risk – Cooper Mann Consulting

April 7, 2026

AI and Cybersecurity: Don’t Trust, Always Verify

Faster, cheaper and more scalable

The advancements in artificial intelligence are reshaping the landscape of cybersecurity, with AI now the single biggest force in the network. AI can discover vulnerabilities faster, it can execute highly scalable automated attacks, and it can help malware adapt and change to avoid detection or gain new capability. In cybersecurity defense, AI is used for real-time threat detection, and it facilitates automated response and triage capabilities, too. But part of the trouble comes from within, where companies are increasingly deploying AI tools without properly securing them, creating entirely new risks for businesses to consider.

The internet is run by machines

Human users versus hackers is no longer a model that applies when it comes to internet security. AI and bot traffic is growing far faster than human user traffic, and automation has given way to AI-driven fraud, account takeovers, credential stuffing and scraping and more. Large-scale attacks are far easier and cheaper to deploy, allowing a literal explosion of bots and automated traffic – machines running machines – across the internet.

You are the product

Free games aren’t really free. Even what seems to be a harmless activity can become a conduit of valuable data, conducting surveillance and recording information. Individual bits of data may not have great meaning, but in aggregate it might. The telemetry gained from devices and applications provides location information, networking and proximity data and more. The exchange of convenience or enjoyment for security and privacy is a well-known tradeoff that bad actors exploit continuously.

Identity is the new attack surface

It used to be that cybersecurity focused on the devices – the endpoints which represented the way into the network. Endpoint security is essential, yet it is the user identity which is the vulnerable element. It has been said that bad actors aren’t hacking systems any longer, they’re just logging in. This means that stolen credentials drive the majority of system breaches. Breaking into and highjacking active sessions, bypassing MFA challenges, and performing other identity-based attacks is now forcing a shift toward continuous authentication and a completely Zero Trust (never trust, always verify) security model.

Cybersecurity has never been easy, but it is harder than ever now that AI is involved. There’s a market out there for enabling the bad guys, like cybercrime as a business model. It’s organized and scalable and terrifying. More than ever before, cyber risk is tied directly to business risk, making security something far more than just IT.

Make Sense?

December 4, 2025February 24, 2026

AI FOMO and Your Business

“AI FOMO” (Fear of Missing Out) has become a major force behind business adoption of artificial intelligence.

Rather than pursuing AI with a clear strategy, too many organizations are investing because of competitive pressure, media buzz, and fear of falling behind. This reactive approach often leads to rushed, expensive, and poorly executed initiatives that fail to create real value—and can even spark internal friction.

Surveys show that a large share of IT leaders and executives—sometimes more than 60%—acknowledge that FOMO significantly influences their AI adoption decisions. This fear is fueled by rapid technological change, assumptions that competitors are gaining an advantage, and limited understanding of what AI can and cannot actually do.

Implementing AI without thoughtful planning or alignment to business needs often results in wasted investments in tools that don’t address real problems. Projects may stall in the early stages or fail to produce any measurable benefit or return on the investment.

Among the biggest challenges with AI centers on data and trust.

When a business puts speed of development above quality and security, it can lead to data errors, AI “hallucinations” and just plain wrong answers that diminish trust in AI systems. Workers may already feel threatened or undervalued, which creates anxiety and slows tech adoption, so care must be taken to not prematurely introduce AI that may further erode trust in the technology.

I’ve always understood that technology isn’t just a tool, it can be a strategic advantage helping businesses gain in ways not previously available. The key is to move away from fear-based adoption and toward a deliberate, value-driven approach.

Start with identifying the real business problem. With AI, figure out what problems you need the technology to solve for you rather than asking what AI can do. Just because AI can do something doesn’t mean you want it to do it for you, or that it will deliver any real value to your process or operation.

Change for the sake of change makes no sense, so it is essential to understand if there is actually a problem that AI may be able to solve and that the benefits of the solution outweigh the cost to develop and the risk potentially introduced. Start small and have pilot projects in low-risk but high-impact areas of the business where the organization can learn and refine before scaling.

Among the most important aspects of AI in business is the data the AI works with. This is where many businesses fail in their initial attempts with AI development, due largely to the fact that data is siloed or segregated and completely unclassified or categorized.

For AI development to deliver effective business benefit, high-quality, organized data and solid data infrastructure are essential.

AI systems learn directly from the data they are given. If the data is incomplete, inaccurate, inconsistent, or poorly managed, the AI’s performance will reflect those flaws. AI models are only as good as their data because AI systems—especially machine learning and generative AI—identify patterns and make predictions based on training data.

Poor-quality data results in biased, unreliable, or incorrect outputs. High-quality data supports accurate, trustworthy, and consistent results. If an AI is trained on inaccurate or inconsistent information, it will learn (and repeat) those errors.

Shift from a fear of missing out to a fear of missing the advantages of AI.

The focus should be on maximizing AI’s potential to create a competitive advantage, taking strategic risks that are aligned with the business goals. Replace fear-driven decision-making with thoughtful, goal-oriented planning and turn AI into a meaningful source of long-term value and differentiation rather than an anxiety-inducing trend to chase.

Noobeh cloud services works on the Microsoft Azure platform, creating data platforms and delivering services that fuel and support AI development. Let us create the dynamic data infrastructure your business needs to develop the intelligence to propel you forward.

Make Sense?

June 21, 2023

Preparing Your Business for Exploding Growth

Preparing for exploding growth in a business requires careful planning and strategic decision-making. To develop the information necessary to support these activities, businesses must implement their processes and systems to properly collect the data required. Unfortunately, many organizations fail to develop the systems which will support increased activity and business growth, only recognizing after the fact that the process support and the data they need isn’t there. To prevent being caught off guard with more business demand and not enough organization to support it, follow these recommendations to set the business up for success over the long run.

Set clear goals and adjust as required. You need to know what the business purpose is… the objective you hope to achieve with all this activity. Establish SMART goals – specific, measurable, achievable, relevant, and time-bound. With a set of smart goals and a well-defined objective, the business has a clear direction and a guide to assist in decision-making.

Build infrastructure that is scalable. If the business infrastructure can’t handle increased demand, the business can’t grow effectively. Scalable information technology and software systems, robust production capabilities with adequate human resource availability, and increased efficiency in supply chains will help the business meet increasing demand, while improved reporting and business intelligence helps to anticipate potential bottlenecks, allowing for plans to be developed to address them.

Make sure finance and accounting are set for growth. Strengthen overall financial management and review your financial processes to ensure they can accommodate growth. Implementing the right systems and software is necessary to not just optimize production and operations, but to provide a foundation for establishing sound accounting and financial practices which will help the business secure funding and manage cash flow effectively. A good way to evaluate your preparedness for growth is to prepare financial forecasts and stress tests to gauge your business’s financial resilience under various growth scenarios.

Streamline operations and automate where it makes sense. Evaluation of businesses processes is an ongoing task if your business is to continuously work to improve efficiency and effectiveness. Where opportunities for optimization and improvement exist, consider using automation and technology solutions to help streamline operations and reduce manual effort while remaining focused on enhancing customer experience and satisfaction through streamlined processes and improved service delivery.

Plan for Risk and Contingencies. You should try to identify potential risks and challenges associated with rapid growth, such as increased competition, supply chain disruptions, or changes in customer preferences. Develop contingency plans to mitigate these risks and ensure continuity of the business and operation. It may even make sense to consider diversifying your revenue streams to reduce dependency on a single market or product.

Monitor, adjust and adapt as needed. Key performance indicators (KPIs) should be regularly monitored, as should market trends, to stay informed about your business’s progress and to stay on top of industry developments. Use data analytics and reporting tools to gain insights and make data-driven decisions instead of operating on emotion. The business that plans for growth must remain agile and adaptable, adjusting strategies and operations as needed to accommodate changes in demand as they occur.

Preparation for rapid growth requires a proactive approach and continuous evaluation of your business’s readiness. Regularly reassess your strategies, make necessary adjustments, and stay focused on delivering value to customers as you scale.

Mendelson Consulting and the Noobeh cloud services teams are advisors and consultants with expertise in scaling businesses, and can provide valuable insights, guidance, and support throughout the growth process and beyond.

jm bunny feet Make Sense?

March 23, 2016May 18, 2017

Securing Business Data When Mobility is the Target

driving1-ANIMATION Today’s workforce is a mobile workforce. Technology has enabled businesses to allow their employees to reach beyond the office walls, doing business and operating effectively from just about any location. SaaS, online access to business data, and smart phone technologies have brought flexibility in working models previously only imagined by the workforce tethered to business locations and office computers. Yet this flexibility comes at a price if the business is to keep up with securing and protecting data assets as readily as it extends access to them. The bad guys are well aware that mobile computing and remote access working models are growing in adoption with businesses, and are finding ways to take ever-greater advantage of the situation.

Teleworking, which is not quite the same thing as telecommuting, is on the rise and it doesn’t look to be a trend that will slow down any time soon. According to GlobalWorkplaceanalytics.com, “telework is defined as the substitution of technology for travel”. Those who work sometimes from an office, but sometimes not, are teleworkers. Working at the office during the day and then taking work home at night makes you a teleworker. The primary tool of the teleworkforce is the smart phone – the mobile computer with built-in connectivity and enough processing power to handle many basic office workloads.

50% of the US workforce holds a job that is compatible with at least partial telework and approximately 20-25% of the workforce teleworks at some frequency
80% to 90% of the US workforce says they would like to telework at least part-time. Two to three days a week seems to be the sweet spot that allows for a balance of concentrative work (at home) and collaborative work (at the office).
Fortune 1000 companies around the globe are entirely revamping their space around the fact that employees are already mobile. Studies repeatedly show they are not at their desk 50-60% of the time. http://globalworkplaceanalytics.com/telecommuting-statistics

The number of teleworking employees is on the rise, and so is the variety of devices used to facilitate mobile working. Smartphones, tablets and phablets and, of course, laptop computers are used by mobile workers – often in addition to the company-supplied desktop in the office. The variety and number of computing devices per user is growing. Knowing this, businesses must take increasingly expansive steps to strengthen and secure remote access systems and business data, yet many organizations are just beginning to fully realize that the mobility they extend to their users is part of the reason for the increasing number of data breaches and attacks against business information systems.

Cybercriminals and their crafty programs are often able to steal important information or access a network by first infecting computers and devices used for telework. Many of the devices available to the attackers are not company-owned, but are introduced to the system by contractors, vendors and employees (BYOD or bring-your-own-device users).

Even if the device isn’t a vehicle delivering a nasty payload into the network, data breaches may still occur when business information is stored on an improperly secured device. Most people who work with computers have some recognition of the potential for virus attacks and malware, but far fewer recognize the threat potential of attacks against mobile devices such as phones and tablets, and even fewer may implement meaningful protections on those devices.

“To prevent breaches when people are teleworking, organizations need to have stronger control over their sensitive data that can be accessed by, or stored on, telework devices,” said Murugiah Souppaya, a NIST computer scientist. [1]

Providing guidance and information to the public on such topics, NIST (National Institute of Standards and Technology) is revising its publications on telework to cover growing use of BYOD and how contractor and vendor devices are increasingly used to access company information resources. Two new publications – one for organizations and one for users – are now available for review and comment. You can find them here.

“As one of the major research components of the National Institute of Standards and Technology, the Information Technology Laboratory (ITL) has the broad mission to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology through research and development in information technology, mathematics, and statistics.” [NIST Information Technology Laboratory Mission]

The rising number of threats, attacks and breaches caused by compromised devices used for teleworking is nothing to take lightly, and protecting against them shouldn’t be approached as a merely perfunctory obligation. Organizations must create and consistently update policies and requirements relating to protecting information accessible by remote workers if they intend to reduce business risk and provide assurances to stakeholders and customers that the information is adequately guarded. But it doesn’t stop with the policy; businesses must also make an effort to properly educate their users (employees, contractors, vendors, etc.) on those policies, ensuring that all parties involved understand the responsibilities and requirements and strictly adhere to them.

jmbunnyfeet Make Sense?

[1] http://www.nist.gov/itl/csd/attackers-honing-in-on-teleworkers-how-organizations-can-secure-their-datata.cfm

September 30, 2014

Revenue Recognition and closing the reporting GAAP

One company earns what the other company spends. This is business, and it seems like it would be pretty straightforward, accounting for the money coming in and the money going out. But it is really not that simple when it comes to business finances and accounting for revenue. With investor pressure to improve share prices and market pressures forcing greater competition, businesses have always sought out ways to make the performance look as good as possible – on paper even if not in reality. It is this requirement to make the business look better than it may actually be that drives “innovation” in financial reporting, and encourages some companies to use whatever rules are available to mislead investors or paint a rosy picture for stakeholders. When the balance is lost and financial reporting standards become so oblique as to allow regular and gross misrepresentation, it is time to change the standards.

There are numerous instances of fraud and scandal reported from the finance departments of big businesses, but instances of improper or misleading revenue recognition can happen in even the smallest of companies, and not necessarily on purpose. It is important to understand that properly and accurately reporting business revenue and earnings isn’t done just for investor satisfaction, it is an essential part of describing business performance that any owner or manager must be able to rely on.

Generally Accepted Accounting Principles (GAAP) provide investors and business owners with some consistency in the financial statements they use to analyze company performance, but only minimally. This is partly due to the fact that GAAP is based not only on some standards established by policy boards (the authoritative standards) but also on “generally accepted” standards, which are often not really standards at all but simply past practice that was found to be accepted. Especially in the global economy where fewer businesses operate solely within traditional territorial boundaries – and where accepted reporting methods vary widely – having a single financial reporting standard has become more important than ever.

Make it so, Number One.

Now there are new rules from FASB (Financial Accounting Standards Board) and IASB (International Accounting Standards Board) which provide clear and detailed guidance for how businesses recognize revenues. These rules are based on a consistently applied set of principles, no matter what sort of business is involved and regardless of where the business is located.

A focus of the new rules of revenue recognition centers on customer contracts, delving into the details of how earnings from those agreements should be recorded. Consider that many businesses combine multiple products and services into a single agreement, even though there may be several deliverables or milestones included. This method of booking customer contracts allowed companies to report revenues they were not yet due as part of a total agreement, often resulting with inflated earnings reports. Stakeholders would perceive that the company had reached one earning threshold, but the reality was something quite different and performance expectations were unmet.

“FASB and the International Accounting Standards Board (IASB) issued converged guidance on recognizing revenue in contracts with customers. The new guidance is a major achievement in the Boards’ joint efforts to improve this important area of financial reporting.” http://www.fasb.org/jsp/FASB/Page/BridgePage&cid=1351027207987

The new rules force an additional level of discussion, including a full set of disclosure requirements that will provide more information about contracts with customers. Businesses must identify each promised deliverable and attached revenue or earning component, which helps to better understand how the revenue may be earned (and recognized) as the business performs on the various obligations to the customer.

Just take a look at some big ERP companies and the lawsuits generated from problems and failures in delivery – problems that might have been more clearly identified to investors and stakeholders if the tie between product sales and services to be performed were more clearly described. In many cases, these situations exemplify the revenue recognition reporting problem, where large customer contracts and license sales were fully booked and recognized even though implementation services milestones attached to those license sales remained undelivered.

“2010 – JDA Software (i2) – Dillard’s, Inc.: Dillard’s had alleged i2 failed to meet obligations regarding two software-license agreements for which the department-store operator had paid $8 million.” http://www.zdnet.com/blog/projectfailures/erp-train-wrecks-failures-and-lawsuits/12055

For private companies, reporting periods beginning after December 15, 2017 must follow the new guidance. It may seem like a long period of time – from the decision to apply the new rules to the effective date – but the number of businesses the new rules will impact is large. The FASB made a decision to delay the effective date because of the broad scope of organizations affected and “the potentially significant effect that a change in revenue recognition has on other financial statement line items.”

Business owners and their accounting professionals need to make sure that financial systems and processes are up to the task and can track and produce the detailed reporting these new rules require. For investors and analysts, the new reporting rules and detailed information they generate will go a long way towards minimizing the impact of innovative revenue reporting practices, and will hopefully bring a new level of believability and usefulness to business financial reports.

Make Sense?

October 2, 2013

Banks and Small Business: Finding the “Just Right” Fit Isn’t Easy

Banks need business customers because business accounts provide more profitability than consumer accounts. By volume, there are more small businesses in the US than mid-size or enterprise businesses, which you would think would be a good thing for the banks – more business customers, right? It seems not so much.

For many banks, the problem is that they don’t appear to really know how to service – or even identify – these small business customers. The majority of small businesses in the US don’t have employees, so direct deposit and payroll solutions aren’t something they are looking for. Many of these small businesses operate from the business owner’s home rather than an office, and don’t generate the revenues (=deposits) that bigger businesses do.

To a bank, most small businesses look like consumers. These small businesses are treated like consumers – are offered consumer-level services and are not educated on what business banking services might be able to do for them. In reality, the banks really don’t have much to say to these small business owners, because the services offered by the banks are simply not a great fit. There are studies which suggest that the small business market is fairly evenly divided, with approximately 50% using consumer banking services rather than those designed for business use. Given the inability of the banks to even identify those consumer banking customers who are actually small businesses, I would suggest that the percentage is even higher.

There are three primary elements tied to banking which should be better-positioned to assist small business owners in leveraging their banking relationships to the benefit of the business and not just the bank. If the financial institutions can find a way to meet these three essential needs for smaller businesses, they would likely find that more small businesses would embrace business banking services, resulting in greater profitability for the bank.

e-Payments

Use of electronic payments services represents a growing trend in small businesses and needs to be better-addressed by the financial institutions rather than purely retail providers. Small businesses are increasingly using the Internet and online technologies to service their various business needs, and payments processing is among the top sellers. Providing SOLO/SOHO and other small businesses with the ability to process payments at any time and from anywhere has become a big driver for this type of solution. The popularity of Pay Pal, Intuit GoPayment and Square payment solutions is a testament to the need for such services in the small business market, yet the broadest use continues to be within retail providers rather than directly via the financial institutions.

Entitlements

Security and access controls to account and transaction information (frequently referred to as “entitlements” attached to business accounts) are hugely valuable for small businesses. Most small business owners engage bookkeeping or accounting professionals at some point, and the process of accounting for the business activities is improved dramatically when those professionals are able to access the information directly from the financial institution. Unfortunately, it is only with the more expensive business class accounts that most banks provide the means for account holders to grant access to account and/or transaction information for accountants and bookkeepers, financial advisors, etc. Allowing small businesses to benefit from this type of security and control of their accounts is tremendous, yet the overall costs of the associated business banking solutions are often simply too great for the small business to bear. The result is either a lack of privacy, security and control, where the business owner must grant unfettered access to account information to a 3^rd party bookkeeper or accountant, or the business owner simply continues to pay for manual bookkeeping transaction entry.

Cash Management

Most small businesses operate on cash, and expense and cash management is essential to maintaining operations. Consumer banking solutions may offer limited capabilities for expense and cash reporting, but the services offered through many business banking portals would be far more beneficial for the business, reflecting trends and providing more insight relating to business financial activities and business behavior. Unfortunately, many of these services designed for business customers are oriented towards the larger organization, and are far too complicated or expensive to provide real value to the owner of a small business.

Small businesses fuel the economy, yet remain a largely untapped market in terms of business banking and other services. Small businesses run “under the radar” of many service providers because they have not reached the point where the obviously available business services (e.g, the more profitable banking solutions) seem attractive to them. Banks need to recognize that serving the small business customer well – providing the services which help small businesses grow into bigger businesses – is ultimately the key to acquiring new customers for whom the big banking solutions fit.

jmbunnyfeet Make Sense?