IT Security and the Threats from Within

When the economy makes a downturn, companies, then eventually, employees suffer. Now, I’m sure you’re wary of frustrated laid-off employees stealing valuable data. Who knows? That information might end up in the hands of your competitors. Then as if that threat weren’t enough, there may be jobless IT specialists who turn to rogue activities either to earn a quick buck or simply out of lack of anything productive to do.

That’s not all, as we’ve got more news for you. When we think of IT Security, what instantly comes to mind are hackers and acts laced with mal-intent. However, a recent worldwide survey on IT security showed organisations were more inclined to expect data leakage as a result of accidental exposure by employees (45%) than of anything maliciously performed by an external entity (15%).

If you’re not aware of this, you’ll be focusing your spending on protection against incoming attacks while exposing your innards through accidental leakages. Our solution? While we’ll naturally provide your data with protection from outside threats, we’ll also put special attention in protecting it from the inside.

The defences we’ll put up include:

Data Loss Prevention
Network Security
Firewalls
Malware
Authentication and Access Control
Mobile Security
Forensics

Check our similar posts

What ISO 14001 Status did for Cummins Inc.

Cummins manufactures engines and power generation products, and has been a household name almost since inception in 1919. It sells its products in over 300 countries, through approximately 6,000 dealerships employing 40,000 people. Because its product line runs off fossil fuel it is under steady pressure to display a cleaner carbon footprint.

Cummins decided to go for the big one by qualifying for ISO 14001 certification. This is a subset of a family of standards relating to managing environmental impact while complying with all applicable legislation. In this sense, it is similar to the ISO 9000 quality management system, because it focuses on how products are produced (as opposed to how those products perform). Compliance with ISO 14001 was a doubly important goal, because it is part of the European Union?s Eco Management and Audit Scheme and fast becoming mandatory on suppliers to governments.

The qualification process follows the well-established principle of plan, do, check, act. It begins with gap analysis to detect materials and processes that affect the environment. This is followed by implementation of necessary changes affecting operations, documentation, emergency strategies and employee education. The third step involves measuring and monitoring performance. Finally, the project moves into a phase of ongoing maintenance, and continuous improvement as circumstances change.

In Cummins case, the project was almost worldwide and called for environmental, health and safety reporting throughout the organisation. The information was shared via a globally accessible document repository, and then processed centrally at the head office in Columbia, Indiana USA.

Measuring environmental performance almost inevitably has other benefits that make it doubly worthwhile. Speaking at the 2014 National Safety Council Congress after receiving the top award for excellence, Cummins chairman and ceo Tom Linebarger commented on a journey that was ?nothing short of amazing? yet wasn’t even a ?pathway to the finish line?.

?All of us feel like we have way more to do to make sure that our environment is as safe as it could be,? he added, ?so that our sustainability footprint is as good as it can be and that we continue to set more aggressive goals every year. That’s just how we think about it.? Linebarger concluded.

If you are taking your company on a journey to new heights of environmental excellence, then you should consider choosing ecoVaro as your travelling companion. We are environmental management specialists and have proprietary software geared to process your data. We also have a wealth of experience, and a treasure chest of roadmaps to help you achieve your goal.

Disadvantages of Spreadsheets – Obstacles to Compliance in the Healthcare Industry

Most of the regulatory compliance issues we talked about concerning spreadsheets have been related to financial data. But there are other kinds of data that are stored in spreadsheets which may also cause regulatory problems in the future.

In the US, a legislation known as HIPAA or Health Insurance Portability and Accountability Act is changing the way health care establishments and practitioners handle patient records. The HIPAA Privacy Rule is aimed at protecting the privacy of individually identifiable health information a.k.a. protected health information (PHI).

Examples of PHI include common identifiers like a patient’s name, address, Social Security Number, and so on, which can be used to identify the patient. HIPAA covers a wide range of health care organisations and service providers, including: health plan payers, health care clearing houses, hospitals, doctors, dentists, etc.

To protect the confidentiality, integrity, and availability of PHI, covered entities are required to implement technical policies such as access controls, authentication, and audit controls. These can easily be implemented on server-based systems.

Sad to say, many health care organisations who have started storing data electronically still rely on spreadsheet-based systems. Those policies are hard to implement in spreadsheet-based systems, where files are handled by end-users who are overloaded with their main line of work (i.e. health care) and have very little concern for data security.

In some of these systems, spreadsheet files containing PHI may have multiple versions in different workstations. Chances are, none of these files have any access control or user authentication mechanism whatsoever. Thus, changes can easily be made without proper documentation as to who carried out the changes.

And because the files are normally easily accessible, unauthorised disclosures – whether done intentionally or accidentally – will always be a lingering threat. Remember that HIPAA covered entities who are caught disclosing PHI can be fined from $50,000 up to $500,000 plus jail time.

But that’s not all. Through the HITECH Act of 2009, business associates of covered entities will now have to comply with HIPAA standards as well. Business associates are those companies who are performing functions and services for covered entities.

Examples of business associates are accounting firms, law firms, consultants, and so on. They automatically need to comply with the standards the moment they too deal with PHI.

More Spreadsheet Blogs

Spreadsheet Risks in Banks

Top 10 Disadvantages of Spreadsheets

Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry

How Internal Auditors can win the War against Spreadsheet Fraud

Spreadsheet Reporting – No Room in your company in an age of Business Intelligence

Still looking for a Way to Consolidate Excel Spreadsheets?

Disadvantages of Spreadsheets

Spreadsheet woes – ill equipped for an Agile Business Environment

Spreadsheet Fraud

Spreadsheet Woes – Limited features for easy adoption of a control framework

Spreadsheet woes – Burden in SOX Compliance and other Regulations

Spreadsheet Risk Issues

Server Application Solutions – Don’t let Spreadsheets hold your Business back

Why Spreadsheets can send the pillars of Solvency II crashing down

amazon.co.uk

amazon.com

FUJIFILM Cracks the Energy Code

FUJIFILM was in trouble at its Dayton, Tennessee plant in 2008 where it produced a variety of speciality chemicals for industrial use. Compressed-air breakdowns were having knock-on effects. The company decided it was time to measure what was happening and solve the problem. It hoped to improve reliability, cut down maintenance, and eliminate relying on nitrogen for back-up (unless the materials were flammable).

The company tentatively identified three root causes. These were (a) insufficient system knowledge within maintenance, (b) weak spare part supply chain, and (c) generic imbalances including overstated demand and underutilised supply. The maintenance manager asked the U.S. Department of Energy to assist with a comprehensive audit of the compressed air system.

The team began on the demand side by attaching flow meters to each of several compressors for five days. They noticed that – while the equipment was set to deliver 120 psi actual delivery was 75% of this or less. They found that demand was cyclical depending on the production phase. Most importantly, they determined that only one compressor would be necessary once they eliminated the leaks in the system and upgraded short-term storage capacity.

The project team formulated a three-stage plan. Their first step would be to increase storage capacity to accommodate peak demand; the second would be to fix the leaks, and the third to source a larger compressor and associated gear from a sister plant the parent company was phasing out. Viewed overall, this provided four specific goals.

Improve reliability with greater redundancy
Bring down system maintenance costs
Cut down plant energy consumption
Eliminate nitrogen as a fall-back resource

They reconfigured the equipment in terms of lowest practical maintenance cost, and moved the redundant compressors to stations where they could easily couple as back-ups. Then they implemented an online leak detection and repair program. Finally, they set the replacement compressor to 98 psi, after they determined this delivered the optimum balance between productivity and operating cost.

Since 2008, FUJIFILM has saved 1.2 million kilowatt hours of energy while virtually eliminating compressor system breakdowns. The single compressor is operating at relatively low pressure with attendant benefits to other equipment. It is worth noting that the key to the door was measuring compressed air flow at various points in the system.

ecoVaro specialises in analysing data like this on any energy type.?

Contact Us

(+353)(0)1-443-3807 – IRL
(+44)(0)20-7193-9751 – UK