New Fathom IT - Blog , UncategorizedNew Fathom IT - Blog , Uncategorizedhttps://www.newfathom.com/blogs/UncategorizedFri, 10 Apr 2026 18:11:57 -0700http://zoho.com/sites/<![CDATA[QuickBooks Desktop Is Reaching End of Life — What It Means for Your Business]]>https://www.newfathom.com/blogs/post/quickbooks-desktop-is-reaching-end-of-life-—-what-it-means-for-your-business

QuickBooks Desktop Is Reaching End of Life — What It Means for Your Business

For many small businesses, QuickBooks Desktop has been the backbone of accounting for years. It’s familiar, reliable, and for a long time it was the default recommendation for small businesses, accountants, and bookkeepers. But the landscape is changing. Intuit has been gradually phasing out QuickBooks Desktop, and several major milestones have already passed. If your business still relies on Desktop, now is the time to understand what’s happening and what it means for your future accounting setup.

QuickBooks Desktop Is Being Phased Out

The biggest shift came in 2024, when Intuit stopped selling new subscriptions for QuickBooks Desktop Pro, Premier, and Mac editions to new customers in the United States. As of September 30, 2024, businesses can no longer purchase new licenses for these versions.

Existing subscribers can still renew their licenses for now, but the writing is on the wall: the traditional Desktop versions are slowly being retired in favor of cloud-based products like QuickBooks Online.

In addition, older versions of QuickBooks Desktop are already losing support. For example, QuickBooks Desktop 2022 reached end of life on May 31, 2025, meaning it no longer receives updates, security patches, or technical support.

The final version of QuickBooks Desktop sold (2024) is expected to be supported until roughly 2027 before reaching its own end-of-support milestone.

In short: Desktop isn’t disappearing overnight, but it is clearly on a long-term path toward retirement.

What “End of Life” Actually Means

When software reaches end of life, it doesn’t immediately stop working. You can usually still open the program and access your data.However, several important services disappear. Once support ends, users typically lose:

  • Security updates and patches
  • Online banking connections
  • Payroll services and tax updates
  • Payment processing integrations
  • Technical support from the vendor

Without these features, accounting becomes more manual and potentially less secure. Over time, compatibility issues with Windows updates, banks, and third-party integrations also become more likely.

For businesses handling sensitive financial data, running unsupported accounting software creates increasing operational and security risks.

Why Intuit Is Moving Away From Desktop

The shift away from Desktop reflects a broader trend in business software.

Cloud-based platforms allow businesses to access financial data from anywhere, collaborate more easily with accountants, and integrate with other business tools. Modern accounting systems are increasingly designed to connect with payroll platforms, payment systems, inventory tools, and reporting dashboards.

Desktop software, by comparison, is tied to a specific computer or local server and can be harder to maintain and update.

As a result, Intuit has invested heavily in QuickBooks Online and other cloud-based services while gradually retiring the traditional desktop model.

What Businesses Should Do Next

If you’re still using QuickBooks Desktop, the goal shouldn’t be panic — it should be planning.

Most businesses have several practical options:

1. Upgrade to the latest supported Desktop version
This can buy additional time, but it’s likely a temporary solution.

2. Migrate to QuickBooks Online
This is Intuit’s primary direction and the most common migration path.

3. Evaluate alternative accounting platforms
Some businesses choose to switch to other cloud accounting solutions depending on their needs.

4. Work with an IT or accounting advisor
Migration planning, data conversion, and workflow adjustments can take time.

Don’t Wait Until the Last Minute

Accounting systems are foundational to a business. Payroll, invoicing, reporting, and taxes all depend on them.

The transition away from QuickBooks Desktop won’t happen overnight, but businesses that wait until support disappears may find themselves rushing through a complicated migration.

Planning ahead allows you to move on your timeline instead of reacting to a deadline.

And when it comes to financial systems, that kind of control is invaluable.

Get Started Now
]]>Fri, 10 Apr 2026 11:50:42 -0700<![CDATA[They’re Not Breaking In. They’re Logging In.]]>https://www.newfathom.com/blogs/post/they-are-not-breaking-in-they-are-logging-in

They’re Not Breaking In. They’re Logging In.

For years, business security has been built around a simple idea: keep attackers out. Firewalls, antivirus, and endpoint protection all serve that purpose, and for a long time, that approach made sense. Threats were largely external. If you could block the intrusion, you could protect the business.

That’s no longer how most attacks work.


Today, attackers aren’t forcing their way in. They’re logging in.


The shift is subtle, but significant. Instead of exploiting software vulnerabilities, attackers are targeting people. A well-crafted phishing email, a fake login page, or a compromised session token is often all it takes. Once credentials are captured, the attacker doesn’t look like an intruder anymore—they look like a legitimate user.


And that changes everything.


When access appears normal, traditional security tools have very little to act on. There’s no obvious malware, no blocked connection, and no clear alert that something is wrong. From the system’s perspective, a valid username and password were used successfully. From a business perspective, however, the risk is substantial.


Email accounts can be used to redirect payments or send fraudulent invoices. File systems can be accessed and sensitive information quietly exfiltrated. Internal communications can be monitored or impersonated. In many cases, the compromise isn’t discovered until after financial or operational damage has already occurred.


One of the biggest challenges is how long these incidents can go unnoticed. It’s not uncommon for account compromises to remain undetected for days or even weeks. During that time, an attacker can operate freely within the environment, often leaving very little trace that would trigger a traditional alert.

This is where we’re seeing a meaningful shift in how businesses approach security. Rather than focusing solely on protecting devices, organizations are beginning to focus on protecting identity.


Identity Threat Detection and Response (ITDR) is one example of this shift. Instead of looking for malware or suspicious files, it monitors how accounts are being used. Things like impossible travel, unusual login patterns, or access from unfamiliar locations can indicate that a legitimate account is being misused.


More importantly, these signals can be evaluated in real time. That changes the response window from days or weeks to minutes.


The goal isn’t to replace existing security tools, but to close a gap that many businesses don’t realize exists. If attackers are getting in through valid credentials, then visibility into how those credentials are being used becomes critical.


For small and mid-sized businesses especially, this shift is worth paying attention to. The question is no longer just whether your systems are protected from intrusion. It’s whether you would recognize if someone logged in who shouldn’t be there.


Because increasingly, that’s what an attack looks like.

Get Started Now
]]>Thu, 02 Apr 2026 14:52:00 -0700<![CDATA[You Didn’t Start a Tech Company. But You’re Running One.]]>https://www.newfathom.com/blogs/post/the-accidental-it-department-why-small-businesses-are-carrying-more-tech-risk-than-they-realize

You Didn’t Start a Tech Company. But You’re Running One.

If you run a small business in 2026, you are running a technology operation. Whether you intended to or not.

It rarely begins strategically. The tech savvy owner sets up Microsoft 365. A capable employee informally manages passwords. The office manager resets the Wi Fi when needed. Backups are assumed. Security is partial. Nothing appears broken.

Over time, however, technology shifts from convenience to infrastructure. It underpins payroll, invoicing, scheduling, client communication, vendor management, and financial reporting. It becomes embedded in revenue flow and operational continuity.

At that point, the issue is no longer technical. It is structural.

Most small businesses do not suffer from a lack of tools. They suffer from an informal accumulation of risk. Administrative access is concentrated in one individual. Backups are unverified. Security controls are inconsistent. Documentation is minimal. Knowledge is tribal.

This works until it doesn't.

When a credential is compromised, access to core systems is interrupted. When a key employee leaves, institutional knowledge leaves with them. When backups fail, recovery is uncertain. The technical event is rarely catastrophic on its own. The operational impact is.

Email downtime becomes workflow disruption. Financial system lockouts delay revenue. Access confusion slows teams. Leadership attention shifts from growth to containment.

In small businesses, disruption is not distributed. It concentrates at the top. Owners and senior leaders absorb the interruption personally. Strategic focus narrows. Reactive decision making increases.

Over time, this produces a culture of normalization around instability. Small interruptions become expected. Firefighting becomes routine. Leadership energy is fragmented across preventable events.

The cost is not primarily financial. It is strategic erosion.

There is no longer a meaningful distinction between “IT” and “operations.” Technology now functions as operational infrastructure. It deserves the same intentional design applied to finance, compliance, and hiring.

Operationally disciplined businesses do not eliminate technical issues. They reduce single points of failure. They clarify ownership. They verify resilience. They document access. They treat systems as assets rather than conveniences.

You may not have set out to build an IT department. But your business now depends on one.

The shift from informal management to structured oversight is not about becoming more technical. It is about protecting operational continuity.

That distinction defines whether technology remains a recurring disruption or becomes a stable foundation for growth.

Get Started Now
]]>Fri, 27 Mar 2026 14:48:51 -0700<![CDATA[Why Backups Alone Are Not a Ransomware Strategy]]>https://www.newfathom.com/blogs/post/why-backups-alone-are-not-a-ransomware-strategy

Why Backups Alone Are Not a Ransomware Strategy

For years, the go-to answer to ransomware has been simple: “We have backups.” While backups are a critical part of any cybersecurity program, relying on them as the primary ransomware defense is a dangerous oversimplification. In today’s threat landscape, backups alone are no longer enough.

Modern ransomware attacks are no longer smash-and-grab operations. Attackers are patient, deliberate, and strategic. Once inside a network, they often spend days or weeks performing reconnaissance—identifying critical systems, locating backup infrastructure, and escalating privileges. By the time ransomware is deployed, attackers frequently know exactly where backups live and how to disable or encrypt them first.

From a NIST Cybersecurity Framework (CSF) perspective, this is a failure of the Protect and Detect functions. If attackers can move freely, access backup systems, and operate undetected for extended periods, the organization is already operating at a disadvantage long before encryption begins.

Even when backups survive an attack, recovery is rarely quick or painless. Restoring large environments can take days or weeks, during which business operations may be severely disrupted. For many organizations, especially small and mid-sized businesses, extended downtime can be just as damaging as data loss itself. Missed revenue, lost customers, regulatory penalties, and reputational harm can far outweigh the cost of the ransom.

This is where Incident Response (IR) and Disaster Recovery (DR) planning intersect. Backups support recovery, but without a defined incident response process—who makes decisions, how systems are isolated, when recovery begins—organizations often lose valuable time. In NIST terms, the Respond and Recover functions are just as critical as prevention.

Another common misconception is that any backup is a good backup. Traditional backups that are writable, online, and accessible with standard administrative credentials are prime targets. If attackers compromise a domain admin account—and many do—those backups are often compromised right along with everything else. Without protections like immutability, offline copies, or strict access controls, backups may offer a false sense of security.

Testing is another overlooked weakness. Many organizations assume backups will work because they always have. But backups that are never tested may be incomplete, corrupted, or unusable when they’re needed most. From a DR standpoint, an untested restore is not a plan—it’s a hope. NIST’s Recover function explicitly emphasizes the importance of validated recovery processes and continuous improvement.

A resilient ransomware strategy focuses on survivability, not perfection. This includes layered defenses such as endpoint detection and response (EDR), least-privilege access, network segmentation, and continuous monitoring. It also requires tabletop exercises and incident response testing so teams are prepared before a real event occurs.

Backups remain essential, but they should be treated as a last line of defense, not the first. Organizations should invest in immutable or offline backups, restrict access to backup systems, monitor for suspicious activity, and regularly test recovery procedures. Just as importantly, leadership must understand that cybersecurity resilience is a business issue—not just an IT responsibility.

In ransomware incidents, the question is no longer “Can we recover our data?” It’s “Can we continue operating?” Backups help—but only as part of a broader strategy aligned with NIST CSF, Incident Response, and Disaster Recovery best practices.

Get Started Now
]]>Tue, 03 Feb 2026 13:18:44 -0800<![CDATA[Navigating the Future of Cybersecurity: Key Trends for 2025]]>https://www.newfathom.com/blogs/post/navigating-the-future-of-cybersecurity-key-trends-for-2025

As we step into 2025, the cybersecurity landscape is evolving at an unprecedented pace. The latest insights from the Google Cloud Cybersecurity Forecast 2025 highlight the challenges and opportunities that organizations face in combating cyber threats. This blog synthesizes the report’s key findings to equip businesses and security teams with the knowledge needed to stay ahead.

The Role of Artificial Intelligence (AI) in Cybersecurity

AI as a Double-Edged Sword: Malicious actors are increasingly leveraging AI and large language models (LLMs) to enhance their operations. These technologies enable the creation of convincing phishing campaigns, deepfake-based fraud, and sophisticated vulnerability research. Simultaneously, defenders are adopting AI to streamline threat detection and automate repetitive tasks, paving the way for semi-autonomous security operations.

Generative AI in Information Operations: Adversaries are utilizing generative AI tools to produce persuasive content and backstop inauthentic personas. This surge in AI-driven information operations underscores the need for enterprises to bolster their defenses against social engineering and misinformation campaigns.

Geopolitical Cyber Threats: The Big Four

Russia: The Ukraine conflict continues to dominate Russian cyber activity, with espionage and disruptive attacks targeting critical infrastructure. Pro-Russian information operations aim to influence global perceptions, particularly in Europe and NATO-aligned nations.

China: China’s cyber operations are marked by stealth and aggression. Their tactics include exploiting zero-day vulnerabilities and employing custom malware ecosystems to infiltrate embedded systems. Pro-Chinese information campaigns target elections and global audiences with disinformation.

Iran: Iran’s cyber activities focus on regional influence and monitoring dissidents. The Israel-Hamas conflict has intensified their operations, blending cyber espionage with disruptive attacks.

North Korea: Driven by economic necessity and geopolitical goals, North Korea continues to target cryptocurrency exchanges and supply chains. Their use of trojanized software to infiltrate networks underscores the need for enhanced supply chain security.

Emerging Threats and Trends

Ransomware and Multifaceted Extortion: Despite efforts to counter ransomware, it remains a pervasive threat. Attackers are employing multifaceted extortion tactics, including data theft and service disruption, with healthcare and critical infrastructure often in the crosshairs.

Infostealer Malware: The rise of infostealer malware presents a gateway to high-impact breaches. These tools enable attackers to harvest credentials, bypassing security measures in environments lacking multifactor authentication.

Faster Exploitation of Vulnerabilities: The average time-to-exploit (TTE) for disclosed vulnerabilities has dropped dramatically. Organizations must adopt proactive vulnerability management strategies to mitigate risks posed by this rapid exploitation.

Post-Quantum Cryptography: With the finalization of quantum-safe encryption standards, organizations must prepare for the post-quantum era. Inventorying cryptographic systems and transitioning to quantum-resistant solutions will be critical in safeguarding sensitive data.

Regional Insights

EMEA: The updated Network and Information Security Directive (NIS2) is reshaping cybersecurity practices across Europe, emphasizing risk management, supply chain security, and regulatory compliance. Geopolitical conflicts continue to drive threat activity in the region, underscoring the importance of cloud security.

JAPAC: North Korean actors are targeting cryptocurrency investments in JAPAC, while Southeast Asian cyber criminals innovate with AI and deepfake technologies. Additionally, Chinese-controlled websites posing as local news outlets are disseminating pro-Beijing content.

Preparing for 2025: Key Takeaways

  1. Leverage AI Responsibly: Integrate AI tools to enhance security operations while safeguarding against AI-driven threats.

  2. Strengthen Identity Management: Implement phishing-resistant multifactor authentication and robust access controls to mitigate identity-based risks.

  3. Adopt Cloud-Native Security Solutions: Enhance monitoring, automate incident response, and address cloud-specific vulnerabilities.

  4. Stay Ahead of Quantum Threats: Begin transitioning to quantum-safe cryptographic standards and inventorying cryptographic dependencies.

  5. Invest in Threat Intelligence: Proactively monitor geopolitical and technological trends to anticipate and counter emerging threats.

The cybersecurity challenges of 2025 demand a proactive and adaptive approach. By understanding these evolving trends, organizations can build resilience and ensure a secure future in an increasingly complex digital world.

Get Started Now
]]>Thu, 02 Jan 2025 08:15:39 -0800<![CDATA[Top Cyber Security Policies Every Organization Should Have]]>https://www.newfathom.com/blogs/post/top-cyber-security-policies-every-organization-should-have

Top Cyber Security Policies Every Organization Should Have

In today's digital age, cybersecurity is not just a technical issue to be solved by the IT department, but a business imperative that must be solved and enforced at the top. Deploying and enforcing essential IT policies will help ensure your organization is ready for the real challenges likely to face an organization. Effective cybersecurity policies serve as the foundation for a secure working environment, ensuring that all employees understand their roles and responsibilities in safeguarding the organization. Below are the top cybersecurity policies every organization should have, along with explanations of their importance. 

1. Acceptable Use Policy (AUP) 

Why It's Important:

An Acceptable Use Policy (AUP) sets clear guidelines for employees on the appropriate use of the organization's IT resources, including computers, networks, and internet access. It helps prevent misuse that could lead to security vulnerabilities or legal issues. 

Key Components: 

  • Permitted and Prohibited Activities: The policy should clearly define what constitutes acceptable and unacceptable use of the organization's IT resources. This includes prohibiting activities such as downloading unauthorized software, accessing inappropriate websites, or using company devices for personal gain. 
  • Monitoring and Enforcement: Employees should be aware that their use of IT resources may be monitored to ensure compliance with the AUP, and violations can result in disciplinary action. 
  • Security Protocols: The AUP should reinforce the importance of adhering to security protocols, such as not disabling antivirus software or bypassing firewalls. 
  • BYOD (Bring Your Own Device) Guidelines: If the organization allows employees to use their personal devices for work, the AUP should include specific guidelines on securing these devices and accessing corporate data. 

An Acceptable Use Policy helps create a secure and responsible IT environment by defining what is and isn’t allowed, reducing the risk of security breaches and legal liabilities. 

2. Asset Management Policy 

Why It’s Important:

An Asset Management Policy helps organizations track and manage their IT assets, including hardware, software, and data. Proper asset management ensures that all assets are accounted for, protected, and maintained, reducing the risk of security vulnerabilities and ensuring compliance with regulations. 

Key Components: 

  • Asset Inventory: The policy should require the creation and maintenance of an up-to-date inventory of all IT assets, including servers, computers, mobile devices, software licenses, and data repositories. 
  • Ownership and Responsibility: Each asset should have an assigned owner responsible for its security, maintenance, and compliance with organizational policies. 
  • Asset Classification: Assets should be classified according to their criticality and sensitivity, with corresponding security measures applied based on their classification. 
  • Lifecycle Management: The policy should cover the entire lifecycle of an asset, from acquisition and deployment to maintenance and disposal. Secure disposal practices, such as data wiping or physical destruction, should be mandated for retiring assets. 
  • Remote Monitoring and Management (RMM): RMM tools should be deployed to monitor the health, performance, and security of all IT assets continuously. These tools enable proactive maintenance, reducing the risk of asset failures and security incidents. 
  • Endpoint Detection and Response (EDR): EDR solutions should be implemented on all endpoints to detect, investigate, and respond to potential threats in real-time. This is crucial for preventing and mitigating cyber threats at the device level. 
  • Patch Management: The policy should mandate regular patching of all software and firmware to address vulnerabilities. Automated patch management solutions should be used to ensure that updates are applied promptly across all assets, reducing the risk of exploitation. 
  • Access Controls: Implement appropriate access controls to ensure that only authorized personnel have access to specific assets, reducing the risk of unauthorized access or misuse. 

3. Business Continuity Plan (BCP) 

Why It's Important:

No matter how robust an organization's cybersecurity defenses are, the possibility of a successful cyberattack or catastrophic event cannot be completely eliminated. A Disaster Recovery Plan (DRP) or Business Continuity Plan (BCP) ensures that the organization can quickly recover and resume operations in the event of a disaster, whether it's a cyberattack, natural disaster, or other significant disruption. 

Key Components:

  • Risk Assessment: The plan should begin with an assessment of the risks that could potentially disrupt the organization, including cyber threats, natural disasters, and hardware failures. 
  • Data Backup Procedures: Regular backups of critical data should be maintained and stored securely, preferably offsite or in the cloud, to ensure data can be restored if lost. 
  • Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs): The plan should define the maximum acceptable downtime (RTO) and the maximum amount of data loss (RPO) the organization can tolerate. 
  • Roles and Responsibilities: Clear roles and responsibilities should be assigned to ensure that the recovery process is efficient and coordinated. 
  • Testing and Updates: The plan should be regularly tested and updated to ensure its effectiveness in a real-world scenario. 
A well-developed DRP or BCP minimizes downtime and data loss, ensuring that the organization can quickly recover from unexpected events and maintain business continuity. 

You can edit text on your website by double clicking on a text box on your website. Alternatively, when you select a text box a settings menu will appear. your website by double clicking on a text box on your website. Alternatively, when you select a text box

4. Data Retention Policy 

Why It's Important: 

A Data Retention Policy outlines how long different types of data should be kept and when they should be securely deleted. This policy is crucial for ensuring compliance with legal requirements, reducing storage costs, and minimizing the risk of data breaches involving outdated or unnecessary data. 

Key Components: 

  • Classification of Data: Different types of data should be classified according to their importance and sensitivity. For example, financial records may need to be kept longer than marketing data. 
  • Retention Periods: The policy should specify retention periods for each type of data, based on legal, regulatory, and business requirements. 
  • Secure Deletion: When data is no longer needed, it should be securely deleted to prevent unauthorized access. This may involve overwriting data or physically destroying storage media. 
  • Compliance Considerations: The policy should ensure that data retention practices comply with relevant laws and regulations, such as GDPR or HIPAA. 
  • Regular Review: The policy should be regularly reviewed and updated to reflect changes in legal requirements, technology, and business needs. 

A Data Retention Policy helps organizations manage their data effectively, ensuring that they retain only what is necessary while reducing the risk of data breaches and non-compliance penalties. 

5. Password Construction Policy

Why It's Important:

Passwords are the first line of defense against unauthorized access to an organization's systems and data. A weak password can be easily guessed or cracked by cybercriminals, granting them access to sensitive information. A Password Construction Policy ensures that all employees create strong, complex passwords that are difficult to break.

Key Components:

  • Length Requirements: The policy should mandate the use long passwords. Longer is better and more important for password cracking than complexity! NIST does not recommend complexity be a requirement but recommends length as a key factor of a good password. Consider a length of 16 or more characters where possible.
  • Prohibition of Common Passwords: To avoid the use of easily guessable passwords, the policy should disallow commonly used passwords like "password123 Length " or "admin."
  • Unique Passwords: Employees should not reuse passwords across different accounts or systems to minimize the potential impact of a single password breach. To do this effectively you probably need to deploy a password manager, but the reason for that is uniqueness. 
A strong Password Construction Policy ensures that all employees create robust passwords, significantly reducing the risk of unauthorized access.

6. Password Protection Policy

Why It's Important:

Even the strongest password is vulnerable if it is not properly protected. A Password Protection Policy outlines how employees should handle and store their passwords to prevent unauthorized access.

Key Components:

  • Secure Storage: Employees should store passwords using a secure method, such as a password manager, rather than writing them down or saving them in an unencrypted file.
  • Avoiding Sharing: The policy should strictly prohibit the sharing of passwords with colleagues or third parties. Each employee should have their own unique credentials.
  • Multi-Factor Authentication (MFA): Implementing MFA adds an additional layer of security by requiring users to provide two or more verification factors, reducing the likelihood of a breach even if a password is compromised.
  • Suspicious Activity Reporting: Employees should be trained to recognize and report any suspicious activity related to their accounts, such as unexpected login attempts or changes in settings.
A Password Protection Policy ensures that passwords, the keys to accessing critical systems and data, are safeguarded against compromise.

Conclusion

In the face of ever-evolving cyber threats, having comprehensive cybersecurity policies is essential for protecting an organization's assets, data, and reputation. A Password Construction Policy and Password Protection Policy work hand in hand to ensure that passwords are both strong and securely managed. An Asset Management Policy ensures that all IT assets are properly tracked, managed, and secured throughout their lifecycle. A Disaster Recovery Plan or Business Continuity Plan prepares the organization for the worst-case scenario, ensuring a swift recovery. An Acceptable Use Policy establishes clear guidelines for the responsible use of IT resources, while a Data Retention Policy ensures that data is managed and disposed of securely and in compliance with legal requirements. By implementing these top cybersecurity policies, organizations can build a strong defense against cyber threats and create a secure environment for their operations.

Get Started Now
]]>Fri, 04 Oct 2024 16:23:07 -0700<![CDATA[The Cost of a Cheap (Slow) Computer]]>https://www.newfathom.com/blogs/post/the-cost-of-a-cheap-slow-computer

The Cost of a Cheap (Slow) Computer

Is it worth it to buy a better computer? It's time that business owners start thinking about the costs per hour of their employees and the cost of slow computers in their workplace. Many business owners don't realize the financial impacts they're creating simply by buying cheap tools (computers) for their workers. Most of them wouldn't dream of sending a wood cutter with a dull chainsaw blade, but they equip their entire team with crappy computers they are stuck using every day! 


For the below example, I'm going to assume we're buying workstations for a business for workers who use it for their main job function and they work 50 weeks per year. If that's not the case, you may still be able to learn something but you'll need to adapt the math to your situation. We're also assuming that computer will last 3-5 years, but the older they get the more likely they are to be slow and the slower they will become. Also, the cheaper computers will likely have a smaller lifespan. 

What Does It Cost If It's Slow?

Having a slow computer has a two main cost centers: time and frustration. If you're using a computer that's constantly slow to open tabs or programs then not only do you lost valuable time from your day, but it's also a frustrating experience especially the busier you get. 

Financial Cost

Let's say you decide to buy a cheaper computer and save $500 because you buy an I3 instead of an I5 and 8GB of RAM instead of 16GB and you get an HDD instead of a solid state drive (SSD). All of those upgrades could easily cost you a three minutes of slowness throughout the day. If this computer is for an employee that costs you $25/hour then you are wasting $1.25 per day ((3/60) x $25), that may not seem like a lot, but every year that will cost $312 and over the lifetime of the computer (5 years) you'll pay $1,562 for 3 minutes every day. That's the best case scenario. 


Let's say in a few years the computer is running REALLY slow and takes 30 minutes out of every day because of the lag in opening programs or slow restart times. That will cost you $12.50 per day and $3,125 every year you run a slow computer like that. 

Morale Cost

But there's more than just the financial cost. When you have employees working for you and you don't provide good tools to do their work that is a big hit to morale and will likely lead to higher turnover and less employee satisfaction. The cost of hiring and training a single employee is easily thousands and thousands of dollars. But let's say they don't quite and just spend their days complaining. Even that will have a negative impact on the business and every person that employee interacts with (I hope they're not doing customer service). 

A Nerdy Table

Below is a table calculating the costs per minute of slowness in your employees day. Of course, this assumes that this is time that could have been used on productive work, but it really doesn't take long to have slow computers costing you a lot of money!

Slowness Minutes Per DayHourly RateCost/DayCost/Year (50 Weeks of Work)Cost/3 YearsCost/5 Years
1$25 $0.42 $104.17 $312.50 $520.83
2$25 $0.83 $208.33 $625.00 $1,041.67
3$25 $1.25 $312.50 $937.50 $1,562.50
4$25 $1.67 $416.67 $1,250.00 $2,083.33
5$25 $2.08 $520.83 $1,562.50 $2,604.17
10$25 $4.17 $1,041.67 $3,125.00 $5,208.33
15$25 $6.25 $1,562.50 $4,687.50 $7,812.50
20$25 $8.33 $2,083.33 $6,250.00 $10,416.67
25$25 $10.42 $2,604.17 $7,812.50 $13,020.83
30$25 $12.50 $3,125.00 $9,375.00 $15,625.00   

What Should I Buy?

So what should you buy? At the least, check out our Workstation Specification Standards and buy in the Standard User column, but if you have some heavy hitters who are very expensive per hour, consider bumping it up! If you have users that are doing billable work for you, then add that into your calculation as well. If you're using a program that requires lots of graphics capabilities, consider upgrading to a dedicated graphics card. 


As a rule, stay away from the following:

- Pentium, Core Duo, I3, or Ryzen 3 processors. These are garbage for the most part. I wouldn't even want to check email with these. 

- HDDs. They just aren't worth it... ever.

- Refurbished computers. Yes you can save some money up front, but you're likely to run into issues later. Especially don't buy these if you pay for your IT support because that will get costly really quick. 

- Any computer that is under $500, it's almost always garbage.

Get Started Now
]]>Wed, 10 Jan 2024 22:33:56 -0800<![CDATA[Top 5 Cyber Security Threats to Small Business]]>https://www.newfathom.com/blogs/post/Top-5-Cyber-Security-Threats-to-Small-Business

Top 5 Cyber Security Threats to Small Business

Small businesses are becoming increasingly vulnerable to cyber attacks as more and more business operations are conducted while connected to the internet. Small businesses are often an attractive target for cyber criminals because they typically have weaker security measures than larger organizations, making them easier to breach. In this blog, we will discuss the top 5 cyber security threats small businesses face.

  1. Phishing Attacks

Phishing attacks are a common threat to small businesses. These attacks are designed to trick individuals into giving away sensitive information, such as passwords and credit card numbers. Phishing attacks often come in the form of emails that appear to be from a trusted source, such as a bank or a well-known business. Once the recipient clicks on a link or downloads an attachment, malware is downloaded onto their computer, which in turn could be used to distribute false emails from their account, or deploy ransomware onto their computer or network.

  1. Ransomware

Ransomware is a type of malware that extract or encrypts a victim's files and demands a ransom in exchange for the decryption key or not posting their data online. Small businesses are often targeted by ransomware because they typically have weaker security measures than larger organizations. If a small business does not have a robust backup system in place, they may be forced to pay the ransom to regain access to their files.

  1. Password Attacks

Password attacks are a common method used by cyber criminals to gain access to small business accounts. Password attacks can take many forms, such as brute force attacks, dictionary attacks, and social engineering attacks. Small businesses are often vulnerable to password attacks because they tend to use weak passwords and reuse them across multiple accounts, or they have have kept default passwords in place.

  1. Malware

Malware is a broad term used to describe any software that is designed to harm a computer system or network. Malware can take many forms, such as viruses, trojans, and worms. Small businesses are often targeted by malware because they typically have weaker security measures than larger organizations. 

  1. Insider Threats

Insider threats are a growing concern for small businesses. Insider threats refer to threats that come from within an organization, such as employees, contractors, or vendors. Insider threats can take many forms, such as theft of intellectual property, data breaches, and sabotage. Small businesses are often vulnerable to insider threats because they may not have the resources to conduct thorough background checks or monitor employee behavior.


Conclusion

In conclusion, small businesses face a range of cyber security threats that can lead to data theft, financial loss, and reputational damage. By implementing strong security measures, such as multi-factor authentication, regular software updates, and employee training, small businesses can reduce their risk of cyber attacks. It is important for small businesses to understand the threats they face and take proactive steps to protect themselves.

Get Started Now
]]>Mon, 03 Apr 2023 16:05:14 -0700<![CDATA[Why Password Managers are Important]]>https://www.newfathom.com/blogs/post/Why-Password-Managers-are-Important

Why Password Managers are Important

Password managers are essential tools in today's digital age as they help secure our online accounts and protect our sensitive information. Here are a few reasons why using a password manager is important:

    1. Strong Passwords: Password managers generate strong and unique passwords for each of your accounts, making it difficult for hackers to crack them. This eliminates the need to remember multiple passwords and reduces the risk of using weak passwords, such as "123456" or "password".

    2. Convenience: With password managers, you only need to remember one master password, which acts as a key to all your other passwords. This saves time and effort in having to constantly reset passwords due to forgotten login details.

    3. Two-factor Authentication: Many password managers offer two-factor authentication options, such as biometric or security key logins, which add an extra layer of security to your accounts.

    4. Centralized Storage: Password managers store all your passwords in a secure and encrypted vault, making it easier to manage and organize your online accounts. This also allows you to access your passwords from any device, making it convenient for those who use multiple devices.

    5. Auto-fill: Password managers can automatically fill in login credentials, making it faster and more convenient to access your accounts.

    6. Breach Alerts: Some password managers provide breach alerts, which notify you if any of your accounts have been compromised. This helps you take prompt action to secure your information.

    7. Password Sharing: Some password managers also allow for password sharing with trusted individuals, such as family or coworkers. This can be useful for shared accounts, such as a family bank account or a shared work project.

    In conclusion, password managers are crucial tools that provide essential security and convenience in managing our online accounts. With strong and unique passwords, two-factor authentication, centralized storage, and breach alerts, password managers help keep our sensitive information secure. Investing in a password manager is a small but significant step in protecting your online identity and security.

    Get Started Now
    ]]>    Mon, 30 Jan 2023 09:21:37 -0800    <![CDATA[What to do When Your Internet Goes Down]]>https://www.newfathom.com/blogs/post/what-to-do-when-your-internet-is-out

    What to do When Your Internet Goes Down

    Losing your internet connection can be a frustrating experience, especially when you're in the middle of a video call! So here are some basic steps you can take to quickly restore your internet connection.

    1. Check the Power. Are there lights on on the Modem and your Firewall/Router? If not, make sure the power is working.
    2. Check the Connections. Do the connections into your devices seem snug? Try unplugging them and re-plugging them.
    3. Reboot Everything. Unplug the power, wait 10 seconds, and plug things back in. Reboot all your network equipment and the device you're trying to connect with. 
    4. Call Your Internet Service Provider. If it's still not working, reach out to whoever supplies your internet. It's possible there's an outage in your area and they will work to restore it.
    5. Call Your IT Company. If all else fails and there are no problems with the above, reach out to your IT company as you may have network issues your internet company can't solve. 

    Basic Network Devices

    To help with troubleshooting, here are some definitions and illustrations for identifying devices.


    Modem

    This device converts your internet service providers signal into the type of signal your computer and network can use. 


    Firewall

    This device acts as your protection from the internet and blocks traffic into your network but allows your traffic to go out to the internet. This device also handles other local network tasks like giving your computer an IP address so it can talk to the internet and other devices. 


    Switch

    This device provides additional ethernet plugs for your equipment. These devices can be highly specialized or super simple.


    Wireless Access Point

    This device converts your network signal into wireless radio waves and allows wireless devices to connect to it. 


    Multi-Function Devices

    Oftentimes you will find devices that fulfill each of the four roles above: They are a modem, firewall, switch, and access point all in one! This is very handy as you only need one device, but may mean the device is limited in it's functionality of each part. 

    Get Started Now
    ]]>    Wed, 01 Jun 2022 09:23:18 -0700