The General Data Protection Regulation & The Duty to use Encryption

The General Data Protection Regulation, abbreviated to GDPR, raised a storm when it arrived. In reality, it merely tightened up on existing good practice according to digital security specialists Gemalto. The right to withhold consent and to be forgotten has always been there, for example. However, the GDPR brings a free enforcement service for consumers, thus avoiding the need for third party, paid assistance.

The GDPR Bottom Lines for Data Security
Moreover, the GDPR has penalties it can apply, of the order that might have a judge choking on his wig. Under it, data security measures such as pseudonymisation (substitution of identifying fields) and encryption (encoding including password protection) have become mandatory. Businesses must further respect their client data by:

a) Storing it in a secure environment supported by robust services and systems

b) Having proven measures to restore availability and access after a breach

c) Being able to prove frequent effectiveness testing of these measures.

The General Data Protection Regulation places an onus on businesses to report any data breaches. This places us in a difficult situation. We must either face at least a wrist slap upon reporting failures. Alternatively, pay a fine of up to ?10 million, or 2% of total worldwide annual turnover.

The Engineered Weak Link in the System
Our greatest threat of breach is probably when the data leaves our secure environment, and travels across cyberspace to an employee, stakeholder, collaborator, or the client themselves. Since email became open to attack, businesses and individuals have turned to sharing platforms like Dropbox, Google Drive, Skydrive, and so on. While these do allow an additional layer of password protection, none of these has proved foolproof. The GDPR may still fine us heavily, whether or not we are to blame for the actual breach.

How Hacking is Approaching Being a Science
We may make a mistake we may regret, if we do not take hacking seriously. The 10 worst data hacks Identity Force lists are proof positive that spending lots of money does not guarantee security (any more than having the biggest stock of nuclear weapons). We have to be smart, and start thinking the way that hackers do.

Hacker heaven is finding an Experian or a Dun & Bradstreet that may have shielded 143 million, and 33 million consumer records respectively, behind a single, flimsy cyber-security door. Ignorance is no excuse for them. They should simply have known better. They should have rendered consumer data unreadable at individual record level. The hackers could have found this too demanding to unpick, and have looked elsewhere.

How Data Encryption Can Help Prevent Hackers Succeeding
Encrypting data is dashboard driven, and businesses need not concern themselves about it works. There are, however, a few basic decisions they must take:

a) Purge the database of all information held without explicit permission

b) Challenge the need for the remaining data and purge the nice-to-haves

c) Adopt a policy of encrypting access at business and customer interfaces

d) Register with three freemium encryption services that seem acceptable

e) After experimenting, sign up for a premium service and be prepared to pay

Factors to Consider When Reaching a Decision
Life Hacker?suggests the following criteria although the list is a one-size-fits-all

a) Is the system fast, simple, and easy to operate

b) Can you encrypt hidden volumes within volumes

c) Can you mass-encrypt a batch of files easily

d) Do all other files remain encrypted when you open one

e) Do files automatically re-encrypt when you close them

f) How confident are you with the vendor, on a scale of 1 to 10

It may be wise to encrypt all the files on your system, and not just your customer data. We are always open to a hack by the competition after our strategic planning. If we leave the decision up to IT, then IT, being human may take the easy way out, and encrypt as little as possible.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

Field service and improved visibility

A manager is someone who has control over a company. They are given the responsibility of overseeing what the company does and making important decisions. The manager is the most important person in the empire and needs to be in the know at all times. Not what happened a day ago but in real-time and from any place.

Information is necessary for this to happen. It needs to be concise, brief and straightforward. Ideally, access to job status, location information, customer information, notifications and location information should be on the palms of their hands.

To sum it all up, there should be fluid communication among personnel in the field. Information should be accessed easily from one place as it flows to another to maintain steady two-way communication. This is possible with automation meaning that no amount of data will be left unseen or unused because of paperwork that was never handed over or looked into, reducing the chance of misinformation or missing information to a minimum.

Ways improved visibility will help your business through Field Service

Organisations using field services will agree that improved visibility has more business benefits and the real question is what aspect needs improving rather than discussing the benefits.

Real-time visibility

Managers need to be in the know from anywhere at any time. The manager needs information about the company. The need not to be physically present to have an idea of what’s going on. They should know everything at all times, from what was planned for the day to real-time events.

All this information should be easily accessed from one central point and should contain everything about the company and other relevant information.

Extending the back office into the field

This two-way communication is virtually irreplaceable. At any time, the information should flow among technicians in the field and those in the back office. This will help to have a better idea of how to manage the workload and come up with solutions to some work-related issues.

Everyone in the team should be informed and be up to speed about real-time events. Keeping everyone updated improves visibility because they can make updates and decisions based on the kind of information they get.

No more lost paperwork

Managing paper trail can be quite a hassle for organisations. With tons of workload, there can be many delays meaning that some information might be missed or forgotten. People might also choose not to turn up for work for days on end and can affect how much info is processed. Some work can be left undone, and work not invoiced.

When organisations use field service management services, information is fed only once and everything else is done automatically. Say goodbye to lags or relying on last month?s data. Work will move faster because people will have more time to focus on important things rather than chasing an endless paper trail.

Business intelligence

Field service management technology will let you know what is being done in the field and with such an abundance of data, will make sound decisions for the business.

Every decision is hinged on cold facts. Information needs to be easily accessed and filtered into the right categories so that sound business decisions are made from the collected data.

Growing revenue

The abundance of real-time information and improved visibility can determine whether a business will grow or not. Each piece of information can show trends that are critical for any business to improve. Trends show how each sector is doing and sheds more light into specific areas that need a total overhaul. This may include improving customer service, products on retail or hiring more technicians.

Without information, a company is one step closer to going out of business. Every action should be geared to increase the revenue and this starts by making the right choices.

Visibility when working offline

Working offline is an issue that can affect visibility. Sometimes agents will need to work in areas that have little network coverage or are deep down working in tunnels or are around heavy machines and turbines. Field service solutions are built for the mobile environment and for workers who may find themselves in non-connected areas so that they can still use their device while offline. This makes sure that there is no loss of information while working in-field

Time-saving

Certainly, business is constrained to its environments and if the demand changes it should prove to be flexible enough to adjust to changes as they happen. Field service solutions operations like schedule need to update instantly. Once activities start rolling, nothing should create lags in the schedule so that operations flow seamlessly at all time.

Field workers can then make updates and document changes easily on the job site directly on their device by using responsive site menus, drastically saving time while feeding data and complete orders.

Improved customer service

It is not a clich? to say that the customer is always right. With real-time information, both field service and back-office technicians can improve customer relations and satisfaction. With a unified system of sharing information like the ERPs and CRMs, the field officer can know more about specific clients, their history and other data to know more about what should be done in current and future orders. This means that better decisions will be made for each customer.

How improved visibility benefits different parts of the organisation

Improved visibility in all areas of the business makes information more accessible. Here are some of the benefits that various sects of a business can get from improved visibility.

? The business owner
The manager owns the company and can access all information with just a single tap. A lot of data can be used to analyse the health of the venture. This includes revenue, inventory, customer surveys, employee hours, invoices and customer data.
Profitability is increased by putting more emphasis on customer satisfaction and improving the quality of end products and services.

? The service manager
The service manager can see what is going on in the field in real-time, and look into measures that can improve the productivity of staff members in various departments.
And with workflow automation, time-saving is at the maximum because there is less paperwork consequently improving scheduling and job completion rates.

? Service administrator/ dispatcher
For the team in the office, they can assign tasks faster. Scheduling is automatically done and updated in real-time. It eliminates the need for paperwork and leaves more time to be productive on other errands.

? The field technician
Improved visibility for a field worker means that they can do their best in any task. They can share or get critical information about orders and customers. This drastically improves job completion rates and customer satisfaction.

? HR
Live information can be used to track certain orders, the time it takes to complete orders, and the number of staff required in the organisation. Such data can be used in HR to reduce payroll errors and erroneous overtime costs.

? Finance
Field service management software can also benefit the finance team by automation of invoices. A work order can be tracked from start to the end and invoiced immediately to retain faster payments. Relevant data can be used to track revenue and expenditures, and costs.

Real-time visibility gives a company many solutions to manage the workload. In the end, visibility is also useful in increasing revenue and a smooth transition of information for the company.

A Definitive List of the Business Benefits of Cloud Computing ? Part 4

Lowers cost of analytics

Big data and business intelligence (BI) have become the bywords in the current global economy. As consumers today browse, buy, communicate, use their gadgets, and interact on social networks, they leave in their trail a whole lot of data that can serve as a goldmine of information organisations can glean from. With such information at the disposal of or easily obtainable by businesses, you can expect that big data solutions will be at the forefront of these organisations’ efforts to create value for the customer and gain advantage over competitors.

Research firm Gartner’s latest survey of CIOs which included 2,300 respondents from 44 countries revealed that the three top priority investments for 2012 to 2015 as rated by the CIOs surveyed are Analytics and Business Intelligence, Mobile Technologies, and Cloud Computing. In addition, Gartner predicts that about $232 million in IT spending until 2016 will be driven by big data. This is a clear indication that the intelligent use of data is going to be a defining factor in most organisations.

Yet while big data offers a lot of growth opportunities for enterprises, there remains a big question on the capability of businesses to leverage on the available data. Do they have the means to deploy the required storage, computing resources, and analytical software needed to capture value from the rapidly increasing torrent of data?

Without the appropriate analytics and BI tools, raw data will remain as it is – a potential source of valuable information but always unutilised. Only when they can take the time, complexity and expense out of processing huge datasets obtained from customers, employees, consumers in general, and sensor-embedded products can businesses hope to fully harness the power of information.

So where does the cloud fit into all these?

Access to analytics and BI solutions have all too often been limited to large corporations, and within these organisations, a few business analysts and key executives. But that could quickly become a thing of the past because the cloud can now provide exactly what big data analytics requires – the ability to draw on large amounts of data and massive computing power – at a fraction of the cost and complexity these resources once entailed.

At their end, cloud service providers already deal with the storage, hardware, software, networking and security requirements needed for BI, with the resources available on an on-demand, pay-as-you-go approach. In doing so, they make analytics and access to relevant information simplified, and therefore more ubiquitous in the long run.

As the amount of data continues to grow exponentially on a daily basis, sophisticated analytics will be a priority IT technology across all industries, with organisations scrambling to find impactful insights from big data. Cloud-based services ensure that both small and large companies can benefit from the significantly reduced costs of BI solutions as well as the quick delivery of information, allowing for precise and insightful analytics as close to real time as possible.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
How To Get Started with your IT Compliance Efforts for SOX

There’s no question about it. For many of you top executives in the corporate world, all roads leading to a brighter future have to go through SOX compliance. And because the business processes that contribute to financial reporting (the crux of the Sarbanes-Oxley Act) are now highly reliant on IT systems, it is important to focus a good part of your attention there.

It is a long and arduous path to IT compliance, so if you don’t want your company to fall by the wayside due to inefficient utilisation of resources, it is important to set out with a plan on hand. What we have here are some vital information that will guide you in putting together a sound plan for SOX compliance of your company?s IT systems.

Why focus on IT systems for SOX compliance?

We’ll get to that. But first, let’s take up the specific portions of the Sarbanes-Oxley Act that affect information technology. These portions can be found in Section 302 and Section 404 of the act.

In simplified form, Section 302 grants the SEC (Securities and Exchange Commission) authority to come up with rules requiring you, CEOs and CFOs, to certify in each annual or quarterly financial report the following:

  • that you have reviewed the report;
  • that based on your knowledge, the report does not contain anything or leave out anything that would render it misleading;
  • that based on your knowledge, all financial information in the report fairly represent the financial conditions of the company;
  • that you are responsible for establishing internal controls over financial reporting; and
  • that you have assessed the effectiveness of the internal controls.

Similarly, Section 404, stated in simplified form, allows the SEC to come up with rules requiring you, CEOs and CFOs, to add an internal control report to each annual financial report stating that you are responsible for establishing internal controls over financial reporting.

You are also required to assess the effectiveness of those controls and to have a public accounting firm to attest to your assessment based upon standards adopted by the Public Company Accounting Oversight Board (PCAOB).

While there is no mention of IT systems, IT systems now play a significant role in financial reporting. Practically all of the data you need for your financial reports are stored, retrieved and processed on IT systems, so you really have to include them in your SOX compliance initiatives and establish controls on them.

Now that that’s settled, your next question could very well be: How do you know what controls to install and whether those controls are already sufficient to achieve compliance?

Finding a suitable guide for IT compliance

The two bodies responsible for setting rules and standards dealing with SOX, SEC and PCAOB, point to a well-established control framework for guidance – COSO. This framework was drafted by the Committee of Sponsoring Organisations of the Treadway Commission (COSO) and is the most widely accepted control framework in the business world.

However, while COSO is a tested and proven framework, it is more suitable for general controls. What we recommend is a widely-used control framework that aligns well with COSO but also caters to the more technical features and issues that come with IT systems.

Taking into consideration those qualifiers, we recommend COBIT. COBIT features a well thought out collection of IT-related control objectives grouped into four domains: Plan and Organise (PO), Acquire and Implement (AI), Deliver and Support (DS), and Monitor and Evaluate (ME). The document also includes maturity models, performance goals and metrics, and activity goals.

A few examples of COBIt’s detailed control objectives are:

DS4.2 – IT Continuity Plans
DS4.9 – Offsite Backup Storage
DS5.4 – User Account Management
DS5.8 – Cryptographic Key Management
DS5.10 – Network Security
DS5.11 – Exchange of Sensitive Data

By those titles alone, you can see that the framework is specifically designed for IT. But the document is quite extensive and, chances are, you won’t need all of the items detailed there. Furthermore, don’t expect COBIT to specify a control solution controls for every control objective. For example, throughout the control objective DS4 (Ensure Continuous Service), you won’t find any mention of virtualisation, which is common in any modern business continuity solution.

Basically, COBIT will tell you what you need to attain in order to achieve effective governance, management and control, but you’ll have to pick the solution best suited to reach that level of attainment.

Articles highly relevant to the one you just read:

Month End Accounting The Way It Should Be Today
Spreadsheet Woes ? Burden in SOX Compliance and Other Regulations
Spreadsheet Woes ? Limited Features For Easy Adoption of a Control Framework
How Internal Auditors Can Win The War Against Spreadsheet Fraud

Ready to work with Denizon?

Contact Us Today