Posts by admin

The holidays will soon be over, but a gift that's an investment can benefit your company through the years. High quality ERP software is exactly that kind of gift for your growing small business. Owners and entrepreneurs can easily imagine the value that comes from greater efficiency plus increased visibility.

This can't be a last-minute purchase though.

Where your entire staff is counting on you to help the company succeed, this present for the SME has to be just right. And that means doing the necessary due diligence. Getting sales quotes and demos from highly recommended ERP providers is a great start. But as Angela Nadeau at SmallBusinessTrends.com explains, there are other essential details you need to know to buy the best ERP product for your organization.

The five key factors to ERP implementation success, as described by Angela and supported by her readers, go as follows:

1. Professionalism - The fact that you CAN buy an ERP package off the shelf and deploy it out of the box is not evidence that you should. Instead, smart business owners know that they're also investing in a partnership with the ERP provider or consultant. Make sure that ongoing support and training is something they assume is the case, not an unexpected question they have to look into. Reliable professionals will realize that their success is intertwined with your company's success.
2. Flexibility - The best ROI will come from an ERP solution that can adapt to your unique business expertise. You've put a lot of energy into figuring out the best ways to sell and support; imagine the value that can come from software tools that leverage your experience and insights! One of the best open-source, modular platforms is Apple FileMaker. This means you can implement existing products for managing purchases, projects, customer relationships, and finance needs, then easily customize the software to give you an ideal harmony with your organization's setup.
3. Research - You're off to a great start on this one, but there are other questions you'll want to ask about your ERP solution. Do they offer you data warehousing? Clear visibility on the data for good forecasting? Mobile features? One good approach for this level of research is to build a dream-team of features describing everything the perfect product would bring to the table. Of course you may not find a 100% match to your list, but it will give you a good view of your group's priorities so you can match up the most important functionality.
4. Business Intelligence - This element is quickly becoming a driving factor in marketplace success. Any ERP tool will start to open this doorway for you, but some do a better job than others. You want to find a solution that presents the information most vital to your industry and that gives you the quickest, clearest view on that knowledge. The critical detail here is that you know the data that's most important for your growth analysis better than most ERP products. That brings us back to flexibility and customization. Getting your people involved in capturing data and translating it to wisdom is a key method for getting the most value from our software.
5. Rapid Adoption - Speaking of the other personnel in your organization, they are obviously a crucial factor in making a new software tool a successful addition to the mix. "Rapid" isn't necessarily the key term here, but "adoption" is. To help ensure your staff is comfortable with the new tools, get them involved as early as possible. Letting them know you're looking to upgrade their tools can raise morale and help you collect insights about what functionality would be most helpful in day-to-day productivity. And with the right ERP platform, the people who know your business inside-out can transform their understanding into useful tools. The bottom line here is that even the best ERP product won't strengthen you business much if the people who use it feel alienated from it.

With these five guidelines in mind, you're well on your way to making a smart decision for your company's ERP needs.

As noted on Capterra, a software research site produced by Gartner, the world’s leading research and advisory company, aACE Software ranks high in customer reviews and product quality. We provide a fully integrated, cross-platform solution for accounting, CRM, and ERP. To find out how well aACE matches with your company's needs, watch our videos and browse our site.

"aACE was able to customize a few key components for us very intelligently that now just work. Exactly the way we need them to." ~ Derek Navratil, IT Administrator, Janibell Inc

You know what you could lose if a tax collector comes to your small business with authorization for an audit. And you also know what could be lost if you don't offer your customers the best prices. Savvy entrepreneurs protect their businesses from larger loss, balancing between the two extremes, by investing in reliable methods to manage sales tax.

Avalara's many years of experience have helped them identify four of the most common approaches that small businesses use to deal with sales tax. They have listed these options in order of increasing effectiveness, helping companies recognize where they currently stand and where a better balance could be found.

1. CME - "Close My Eyes" - This is the toddler's approach to sales tax. After all, if you can't see them, they can't see you. We all know how well that works out though. This non-management of sales tax should be avoided.
2. WID - "When In Doubt" - This method leaves no stone un-taxed. It is the audit-phobia approach; if you charge taxes on all items, at all times, at max rates, you can be pretty sure the tax man cometh not. The trouble is that soon customers might stay away too. Winning business sometimes hinges on small details, such as sales tax amounts and word-of-mouth warnings to watch out for unnecessary charges. This route is legally safe, but not optimal.
3. STT - "Sales Tax Table" - Or as might be a more accurate description: Single Sales Tax Table. This is one step forward for tax accuracy, one giant leap for tax automation. When a computer is so good at crunching numbers, it's silly to not have it running calculations for your sales tax rates. The trouble is that your typical computer is bad at knowing when the state or local legislature decide to change tax details. Which brings us to...
4. ERP + DTE - "Enterprise Resource Planning plus Dedicated Tax Engine" - To be fair, Avalara didn't go so far as to create their own self-referencing abbreviation. But this is the optimal solution: your customized business solution integrated with a tool that specializes in the complicated, convoluted, evolving web that is sales taxation. This method ensures both full compliance and the most attractive pricing for your clients.

While AvaTax provides you with solid tax information, you'll want to be sure that your ERP system can make the most of this investment. A business software package that also integrates your entire operation — from the warehouse docking bay to the main conference room — can ensure that your up-to-date taxation info is leveraged throughout your business.

aACE 5 offers this kind of quote-to-cash integration. Our integration with AvaTax is a favorite service. It reflects the thorough attention to detail that can be see in the entire aACE system. Contact us today to learn more about how our cross-platform solution for accounting, CRM, and ERP can accelerate your business velocity.

"Unlike other solutions, you will never have to worry about not being able to collect, deliver, and/or report the data your organization needs. This product can fully tailored to fit your company's processes. If you want to gain control of your business and eliminate all of the islands of data that exist today, then I highly recommend that you give aACE a call." ~ Bryan Anderson, All Solutions 360 LLC

Editor's note: Anthony La Polla is Vice President of Operations at Critical Defence, LLC. We're delighted to share his expertise in cybersecurity with our audience.

As the use of technology continues to increase in today’s business, so do the concerns pertaining to cybersecurity. According to the Verizon 2017 Data Breach Investigation Report:

• 75% of breaches were perpetrated by outsiders
• 62% of breaches featured hacking
• 81% of hacking involved weak or stolen passwords
• 66% of malware was installed via malicious emails
• 73% of breaches were financially motivated
• 1 in 14 users were tricked into following a link or opening an attachment

The statistics are alarming, and the consequences of a breach could be catastrophic. From theft of client personal data, loss of propriety data or intellectual property, or payment card data leakage, a single breach could cause the total collapse of the business. As a result, companies are taking action with some key measures, including:

• Training staff to identify warning signs
• Following the principle of least privilege
• Instituting patch management policies
• Encrypting sensitive date to make it useless if stolen
• Requiring two factor authentication to limit damage if lost or stolen
• Regularly reviewing log files for warning signs of a breach

And companies aren’t the only ones taking notice of the risks associated with cyber-attacks and vulnerabilities. Government agencies are making concentrated efforts to protect companies, employees and consumers from these digital crimes. Two of the most recent mandates addressing these issues are the General Data Protection Regulation (more commonly known as the GDPR) and New York State’s DFS Regulation 500 Part 23.

GDPR

The European Parliament adopted the GDPR in April 2016, replacing an outdated data protection directive from 1995. It carries provisions that require businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. The GDPR also regulates the exportation of personal data outside the EU. The GDPR applies to any company which has a presence in an EU country, processes personal data of European residents, has more than 250 employees, or fewer than 250 employees but its data-processing impacts the rights and freedoms of data subjects, is not occasional, or includes certain types of sensitive personal data. That effectively means almost all companies.

The GDPR protects basic identity information such as name, address and ID numbers, web data such as location, IP address, cookie data and RFID tags, health and genetic data, biometric data, racial or ethnic data, political opinions, and sexual orientation. The GDPR requires that companies appoint a Data Protection Officer, identify all protected data within the network, create a data protection plan, create a data retention policy which allows individuals the right to have their data completely removed upon request, conduct a risk assessment, report any breach within 72 hours and revise risk mitigation programs.

The GDR also outlines the consequences of failing to comply, and they are steep. It allows for financial penalties of up to €20 million or four percent of global annual turnover, whichever is higher, for non-compliance. Management consulting firm Oliver Wyman predicts that the EU could collect as much as $6 billion in fines and penalties in the first year. The good news is that there is still time to comply; GDPR enforcement will begin May 28, 2018.

DFS Reg 500 Part 23

The New York Department of Financial Services (DFS) has issued 23 NYCRR Part 500, a regulation designed to promote the protection of customer information as well as the information technology systems of regulated entities (financial institutions such as banks and insurance companies). This regulation requires each company to assess its specific risk profile and design a program that addresses its risks in a robust fashion. Senior management must take this issue seriously and be responsible for the organization’s cybersecurity program and file an annual certification confirming compliance with these regulations. A regulated entity’s cybersecurity program must ensure the safety and soundness of the institution and protect its customers.

The regulation requires that covered entities create and implement a cybersecurity program and policy the identifies and mitigates risk and aims to prevent breaches. The regulation is rather specific and requires, at a minimum, that covered organization do the following:

• Assign a Chief Information Security Officer
• Perform annual penetration testing
• Perform Bi-annual vulnerability assessments
• Maintain an audit trail
• Limit access privileges
• Ensure the use of secure deployment practices
• Conduct a periodic risk assessment
• Utilize qualified cybersecurity personnel
• Implement a third party service provider security policy
• Utilize multi-factor authentication
• Limit data retention and create a secure disposal policy
• Provide regular cyber security awareness training and monitoring
• Encrypt of nonpublic information
• Establish a written incident response plan
• Notification within 72 hours of cyber event identification

There are few exemptions to this regulation. Only organizations (including independent contractors) with fewer than

10 employees, organization with less than $5,000,000 in gross annual revenue in each of the last three fiscal years, and organizations with less than $10,000,000 in year-end total assets, calculated in accordance with GAAP including assets of all affiliates are excluded from the compliance requirement. This regulation was put into effect on May 1, 2017, and covered organizations were required to be compliant by August 27, 2017. By February 15, 2018, covered entities are required to submit the first certification for 23 NYCRR 500.17(b). On March 1, 2018, covered entities are required to be in compliance with sections 500.06, 500.08, 500.13, 500.14(a) and 500.15 of 23 NYCRR Part 500, and by March 1, 2019, organizations are required to be compliant section 500.11.

As technology and internet usage continue to grow, so does cyber crimeCybersecurity and Key Compliance Requirements . In order to defend against it companies will need to implement appropriate policies and procedures that align with new mandated regulations. These requirements will need to be monitored closely and will need experts to ensure proper implementation and maintenance. Otherwise, the costs and consequences could be catastrophic.

About Critical Defence

Critical Defence, LLC is a global provider of cyber security services including, but not limited to Assurance, Response, Compliance and Training. Additional information can be found at www.criticaldefence.com.

Editor's note: Melissa Derr is Director of Digital Forensics and Response at Critical Defence, LLC. We're delighted to share her expertise in cyber security with our audience.

Even though small to mid-size businesses (SMBs) are a primary target for cyber attackers, they remain underprepared to prevent, detect, respond to, and recover from an event. A 2017 report from the Ponemon Institute reported that 54% of SMBs had reported they suffered a data breach in the past 12 months, costing on average just over $1MM in direct expenses, plus additional indirect costs of over $1.2MM.

The numbers are staggering, but the realities remain: most SMBs lack proper budgets to implement the effective security controls that larger companies can afford, nor do they have the staff capable of protecting their technology. So, what can you do about it? Here are a few relatively simple solutions to get you started in the right direction.

1. Identify key risks

Before you can even begin to protect your SMB from cyberattacks, you need to first identify potential vulnerabilities, threats, and risks to your company. Vulnerabilities that most SMBs will find applicable to them are unpatched software, poor employee digital hygiene and unmanaged/unidentified devices on the company network. Cyber threats to most SMBs include the loss of proprietary data/intellectual property, loss of customer data, and loss of control over corporate technology assets.

Once vulnerabilities and threats have been identified, you can more fully understand the organization’s cyber risk. You should plan to patch software as soon as updates are available, encrypt sensitive data at rest, train your employees to detect potential social engineering tactics and phishing emails, and establish a policy prohibiting unmanaged devices on your company infrastructure. Once the policies are in place, make sure you are doing your best to regularly enforce them.

2. Educate Employees

Educating your employees about your key risks and cybersecurity policies is essential. According to independent researcher Ponemon Institute, the number one cause of a breach at SMBs was a negligent employee. Whether it be by clicking a link in an email, web-browsing at insecure websites, downloading software from unofficial sources, or accidentally sending an internal email to an unintended external party, your employees have more impact on the security of your organization than you might realize.

Employees should be aware of the policies you have regarding good digital hygiene, including prohibiting password reuse, safe web-browsing practices, and password length requirements.

While formal cyber security awareness training is ideal, it could be cost prohibitive for smaller businesses. The US Department of Homeland Security’s “Stop. Think. Connect.” campaign, however, is a free resource with sample fliers and internal communications to help you get started.

3. Deploy an endpoint monitoring solution

Detection and remediation is essential to your SMB’s security posture. Monitoring and updating all your endpoints is not at difficult as it used to be; a number of reasonably-priced, cloud-based solutions are available. Earlier this year, PCMag reviewed 10 of the industry leading endpoint protection platforms for small businesses, starting as low as $1 per endpoint per month. These tools can provide anti-virus coverage, quarantine or remove malicious files, email filtering, URL protection, and patch management all in a web-based management console. If you only have room in your budget for one security tool, an endpoint protection solution is your best bargain.

4. Have a back-up plan

No one ever wants to plan for the worst, but as half of all SMBs reported they had suffered a breach, chances are you’ll need a recovery plan. A recovery plan is needed to outline how you will continue business operations in the event of a cyberattack. How will you process payments if your payment system is compromised? What happens to your intellectual property if all your systems are infected with ransomware?

One easy solution is to take regular backups of business-critical systems and data, and store them OFFLINE, so you can recover with relative ease in the event of an incident. You may want to consider building in redundancy in the event of failures. And most importantly, regularly test the solution to confirm it will work in the event you need it.

Cyber attackers have set their sights on small and medium sized businesses. But small businesses often lack the proper budgets, staff and expertise to secure themselves properly. By implementing a few basic solutions small businesses can greatly enhance their security posture. While this is not a comprehensive list of everything you can do to secure your SMB, we hope this provides you with a good place to start. Attackers will continue to target SMBs, and it’s in the best interest of both the consumer and the SMB to be protected. Additional resources are available through the Nations Cyber Security Alliance.

About Critical Defence

Critical Defence, LLC is a global provider of cyber security services including, but not limited to Assurance, Response, Compliance and Training. Additional information can be found at www.criticaldefence.com.