment, and sometimes they’re limitations or restrictions based on the technology being used and how it is applied. It is in this area where the suggestion that hosted QuickBooks will work EXACTLY as the program does when locally installed is not entirely true.

Multiple monitor support, for example, may or may not be easily handled by your hosting provider or remote access solution.  In particular, if you access your hosted service as a Remote Desktop or Virtual Desktop, you may have only one actual Window (the remote desktop window) to work with.  Even if your hosted QuickBooks were to attempt to open multiple popup windows so you could move them to different monitors, you’ll still be limited to the dimensions of your remote desktop. If the remote desktop doesn’t span over multiple monitors, then the QuickBooks windows that open in the remote desktop window won’t either.

The option to keep a user logged in to QuickBooks is another item that may not be useful or workable in a hosted environment, and isn’t necessarily a great idea even if running QB on a local computer.  This option keeps the user logged in to the QB “instance” which can make working with lots of company files a bit faster and makes loading/unloading QB seem faster because it doesn’t really unload or shut down.  While it may be convenient to eliminate the wait times during these login processes, the offset in security risk and problematic application functionality may be higher.  Leaving a user connected to QB for a fast login means that an unattended PC becomes a vulnerability as someone could access the app and files without having to enter credentials every time.  In a hosted environment, the functionality tends to leave QuickBooks running in a user session, often causing the user to be unable to launch QuickBooks if they log off and back on to the host system (getting the message that QuickBooks is already running or the company file is already open).

Support for 3rd party integrations varies in hosting environments, too, but the granting of administrative permissions to users is largely consistent: users do not get administrative permissions. This means that some applications which require Windows administrator permissions to run cannot be easily handled in a hosted delivery.  Additionally, applications that run as services on the computer, and particularly those with controls accessible via the task manager, are difficult to manage in a hosted environment because users are generally not able to access the task manager on the machine to start or stop running services.

Among the most challenging items to support in a hosted environment are mobile and handheld scanning devices.  Mobile scanning devices have become essential tools for inventory and product management, providing users with the ability to rapidly access item information by simply scanning a barcode.  Manually keying in data increases the potential for errors, but also requires a machine with a keyboard be nearby. With mobile scanners, workers are able to input item information regardless of whether they have a computer nearby or not (which is often the case in a warehouse or out on the shop or store floor). The software sees the barcode scanner input as though the data were typed in, which eliminates input errors and failed lookups by ensuring the item number is correctly entered every time.

Where the challenge with a hosted solution comes to play is in communicating between the hosted software (QuickBooks in this case) and the scanner device.  Usually, a scanner must be able to “see” the computer running QuickBooks on the local network.  The scanning device, like a networked printer, is able to communicate directly with the PC on the network so it is able to work with the software running on the PC.  When the QuickBooks software is running on the hosting provider’s computers, the mobile scanners in your business location aren’t able to “see” the host computers on the local network so they may not be able to communicate.

The time for software upgrades is also the time to take a look at how you’re implementing the software to ensure that your business has the most effective and easy to manage system possible. Rather than simply installing the new version on top of the old, consider whether your systems and software might be handled in a more cost efficient and useful manner.

If you’re installing the new QuickBooks editions in-house, maybe it makes sense to take a look at doing a server-based approach, which reduces the number of software installs required, centralizes the access and applications which makes managing the system easier, and creates a single system to back up and administer.

If you’re looking to eliminate the burdens of installing and maintaining your software, backing up your systems and dealing with hardware issues, moving to a managed hosting solution may be the right answer.

Software upgrade time is the right time to explore these options, giving your business the opportunity to test out new delivery models and services without impacting the production system.  There is always some element of risk in updating applications, so it is important to make sure things are ready before starting the process. Make sure all systems are fully backed up, and make sure you have the tools necessary to re-install the old versions of your applications just in case there are changes you can’t work with or problems you didn’t expect. If you’re not sure the best way to approach upgrading your QuickBooks system, contact me and we’ll find the right answer together.

Make Sense?

J

Posted on

Mobility and the Cloud – Managing “Bring Your Own Device” and Securing Company Resources

There are lots of reasons why businesses are adopting cloud and Internet technologies in great number, and supporting mobile workers is one of the big ones.  In order for traveling sales people or workers in remote offices to have access to business applications and data, many organizations are turning to hosted and cloud solutions to centralize systems and make enterprise-wide access easier to deliver and manage.

What many businesses are just now realizing, however, is that allowing individuals to use their own mobile devices to access corporate data is exposing the enterprise to new (and often unknown) risk with each and every device and app that gets used.

Most businesses recognize the need to secure corporate systems while allowing users to remotely access resources from home or mobile computers.

Many CIOs and IT managers are failing to address the vulnerabilities introduced through the proliferation of tablets and smartphones in the business. Some enterprises initially embraced the concept of “bring your own device” [BYOD], as it tended to encourage users to work from home or while on the road, increasing employee productivity and keeping workers more “attached” to their jobs – all without the business having to pay for the device.

With growing numbers of reported “rogue apps” and apps that secretly collect and pass data, the potential benefits of allowing workers to use their own devices is rapidly being overshadowed by the risks involved.

Earlier this year, Apple, Facebook, Yelp and several other firms were sued for privacy-infringing apps that, among other things, pillaged users’ address books. …but what if the app uploads a sales representatives’ contact list and the developer then sells it to a competitor? That’s a new type of data leakage that most organizations aren’t ready for.

http://www.cio.com/article/716368/Free_Mobile_Apps_Put_Your_BYOD_Strategies_at_Risk  

Phones, in particular, have not traditionally been viewed by most business owners as a primary platform for information theft or damage – other than when an employee uses one to tell someone something they shouldn’t.  But in terms of intrusion, data theft, application hacking and things like that… not so much.

But that was before phones got really smart.

Phones that most folks carry around now are actually computers with a great deal of processing and storage capacity, and as such are just as capable of running bad programs and being vulnerable to attack as their more obvious portable computer counterparts.  Perhaps they are even more vulnerable because of the “connected” nature of the device, because by its very nature it is geared towards communication of information, not just processing it.

It’s not that hackers and developers of exploits (or just bad code) are necessarily focusing on stealing your business data (well, OK, a lot of them are).  Maybe someone just got lucky one day, when they first realized that the employee phone was the “camel’s nose under the tent” which would get them inside, far enough to deliver access to confidential corporate information and data someone would pay for.  People tend to be the weakest element in the security chain, and exploiting vulnerabilities under the guise of “making things easier” for the user has been a highly successful approach (would you like to sign in with your Facebook account?).

..because attacks that target employees may well end up targeting the employer as well, even if the employer wasn’t the original target.

Whether it is intentional or not, the risk is very present, and every business and enterprise has a responsibility to recognize the vulnerabilities introduced with mobile device use and to do what it can to mitigate that risk.  It is also important to recognize that the risk is not a purely personal one, either.

Since the information held by most businesses also includes the information of others – customers, vendors, partners, etc. – it is essential that the business not expose itself to unnecessary problems (litigation, fines or penalties, or simply lost opportunity) caused by accidental leakage of confidential information belonging to 3rd parties.

For some businesses, the best answer may be to only allow use of devices the business provides, along with clearly written use policies and guidelines.  This approach allows the organization to determine which applications may be installed and to dictate how the device is to be used for business needs.

There are even solutions available which can assist businesses in managing the expenses related to mobile devices in the enterprise, addressing not only security and privacy concerns but also helping to optimize expenditures on mobile devices by monitoring contracts and usage, identifying underused agreements or overage charges, or even identifying contracts still in force which should have been cancelled.

For many businesses, however, allowing users to continue accessing business resources with their personal devices may be desirable for a variety of reasons, cost being only one of them.  If this is the case (as it is most often in small and growing businesses), it is important to make certain that users understand what is and is not appropriate device use, and to inform users on the policies relating to apps which may or may not be allowed and why.

Make sense?

J