Category: information security

Posted on

Preparing Your Business for Technology Outages

There is a lot of discussion today about how our children are growing up in a world where high technology is simply part of life and lifestyle.  I even read an article about how people are evolving because of the availability of information; evolving to the point where we no longer store and retrieve information, but store information on how to get information.  The article cited an example of someone who couldn’t recall the name of an actress in a movie they had seen, so the immediate response was to search for the answer on Google.  In the past, people relied upon memory and found various ways to mentally associate and store information so it was able to be recalled.  Now, there’s an app for that.

Are we losing our ability to effectively store and recall information?  Are we forgetting how to do things before we had technology to help us?  It might even make one wonder about how technology-dependent society has become. Consider the ruins of past civilizations where seemingly impossible structures are found. These structures cause questions about the technology available at the time as we wonder how they came to be.  The knowledge was there at some point but is now lost to time.

Is your business at risk from a similar fate?  Loss of business institutional knowledge and operational intelligence is often a problem, especially as a business grows. Too many companies fail to consider critical issues such as knowledge management and sustainability.  Finding ways to capture business knowledge and protect it is essential in every organization, whether small business or large enterprise.

Small businesses are often centered on an owner who started the operation, and who just knows how things are done.  The primary goal in this situation is to capture that knowledge and turn it into process.   Only through this approach may a business begin to reduce its reliance upon a single individual, a critical step in creating both sustainability and continuity in the business. In larger enterprises, process and structure are essential to keep the various parts and participants moving in the same general direction and toward the common goal.

Once those processes are established, generally using technology to support or facilitate them, is that the end of the task? 

Many businesses believe that establishing software-supported workflows and standard processes is sufficient to keep the company operating. If a major system or technology failure occurs, workers are left standing around unable to get their jobs done.  In the worst cases, there isn’t anyone in the business who really understands how to pull things back together or there is no longer access to electronically stored information necessary to continue operations. 

How would you handle things if your systems – your computers and software and systems – were no longer available to you?

While GPS and autopilot systems can bring tremendous efficiencies to the process of flying, they also can give a false sense of security that encourages complacency. If something goes wrong, the autopilot will adjust and the computer will tell you where to go, won’t it?

Here is where technology has the ability to distract pilots–and entrepreneurs–from asking themselves if they’re both focused on and capable of solving the right problems. inc.com

Every business must consider how they would address a severe information technology outage and should take steps to protect and preserve business knowledge so that there is some hope of recovery from such an event. 

Mendelson Consulting and the Noobeh cloud services teams help businesses implement efficient workflows, consistent and effective processes, and technology to secure, support and maintain operational readiness. No matter how redundant the tech is or how thorough the planning is, there is always a possibility of an outage. Owners and managers should understand how to continue operations and handle business in the event the technology fails unexpectedly.

jm bunny feetMake Sense?

J

Posted on

Phishing, Cybersecurity and Your Small Business

Phishing can have a significant and often devastating impact on small businesses. Unlike larger organizations, small businesses typically have fewer resources to dedicate to cybersecurity, making them an attractive target for cybercriminals.

Small businesses can be impacted by phishing and other types of attacks in ways that might not have been considered before. Here are some of the more common ways that phishing attacks can impact the business:

Financial Loss
Phishing attacks often result in direct financial losses due to funds being stolen, fraudulent payments being made, and ransoms being paid. Cybercriminals often use phishing emails to trick employees into transferring money to fraudulent bank accounts, and attackers may impersonate legitimate vendors or clients to request fake payments. Worse, phishing emails can be used to deliver ransomware, locking up or encrypting critical systems or data until a ransom is paid.

For small businesses, even a single financial loss can be catastrophic.

Data Breaches
Phishing can lead to the compromise of sensitive business information or customer data, such as customer personal information or payment details, employee credentials or other private information of the employee, or business trade secrets and other proprietary business data. Data breaches can easily result in legal liabilities, fines, and damage to the business reputation.

Reputational Damage
When a phishing attack exposes sensitive customer information or disrupts services, it erodes customer trust. This can lead to clients taking their business elsewhere and makes attracting new customers harder. It could also impact vendor relationships, causing partners to view the business as a weak link in the supply chain.

Operational Disruption
Cyber-attacks, including phishing attacks, can disrupt business operations and cause numerous problems. Ransomware or malware delivered through phishing emails can render IT systems unusable, causing loss of productivity. If employees lose access to critical tools, files, or data, there will be delays in work and projects. Businesses also must divert time and resources to recover from attacks, taking away from regular business operations and revenue-generating activities.

Why Small Businesses Are Often Targeted
Small businesses are rich targets for cyber-attacks, especially phishing, because they often have weaker defenses compared to larger enterprises. Often made up of a few trusted employees, small businesses are attacked in ways that exploit trust and personal familiarity. Due to many small businesses having weaker cyber-defenses, attackers can find high payoffs in financial rewards or valuable data with a single successful phishing attack.

Noobeh Helps Businesses Protect Themselves
Every business should teach their employees how to recognize and report phishing emails, and MFA (multi-factor authentication) should protect all accounts, but human beings can only do so much, so it makes sense to implement tools that can put additional intelligence behind your services and defend your systems to help keep the problem from ever getting to your users.

Our team at Noobeh recommends and provisions Microsoft Defender for Office 365 to block phishing emails and messages with malicious links and content. Advanced email security helps reduce inbox spam and blocks messages from spoofed senders, which helps prevent users from interacting with bad emails and potentially exposing protected information.

Email protection is only part of the needed coverage. Noobeh also recommends having strong endpoint protection solutions to detect and prevent phishing-related malware and other attacks. Microsoft Defender for Endpoints does this, working seamlessly with our remote monitoring and management and your other Microsoft services to provide a higher level of protection for the business.

By understanding the risks and taking proactive measures, small businesses can minimize the impact of phishing attacks and protect their operations, reputation, and customers.

jm bunny feetMake Sense?

J

Posted on

A Hurricane and the Port Workers Strike Force Conversation About Business Resilience and Continuity

Hurricane Helene is one of the biggest storms to have hit the Gulf Coast in years. An analysis done by a scientist at Colorado State University, Helene was larger than almost every storm that has hit the gulf since 1988. Only Opal and Irma were bigger than Helene. The toll in life and property is not small, nor is the disruption of services. There are troubles enough getting help and supplies to impacted areas, so the focus on doing everyday business just isn’t a thing.

To make matters worse, there is a strike going on right now. A big strike that is already impacting supply chains nationwide, and things will only get more strained the longer it lasts.

“The 2024 United States port strike is a labor strike involving over 45,000 port workers who are part of the International Longshoremen’s Association (ILA), impacting 36 ports across the United States primarily along the East Coast and the Gulf Coast.” (Wikipedia)

While there are many people currently facing larger life issues, the entire nation is forced to consider what happens now, and if they weren’t directly impacted by these events, what would they do if they were? It is a bit of a wake-up call for many business owners, because business interruptions can come from all angles, and it is always best to have made at least some attempt at a set of plans for when things happen.

One critical type of plan is about making the business more resilient and better able to recover or adapt. It’s a broad strategic plan that focuses on overcoming unexpected disruptions and adapting to changing conditions or circumstances. This includes addressing business continuity, which is about how operations may be maintained during a crisis. Business continuity planning is part of what makes a business resilient.

The Importance of Business Resiliency

Business resiliency has become a critical factor for success. In today’s rapidly changing world, the ability to stand up to or quickly recover from disruptions is no longer a luxury but an imperative. Resilience means being able to adapt to changes and challenges swiftly, maintaining continuity and minimizing losses. Customers want reliability, so a business that can continue to deliver products and services despite disruptions will build trust and loyalty, leading to long-term relationships and a strong reputation.

A resilient business will have contingency plans for finances, creating buffers to mitigate the impacts of short-term shocks so investments in long-term growth continue. Also, where competitors may struggle to cope, resilient companies may not simply continue to operate but even capitalize on new opportunities that arise from the changing landscape. When a business is prepared for disruptions, it can focus on growth and innovation rather than mere survival.

Technology plays a big role in developing resilience. Cloud solutions can ensure data is backed up and accessible from anywhere, cybersecurity solutions help protect businesses from cyber threats, and automation technologies streamline operations while reducing dependency on manual processes.

Prioritizing resiliency is crucial for small businesses to navigate uncertainties and thrive.

Mendelson Consulting and Noobeh cloud services help businesses of all sizes improve their agility, streamline operations and implement the technologies and services necessary to shore up business and operational continuity and improve overall resilience.

jm bunny feetMake Sense?

J

Posted on

Cybersecurity and Small Business

Small businesses face many challenges as they grow and expand, and chief among them is the growing threat of cyber-attack. As the company grows, its value to cybercriminals grows, too. Implementing comprehensive cybersecurity measures is essential to maintaining customer trust and safeguarding important business data against these threats.

There is a belief among small business owners that their operations are too small or insignificant to be attractive targets for cybercriminals. Cybercriminals, on the other hand, more often view small businesses as easy targets. Why is this? Largely because the bad guys know that the smaller companies aren’t spending on cybersecurity services and tools and aren’t always keeping their workers informed about ways they can participate in keeping things safe.

To help protect the business from cybersecurity threats, it is crucial to invest in some key security measures. Longer and more complex passwords, regular software patching and updating, and periodic training for employees on how to identify phishing attempts and what to do with suspicious emails is a good start. Cybersecurity efforts should scale with the business, and this requires strategic planning that is aligned with the goals and objectives of the business.

The best cybersecurity approaches are built on a secure foundation, and this is what helps to support business growth and expansion. For every business, there are four cornerstones of a solid cybersecurity foundation.

  • Identifying potential cyber threats and understanding the business risk they represent.
  • Enforcing strong password protection and role-based access controls.
  • Following best practices in cybersecurity.
  • Managing documentation and vital business information securely.

Cybercriminals know that smaller businesses generally have limited cybersecurity resources, making small businesses prime targets for phishing and malware. What is the potential impact of falling for a phishing email, or what happens if there is a ransomware attack? Each type of threat carries different levels of risk, and growing businesses should be aware of the potential financial, legal and reputational impacts when evaluating their approach.

Businesses can help their users become part of the cybersecurity plan by regularly training them on phishing methods and ways to avoid ransomware or malware. When users know more about emerging threats and how to recognize and report suspicious things, they become valuable assets in the improvement of cybersecurity of the business.

The first line of defense in cybersecurity is the username/password challenge. Many systems today use an email address as the username or user ID, which means it really isn’t much of a challenge to guess. This leaves it to the password to keep the account secure, so a strong and unique password is necessary.

Making another challenge to the authentication adds another layer of protection to the account. Referred to as 2FA or MFA (two-factor authentication or multi-factor authentication), users may be required to respond to an in-app message, provide a code received via SMS or other, or provide a code from an authenticating application to satisfy the login requirements. This additional challenge to the user identity makes it harder for cybercriminals to gain unauthorized access.

Ensuring the protection of sensitive business information requires controlling what users have access to once they are in the system. If someone were to gain unauthorized access, having appropriate role-based access controls in place would limit their ability to get sensitive data. This is often another area of vulnerability for smaller businesses that don’t implement strict document controls or structures, opting instead for an open self-service model that leaves data available to whomever can get logged in.

With businesses changing frequently, it is important to not just create a framework to limit user access, but to keep user and role-based access reviewed and updated regularly. Software and systems also need to be updated regularly. Known software vulnerabilities should be patched and security updates installed on devices, and policies enforcing updates and antivirus/malware detection should be implemented.

We understand that businesses must enhance their cybersecurity strategies to combat the growing number and type of cyber threats, and it can be challenging just figuring out what to do first. Working with a variety of technologies and specialists, we can help secure your digital environment and keep you better-protected from the bad guys.

jm bunny feetMake Sense?

J

Posted on

Deadline Approaching for QuickBooks Desktop Users

All QuickBooks Desktop Users Are Required to Upgrade to a Current Subscription Model by Sep 30. Yes, the time has come to buy in to the software subscription model or lose access to your books. But at least you get to keep using QuickBooks desktop software, which is worth a lot of you’re already invested in QuickBooks.

Effective Sep 30, 2024, all existing users of QuickBooks Desktop Pro, Premier, Mac, and Enterprise Solutions v21 (and earlier) must transition to the annual subscription model. For Pro and Premier users, this is a short reprieve. Previously Intuit had announced a July deadline for renewing Pro/Premier licenses. After the now-September deadline, there won’t be any new sales of Pro or Premier licenses. With some of the recent price increases it almost becomes a moot point, as QB Enterprise is now priced similarly (less?) than Premier.

Something notable in all of this is that versions sold under non-subscription one-time licenses will be discontinued entirely. That is just fine for many users, however, as the much older versions don’t “phone home” to authorize the license, so they can keep working. The downside to that is vulnerability. Outdated and unpatched software is more vulnerable to risk than software that is actively updated to protect against various exploits. Best practices demand keeping software updated and patched. Being out of support with your business financial and accounting software is not a position you want to find yourself in.

Starting Oct 1, 2024, QuickBooks Enterprise will be the only QuickBooks Desktop version available for new purchases. For very small businesses, this is going to be a challenge as QB Enterprise is not as affordable as Pro was. These businesses may find that QuickBooks Online works for them, but they will not only miss out on a great deal of QB Desktop functionality that is not present in Online, but they will also be locked into the QuickBooks Online service model of receiving product updates without announcement, not having a backup of your company data, getting bombarded with a revolving door of add-on apps, and having literally no control whatsoever of where your data lives and how Intuit and its companies are accessing it.

If you are using an older version of QuickBooks Desktop, upgrading to the subscription model before the deadline is crucial to avoid any interruption of services.

What does this mean?

  1. Service Discontinuation:
    Failure to upgrade will result in the discontinuation of services such as QuickBooks Desktop Payroll, Payments, Online Backup, online banking, system updates, security patches, and live support. This could potentially disrupt your business operations.
  2. Immediate Action Needed:
    To ensure uninterrupted business operations, we strongly recommend planning your upgrade without delay.
  3. Advantages of Upgrading:
    Intuit encourages existing Desktop subscribers to upgrade to the current version (Desktop 2024) to benefit from the latest features, improvements, security updates, and bug fixes. Updated software also improves compatibility with current versions of Windows, Microsoft Office applications, Gmail services and other solutions that use modern methods of account protection and authentication.

At that time, you may also want to consider your alternatives to how and where you run your QuickBooks Desktop software.

Intuit offers “cloud access” with their QuickBooks Enterprise licensing, but this option is not your only or best option for running your QuickBooks Desktop/Enterprise software in the cloud.

With the bad guys (hackers) and malware being as prevalent as they are, businesses must be vigilant in securing their business and financial information. Shared hosting platforms where service providers allow many users from many businesses to operate on the same servers simply cannot provide the level of security or protection most businesses need.

Noobeh QBonAzure offers some limited shared hosting, but only for customers that have limited requirements and only for a few users. When a company needs more than just “vanilla” hosting for their valuable financial data, we strongly recommend going the private route and having your own cloud server.

Not just a “dedicated” server in a service provider’s network, Noobeh works only in the private Microsoft account of each customer, ensuring that there is absolutely no sharing of any resources with other customers. This allows us to build a system that works specifically for your business, with all the applications and services needed to support all aspects of operation. There aren’t different levels of service or service packages; each system is built and sized for the customer’s unique requirements, and we don’t charge per-application or silly things like that. You need what you need to run your business, and we host that.

Connect with us if you have any questions or need assistance during this transition. We will help you navigate the changes and understand how best to proceed for your business and circumstances, engaging with the right products and services to ensure continuity and set you up for greater future success.

jm bunny feetMake Sense?

J

Posted on

Cybersecurity and Retail Should Always Go Together

Retail cybersecurity is a critical concern for every business in the retail industry, which is why cybersecurity and retail should always go together. Retailers are prime targets for cyberattacks due to the valuable customer data they collect, which usually includes personally identifiable information (PII) and credit card numbers. Retailers can handle large volumes of customer data, which becomes an attractive target for cybercriminals seeking to profit from selling it on the dark web.

Recent statistics from various sources suggest that more than 24% of cyberattacks specifically target retailers, making it one of the most heavily targeted industries. Roughly one third of retailers cite cybersecurity concerns as their primary obstacle in transitioning to e-commerce, with cost and technology barriers coming close behind.

For the bad guys, however, it is all about the money. Almost all retail cyberattacks are driven by financial motives. When consumer data is compromised, most of the information exposed consists of payment information and personally identifiable data which can fetch a good price on the dark web.

Retail cybersecurity threats occur because the environment tends to have a lot of elements. The hybrid nature of many retail businesses introduces additional risk, where brick-and-mortar stores are combined with e-commerce platforms and services.

NFC (Near Field Communications) vulnerabilities exist in some payment systems, and many Point of Sale (POS) systems still do not use point-to-point encryption for their communications. Even if communication streams are encrypted, it makes little difference if the software has known vulnerabilities or if insecure plugins or add-ons are being used.

Cloud-based storage and mobile apps increase the presence of stored data online, which increasingly leads to new threat vectors like cloud-based botnets and more.

The key is for businesses to prioritize security and invest in platforms and solutions that will help protect customer and business data. Critical in this effort is the implementation of IT best practices in regularly updating operating system and application software, limiting the access users have for installing or modifying software on their devices, and always monitoring the systems for vulnerabilities.

Like cybersecurity and retailers, Noobeh and secure IT go together. We help retail and other businesses proactively address cybersecurity challenges so they can protect both their business and their customers. Noobeh cloud services helps retailers secure their business servers and systems, delivering scalable, high availability and highly agile solutions that keep business and finance operations running.

Noobeh provides services for Microsoft 365 and Microsoft Azure platform and deploys solutions for manufacturing, inventory management, multi-channel commerce, EDI, financial and more. Get together with Noobeh and find out how we can help your business operate more securely and with better, more agile and resilient IT.

jm bunny feetMake Sense?

J