Select Page
Epicor ERP Event: EstesGroup Fall Summit 2020 (Video)

Epicor ERP Event: EstesGroup Fall Summit 2020 (Video)

by | Sep 15, 2020 | Epicor, Epicor 10, ERP Consulting

Epicor ERP Event

​An Epicor ERP Event to Begin a New Season

Are you ready for change? In June, we gathered friends and strangers together at an Epicor user event covering everything from master file setup to security to embedded customization. To further support this ERP community, we’re meeting again on October 7th for another Epicor event that will raise awareness of new techniques for manufacturers and distributors using ERP software solutions. This fall summit will serve to assist Epicor users with customization and optimization steps that are often overlooked by ERP project teams.

 

Epicor is a large and complex application and can be configured in a multitude of ways. Depending on how you’ve configured your application, different capabilities and different issues present themselves, and understanding how other Epicor customers have addressed these issues is often a great way to add perspective to your own challenges. On the technical front, the tools available for super users often span the skillsets of multiple roles, so for those of you who wear multiple hats by necessity, a better understanding of some of Epicor’s key technical foundations can assist in better maintaining and optimizing your installation. If you’ve experienced work culture shifts because of the pandemic, you might benefit from new Epicor consulting techniques that can address challenging project checkpoints (like conducting an Epicor CRP remotely, for example).

Making the Most of the Planning Workbench

Job management and scheduling are critical to any ERP implementation, but no two companies manage the work orders passing though their factories in quite the same way. Not surprisingly, Epicor offers a number of planning and scheduling tools that often go underutilized. Epicor’s Planning Workbench is one such tool, and integrating it into your suite of management tools can take a little fiddling, and its tendrils extend into Epicor’s part master setup, into its Time Phase and MRP programs, and even into Epicor’s underlying PartDtl table. In this session, we’ll be working though the logic underlying the Planning Workbench and demonstrating how it can be leveraged to keep ahead of quantity and timing issues on your shop floor.

 

SQL Server: Tips and Tricks For the Epicor Administrator

For those in the user community with Epicor experience that dates back to the days of 905 and earlier, the challenges of working with Epicor’s legacy backend are long remembered, like bad memories from another place and time. With the advent of Epicor’s E10 application, Epicor moved to an entirely Microsoft-centric stack, resulting in a much more stable, robust and scalable platform. And now that Epicor’s E10 ERP platform is built upon Microsoft’s SQL Server database engine, there are many new tricks and techniques that can be applied to best leverage the capabilities of the SQL Server RDBMS, while avoiding the common pitfalls of SQL Server administration. Understanding the principles of configuration, tuning and optimization at the database level can have a significant positive impact on your Epicor application’s performance and stability. In this SQL Server session, we’ll provide key insights to keeping your database server running smoothly.

 

SSRS Reporting: Modifying Standard Reports

Speaking further along the lines of Epicor’s Microsoft-centric stack, Epicor’s use of Microsoft’s SQL Server Reporting Services (SSRS) as its primary reporting platform allowed for tighter integration across the different elements of the application. But the move from Crystal Reports to SSRS was a significant one, given that SSRS differs significantly from Crystal in its fit, form, and function. For users unfamiliar with the paradigms underlying SSRS, simple things like adding a logo or a field to an existing report, in order to address the needs of a given company, are not always self-evident.  In this SSRS Reporting session, we’ll provide some steps that will allow you to make basic modifications to standard reports to help fit them effectively into your business.

Watch this ERP event

Watch the Epicor summit recording

Watch our Epicor ERP fall event preview to begin a new season of ERP solutions.

Planning Workbench 

Presented by Brad Feakes

SQL Server

Presented by Daryl Sirota

SSRS Reporting

Presented by Joe Trent

5 Ways to Secure Remote Workers & Keep Your Data Safe

5 Ways to Secure Remote Workers & Keep Your Data Safe

by | Aug 26, 2020 | Cloud, Managed IT Services, Network Security, Security

Cybersecurity: On-site and Remote

Cyberattacks can’t stop us from developing new technology solutions. As a result of the pandemic, 2020 increased the demand for ways to secure remote workers, devices, and networks. The numbers aren’t in yet, but some reports are claiming that 1 in every 5 workers will continue on with remote access to corporate data, and others are saying nearly 100% of workers will now operate outside of business campuses in one capacity or another. Fortunately, there are emerging cyber security solutions, including new ways to secure remote workers, in the woods or in the halls.

Ways to Secure Remote Workers

 

Ways to Secure Remote Workers via BYOD

 

Ransomware isn’t a person you can meet on the street. Or a monster. Or a beast. The cyberthreats we face often feel nebulous, confusing, and perhaps a bit mythical to even the most uneventful personalities. The BYOD (bring-your-own-device) culture that’s boomed as a result of social distancing immediately increased the need for more sophisticated approaches to cyber warfare. The digital landscape is infected. New threats emerge daily as cybersecurity experts rush to cure compromised users before attacks infiltrate national and global networks.

 

Fortunately, there are many ways to secure remote workers via BYOD-based endpoint security solutions. When dealing with remote devices, our cyber security consultants like to view circulating threats as something other than human. If you see a computer virus as a weapon, then you realize how easily dark web tools can be exchanged. For instance, a malware program is bought and sold like a set of knives. Therefore, we hunt for the knives, rather than focusing on an elusive hacker.

 

Malware spreads in milliseconds, often without the direct influence of people, and can take months to detect. Likewise, cyber threats often become a hidden danger that eventually attacks your entire network. For instance, you might unwittingly share it with your supply chain because you don’t know it exists. Your malware isn’t a malcontent in a hoodie. It might begin with a human, but it jumps devices without direct guidance, as initially programmed to do, often causing more damage than the cybercriminal expected.

 

Security measures involve many layers of cyber defense, especially when addressing remote connections:

  • Power in the Layers: This includes keeping your hardware strong and your network patched. Look for renowned technology solutions. Duct tape and magnets? Raspberry Pi backups? Look for the latest cybersecurity tools and save old tricks for the treehouse.
  • Monitor the Monitor: A secret code is no longer enough. A username and a password was never enough, so we’ve developed advanced monitoring and management solutions for your business. Watching the watcher keeps your data on watch for on-guard and on-time productivity.
  • Party with Your Partners: Celebrate your digital serenity with the calm crew of a trusted technology firm. The right managed IT alliance complements your core team, toasting cyberthreats so you have time for a toast.
  • Click-a-Little-Talk-a-Little: Train your team to be careful with clicking tendencies and to communicate about potential harm to your data.
  • Question Everything: Question us, question your team, question every click and download. Fill your day with virtual pauses, staying alert to cyber risks. Continually learn new ways to protect remote workers.

Your online safety is dependent on secure interactions

 

Your financial data, your business strategy, your critical tasks and personal stats are all under attack. How can you keep everything secured when the digital landscape is always shapeshifting? As your business grows more complex, perhaps depending on a complicated software like an Epicor ERP system, how do you keep IT remotely safe? AI and automation create worlds of benefits for businesses, but these new technologies get in the hands of nefarious hackers, and suddenly your entire social chain, the very vitality of your company, is at risk. The new ways of protecting remote workers won’t help you unless you stay on top of emerging threats. Fortunately, our IT security experts can install the best SaaS (security-as-a-service) solutions for your business, including private cloud hosting protections for remote networks.

 

 Are you looks for new ways to secure remote workers?

Take our quiz to find out if you’re keeping your friends and colleagues safe.

Learn about the security of private cloud
Social Engineering Techniques: How Hackers Come Home

Social Engineering Techniques: How Hackers Come Home

by | Aug 5, 2020 | Managed IT Services, Network Security, Security

Time to Learn Social Engineering Techniques

 

WELCOME HOME, MALWARE

TIME TO MAKE YOURSELF AT HOME

 

Human manipulation fuels social engineering techniques, and basic security measures, like anti-virus software, often can’t prevent innocent behaviors, like trust, from compromising your data. Hackers frequently penetrate corporate networks because employees open the door. Necessary to break the trust-manipulation cycle, advanced security solutions can detect, and even predict, social actions that lead to system infiltration. Advanced attacks that use subtle social engineering techniques often come and go without a trace, so how do you prevent sophisticated attackers from making themselves at home in your business?

 

A hacker’s “Welcome Home” sign might be on an open Wi-Fi network, or it might be on your personal computer, or even your phone. A social engineering attack taps into your life in a way that can feel “like home” to you. Soon, the person you trust takes over your “house” of data, and this can be at both home-life and corporate-life levels, at the same moment, since you might integrate work and home through the use of your mobile phone, laptop, smart watch, tablet (maybe even through a Wi-Fi enabled coffeemaker).

 

If you leave your doors unlocked, people might crash in your digital living room even while your computer is sleeping. If you have dozens or hundreds of employees, each human presents at least one door to your data. Multiply this by the average number of devices employees utilize for work optimization (desktops, laptops, mobile phones, tablets, smart televisions), and you’ll see that your business has hundreds of thousands of access points.

 

Businesses naturally have an “open door” culture. You want new clients. You want good growth and reputation to result from your offerings, and this means you have to interact with strangers on a daily basis. Stranger danger? Not if that stranger has the potential to become a favorite customer. This is why it’s critical to understand the nuances of social engineering techniques (or partner with a managed IT team that does).

 

Because companies leave their virtual doors open, they attract attacks that utilize simple social engineering strategies (no hacking genius required). Detecting these nefarious online behaviors often takes advanced cyber analytics, and preventing data breaches begins with training based on what is known about these cyberattack strategies. Flexible managed IT plans help businesses outsource specialized tasks in their cybersecurity plan.

 

Here are 3 ways hackers let themselves in and make themselves at home in your network:

 

 

Phishing

 

32% of security breaches begin with phishing attacks. If someone knows your email address, then you can receive a phishing email. How do you prevent these attacks when you’re a business owner constantly giving your email address to strangers? If you do any of the following behaviors, you’re at increased risk of a phishing attack:

  • You exchange business cards at conferences, trade shows and other social gatherings.
  • You publish your contact information on your website or on online social networking pages.
  • You use email to communicate with your employees, partners, customers and potential clients.
  • You respond to emails quickly, often overlooking small details in the delivery structure.

 

Exchanging

 

Save money. Save time. Download free software. Fill in a form or upload your business card and get free information. The bliss of the internet is free exchange. You can hop from one website to another, learning for free and networking for free, all from the comfort of your sofa, saving time and travel expense. Sadly, the risk of “free” malware comes with every exchange that happens in our connected online world. If you do any of the following online activities, you’re at increased risk of a social engineering attack:

  • You skip the fine print and click the download button before reviewing terms, agreements and privacy policies.
  • You see a website you like with content you want, so you freely give your name, address, phone number, and maybe even your employment information, in exchange for a download.
  • You download free apps and sign up for free trials.

 

Spying

 

Hackers often look over your shoulder to get the information they need to access your data. You might be at a coffeeshop talking to a friend while your unlocked phone sits cup-side. Maybe your phone is also on open Wi-Fi, leaving multiple open doors into your private life. E-espionage often happens at the places you love — your favorite deli, your downtown square — tranquil places, where you don’t feel a sense of vigilance. You are at risk of becoming a social engineering attack victim if you do any of the following activities:

  • You leave your laptop, phone, or tablet on the table when you see your friend in line at the coffeehouse and get up to say hello.
  • You turn password access off on your phone so that you don’t have to unlock it later.
  • You use public Wi-Fi networks.
  • You have the same password for multiple accounts so that you’ll always remember your login credentials.

 

If you got through these lists without a hitch, then you’ve taken the right steps to prevent social engineering techniques from ruining your life with ransomware. Unfortunately, the hackers could still carry you over your own threshold. Why? Because as soon as you add coworkers or friends to your contact list, and as soon as you begin to communicate using your devices, you introduce new risks. Because of the likelihood of a cyber security breach, you should always check your backups for malware, and always have a solid disaster recovery solution in place.

 

Learn how to secure supplier portals and other links along the cyber chain against the latest & greatest social engineering techniques.

Request a free consultation on cybersecurity best practices for manufacturers. Please chat with us now and our team will get you a complimentary technology assessment with our security experts.

EternalBlue Hacks & Tales from the Unpatched (Video)

EternalBlue Hacks & Tales from the Unpatched (Video)

by | Jul 22, 2020 | Managed IT Services, Network Security, Security

EternalBlue Hacking Tools

EternalBlue, which is an ancient set of hacks — ancient: going back three years — is still applicable, especially in regard to some of the technology and vulnerabilities that we are seeing today. EternalBlue is a software that the NSA developed to hack Windows machines. The goal was to break into a computer (without telling the owner “someone’s there”) — and then run a software of choice. Windows contains more than two millions lines of code, so nobody, even at Microsoft, really knows what it’s all doing, and vulnerabilities are found every day. EternalBlue hacks targeted some of those vulnerabilities.

Running Windows makes you vulnerable by default. Linux, Mac, Android, iPhone — they’re all vulnerable because we’ve reached the state of complexity in the operating systems that we choose to run that it’s just a matter of time before new ways are found to break into these systems. Online trickery happens, and people download malware thinking they’re getting a good piece of software. For example, there was once a program called Whack-a-Mole. It was known to have a Trojan in it, so if hackers were able to convince you “hey, this is the coolest game in town,” then your machine would be infected. When hackers are trying to break into a machine, whether through a means like Whack-a-Mole or through an EternalBlue hack, they’re trying to do it surreptitiously, invisibly. They don’t want you to know because, if you knew, you might do something like reboot. This led the hackers to ratchet up what we call the “persistence” of malware, so that maybe it could survive a reboot.

If you’ve ever had a browser toolbar appear in Internet Explorer, or Chrome or Firefox or Edge, or any other browser, that toolbar probably has the rights to see wherever you’re surfing and modify the webpages that you get back, and can even interact with you. A toolbar is a very visual indicator that “you’ve been hacked.” Is that toolbar interested in stealing your passwords and learning your PayPal login and modifying what you visit and how you see it? Maybe, maybe not. But it’s an indication that you’re running untrusted software. Going out to the web and downloading a piece of software because it looks interesting is almost a guaranteed way to get hacked.

 

EternalBlue Hacker

 

WannaCry

 

Malware programmers write apps, publish them and they get downloaded, and in the background there’s a malware stealing passwords, modifying webpages, looking at your identity — those are all activities I would consider hacks — and that’s what EternalBlue is. In short, it leverages a vulnerability that the NSA found in the Microsoft SMB protocol. They found that if they hurled a packet that was the right size in the right shape, it would shove a square peg into a round hole, and the round hole wouldn’t know what to do, and so it would execute a buffer overflow attack. Windows wasn’t expecting a square peg in a round hole, so it would trip, fall down, and execute code of the attacker’s choice. EternalBlue hacks took advantage of a “round” Server Message Block (SMB) hole, and as that SMB failed, it could run a Trojan, or blue screen a computer, or download a piece of malware.

 

Less than thirty days after EternalBlue got into the hands of cybercriminals, a nasty bug called WannaCry was released to the world. It made you want to cry because it was ransomware. It used EternalBlue as the delivery exploit, so as soon as WannaCry got a foothold inside a corporate network, it would jump from machine to machine to machine and ransom. By the next year, EternalBlue hacks had cost companies and industries billions of dollars, and 65 countries have fallen to EternalBlue’s vulnerability and have been ransomed or hacked in some fashion. Why? Because even after Microsoft released a patch, millions of computers were unprotected because people didn’t patch.

 

 

Patching… and more than patching

 

Cybercriminals are continually waiting for time, opportunity, and tools to be able to successfully hack into your system. To prevent it, we do a number of things. We patch our machines, we turn on our firewalls, and we don’t let people be local administrators. We make sure our antivirus is current. But we need more than antivirus because hackers now have toolkits to program custom malware. They don’t have to know about EternalBlue hacks if they have a malware toolkit. These toolkits change malware by a byte or two bytes, which changes the signature of the program. As a result, the antivirus software, which is looking for signatures, can’t detect the malware. This designer malware is specifically written for a particular company. The malware is one-of-a-kind and still does the same EternalBlue exploit. Because of this dark web exchange of malware toolkits and designer ransomware, more robust cybersecurity measures, like endpoint security, are needed to keep our businesses safe.

 

IF Only Tech Time

Fridays – Noon (MT)

Answers to all things about IT

Register here

IF you did miss IT… did you miss IT!? No worries! 

Watch a tech talk here!

In-House, Web-Based or Private Cloud Solutions

In-House, Web-Based or Private Cloud Solutions

by | Jul 7, 2020 | Cloud, Hosting, Managed IT Services, Software

If only purchasing software for business enablement could be as simple as tapping a button in an app — click once for on-premise installation, twice for web-based deployment, thrice for private cloud solutions. When considering software, users normally think about features and capabilities intuitively — making big decisions seem easy at first. This stems from the hope that core data and program logic is consistent across platforms.

Server virtualization, the World Wide Web and cloud computing have changed the dynamics of software development, acquisition, installation and deployment.

 

However, new technology often becomes a point of stagnancy, or even complacency, for businesses. This can sometimes result from hesitancy, but it’s often caused by oblivion.

private cloud solutions

 

How Will You Know What You Don’t Know?

 

Technology changes quickly, and the evolutions now, more often than not, push web-based and private cloud solutions away from the realm of preference and into the world of necessity. When I first entered the business field in the 90s, I never would have imagined that I could license a software application on a subscription service, much like I do a newspaper or magazine. My mind hadn’t even conceptualized the idea that a software application could be accessed entirely through the World Wide Web. Back in the day, we were just trying to make it through Y2K in one piece. But as the technology advanced, the options and opportunities presented themselves, and now more than two decades later, I increasingly work with companies engaging software in a cloud context.

 

 

IT Symbiosis

 

The industry shift to public and private cloud solutions has not only changed the very way in which applications are deployed, it has also leveled the playing field. Your company can now outsource some or all of your IT needs, allowing for growth within a predictable technology budget. A partnership with a managed services firm provides updates, compliance, security, training — all from a specialized team built specifically to adapt 24/7 to the volatile growth inherent to IT. Companies no longer need to house their own elaborate, expensive IT departments to keep up with the times. In light of recent cybercrime upswings, this is a critical time to focus on the survival of small and midsize businesses, which often face closure upon ransomware or other security breaches.

 

Since technology evolves on a daily basis, it’s always time for your team to consider new possibilities to protect the future of your business. If your architecture is outdated, or you’re overdue for a security audit, it might be time to get a full analysis of your IT infrastructure. Moving from on-premise servers to hosted, cloud-based environments can be one way to ensure business continuity. That said, “the cloud” might not be the right fit for your business, so let’s look more closely at business enablement through three common deliveries, which can be infinitely customized into hybrid forms.

 

 

The Basics

 

The deployment of an application normally takes on one of the following forms:

  • On-Premise: In an on-premise installation, the application is installed on an on-premise, in-house server. It can be like having a furnace closet or an underground mad scientist laboratory, depending on the size of the company and the specific technology burden.
  • Cloud-Hosted: Cloud-hosted applications are installed on a virtual server, which means they are hosted in the cloud. Hosted solutions often replicate an on-premise architecture. Ease of backups, cybersecurity, updates and compliance are common reasons businesses choose cloud-based solutions. This option allows organizations to leverage 100% of the application features that are available in an on-premise install.
  • Web-Based: A web-based deployment foregoes installation entirely — it’s based on subscribing to an application that is already installed, deployed, and interacting with the application through web-based protocols.

 

A common trope of cloud computing with regard to on-premise installations has to do with the limits in physical contact that it presents — you can’t go down the hall and hug your servers. I’ve never actually tried to hug a server, but I think it would feel rather strange to do so. This hug-ability factor speaks to the level of control that companies possess when they install an application on their in-house server stack. There might be problems with this approach, but at least the company owns the problems and their resolutions. Moreover, when it comes to hugging, data is a much more recognizable object of affection. I can think of countless times that I have tried to “get my arms around the data” when working on a project. Access to the data layer is often an important feature, especially when performing custom reporting, and in some cases, the abstraction of the data layer present in web-based applications may make it hard to understand just what is happening to the data itself, making reporting a challenge.

 

Purely web-based versions of an application provide the core capabilities, but the features and functionalities available in a web-based version tend to be limited when compared to their on-premise counterparts. Consider Microsoft’s Office 365 suite. While highly similar to a client install, there are some limitations to the things we can accomplish in the web version of Excel, for instance, when compared to its client-based counterpart. Working with ERP systems, I’ve found this trend to be consistent — if you’re leveraging a web-version of an application, expect to be privy to a subset of the overall functionality available with an on-premise version. And if you’re utilizing a version that is entirely web-based, tailor your expectations accordingly.

 

Speaking of tailoring, the ability to alter an application to fit your company’s needs also tends to be greatly reduced in web-based applications when compared to on-premise counterparts. By tailoring, I am referring to the ability to insert user-defined data or business logic into your application and have this custom functionality work in conjunction with the application’s standard behavior. In some ways this limitation is a good thing, as I’ve certainly seen companies entangle themselves in their own tailored threads. Conversely, a little tailoring can yield big gains in efficiency and effectiveness. As it is, a company purchasing web-based software out-of-the-box should understand what is in the box and only in the box, and that the box can’t be easily repurposed.

 

Depending on the application in question and the needs of the business, I‘ve found private cloud solutions to be a nice midpoint between the two poles of on-premise and web-based architectures. Cloud hosting specifically allows companies to possess fully-featured applications in the cloud, avoiding the problems associated with on-premise installations. This affords a measure of control unavailable with pure web-based applications. Moreover, it creates the levels of functionality and customizability that allow companies to do more than the basics. And should the company need assistance in the management of their application stack, we can cleanly pull in additional resources to lend a hand. Hosted applications also offer a variety of administration options — from in-house talent to partnered resources — and can adapt efficiently to new technology.

 

 

A security assessment provides a system overview. It allows you to see if your team is overworked or poorly protected. Time to begin? Our team is ready to help, whether you’re on-premise, web-based, or in a private cloud.

 

[pardot-form id=”1668″ title=”Network Assessment”]