Tuesday was the first full day of content for the customer side at GPUG Amplify. After starting with a continental breakfast and some caffeine, the day began. I must say the breakfast was better than last year, despite just being a continental breakfast. There was lots of fresh fruit, always welcome, and a bonus for me: tea and milk! Often when I'm in the US, I either have no option for tea, only cold (iced) tea, decaffeinated tea, or there is tea but no milk to put in it. So, I was a happy camper this morning! 😄
Session 1 - OData and PowerBI
My first session was Jodi Christiansen's session on OData and Power BI. I missed the beginning of the session where more of the OData part was covered. I wished I had heard that part. There were a few new things I learned about on the Power BI side of things, namely:
- The feature to create hierarchies in your data, for things like Customer Class and Customer relationships, was cool. I don't recall seeing that before. Your visualizations would be grouped by class first, then drilling further into the next level, such as customer second, all by using the hierarchy in your visualization.
- There is a new filter type, Top "N", to only show some data instead of all data in a given visualization. It certainly helps clean up some results where too much data loses meaning at times.
- Not new but worth mentioning: the Quick Insights on the online site is so cool. With sample data, it perhaps isn't as interesting but it can tell you where there are outliers in your data and you can add some of those tiles to your dashboard right from Quick Insights if you wish.
There was a great question about the limitations of OData service with GP, in terms of the sizes of data sets. Unfortunately, it seems there is a real limitation here, but what was unclear to me was what "size" this typically would affect. As I understand it, it tries to pull all the data from a given feed instead of getting "x" records at a time that might be more manageable. The disappointment for me was the inability to define what type of volume this issue may become noticeable, as it would seem this is something that should be "testable" to at least give some guidance to those wanting to use the OData feed.
Session 2 - 50 Free Add-ons for GP
Mark Polino ran this session, and it was chock-full of all sorts of add-ons and resources for Dynamics GP. I was curious, as I hadn't sat in on this before, and it was great. Mark laid out the "cost" for each - free in a financial sense but in some cases you need to go through your partner to get a download or the vendor wants you to fill out a form giving them your contact info to download etc.
Some of my favourites were:
- Willoware utilities including client version tracking of dexterity-based products you have, handy for sysadmins.
- Various reference guides or websites: Dex.ini commands, GP Build number references.
- Microsoft free tools (partner downloads only though) such as RM Auto Apply and Project Accounting "changer" scripts
Session 3 - ISV solutions showcase
This time slot was for ISV product showcases. I sat in on Mekorma's demo of their new Multi-Batch Management. This appears to be a pretty slick tool, for users of their MICR product, to process cross-company payment processing (printing, posting, EFT/Safepay file generation etc.).
I didn't get screenshots of this but I would check out their website. If you have a complex cheque selection process, or multiple companies, multiple chequebooks or any combination of the above, check their site for more information as this has the potential to save a lot of time in your payment processing. Pricing wasn't discussed so I have no idea what that looks like!
Session 4 - Industry Roundtables
This time slot was a new type of session content that Dynamics Communities was trying out. The premise was there were various industry-specific rooms where users could discuss issues that related to them. I moderated the Services roundtable. The room setup wasn't conducive to the type of presentation unfortunately but otherwise, I think the users enjoyed it. The challenge was getting the users to speak up and take part.
There weren't any specific obvious issues that dominated my room's conversation but there was a good discussion about web clients, upgrades & timing/frequency, reconciling project/job/time/payroll, and some others I have forgotten now. I'll be curious to see the results of the surveys on how this session fared with users.
Session 5 - Skipped!
To be perfectly honest, I wanted to attend the Jet Express session, but when I saw that the presenter was the same guy who wasted our time at reImagine last year, I decided to bail and do some work instead. I have nothing against the product itself, but the presenter last year was arrogant and I just wasn't interested in sitting through that. Hopefully, it was a good session and I was wrong… I'd heard rumours about an interaction with this same fellow the previous day who told me he hadn't changed.
Keynote - Eric Pearson, Pearson Compliance
The last session of the day was the keynote, featuring Eric Pearson, of Pearson Compliance Group. From the website:
Founder, Eric Pearson, is an Information Security expert with over 20 years of hands-on experience.
This was a different kind of keynote from earlier ones, where there typically is some tie-in to GP, ERP or consulting in some way. It was refreshing to have something unrelated yet relevant to everyone. It's hard to cover what was discussed, but some of the high-level points I took away were things like this:
- The cost of cybercrime in 2016 was estimated at $400 billion. By 2019, it's estimated to cost $2 trillion.
- To fight the battle, we need to change our computer habits, become proactive, not reactive, and limit the viewable information on social media.
- A prime example was a spoofed email to Bob McAdam, unbeknownst to Bob I believe, of a "claim" for damages to a vehicle using locations and details that were publicly available in Bob's Twitter timeline. It was a good example of how easy it is to try a phishing scam with information we are so readily posting every day (myself included). Eric walked through some clues in this email on how to spot if it's real or not:
- The email address did not sound at all like it was a government agency
- The time of the email was around 6 am (arrival time) but the introduction was "Good afternoon". This can show sloppiness or perhaps a sign that it didn't come from the same time zone. For a supposed "local" infraction, that's an obvious tip-off that it may not be real.
- The sign-off was "Sincerely…", an inconsistent ending to what that type of email might be.
- There were several typos and grammatical mistakes, more indications of sloppiness.
- He suggested we limit our public exposure and not post our life online. "I'm heading on a 9-week vacation" is an invitation! Wait until you're back to post about your trip, not before you leave.
- Make sure you're doing virus scans, backing up your files, and keeping backups for 30 days or longer, as you may not find malware right away and if you do, you may need to go back days or weeks to get "clean" data.
- Limit exposure on your company website to only what is necessary. Phishing scams were discussed where CFOs get supposed instructions for wire transfers from their CEOs. One possible place hackers could be getting your executive team's names and positions is your website. In some cases, public filings also have this but why make it easier for cybercriminals by giving them your full org structure online?
- If you have a business with computers (and who doesn't?), you need a cyber security policy and a plan for what happens if you are attacked. For instance, what seems obvious to say here ("duh!") may not be the first thing that occurs to you in the heat of the moment, which immediately disconnects the computer from the network if you find evidence of an attack to hopefully limit the impact to other areas of your network. Train your staff on proper use and phishing techniques so they are aware of the risks.
- In your Out of Office reply, keep it brief. Don't be specific with dates you're away and back, that just gives people an "in" potentially as they have more information to pretend they are someone they are not.
The bottom line is the more information you put out there publicly, the more data for a hacker or "phisher" to be pulling together to make a believable story to send to you or someone you are connected with, to make them believe it's from you. Imagine you're posting about a trip, and in unrelated posts, you talk lovingly about your kids and their names etc. Then, someone uses that to try to scam someone out of money under the guise of an emergency with your kids and "Joe" is away in "Aruba" on vacation until "some real date". They get an email with details that are all real and correct and you don't immediately think it's a scam, so you comply and you're toast. Easy to see how this can happen.
I enjoyed the keynote and took some of the information to heart right away. That evening I made some changes to some of my social media profiles and website, and have more plans in mind. So far here are some things I've done:
- My Twitter account (non-GP related), I have now changed to be private only and removed any followers I had that I didn't know in some way. I didn't have many followers but I removed more than 50% of those who followed me so it's pretty much friends, family and the odd other person that I know in other ways. My @jenkuntzGP Twitter is not easy to do as the point of it is to share information about Dynamics GP. However, I can limit the personal information I share on it, as much as many of the people I interact with I consider friends. There are hundreds more that I don't know at all and could be
- I have removed some personal info from my LinkedIn public profile so no one can see much of my profile unless they are already connected. Some people will say that defeats the purpose of using LinkedIn, as it is a place for people to connect with you for business purposes. I have a love/hate relationship with LinkedIn. I hate being contacted so often by recruiters about jobs I have no interest in and I hate that it seems more "Facebooky" every day, so for me, it's a place to keep business connections but otherwise, I don't care if people who aren't connections can see my job history or not. If I need to drum up work in the future, I can always change it back but for now, I'm okay with being a little harder to find on that site!
- I have de-personalized some of my website, my bio, my About page etc. I had my city, some family information, etc. and I have taken much of that off to be a little more generic. It's still on web archives but at least it is a start. I also removed my phone number from my website, people can email me if they don't know me already and then I don't get random spam calls I don't want anyway.
On the list of things to check over the coming days are things like:
- Review is my use of a password manager. I love using one but I have no control over the security of my passwords if that company is hacked or compromised. I may, however, continue using it but restrict what websites I use it for, to keep, say, sites with banking information out of it and just memorize the passwords instead. A bit more of a pain in the ass but if something happened, and someone gets a login to a random forum, who cares, but my banking, is a different deal entirely.
- Facebook now for me is an odd combination of personal with some business colleagues and customer "friends". I don't post business stuff on there, and my posting profile is set to Friends most of the time already so nothing much is obtainable via my public profile. However, I post a lot of personal things there, including trips and travels, and I've thought for a long time about dialling back who I'm connected to. The line between friend and not is very grey. Lots of customers are "friends" in some ways, as are some GP colleagues I'm connected to but at some point, I may have to think harder about what I want out there that isn't related to how they know me.
That's it for day 1… now on to day 2 which is about to begin!