Malware

In the past, viruses were created with the sole purpose of wreaking havoc on the infected systems. A large fraction of today’s malware, on the other hand, are designed to generate revenues for the creator. Spyware, botnets, and keyloggers steal information from your system or control it so that someone else can profit. In other words, the motivation for making them is now more attractive than before.

Keyloggers can reveal your usernames, passwords, PIN numbers, and other authentication information to their creators by recording your key strokes. This information can then be used for breaking into various accounts: credit cards, payment programs (like PayPal), online banks, and others. You’re right, keyloggers are among the favourite tools of individuals involved in identity theft.

Much like the viruses of old, most present day malware drain the resources, such as memory and hard disk space, of contaminated systems; sometimes forcing them to crash. They can also degrade network performance and in extreme cases, may even cause a total collapse.

If that’s not daunting enough, imagine an outbreak in your entire organisation. The damage could easily cost your organisation thousands of euros to repair. That’s not even counting yet the value of missed opportunities.

Entry points for malware range from optical disks, flash drives, and of course, the Internet. That means, your doors could be wide open to these attacks at this very moment.

Now, we’re not here to promise total invulnerability, as only an unplugged computer locked up in a vault will ever be totally safe from malware. Instead, this is what we’ll do:

  • Perform an assessment of your computer usage practices and security policies. Software and hardware alone won’t do the trick.
  • Identify weak points as well as poor practices and propose changes wherever necessary. Weak points and poor practices range from the use of perennial passwords and keeping old, unused accounts to poorly configured firewalls.
  • Install malware scanners and firewalls and configure them for maximal protection with minimal effect on network and system performance.
  • Implement regular security patches.
  • Conduct a regular inspection on security policy compliance as well as a review of the policies to see if they are up to date with the latest threats.
  • Keep an audit trail for future use in forensic activities.
  • Establish a risk management system.
  • Apply data encryption where necessary.
  • Implement a backup system to make sure that, in a worst case scenario, archived data is safe.
  • Propose data replication so as to mitigate the after effects of data loss and to ensure your company can proceed with ‘business as usual’.

Once we’ve worked with you to make all these happen, you’ll be able to sleep better.

Other defences we’re capable of putting up include:

Check our similar posts

Renewable energy – Is it a common man’s cup of tea?
I came across an article on a young graduate in renewable energy engineering. The fellow was doing technical sales and marketing jobs for renewable energy products though he felt that as a graduate, he ought to be doing more than just sales. His, sentiments, I can relate with but again thinking about the field of renewable energy, how many people understand what it is, its importance/ benefits, how to acquire it, its installation, costs etc.? Renewable energy is energy generated from natural resources. The renewable energy sources include sunlight, wind, rain, tides, geothermal heat and various forms of biomass. These sources are renewable naturally and continuously replenished, therefore this energy cannot be exhausted. Renewable energy technologies range from solar power, wind power, hydroelectricity/micro hydro, biomass and bio-fuels for transportation. Back to the aspiring young professional who felt that his place in the renewable energy sector lies in doing strategies and coming up with new products-the advice fronted to him was that doing technical sales is the best job for engineers, as it helps them impact on users of their products. Sales entail interacting with customers and knowing their needs so that the product features can be enhanced to suit the customer?s needs. Now, that is brilliant and accurate advice. It is however important to take into consideration that renewable energy is not a common man?s cup of tea and right now the focus all over the world is to build green economies. To me the need for more and more people to understand the benefits, savings and cost of renewable energy cannot be overemphasised. Effort should be made to keep marketing of renewable energy products/ services simple and conversational by avoiding use of acronyms or jargon explaining about operational details. More impact can be made if a marketing rather than technical sales approach is used. Technical sales have been described as boring (can be used as a sleeping aid), tends to use extensive vocabulary, jargon and acronyms that product users cannot relate with and tends to discuss the products technical aspects as opposed to the benefits to the customer. Fun should be created out of all this by making things simple and demonstrating cost savings and benefits of renewable energy.
2015 ESOS Guidelines Chapter 6 – Role of Lead Assessor

The primary role of the lead assessor is to make sure the enterprise?s assessment meets ESOS requirements. Their contribution is mandatory, with the only exception being where 100% of energy consumption received attention in an ISO 50001 that forms the basis of the ESOS report.

How to Find a Lead Assessor

An enterprise subject to ESOS must negotiate with a lead assessor with the necessary specialisms from one of the panels approved by the UK government. This can be a person within the organisation or an third party. If independent, then only one director of the enterprise need countersign the assessment report. If an employee, then two signatures are necessary. Before reaching a decision, consider

  • Whether the person has auditing experience in the sector
  • Whether they are familiar with the technology and the processes
  • Whether they have experience of auditing against a standard

The choice rests on the enterprise itself. The lead assessor performs the appointed role.

The Lead Assessor?s Role

The Lead Assessor?s main job is reviewing an ESOS assessment prepared by others against the standard, and deciding whether it meets the requirements. They may also contribute towards it. Typically their role includes:

  • Checking the calculation for total energy consumption across the entire enterprise
  • Reviewing the process whereby the 90% areas of significant consumption were identified
  • Confirming that certifications are in place for all alternate routes to compliance chosen
  • Checking that the audit reports meet the minimum criteria laid down by the ESOS system

Note: A lead assessor may partly prepare the assessment themselves, or simply verify that others did it correctly.

In the former instance a lead assessor might

  • Determine energy use profiles
  • Identify savings opportunities
  • Calculate savings measures
  • Present audit findings
  • Determine future methodology
  • Define sampling methods
  • Develop audit timetables
  • Establish site visit programs
  • Assemble ESOS information pack

Core Enterprise Responsibilities

The enterprise cannot absolve itself from responsibility for good governance. Accordingly, it remains liable for

  • Ensuring compliance with ESOS requirements
  • Selecting and appointing the lead assessor
  • Drawing attention to previous audit work
  • Agreeing with what the lead assessor does
  • Requesting directors to sign the assessment

The Environment Agency does not provide assessment templates as it believes this reduces the administrative burden on the enterprises it serves.

IT Systems Implementation

Are you ready to find out how your newly accepted IT system fares in the real world? Although a rigorous Acceptance testing process can spot a wide spectrum of flaws in a newly constructed IT system, there is no way it can identify all possible defects. The moment the IT system is delivered into the hands of actual end users and other stakeholders, it is effectively stepping out of a controlled and secure environment.

Thus, it is during this phase wherein issues having direct impact on the business can arise.

It is our duty to ensure that the Systems Implementation phase is carried out as thoroughly, professionally, and efficiently as possible.

Thoroughly, because we need to include all relevant data and other deliverables, eliminate hard-to-detect miscalculated results, and substantially reduce the probability of business and mission critical issues popping up in the future;

Professionally, because it is the best way to address the sensitive process of turning over a new system to users who have gotten used to the old one;

And efficiently, because we want to minimise the duration over which all stakeholders have to adapt to the new system and allow them to move on to the process of growing the business.

Preparation

Louis Pasteur once said, “Luck favours the mind that is prepared.”

While we certainly won’t leave anything to chance, we do put substantial weight on the Preparation stage of Systems Implementation. We’re so confident with the strategies we employ in Preparation, that we can assure you of an utterly seamless Deployment and Transition phase.

By this we mean that issues that may arise during Deployment and Transition will be handled smoothly and efficiently because your people will know exactly what to do.

Here’s how we will prepare your organisation for Deployment:

  • Identify all key players for the Systems Implementation phase and orient them on their specific roles. We’ll make sure they know what possible hitches may come their way and how to deal with them.
  • Identify all end users and their corresponding functions, then assign appropriate access rights.
  • Draw multi-layered contingency plans to capture and address each possible concern that may crop up during Deployment.
  • Prepare a systematic step-by-step procedure and checklist for the entire Deployment stage. Both of them should have been copied from a similar procedure and checklist used in the Acceptance testing phase.
  • Make all stakeholders understand the conditions required before Deployment can commence.
  • Set the appropriate environment so that all stakeholders know what to expect and when to expect them the moment Deployment commences.
  • Prepare Technical Services and Technical Support personnel for the gruelling mission ahead.
  • Make sure all communication processes are well coordinated so that everyone affected will know who to contact and how to get in touch with them when a problem arises.
  • Plan and schedule training sessions so that they can be conducted “just in time”. Training sessions conducted way ahead of Deployment are often useless because the trainees tend to forget about what they learned when the time comes to apply them. Similarly, training sessions conducted way after Deployment also become useless because trainees are seldom able to internalise instructions delivered during crash courses.

Deployment

There are two sets of issues to keep an eye on during Deployment:

  1. Issues directly related to the technology itself, e.g. application functionality and data integrity, and
  2. Issues emanating from the end users, i.e., their unwillingness to use the new system. One reason may be because they find the interface and procedures too confusing. Another would be due to other inconveniences that come with adapting to a new set of procedures.

Despite all the meticulous scrutiny employed during Acceptance testing, there are just some problems that are made obvious only during Deployment. Issues belonging to the first set are dealt with easily because of the plans and procedures we put in place during the Preparation stage. As an added measure, our team will be on hand to make sure contingency plans are executed accordingly.

While the second set of issues is often neglected by many IT consultancy companies, we choose to meet it head on.

We fully understand that end users are most sensitive to the major changes that accompany a new system. It is precisely for this reason why our training activities during Deployment are designed not only to educate them but also to make them fully appreciate the necessity of both the new system and the familiarisation phase they will need to go through.

The faster we can bring your end users to accept the new system, the faster they can refocus on your company’s business objectives.

Here’s what we’ll do to guarantee the smoothest Deployment process you’ve ever experienced.

  • Employ the procedure and checklist formulated during the Preparation stage.
  • Ensure all end users are well acquainted with any additional tasks they would need to perform (e.g. filling up manual logs).
  • Assess which legacy systems can still be used alongside the new technology and which ones have to be retired.
  • Supervise the installation and optimal configuration of all supporting hardware and software to make sure the likelihood of errors originating from them are brought to near-zero levels.
  • Supervise the installation and optimal configuration of the products themselves.
  • Carry out data migration tasks if necessary.
  • Organise and oversee parallel runs to check for data and report inconsistencies.
  • Conduct training sessions in a professional and well-timed manner to eliminate end-users’ feelings of agitation and to take advantage of memory absorption and retention duration as with regards to their assigned duties and responsibilities.

Transition

Do you often feel uneasy whenever the reins to a newly purchased IT system are handed over to you? Perhaps there are some issues that you feel haven’t been fully settled but, at the same time, find it too late to back out, having already invested so much time and resources.

Alright, so maybe the thought of “backing up” never crossed your mind. However, the concern of being “not yet ready” is raised by many organisations towards the tail end of most Deployment stages. This usually drags the Deployment stage into a never-ending process.

Our team of highly experienced specialists will make sure you reach this point with utmost confidence to proceed on your own.

To wrap up our comprehensive IT Systems Implementation offering, we’ll take charge of the following:

  • Verify that all deliverables, including training materials and other technical documentation, are accomplished and expected outcomes are realised.
  • Make sure all technical documentation are placed in a secure and accessible location.
  • Institute best practices to ensure the IT system becomes fully utilised and to reduce its exposure to avoidable risks.
  • Establish open communication lines with the Technical Support team to enable quick resolution of issues.
  • Ensure complete knowledge transfer has been fully achieved so that your people will spend less time calling Technical Support and more on operations contributory to business growth.

Ready to work with Denizon?