Do you want your A/P clerk having access to your payroll records? Or your billing clerk having access to your profit and loss statements? Maybe so, but maybe not.

If not, then you can configure your QuickBooks company so that each user has access only to the information they need.

Set this up through the top menu: Company / Set Up Users and Passwords / Set Up Users. Click Add User or Edit User, depending on whether they are already existing users. Then you’ll see this screen:

Click on “Selected areas of QuickBooks” to begin the process of specifying authorized functions for that user.

The first screen that appears gives you control over the user’s access to Sales and Accounts Receivable functions:

You see that control can be broken down between data entry, transaction printing, and reporting. Select the functions that your user needs access to. You can also click (or not) on the checkbox giving the user access to customer credit card numbers.

This level of control in QuickBooks is great — it introduces accounting controls to your use of the software, and potentially reduces the risk of fraud and error.

You can set up controls for these areas in QuickBooks:

* Sales and A/R
* Purchases and A/P
* Checking and Credit Cards
* Inventory
* Time Tracking
* Payroll and Employees
* Sensitive Accounting Activities (like journal entries and online banking)
* Sensitive Financial Reporting

Finally, you can control the ability to change or delete transactions:


This is an important accounting control. If you open this capability to a user, they will be able to delete or change previously entered transactions. Limiting this capability to only staff that truly need it could help lower the possibility of bookkeeping crime in your office, because it makes it harder for users to cover their tracks if they are making entries they don’t want others to see.

Also, you can prevent users from making changes to the books after the close date. Your accountant will really like it if you restrict that.

There are news stories coming out all the time about embezzlement and fraud taking place in offices where QuickBooks or other accounting software is used. Want to lower the chance of it happening to you? Just limit your employees’ access in QuickBooks to the functions they need to do their jobs.

Do you have any tips or advice on using access restrictions in QuickBooks?

You’ve been told a LOT of times that the world is a dangerous place, and that you should only use ‘strong’ passwords for your accounting software, your email and social accounts, your online financial accounts…really all your accounts and apps that are supposed to be secure.

So you know what you OUGHT to do, but how do you do it?

You probably already know that you shouldn’t use your name, your address, your birthday, or the word “password”.

Actually, you are not supposed to use any word found in the dictionary.

Many experts advise you to use a nonsense string of upper and lower case letters, numbers, and special characters. One expert advised to use a longish phrase or line from a memorable book, movie, or song.

If you want to check out the quality or strength of your password, go to the free and secure Microsoft password evaluator and let it pass judgment on a password you use or are considering using. Very handy.

Posted in IT.

Take care of your computer, and it will take care of you. Here are five easy and inexpensive ways to bullet-proof your PC.

1. Have each computer you use on a battery backup. Electric surge protection is not enough. If the power goes out when you have critical files open and your computer blinks off, you have a big problem. Battery backups are not that expensive.

2. Have every computer you use do Windows auto-updates. Access the settings through your Windows Control Panel. Auto-updates will make sure that you get critical service-packs, security updates, and Windows bug fixes.

3. Have every computer running security software. Symantec and McAfee are the big dogs for subscription-based solutions. But you can still get some free solutions, like AVG’s free edition. You’d have to be crazy to have a computer connected to the internet these days without some basic protection.

4. Be smart with your passwords. Don’t use your name or your address or your phone number, etc. Use numbers, upper and lower case letters, special characters, and nonsense words.

5. Don’t ignore warning signs. If your computer starts making funky noises, or getting intermittent bootup errors, or hanging up a lot, don’t wait around for it to get worse. Unlike the human body, computers aren’t self-healing. Get your IT pro to diagnose/repair, or just go get a new computer before the big crash.

Any other suggestions?

Posted in IT.

I’ve got a phish story for you.

Someone I know buys and sells stuff on eBay. During the course of one of his auctions, he got an email from eBay with a question from a potential buyer. This is a very normal experience for eBay sellers. The email had details about him, his item, his auction.

He clicked the “Reply to question” link in the email, and logged in to eBay. Except it wasn’t eBay.

Just as he clicked the Login button, he noticed that his address bar didn’t say eBay.com. It had an IP address. Ding, ding, ding, red alert!

He immediately logged into the real eBay site and changed his password. So there was no harm done.

He had been phished. Actually, spear-phished. He was specifically targeted. Why? He had made the mistake of putting his email address as part of the auction information. So some cybercriminal had sent him a tailor-made phishing email that looked, felt, and smelled like a real eBay email.

The reason it worked is because he expected to receive an email just like the one he was sent.

How could he have avoided this? By not clicking the link in the email. He could have, and should have, logged into eBay through eBay.com.

That is the main way to not get caught in a phishing scam. Whether it’s an email supposedly from Intuit, your bank, the government, etc., the safe way is to avoid the link in the email and go straight to the website from your address bar or your trusted browser bookmarks.

Recently there have been a lot of phishing emails going around that falsely claim to be from Intuit. You can check on Intuit security alerts at http://security.intuit.com.

Do you have a phish story? Or any other advice?