The General Data Protection Regulation & The Duty to use Encryption

The General Data Protection Regulation, abbreviated to GDPR, raised a storm when it arrived. In reality, it merely tightened up on existing good practice according to digital security specialists Gemalto. The right to withhold consent and to be forgotten has always been there, for example. However, the GDPR brings a free enforcement service for consumers, thus avoiding the need for third party, paid assistance.

The GDPR Bottom Lines for Data Security
Moreover, the GDPR has penalties it can apply, of the order that might have a judge choking on his wig. Under it, data security measures such as pseudonymisation (substitution of identifying fields) and encryption (encoding including password protection) have become mandatory. Businesses must further respect their client data by:

a) Storing it in a secure environment supported by robust services and systems

b) Having proven measures to restore availability and access after a breach

c) Being able to prove frequent effectiveness testing of these measures.

The General Data Protection Regulation places an onus on businesses to report any data breaches. This places us in a difficult situation. We must either face at least a wrist slap upon reporting failures. Alternatively, pay a fine of up to ?10 million, or 2% of total worldwide annual turnover.

The Engineered Weak Link in the System
Our greatest threat of breach is probably when the data leaves our secure environment, and travels across cyberspace to an employee, stakeholder, collaborator, or the client themselves. Since email became open to attack, businesses and individuals have turned to sharing platforms like Dropbox, Google Drive, Skydrive, and so on. While these do allow an additional layer of password protection, none of these has proved foolproof. The GDPR may still fine us heavily, whether or not we are to blame for the actual breach.

How Hacking is Approaching Being a Science
We may make a mistake we may regret, if we do not take hacking seriously. The 10 worst data hacks Identity Force lists are proof positive that spending lots of money does not guarantee security (any more than having the biggest stock of nuclear weapons). We have to be smart, and start thinking the way that hackers do.

Hacker heaven is finding an Experian or a Dun & Bradstreet that may have shielded 143 million, and 33 million consumer records respectively, behind a single, flimsy cyber-security door. Ignorance is no excuse for them. They should simply have known better. They should have rendered consumer data unreadable at individual record level. The hackers could have found this too demanding to unpick, and have looked elsewhere.

How Data Encryption Can Help Prevent Hackers Succeeding
Encrypting data is dashboard driven, and businesses need not concern themselves about it works. There are, however, a few basic decisions they must take:

a) Purge the database of all information held without explicit permission

b) Challenge the need for the remaining data and purge the nice-to-haves

c) Adopt a policy of encrypting access at business and customer interfaces

d) Register with three freemium encryption services that seem acceptable

e) After experimenting, sign up for a premium service and be prepared to pay

Factors to Consider When Reaching a Decision
Life Hacker?suggests the following criteria although the list is a one-size-fits-all

a) Is the system fast, simple, and easy to operate

b) Can you encrypt hidden volumes within volumes

c) Can you mass-encrypt a batch of files easily

d) Do all other files remain encrypted when you open one

e) Do files automatically re-encrypt when you close them

f) How confident are you with the vendor, on a scale of 1 to 10

It may be wise to encrypt all the files on your system, and not just your customer data. We are always open to a hack by the competition after our strategic planning. If we leave the decision up to IT, then IT, being human may take the easy way out, and encrypt as little as possible.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

Spreadsheet Reporting – No Room in Your Company in an Age of Business Intelligence

It doesn’t take a genius to understand why spreadsheet reporting still pervades the enterprise despite the rise of a complex but highly effective IT solution known to big shot CIOs as Business Intelligence or BI.

If you’re still in the dark as to what BI is, don’t worry because we?ll enlighten you shortly.

Business decisions from disparate data sources

In the meantime, let’s talk about how you make business decisions. If you’re a top executive, then you make decisions based largely on reports submitted to you by your managers, department heads, and so on. They in turn obtain information from different sources, like the company ERP and CRM as well as other external sources (e.g. market surveys).

Now, before their reports ever reach your desk, a lot of data is extracted, shared, filtered, analysed, consolidated, and summarised so that they become actionable information. In all these activities, one software tool gets to take part in most of the action – the spreadsheet.

The problem with spreadsheet reporting

The problem with spreadsheets is that they have very poor built-in controls. Thus, they are susceptible to human errors and are vulnerable to fraud. What’s more, collecting data and manually consolidating them into spreadsheets can be very laborious and time consuming.

If you don’t get accurate, reliable information, your judgement will be fuzzy and your business decisions compromised. In addition, if you don’t receive the information you need on time, your business will constantly be at risk of breaching critical thresholds, which may even force it to spin out of control.

Business Intelligence – actionable information on time

This is mainly the reason why large companies implement Business Intelligence systems. BI systems are equipped with built-in features like reports, dashboards, and alerts.

Reports consolidate data and present them in a consistent format composed of intuitive text, graphs, and charts. The main purpose of having a consistent format is so that you will know what kind of information to expect and how the information is arranged. That way, you don’t waste time searching or making heads or tails out of the data in front of you.

Dashboards, on the other hand, present information through visual representations composed of graphs and gauges that are aimed at tracking your business metrics and goals. The main function of dashboards is to feed you with actionable information at a glance.

Finally, alerts keep you informed when certain conditions are met or critical thresholds are breached. Because their main purpose is to prompt you at the soonest possible time wherever you are, a typical alert can come in the form of an SMS message or an email.

As you can see, all three features are designed to get you making well-informed decisions as quickly as possible.

The problem with Business Intelligence and the alternative solution

The usual problem with full BI systems is that they can be very costly. Hence, if your organisation does end up implementing one, chances are, not everyone under you will be able to access it. As a result, some departments will be forced to go back to using spreadsheets.

If your company cannot afford a full BI system, then that probably means you don’t need one. What you need is a more affordable alternative. There are actually Software as a Service (SaaS) Business Intelligence solutions that may not be as comprehensive as a full BI system, but which may suffice for small and mid-sized businesses.

The disadvantages of spreadsheets are more damaging than you could have ever expected. Be free of it now.

 

More Spreadsheet Blogs

 

Spreadsheet Risks in Banks

 

Top 10 Disadvantages of Spreadsheets

 

Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry

 

How Internal Auditors can win the War against Spreadsheet Fraud

 

Spreadsheet Reporting – No Room in your company in an age of Business Intelligence

 

Still looking for a Way to Consolidate Excel Spreadsheets?

 

Disadvantages of Spreadsheets

 

Spreadsheet woes – ill equipped for an Agile Business Environment

 

Spreadsheet Fraud

 

Spreadsheet Woes – Limited features for easy adoption of a control framework

 

Spreadsheet woes – Burden in SOX Compliance and other Regulations

 

Spreadsheet Risk Issues

 

Server Application Solutions – Don’t let Spreadsheets hold your Business back

 

Why Spreadsheets can send the pillars of Solvency II crashing down

?

Advert-Book-UK

amazon.co.uk

?

Advert-Book-USA

amazon.com

 

Systems Integration as a means to cost reduction

System integration in an organisation refers to a process whereby two or more separate systems are brought together for the purpose of pooling the value in the separate systems into one main system. A key component of process consolidation within any organisation is the utilisation of IT as a means to achieve this end. As such, system integration as a means to cost reduction offers organisations the opportunity to adopt and implement lean principles with the attendant benefits. The implementation of lean techniques requires an adherence to stated methods to facilitate the elimination of wastage in the production of goods and services. In summary, the lean philosophy seeks to optimise the speed of good and service production, through the elimination of waste.

While analysing some of the traditional sources of waste in organisational activities, things like overproduction, inventory, underutilised ideas, transmission of information and ideas, transportation of people and material, time wastage and over-processing stand out. The fact is that companies can eliminate a significant portion of waste through the utilisation of IT to consolidate processes within their organisation.

Adopting lean principles calls for the identification of all of the steps in the company value stream for each product family for the purpose of the eliminating the steps that do not create any value. In other words, this step calls for the elimination of redundant steps in the process flow. This is exactly what the utilisation of IT to consolidate processes offers a company. For instance, the adoption of a central cloud system across a large organisation with several facilities could increase efficiencies in that company. Such a company would drastically reduce the redundancies that used to exist in the different facilities, eliminate the instances of hardware and software purchase, maintenance and upgrade, modernise quality assurances processes and identify further opportunities for improvement.

Perhaps, from the company’s point of view, and from the perspective of lean process implementation, the most important factor is?the effect it has?on the bottom line.’reducing the number of hardware, eliminating the need for maintaining and upgrading hardware, removing the necessity for software purchase and upgrade across facilities also contributes to a significant reduction in operational costs.?This reduction in the cost of operations leads to a corresponding increase in the profit margin of the company.

Applying system integration as a means to cost reduction can also lead to the reduction in the number of people needed to operate the previous systems that have been integrated into one primary unit. Usually, companies must hire people with specialised knowledge to operate and maintain the various systems. Such employees must also receive special training and frequent ongoing education to constantly stay informed of the latest trends in process management. With the integration of the system, the number of people needed to maintain the central system will be significantly reduced, also improving the security of information and other company trade secrets.

Based on an analysis of the specific needs that exist in a particular company environment, a system integration method that is peculiar to the needs of that organisation will be worked out. Some companies may find it more cost-effective to use the services of independent cloud service providers. Others with more resources and facilities may decide to set up their own cloud service systems. Often, private cloud service system capabilities far exceed the requirements of the initiating company, meaning that they could decide to “sell” the extra “space” on their cloud network to other interested parties.

A company that fully applies the lean principles towards the integration of its systems will be able to take on additional tasks as a result of the system consolidation. This leads to an increase in performance, and more efficiency due to the seamless syncing of information in a timely and uniform manner.

Companies have to combine a top-down and a bottom-up approach towards their system integration methods. A top-down approach simply utilises the overall system structure that is already in place as a starting point, or as a foundation. The bottom-up approach seeks to design new systems for integration into the system. Other methods of system integration include the vertical, star and horizontal integration methods. In the horizontal method, a specified subsystem is used as an interface for communication between other subsystems. For the star system integration method, the subsystems are connected to the system in a manner that resembles the depiction of a star; hence, the name. Vertical integration refers to the method of the integration of subsystems based on an analysis of their functionality.

The key to successful system integration for the purpose of cost reduction is to take a manual approach towards identifying the various applicable lean principles, with respect to the system integration process. For instance, when value has been specified, it becomes easier to identify value streams. The other process of removing unnecessary or redundant steps will be easier to follow when the whole project is viewed from the whole, rather than’the part. Creating an integrated system needs some?patience?in order to work out kinks and achieve the desired perfect value that creates no waste.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Renewable energy – Is it a common man’s cup of tea?
I came across an article on a young graduate in renewable energy engineering. The fellow was doing technical sales and marketing jobs for renewable energy products though he felt that as a graduate, he ought to be doing more than just sales. His, sentiments, I can relate with but again thinking about the field of renewable energy, how many people understand what it is, its importance/ benefits, how to acquire it, its installation, costs etc.? Renewable energy is energy generated from natural resources. The renewable energy sources include sunlight, wind, rain, tides, geothermal heat and various forms of biomass. These sources are renewable naturally and continuously replenished, therefore this energy cannot be exhausted. Renewable energy technologies range from solar power, wind power, hydroelectricity/micro hydro, biomass and bio-fuels for transportation. Back to the aspiring young professional who felt that his place in the renewable energy sector lies in doing strategies and coming up with new products-the advice fronted to him was that doing technical sales is the best job for engineers, as it helps them impact on users of their products. Sales entail interacting with customers and knowing their needs so that the product features can be enhanced to suit the customer?s needs. Now, that is brilliant and accurate advice. It is however important to take into consideration that renewable energy is not a common man?s cup of tea and right now the focus all over the world is to build green economies. To me the need for more and more people to understand the benefits, savings and cost of renewable energy cannot be overemphasised. Effort should be made to keep marketing of renewable energy products/ services simple and conversational by avoiding use of acronyms or jargon explaining about operational details. More impact can be made if a marketing rather than technical sales approach is used. Technical sales have been described as boring (can be used as a sleeping aid), tends to use extensive vocabulary, jargon and acronyms that product users cannot relate with and tends to discuss the products technical aspects as opposed to the benefits to the customer. Fun should be created out of all this by making things simple and demonstrating cost savings and benefits of renewable energy.

Ready to work with Denizon?

Contact Us Today