Contractors Beware – Business Email Compromise

Have you heard about Business Email Compromise (BEC)? BEC is a type of scam targeting companies who collect their money via wire transfers. Did your ears just perk up? Well they should since contractors rely heavily on payments through wire transfers and are prime targets for this scam.

The goal of a BEC fraudster is to infiltrate the email account of an executive or high-level employee authorized to make wire transfer payments. The scam usually starts with a spoofed or compromised email by an unsuspecting employee. Once the fraudster gains access, they lay in wait collecting information, carefully researching and closely monitoring their potential victims for just the right time to attack.

Then, they impersonate the email of the infiltrated executive, authorizing an employee to move funds. In the case of construction projects, the fraudster will pretend to be the contractor notifying the project owner they’ve changed bank accounts. Could they please make note of the new account when making future payments? Of course, the bank account is fraudulent and the money is transferred out of the project owner’s account into an offshore account immediately. The contractor never gets paid, and the project owner never knows they’ve been scammed until the contractor calls looking for their funds.

According to the FBI, there are five types of BEC scams:

1. The Bogus Invoice Scheme.  Companies with foreign suppliers are often targeted with this tactic, wherein attackers pretend to be the suppliers requesting fund transfers for payments to an account owned by fraudsters.

2. CEO Fraud.  Attackers pose as a company CEO or any executive (often when they are out of town and unavailable to verify the request) and send an email to employees in finance, requesting them to transfer money to the account they control.

3. Account Compromise.  An executive or employee’s email account is hacked and used to request invoice payments to vendors listed in their email contacts. Payments are then sent to fraudulent bank accounts.

4. Attorney Impersonation.  Attackers pretend to be a lawyer or someone from the law firm supposedly in charge of crucial and confidential matters. Normally, such bogus requests are done through email or phone, and at the end of the business day.

5. Data Theft.  Employees under HR and bookkeeping are targeted to obtain personally identifiable information or tax state-ments of employees and executives. Such data can be used for future attacks.

Because these scams do not have any malicious links or attachments, it’s easy for them to evade traditional solutions. Employee training and awareness can help spot this type of scam. Look out for email messages that have subjects containing words such as request, payment, transfer, and urgent, among others. In addition, always be a skeptic. No matter how believable the email may appear, always phone first!

Mistake6

I started writing this summer about the common threads for those contractors who are highly successful, as opposed to those who are just barely making it, or in some instances, are no longer around, and put them into a top (or bottom, depending how you look at it) 10 list.

Number 10 was Poor Project start (www.cssworks.com/blog). We moved on to No 9 – Documented Processes (a.k.a. semi-organized chaos), and then No 8, Poor Project Communication. And don’t overlook No 7, Support Systems – software and infrastructure, that don’t support organizational success. This month, we’re moving on down the list to Terrible Mistake #6 – Information Silos.

You might wonder – what is an information silo? We define it as any software system that is used by company personnel to track information that does not talk to other systems. It could be a stand-alone service application, or inventory tracker, or scheduling system. Often, it is an Excel spread-sheet that was created out of necessity to “track” something that either could not be accommodated in the company’s accounting system, or more likely, was created out of expediency due to lack of access or licenses, or knowledge that the capability actually already existed.

The impact of this common issue is lots of duplicate effort which results in mistakes and inefficiency, inevitably resulting in silo conflict (“your information is wrong” – “no yours is”, finger-pointing and in the end, unreliable information. The cost is not just two or more people maintaining separate records, it is also the cost of reconciling those records to match actual accounting records that are (or should be) used for financial reporting, and the cost of partial information – not having the complete picture.

We regularly encounter companies with as many as four, five, and six separate systems that are being maintained. If there are multiple divisions and locations, whoa!

How to Prevent Making this Mistake?

The answer is to just find what I refer to as the “holy grail” – one software product that will do everything the way you want it to be done. Unfortunately, just like the proverbial holy grail, software like that just doesn’t exist, and never will, even if you wanted to spend the huge amount of money necessary to build your own. Why? Beside the expense of building your own, there are many oth-er factors. Finding (and keeping) resources, determining precise requirements, adapting to changes, etc. etc. etc. Developing software is not your core business.

The alternative is selecting the right software for your business. Every business is unique, and all software products are built to cover the largest part of the market, the features and functions that will be able to be sold to the most number of businesses. The “gap” for your business can often be covered with configuration adjustments, user defined fields, and custom reports. But sometimes more is needed.

That is where the concept of integration comes in. Get product A to “talk to” product B, with the goal of using the best features of each product, and not having to re-key any data, ever.  This can work, depending mostly how many points of integration are needed. By points of integration, I mean how many specific data elements have to be shared, or moved, between the products, and how often. It can be very simple, like just customer names, or it can be very complex, like detailed job budgets, change orders and inventory transactions.

And, of course, it gets much more complicated if you add in product C and product D to the mix.

Common Sense Solutions has been providing integration services for most of its 26 years of existence. We’d be happy to discuss how to help you reduce your number of information silos.

Stayed tuned next edition for number 5 on the list…

Congratulations to John Dobbins

Congratulations to John Dobbins of Common Sense Solutions for being appointed as a committee member on Chicagoland AGC’s Technology Committee for 2020.

Chicagoland Associated General Contractors serves as the unified voice of the Chicagoland construction industry and empowers our members through labor and government relations, ongoing education, and business relationships.

Business is Becoming (Technically) More Complicated

There is a powerful force driving all businesses to deliver superior products and services faster and on tighter margins – technology.

Every business, from small mom-and-pop stores to the large enterprise, is developing a dependence on technology.  Whether it’s e-mail, e-commerce, websites, database management or accounting software, there are very few businesses that don’t have some level of dependence on their computer network and the applications and data it stores.

The upside of technological advances is tremendous.  It can provide your business a significant competitive advantage with faster production, increased productivity, improved customer service, and up-to-the-minute reporting for strategic planning and decision-making.

Downside Of Technology

The downside of our dependence on technology is that when it doesn’t work, it can become a tremendous source of frustration, causing a strain on production, sales and fulfillment.  No business is immune from computer problems and failures.  There’s the cost and complexity of the ongoing maintenance of support of it.  If you’re like most business owners, you probably shy away from the computer technology headaches because there are so many other business issues to deal with.  Yet the technology that runs your business is too important and too expensive to ignore the answers to these questions:

  1. How do you make sure that the hardware, software and solutions you are investing in actually support your business goals and work the way they are supposed to?
  2. How do you stay on top of technical advances that will give you significant competitive advantages wile steering clear of the “latest and greatest” fade?
  3. How do you make sure your data is protected from an ever-growing list of threats?
  4. How do you go about finding a reliable partner who has not only the expertise to make technology work for you, but also the business acumen to recommend and implement real solutions that enhance productivity and profitability?

What Are Your Options for Technical Support?

Hiring a full-time IT manager is not always feasible for all businesses.  If your business can’t justify that expense, here are some other options for computer support:

  1. Don’t do Anything. Foolish, but we see it every day.  Don’t pay attention to the care and feeding of your network until it stops working, then call in an expert to fix the problem.  This reactive model is similar to ignoring oil and filter changes in your car until smoke starts pouring out from under the hood.  This “break-fix” model is not a good idea, especially if the operation of your network and data on it are important to your business.
  2. Do It Yourself. This option is better than doing nothing, but it still puts you at risk.  We’ve seen the most technically knowledgeable person on staff be designated as the makeshift IT manager, and bring in outside help when a crisis arises.  Problem is you are pulling this person away from their real job, and unless they have time to stay up-to-date on the latest IT developments, they don’t have the skills or time required to do a good job and could actually make the situation worse.
  3. Outsource Your Support To A Competent Vendor. Many vendors like Microsoft, Dell, or other software vendors provide support.  If you have ever tried to get support from one of these large manufacturers, you know how frustrating it can be.  Plus, they aren’t going to be able to help you solve problems that aren’t related directly to their hardware or software.
  4. The Independent Technician. This is usually someone who left a job in the IT department of a company and decided to start his own businesses.  They try to do a good job, work cheap and are eager to please.  On the other hand, they are often hard to get a hold of, may not be available in an emergency and often do not carry the necessary business guarantees or insurance.
  5. An independently Owned Computer Consulting Firm. You might accuse me of being biased here, but read along for a minute before you dismiss this option.  Common Sense Solutions has been doing business in the construction industry for 26 years and has considerable experience working with and talking to hundreds of businesses just like yours.  We can attest to the IT horror stories you face!  We believe an independent, locally owned and operated consulting company, knowledgeable of the technical issues of the construction industry is best solution to deliver the consistent and professional services your business needs

If you still have questions about the technical support that’s right for you, download our paper, “21 Questions You Should Ask Your Computer Consultant Before Hiring them to Support Your Business”.  (http://www.cssworks.com/pdfs/21questions)

Top Terrible Mistakes—Number 7

I started writing this summer about the common threads for those contractors who are highly successful, as opposed to those who are just barely making it, or in some instances, are no longer around, and have put them into a top (or bottom, depending how you look at it) 10 list.

Number 10 was Poor Project start. We moved on to No 9 – Document-ed Processes, a.k.a. semi-organized chaos and then No 8, Poor project communication.

Terrible Mistake #7 Support Systems That Don’t Support Organizational Success (Software and Infrastructure)

The impact of this common issue is wasted time, employee frustration, poor communication and excess overhead.

How Do You Prevent Making This Mistake? Start with the basics – an on-premise or cloud environment that is current enough to support all users with minimal downtime and guaranteed backup, including disaster recovery capabilities.

Next, you need to have appropriate software to fit the needs of the business. Add training (and allow for continual re-training), with 100% management buy-in. Too often we see companies skimp on training, or more often, reinforcement of original training. Learning anything new takes a while, longer for some than others. Mix in the inevitable employee turnover with continual software enhancements and over time a smaller and smaller fraction of the software investment is being used, or used correctly, to accomplish the original goals.

Which brings us to what is the appropriate software and what should the goals be for any software in-vestment? The end goal should always be to help make the company more efficient by getting accurate and timely information that allows for good decision making. Accomplishing this is hard. What works for one company may not for another due to differences in management, capability of personnel and ingrained habits.

In the end, the biggest technology cost is not the investment in hardware and software. It is the loss of productivity and all the resulting re-work and miscommunication that results from everyone using their own workaround without the right system for you.

Common software mistakes Include:

Not staying current with your software, which results in the loss of support and new features that keep up with hardware, technology changes and security vulnerabilities.

Not training new users (as noted earlier). Lost productivity is way more expensive than training cost!

Not fully utilizing the software. Leadership either doesn’t know – or is unwilling to enforce – the changes necessary to use the software properly. Every good system implementation will result in improvements to processes and procedures, but as you’ve probably witnessed, resistance to change can be a roadblock. Without a senior level champion, people using their own workarounds can defeat all the good intentions from the start.

Mismatched Software Selection. Do your due diligence before buying and stick to your must-haves. Here are a few of the selection mismatches we’ve seen:

  • Software intended for larger organizations is not usually a good fit for smaller companies. They have the resources to fully utilize it, you don’t.
  • The level of process changes necessary to meet the standards of the new software may not be feasible. Be realistic. As noted earlier, no one likes to change – the comfort zone of “that’s the way we’ve always done it” is very, very hard to move.
  • None of the software is integrated. Every separate system that does not “talk” to any of the others is an information “silo” that will end up causing extensive data duplication, errors and miscommunication within the organization.

Stayed tuned next edition for number 6 of our Top Terrible Mistakes!

According to a recent study

According to a recent study, by 2020, 100% of large enterprises will need to report on their cybersecurity measures to their board of directors.  What are you doing today to ensure you’re protected from an attack?

Making the shift to a ‘modern desktop’ removes the pain of you keeping your desktop environment secure with built-in protection and easy access to security updates.  A ‘modern desktop’ is Windows 10 and Office 365 kept up to date –and while that combination seems straightforward, adopting these solutions can be a challenge.

If you’re considering deploying new PCs or getting PCs up to standard and would like to learn more about how to plan, implement, and optimize your IT assets, contact us today to learn how.  At CSS, we have some of the best IT pros you will find, and together, we can integrate your modern desktop solutions quickly and securely, bringing your desktops up to par with the latest digital security solutions.

A Scary Halloween Tale

It was late last night and I was alone in the office.  I was busy and not paying attention to the warning signs around me.  If only I had listened more to the cautionary advice, I wouldn’t find myself in this scary situation now.

The phone rings ominously and startles me.  It’s my IT guy telling me the firm’s IT systems were hacked and the hackers planted a Ransomware virus that completely froze all the company’s computer systems.  The hackers are demanding an impossible payment in bitcoin or we will lose all our data.

Fortunately, this horror story is a fictional one I just made up.  Unfortunately, it’s a nightmare scenario that’s becoming increasingly more real for small and medium sized businesses, and in particular the construction industry.  There’s constant movement of money, frequent turnover of personnel, and critical knowledge and documentation of infrastructure and building system information that makes contractors a growing target.

Are you prepared, and do you know what to do in the event of a cyber-security breach?

If you have a cyber-insurance policy, IT safety measures in place, and have practiced “what if” fire drills, dealing with a breach can be slightly less scary.  If you’re one of the people who thought this could never happen to you, now is the best time to start planning for that frightening event.  Here are some simple steps to follow:

  • Purchase cyber insurance through a reputable broker
  • Install, update and use antivirus and anti-spyware software
  • Install a robust firewall
  • Backup, backup, backup (and test restore them!)
  • Have a strong password policy
  • Conduct a cyber-security readiness assessment

“You don’t know what you don’t know” is certainly a true claim when it comes to hackers and IT security.  Cyber-crime evolves daily and it’s hard to keep up.  It never was, and never will be, a “one and done” process.  Hire an expert to come out and do a cyber-security readiness audit.  They will tell you where your vulnerabilities lie and provide a road map of how to stay safe.  Most reputable companies will charge a small fee for the service, but it’s well worth it in the long run.

Here’s to a Halloween full of IT treats and no tricks!

Make The Shift To A More Modern Desktop

Microsoft remains the leader when it comes to office productivity programs like email (Outlook), word processing (Word) and spreadsheet applications (Excel). Take these same programs you are familiar with and move them to the cloud — along with new cloud features that let you work and collaborate with colleagues on a real-time basis – and you can understand why more and more businesses are moving to Office 365 and a modern desktop.

Why are businesses making the move to Office 365 and the cloud?

We are living in a time of rapid technical change. Digital transformation is one of the biggest revolutions any of us has seen in our lifetime. In 2018, two-thirds of the Global 2000 CEOs had digital transformation at the heart of their corporate strategy. Digital transformation is fundamentally changing the way your company uses technology to empower employees, optimize operations, transform products and engage customers.
Here are some of the primary factors driving this change:

  • The business landscape and customer expectations evolve daily and there is a shift away from routine tasks and hierarchical decisions to operating in a way that requires every employee to be creative, think critically and collaborate with others to address the task at hand. Empowering employee ingenuity is becoming a critical part for businesses to stay successful and relevant. 
  • For the first time in human history, we have five generations in the workforce (with millennials projected to be 50% of workforce by 2020). As a result, the workforce has become increasingly diverse, mobile, and comfortable with technology, with individuals working across multiple locations and devices throughout the workday. 
  • Teamwork has become an essential way to get work done. Organizations are more networked, needing to enable the increased flow of information to all team members. 
  • People have new expectations for how and why they work – seeking physical and digital workspaces that feel inclusive and open where they can easily share and connect and work together. 
  • Modern technology allows people, teams and companies to find and connect with the best expertise available without geographic or physical boundaries. Subject matter experts can more easily gain valuable knowledge. 
  • Social networks promote increased transparency, helping people and businesses be more agile and respond quickly to new market trends. Of course, along with that comes the increased need to stay more focused on maintaining a safe and secure environment protecting against cyber threats.

As you can see, at its core digital transformation is all about people. People are making the technology transformation happen, not the other way around. That’s the real reason why so many businesses are moving to the cloud and a more modern desktop – to enable people do their best work.

How Common Sense Solutions can help

Common Sense Solutions has the cloud and Office 365 expertise you need to help you transition smoothly to this powerful productivity tool and the know-how to support your day-to-day work within the Office 365 environment.

Talk to us about how Office 365 can fit the exact requirements of your operation. Why struggle with something bigger than you need, or suffer from trying to make a system work that won’t meet the demands of your growing business? We will give you a straightforward estimate of the costs and time involved with migration, as well as the business impact and return on investment for moving to a more modern desktop environment.

Overview of Microsoft Office 365
Fri, Nov 1, 2019 11-11:30am CDT

Microsoft is Making It Harder to Use Windows 7

With Microsoft ending support for Windows 7 in January 2020, users are being pushed to upgrade.

With less than a year to go until Microsoft ends support for its ten-year-old operating system Windows 7, as many as 43% of enterprises are still running the outdated platform.

Recent research has found that nearly a fifth (17%) of IT departments don’t know when the end of support deadline is (It’s Jan 14, 2020), while 6% are aware of the end of support but have yet to start planning for their migration away from Windows 7.

End of support means that Microsoft will no longer issue security updates for the 10-year-old Windows 7 after Jan. 14, 2020.  This poses a serious security risk for organizations to continue running Windows 7 unpatched.

Microsoft has already started to push users to upgrade to Windows 10 if they are using a computer with a newer processor type and an OS older than Windows 10.

October is National Cybersecurity Awareness Month

Today’s security needs are more complex than ever before because cyber criminals are getting more sophisticated than ever before.  Is protecting your organization from cyber threats important, but low on your priority list? — one of those things you’ve been putting off for when you have more time?

Make it a priority in October (National Cybersecurity Awareness Month) to understand the latest security threats and make sure your business is prepared for “that thing that could never happen to me”.

Your protection plan should include multiple layers of security, including web, email, network, and employee training, management and monitoring by a team of security experts, best-in-class products and practices to fully utilize the latest technologies.  Get in touch with us for an audit of your current state of readiness.