Apr 11, 2014
Earlier this week, the Internet was hit with the Heartbleed bug that poses a serious threat to mass amounts of private information and data. No customer data stored in SpringAhead Time & Expense is vulnerable. We’d like to take a moment to help you understand the potential gravity of the Heartbleed bug, how SpringAhead Time & Expense protected your data, and what you personally can do to prevent compromised data in the future.
What is Heartbleed?
Heartbleed is a security flaw in OpenSSL’s implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520). The bug has caused memory contents to leak from the server to the client and from the client to the server. While bugs in software are often fixed by new versions, Heartbleed has proven to be a “super bug” of sorts– leaving extensive amounts of private information vulnerable and exposed online. This extensive exposure, combined with untraceable attacks, makes for easy exploitation.
Your SpringAhead Time & Expense Customer Data is 100% Secure
On learning of the general issue, the SpringAhead Development Team performed an exhaustive assessment of potential exposure and concluded that all user data is secure. Here’s why:
Our public servers are safe. The load balancer we use does not contain or use the affected OpenSSL component, and passes Heartbleed vulnerability testing without issue.
Our private servers are secure. All of our private servers operate within a Virtual Private Cloud (VPC) and are not accessible directly from the Internet. One Amazon Linux-based system within our VPC, which we use for coordination, is being patched, but hosts neither customer data nor sensitive access keys. Even if it were sitting on the internet for all to see, it would not compromise customer data.
No 3rd party services experienced exposure. We have been in direct contact with all of our 3rd party services, and all have confirmed their systems were never vulnerable to Heartbleed.
How to Remain Protected Moving Forward
Stay out of accounts from affected sites until the company has patched the problem. Most major companies should release announcements regarding the status of their security. If they have not, SpringAhead recommends that you contact the company to verify the safety of your data.
Change your passwords ONLY on officially patched sites. Start with personal financial login information, then email accounts, then software solutions that affect business and professional matters. After all critical accounts have updated passwords, then begin updating the rest of your personal and business accounts.
REMEMBER: In order to truly remain safe, you should diversify your passwords and never use the same password for all critical accounts. If you have used a password for your SpringAhead Time & Expense account that is shared across several different online accounts, we recommend you change your SpringAhead password to be safe.
Routinely check on your financial statements. Manually scan your credit card statements, for both personal and business, for any suspicious charges over the next few months. If you see a charge you do not recognize, contact your bank immediately to report it.
The unyielding protection of your information remains our highest priority here at SpringAhead, and this commitment has proven critical in moments of vulnerability such as this. If you have any additional questions, please leave them in the comments below and we’ll reply as soon as possible!
Category: Company News, SaaS
Tags: hearbleed, heartbleed bug, SaaS, Security, software
Comments: No Comments
Sep 2, 2011
We are proud to introduce a major advance in Settings administration. You rely on us to provide the most powerful suite of Settings and our goal is to match power with clarity. Let’s review the key changes in this release so you can get started fast:
The Settings Homepage
This page recaps all of your key settings in a single place. Red and green color coding call your attention to key data. Clickable Switches also allow you to activate and deactivate features with ease. In combination there is less checkbox clutter and more focus on what you want to see.
The next major change you’ll note is simpler language. For example, your team is now addressed as People instead of Users. As you venture deeper into the settings, you’ll note the use of plain English language throughout. Technobabble is on its way out.
Thank you for taking the time to familiarize yourself with the new settings. We hope you enjoy the new advances!
Category: Accounting, Company News, Events, New Features, SaaS
Tags: Company Event, Events, New Features, Productivity, SaaS, time tracking, Web Timecards, Web Timesheets
Comments: No Comments
Mar 13, 2011
This release brings accessibility, integration and speed to your SpringAhead account. Ever needed a little extra help establishing your default preferences in the My Company area? Now there’s a setup wizard to walk you through the process. Love SpringAhead and have clients or colleagues that need Microsoft Dynamics GP integration? We’re now integrated. All this and more in this release.
Now starting up a new company is easier than ever. Upon logging in, you’ll be prompted to take the Setup Wizard which establishes company-wide settings and sets your default export preferences. Afterwards, it will remain accessible from the data menu if you need to retake the wizard later.
Billables is now Invoices
To better reflect the purpose of this area, the name Billables has been replaced by the name Invoices. Likewise, the entire product has been updated to reflect the updated naming convention. The next time you need to export an invoice out to your preferred accounting system, click Invoices – sounds easy enough, right?
Support for Microsoft Dynamics GP
A major new feature this release is support for Microsoft Dynamics GP. Call us to get started.
New Page Layout Increases Speed
In step with supporting Microsoft Dynamics GP, many of the areas within SpringAhead will now load faster – supporting as much volume as you can throw at it. Previously, SpringAhead would show all of the timesheets and expenses on one page, causing the Review, Invoices and Payables areas to take a longer-than-usual time to load if there was an excessive amount of content. Now these areas are paginated, showing a specified amount of timesheets and expenses per page, yet still allowing you to select all the timesheets and expenses in one click.
Category: Accounting, cloud computing, Company News, Events, New Features, SaaS, Uncategorized
Tags: Add-On, Cloud computing, Events, Integration, New Features, Productivity, time tracking, Web Timecards, Web Timesheets
Comments: No Comments
Oct 20, 2010
Fresh look, faster setup and other changes roll out this month
Logging in, you’ll immediately notice the updated layout. A natural progression, this design is smarter, faster and practical.
New! Advanced Feature Rollup
Virtual Time+Expense administrators know that there are lot of options when you setup your account. Just clicking on the My Company button gives a staggering amount of options. Now, there’s an option to hide the advanced settings and bring the basics to the forefront. A sample company is shown below, note the clean layout and the More Settings links, which if checked, would show the advanced features.
Additional Features: Better Commission Reports, Employee ID in Reports and Pause Feature for Project Timers
You asked for a more intuitive way to get commission report percentages and here it is. Now, you no longer have to click Include Details to get commission percentages on reports.
If you rely on CSV files for your payroll system, our downloadable CSV reports now include employee numbers.
If you’re having your employees use project timers to track time, we’ve now made it possible to pause the timer – if you aren’t, our continued upgrades to this feature make now a perfect time to try it!