Posts

Posted on

The Question You Never Want to Have to Ask

Why MFA Shouldn’t Be Optional

“Do you offer any help for decrypting files due to ransomware?”

This is a question we are asked with more frequency than ever before. And, sadly, it is often followed up with the information that their files were on “an internal server that was missed in the backup protocol by IT”.

Email phishing and brute force attacks are the most common methods cyber criminals use to get into your business network where they can set up to initiate ransomware attacks. The ransomware (malware) encrypts your data, which becomes unrecoverable without the decryption key. Usually, the only way to recover from a malware/ransomware attack is to rebuild systems and restore data from backups. If you have backups.

A “brute force” attack is typically used to get personal information such as passwords or passphrases, usernames, and Personal Identification Numbers (PINS). Scripts or specialized apps are used to carry out a string of continuous attempts to get the information desired. Cybersecurity researchers at Coveware analyzed ransomware attacks during the second quarter of 2021 and found that phishing and brute force attacks on unsecured desktops (remote and local) are among the most popular entry points for starting ransomware attacks. This is at least partly because it is relatively cheap and can be highly effective.

Phishing attacks are when cyber criminals send emails containing a malicious file attachment or hyperlink directing to a compromised website that delivers ransomware. Attacks against desktop logins include methods where cyber criminals use brute force to leverage weak or default usernames and passwords – or even get access because they got legitimate login credentials via a phishing email.

Software vulnerabilities and web-based application services are also among the popular vectors for delivering ransomware or exposing corporate networks to cyber criminals. While this type of attack is somewhat less frequent than the others, they are often leveraged by some of the most sophisticated and disruptive ransomware groups and nation/state bad actors.

  • Sodinokibi – also known as REvil – is responsible for some of the most high-profile ransomware attacks this year, including the massive ransomware attack on customers of Kaseya.
  • Contij – one of the most high-profile attacks by the group was the attack against the Irish healthcare system. Healthcare services across Ireland remained disrupted for months.
  • Avaddon – ransomware distributed via phishing emails.
  • Mespinoza and Hello Kitty are new forms of ransomware recently identified.

All of these have a common purpose in that they take advantage of weaknesses in security and exploit phishing tactics to lay the foundation for an attack on your network and possibly others.

Keeping systems updated, applying security patches and application software updates is an important aspect to keeping things secure. Known vulnerabilities can be exploited to gain access to the network, so keeping up with updates as the vendor supplies them has become more important than ever.

To help protect networks from being compromised, businesses should also apply multi-factor authentication (MFA) to desktop and applications.

MFA is an important tool to help stop intruders from breaching accounts and gaining access to the corporate network, and it can be the difference between keeping your data safe and working or discovering your files are digitally encrypted and completely unusable. Data encryption changes the data into code, and only the decryption key can read the code and return the data to a useable form. If you don’t have the key, the data typically cannot be decrypted.

Cyberattacks continue to evolve in their sophistication and frequency, and consequences of such attacks are growing. Private companies and public agencies alike must adapt their security techniques and embrace new security technologies while providing more end-user education and training.

Mendelson Consulting and NOOBEH Cloud Services take security very seriously and we have the experience and expertise to assist businesses with transforming their operations to be more efficient and effective. Our cloud team works exclusively with private tenant accounts on Microsoft Azure, and offers MFA security and other solutions to protect local and remote resources, helping keep your valuable information safe and available when you need it.

“How can we get started?” is the question you should be asking.

jm bunny feetMake Sense?
J

Posted on

Considering Cybersecurity as Cloud Work Expands

When the pandemic forced many business users to move to remote work, it also forced the network security “boundary” to expand greatly and with great speed. Companies quickly adapted their tools and work so that it could be done somewhat effectively even as the employee working environment changed.  But new security models to match with new working models have not as quickly been adopted.

Business cloud workloads grew, by some estimates, as much as 20% just in the first 6 months of 2020. Yet many of those businesses electing to bring cloud working models to their business also made of the mistake of not expanding their security as they expanded the cloud network. This leaves systems and information vulnerable. Phishing, ransomware, credential theft and web app attacks have increased, catching businesses in their vulnerable states.

“In April to June of 2020 alone, security incidents increased by 188%.”

Even more than on-premises systems, it was the external cloud-based data and applications that were under attack because so many companies expanded their use of cloud services without enhanced security as part of the plan. Any expansion to include the cloud as network also significantly increases security risks. One report found that 35% of businesses made their cloud storage openly accessible to the public, allowing anyone to access it via the internet.

Don’t let your critical information be exposed or put at risk. When you begin using a cloud service, make sure to also address security for the new working mode or it could lead to lost or leaked information or a system breach.

Mendelson Consulting and NOOBEH cloud services take security very seriously. We help our clients keep their applications and data working properly and have a focus on methods to keep information safe regardless of what cloud you work on.

jm bunny feetMake Sense?

J

1 ( https://duo.com/blog/growing-security-safely-in-canada )

Posted on

Into the Sunset with QuickBooks 2018

Every year when the new editions of QuickBooks desktop editions are released, Intuit discontinues services for certain older versions. This is referred to as the sunset of the version. In general, a QuickBooks desktop edition can live for up to 3 years. After that time, all bets are off. The software might continue to work, but connected services won’t, and there will certainly be no security or compatibility updates beyond that point. For businesses using QB 2018 and planning to continue using their QuickBooks software and data – you need to upgrade your QuickBooks software now.

Intuit generally notifies customers in various ways about the discontinuation of QB editions. Granted, there is a lot of other advertising about QuickBooks that users receive, so it isn’t unusual for these notices to be missed. But the software will also tell you, and those notifications shouldn’t be ignored.

May 31, 2021 marks the end of access to add-on services for QuickBooks Desktop 2018 (Windows).

This means that all Windows versions of QuickBooks Desktop, including Pro, Premier and Enterprise 18 will no longer be able to connect to add-on services like payroll or merchant services. For Pro and Premier users, the software will continue to run, but there won’t be any availability of add-on or connected services or live technical support.

From Intuit: “Your access to QuickBooks Desktop Payroll Services, Live Support, Online Backup, Online Banking, and other services through QuickBooks Desktop 2018 software will be discontinued after May 31, 2021. “

The discontinuation (sunset) also means that you’ll no longer get critical security updates for the QuickBooks 2018 software. With this being the case, and especially if you expect to continue using your QB 2018 software without connected services, make sure to install all security and other updates your software receives prior to June 1, 2021.

Here’s the list of products impacted by the discontinuation of services after May 31, 2021.

If your business uses any of these services and you want to continue using them, your option is to upgrade to the latest version of QuickBooks Desktop

  • QuickBooks Desktop Pro 2018
  • QuickBooks Desktop Premier 2018 (General Business, Contractor, Manufacturing & Wholesale, Nonprofit, Professional Services, and Retail)
  • QuickBooks Enterprise Solutions 18
  • QuickBooks Premier Accountant Edition 2018

Products for which services will be discontinued after April 27, 2021

QuickBooks Desktop Point of Sales 18.0 and 19.0 will lose access to QuickBooks Desktop Point of Sale 12 payments services

Products for which services will be discontinued after August 10, 2021

QuickBooks Desktop Point of Sales 18.0 will lose access to QuickBooks Desktop Point of Sale 18 payments services

Mendelson Consulting was the first and remains the best source for QuickBooks Enterprise and other QuickBooks software solutions and services.

If you know what you need and just want to get your updated QuickBooks software now, visit The QB Store now to buy online. It’s fast and easy and you’ll get your new software right away.

When you need a consultation regarding which editions of QuickBooks might be right for you, the team at Mendelson Consulting will help you select the right product. For data conversion, implementation, training, file repairs and any other services around the use of QuickBooks, Mendelson Consulting is the place to go.

The NOOBEH Cloud team, specializing in deploying QuickBooks on Azure, provides fully-managed hosting and cloud IT consulting to help your business implement a platform that delivers the resiliency and performance you need to keep things running smoothly.

Posted on

Finance Department Participation in Supply Chain Management

When most businesses approach Supply Chain Management, the focus is on the item or product – the physical thing that ultimately gets delivered somewhere, somehow. What many businesses do not consider is that the orchestration and timing of “supply chain” activities can have significant impacts on financial performance, reporting and cash flow. The current processes could just be working just “okay”, and not delivering the financial benefit that might be obtained through modernization of technologies and transformations in approaches. The key is to get the right people involved.

One big aspect of seeking to integrate electronic commerce and collaboration with customers, suppliers and payment services is the recognition that supply chain activities involving orders, invoices, payments, and remittances are directly related to finances, revenue recognition and cash management.

For any project to be successful, it should include execs from both the supply chain and finance areas so that all concerns relating to event timing may be addressed to allow proper treatment in the financial statements. After all, the same things that trigger supply chain activities (orders etc) are the same documents which drive finance. When the information is accurate and timely, and when the inefficient manual processes can be replaced with electronic workflows, the business is best positioned to improve cash flow and overall financial performance as well as business value.

Unfortunately, few business owners have a real understanding of the costs associated with manual entry activities and how the direct financial impacts they have. The speed and accuracy of processing orders and invoicing customers means faster cash in, and leveraging the speed of electronic data interchange with suppliers so that “just in time” orders may be placed and logistics processes more fully enabled means cash out when necessary and not ahead of time.

… using a digital transaction for payments allowed [businesses] to hold on to cash longer and better control the timing of the release of funds, something more difficult to control when mailing a physical check. Check fraud remains rampant across many industries. According to an AFP payment fraud and control survey, 70% of U.S. organizations reported check fraud in 2019, responsible for more than $18 billion in losses.” –

source: What Every CFO Needs to Know About Supply Chains; Study published by DiCentral and Lehigh University; 2012

For example, there are many studies which show that purchase orders that are not sent digitally are most often manually processed, and that this manual processing may be done by any number of departments in the company – but most often the job falls to finance. Rather than looking to eliminate the manual entry of data and the errors and delays that come along with it, businesses execs first looked to where the lowest labor cost rests and had them handle the extra data input.

A digital strategy that transforms inefficient manual process into efficient electronic workflows is the better solution. While many companies have approached streamlining of activities by exchanging manual entry operations for data file formatting and imports, they still have not solved the problem as would be with an integration that takes even less human time and effort.

The real goal of any business improvement effort is to improve overall business value. By bringing in finance along with supply chain execs to the “digital transformation” discussion, the business is much better positioned to make real progress in areas that directly impact cash performance as well as long-term business value. It comes down to having all the information and being able to weigh the risks against the potential rewards to be gained from the contemplated changes.

jm bunny feetMake Sense?

J

Posted on

It’s Not Easy Being Small – Thoughts on the Disruption and Rethinking Business Priorities

The global pandemic has been the source of disruption to business and personal lives for over a year now and businesses have found that, regardless of the challenges they face, business must continue.

With operations and supply chains strained and positive cash flow at a premium, companies everywhere are focusing on the fundamentals while enabling work-from-home and distancing mandates. COVID-19 has, in many ways, become the event that is forcing many businesses (and entire industries!) to rethink how they operate, and to look to transform their global supply chain models.

A fact that can’t be argued with is that the pandemic has exposed where many businesses are vulnerable, being heavily dependent on supplies of raw materials or finished products that are no longer readily available.

What’s also been exposed is the lack of agility in business I.T. infrastructure, as operations struggle to find ways of continuing operations with reduced personnel or users working from various locations and finding that their systems aren’t really helping in those efforts.

“Supporting small manufacturers has probably never been more important that it is now”, said a panelist at the “National Conversation with Manufacturers” session hosted by the National Institute of Standards and Technology’s Hollings Manufacturing Extension Partnership (NIST MEP). While larger companies are certainly impacted by what’s happened this year, small manufacturers face the challenge of running a company with a smaller available base of resources, technology and supporting tools.

“The conversation’s participants represented very small manufacturing companies with fewer than 20 workers. They all recounted a mad scramble over the past six months. First, they had to figure out whether their operations were essential enough to stay open under their state-mandated shutdown orders.

Then began the efforts to keep their workers safe, implement cleaning regimens, source protective materials, respond to public health protocols that evolved during the pandemic, determine what emergency support they qualified for, and go through the steps to access funds. All of this was being done with a small staff that needed also to continue getting product out and deal with obstacles to normal operations. Hurdles included delays and disarray in the supply chain, disruption in cash flow, with both account receivable extensions and overnight changes in credit terms, shipping impediments and customers still expecting on-time deliveries.”

https://www.nist.gov/blogs/manufacturing-innovation-blog/sometimes-its-not-easy-being-small-manufacturer?utm_medium=email&utm_source=marketingcloud&utm_campaign=

To add to the troubles, disruptions in global trade with China have created significant impact in supply chains worldwide. Companies who rely on direct and secondary suppliers in China are currently experiencing significant disruption, and this is likely to continue. But it isn’t just China… countries around the globe are experiencing challenges with having enough personnel, materials and technology to deliver their goods.

For so many years, businesses have focused on optimizing their supply chains to minimize costs, reduce inventories, and increase asset utilization. This streamlining has also removed the buffers and the flexibility to absorb disruption. COVID-19 has shown that many companies aren’t aware of their vulnerability when supply chains suffer from a global shock of some type.

So, how can organizations respond to the immediate challenge?

There are steps that businesses can take to help address the changing conditions facing businesses today, and a major item that should be addressed is the alignment of IT systems and support to evolving work requirements. Further, enhancements in operational systems should be made to illuminate the extended supply network and enhance inbound materials visibility, and a new focus on production scheduling agility as well as evaluating alternative outbound logistics options should be approached.

NOOBEH’s cloud solutions have been the foundation for business continuity and operational support throughout these difficult times.

We’ve helped companies around the country implement Microsoft Azure cloud servers where they are able to run their entire operations. From order entry, manufacturing, inventory management, pack and ship, and through to accounting and finance – businesses run their applications, integrations and services that allow them to keep the business operating even with reduced personnel or as their users are forced to work from home. OneDrive and SharePoint file storage, and TEAMS for closer collaboration and simplified access to information, helps hybrid working models and distributed workgroups stay in step with projects and business goals.

As a Microsoft Cloud Solution Provider, Mendelson Consulting and NOOBEH provide and administer Microsoft 365 and Azure services, enabling us to more closely manage the licensing and computing platform to make sure it works in the best possible way for your business. With NOOBEH managing your services, you get predictable performance at predictable costs, allowing your business to operate without interruption or subscription overages.

As the past year has proven, life is unpredictable. Let Mendelson Consulting and NOOBEH help your business implement the cloud services and technologies that will give your organization the ability to adjust to changing conditions because you’ll have the most agile IT platform available.

jm bunny feet

Make Sense?

J

Posted on

Intuit Reduces Migration and Support Options For Moving From QuickBooks Online to QuickBooks Desktop

Mendelson Consulting Offers Cloud and Migration Options

Need to convert data in QuickBooks Desktop to QuickBooks Online? You can get help from Intuit with this. Need to go the other way and convert from QuickBooks Online to QuickBooks Desktop? Not so much… So please read on.

In a surprise (and very quiet) announcement to QuickBooks Solution Providers, Intuit recently announced that it no longer freely provides data export functionality that allows businesses to convert their data from QuickBooks Online to QuickBooks Desktop. As of 12/18/2020, if you want to move your data from QuickBooks Online to QuickBooks Desktop, you have different options for how to do it and will get less support from Intuit in the process.

It is no great surprise that Intuit made this move. Even prior to ending the service, exports from QuickBooks Online to 2021 versions of QuickBooks Desktop had become quite difficult anyway. Requiring users to login to their Intuit account to create a new company file interrupts the QuickBooks Online attempt to create a new file in QuickBooks Desktop during the conversion, so the entire process became broken. (Note: Our solution is to create the new QuickBooks Desktop file in an earlier version of QuickBooks that does not force the Intuit account login, for example 2019, and subsequently upgrade to the latest version 2021).

The QuickBooks Online web-based service locks you into a subscription, delivering recurring revenue to Intuit. Logic follows that now it has become more difficult to get the data back out of QuickBooks Online in a useful way.

Intuit is still allowing businesses to migrate list data out of QuickBooks Online (think Customers, Vendors, Items lists only), but this is not a very clean process for migrating an entire company data set. Particularly since it involves exporting lists to Excel, manipulating or massaging the data and then importing into QuickBooks Desktop. You can see how this introduces a variety of ways to mess it up. And still this does not get the historical transaction data.

Another consideration is that QBO allows businesses to alter the screens and data stored in the product, and to use that data in ways that QuickBooks Desktop doesn’t necessarily understand. For example, simply adding a field called “job” to invoices in QBO does not mean that QuickBooks desktop would see that data and recognize it as a Customer:Job. That field in QBO doesn’t actually mean anything other than to the user so it isn’t something that could be automatically understood in a conversion. For any conversion of data to be done properly, there needs to be a clear understanding of what data is stored in QB Online, how it is used, and how that data needs to be translated to QB desktop.

Mendelson Consulting has a team of experts available to help with converting your QuickBooks Online information into useful QuickBooks desktop data, offering a thorough review of QBO is being used and mapping that information to how QuickBooks desktop should be set up and the data migrated. Better than a blindly automated process, this option for converting your QBO data to QBD provides a much greater assurance that the financial and other business data is migrated correctly and properly.

What about cloud? There is actually a better option than QBO for businesses that want to benefit from managed infrastructure and anytime/anywhere cloud models, and it does not require that the business lock itself and its future in a web-based application like QuickBooks Online. The better option is to have QuickBooks Desktop and other applications in a private cloud, as with NOOBEH’s QuickBooks on Azure service.

Our options for QuickBooks Desktop in the cloud offer far more than just QuickBooks. NOOBEH does not lock you in to any specific software application, version or working model. Rather, we provide businesses with the ability to run all their applications and manage their data in a familiar Windows environment, but not be tied to any hardware or physical location.

Running applications and data on private Microsoft Azure cloud servers lets even the smallest of businesses benefit from enterprise-class technology and IT platforms and get them affordably. The best part is that there is no vendor lock-in and no limitations on moving to other applications or services. If business needs change, NOOBEH can help the environment adjust to what the business needs, and not the other way around.

When the business needs more functionality, more application support, more process support and more flexibility to meet changing needs and conditions, then the business needs Mendelson Consulting and Noobeh.

jm bunny feetMake Sense?

J