Tag: information security

Posted on

Are the security requirements for accounting and finance professionals using cloud services any less stringent than those governing lawyers?

jmbunnyfeet

As accounting and finance professionals look to the cloud and Internet technologies to address collaboration, mobility, and improvements in service delivery, they should also be looking at ways to ensure the protection and security of client financial information.  Professional services organizations of all types are embracing cloud products and services, sometimes without properly considering how it might impact information security and business risk.  The security requirements for accounting and finance professionals using cloud services are no less stringent than those governing lawyers.

In her articleNC Bar Council issues final opinion on the cloud, author Nicole Black points out some of the essential considerations for using cloud computing services in a professional legal practice.  Accounting and finance professionals should recognize this guidance as being applicable to their businesses, too.

The main question stems from the ethical issues faced by “lawyers who intend to store confidential client information on servers owned and operated by third parties”.  An opinion issued by the North Carolina State Bar Council addressed two primary questions in this area:

1.     Is it OK for a law firm to use Software as a Service or cloud computing products?

2.     Are there any special vendor assessments or other measures which should be taken by lawyers who wish to minimize the security risks of implementing this type of solution?

Read the entire article by Nicole here (PDF format)

Nicole Black is a Rochester, New York attorney and the Vice President of Business Development and Community Relations at MyCase, a powerful and intuitive cloud-based law practice management platform. She is also a GigaOM Pro Analyst and is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a West-Thomson treatise. She is the founder of lawtechTalk.com and speaks regularly at conferences regarding the intersection of law and technology. She publishes four legal blogs and can be reached at nblack@nicoleblackesq.com.

Joanie Mann Bunny FeetJ

original post April 5, 2012
Posted on

Lean and Mean – Improving Sales and Distribution Performance

Lean and Mean – Improving Sales and Distribution Performance

It is surprising that, even in this world of Internet marketing and online commerce, many businesses are operating at levels far below their potential.  Reliant upon people rather than information and process, these businesses are weighted down by their legacy approach to getting things done.  They throw money and personnel at the problem, adding more “fat” to the business and making sustainability just that much harder to achieve.  The right approach, and the mantra of all manufacturers and distributors, should be to work “lean and mean”, applying technology and business principles which support agility and improved process efficiency.

The center of lean business is in operations, and includes all aspects of the “order” processing and support systems.  From the point where an order is sought, to the point of order entry, and through to delivery and service – all aspects of the operation must be addressed for the business to achieve maximum success.  Innovating in operational areas, such as in order management and distribution, can help the business rise above others in the market and create a significant competitive advantage.

What becomes challenging for many businesses is the fact that years of working in established “silos” often makes it difficult to introduce the cross-functionality necessary to support lean operations.  It is not sufficient to simply suggest that the organization work collaboratively to streamline processes from order through to service and support.  Work groups and team members must work together and adapt to delivering process improvements, following through with the actions necessary to turn the philosophy into bottom line results.  Good support is required to keep customers, and a good product is necessary to support increased sales.  No aspect of the operation stands alone, so each is necessary to participate in making end-to-end improvement.  Additionally, back-office processes must be aligned to work collaboratively where required, supporting efficient operations rather than creating unnecessary bottlenecks or delays.

The key to developing a lean and mean, high performance operation is applying the technology and principles which translate into improved profitability and customer retention.  In many cases, the same solutions which create customer “self-help” capabilities are also solutions which can address similar needs for internal business users. Ultimately, the goals are elimination of redundant or error-prone processes, establishing the sharing and secure collaboration of information throughout the organization, implementing integrated systems which allow users to efficiently perform their particular tasks, and working cooperatively with others in the supply chain to maximize the real-time capability and efficiency.

Rather than continuing to utilize basic record keeping solutions, or accounting products which aren’t prepared to address the specific operational aspects of the business, owners and managers should be looking to the tools and solutions which will help them develop the framework to support improving operational performance, turning people knowledge into sustainable business profitability.

Make Sense?

J

Accountants and Small Manufacturers: Getting in Front of the Ball

There’s a lot more to accountability in a manufacturing or inventory-based business than simply keeping track of money in and money out.  Particularly in an economy when nobody can afford to build or stock products too far ahead of demand, it is essential that these businesses have a means to not only track and manage purchasing, manufacturing, distribution and stocking activities, but to understand conditions or trends which impact the flow of materials and cash through the business.  Read more…

Posted on

Reinventing your Business – What Happens When Systems Fail?

Reinventing your Business – What Happens When Systems Fail?

There is a lot of discussion today about how our children are growing up in a world where high technology is simply part of life and lifestyle.  I even read an article about how people are evolving because of the availability of information; evolving to the point where we no longer store and retrieve information, but store information on how to get information.  The article cited an example of someone who couldn’t recall the name of an actress in a movie they had seen, so the immediate response was to search for the answer on Google.  In the past, people relied upon memory, and found various ways to mentally associate and store information so it was able to be recalled.  Now, there’s an app for that.

Are we losing our ability to effectively store and recall information?  Are we forgetting how to do things before we had all this technology to help us?  It makes you wonder sometimes, how technology-dependent we are. We look at the ruins of past civilizations and view seemingly impossible structures, (impossible given what we know about the technology available at the time) and wonder how they came to be.  The knowledge was there at some point, but is now lost.

Is your business at risk from a similar fate?  Maybe it sounds silly, but it makes sense to at least think about it, because there are a lot of companies out there today that are not paying attention to critical issues such as knowledge management and sustainability.  Finding ways to capture business knowledge and protect it is essential in every organization, whether small business or large enterprise.

Small businesses are often centered on an owner who started the operation, and who just knows how things are done.  The primary goal in this situation is to capture that knowledge and turn it into process.   Only through this approach may a business begin to reduce its reliance upon a single individual, and this is a critical step in creating both sustainability and continuity in the business. In larger enterprises, process and structure are essential to keep the various parts and participants moving in the same general direction.

Once those processes are established, generally using technology to support or facilitate them, is that the end of the task?  Many businesses seem to believe so, and move along with the impression that they have things well in hand.  And then a major system or technology failure occurs, and folks are left standing around, unable to get their jobs done.  In the worst cases, there isn’t anyone in the business who really understands how to pull things back together or there is no longer access to electronically stored information necessary to continue operations.  How would you handle things if your systems – your computers and software and systems – were no longer available to you?

While GPS and high-tech auto-pilot systems can bring tremendous efficiencies to the process of flying, they also can give a false sense of security that encourages complacency. If something goes wrong, the auto-pilot will adjust and the computer will tell you where to go, won’t it?

Here is where technology has the ability to distract pilots–and entrepreneurs–from asking themselves if they’re both focused on and capable of solving the right problems.

http://www.inc.com/chris-mittelstaedt/business-lessons-from-air-france-447-crash.html

Each and every business must consider how they would address a severe information technology outage, and should take steps to protect and preserve business knowledge so that there is some hope of recovery from such an event.  In an article on Inc.com (Survival Skills Every Entrepreneur Needs), writer Chris Mittelstaedt makes this observation, and suggests that business owners address how they might get things done “old school”, just in case all this nifty technology fails us unexpectedly.

Make sense?

J

Posted on

Accountants and Small Manufacturers

rollingballGetting in Front of the Ball

There’s a lot more to accountability in a manufacturing or inventory-based business than simply keeping track of money in and money out.  Particularly in an economy when nobody can afford to build or stock products too far ahead of demand, it is essential that these businesses have a means to not only track and manage purchasing, manufacturing, distribution and stocking activities, but to understand conditions or trends which impact the flow of materials and cash through the business.  Further, this understanding must come in a timely manner in order for the business owner to make decisions and take action when it matters most.  Unfortunately, many business owners find themselves “behind the ball”, constantly pushing to make forward strides, and often due to not having the information they need to make business decisions that matter now, today.

Why is it so critical for these businesses to have more and better information to help them make strategic decisions and answer daily operational questions?  In a word: connectedness.  The Internet has truly made the world smaller when it comes to participation with even the smallest of local businesses.  Globalization of markets has impacted manufacturers in significant ways, and these businesses (like so many others) must now be prepared to address the realities of global supply chains, outsourcing, and a remote or mobile workforce and market.  While many of the software solutions addressing the functional business requirements of manufacturing and inventory or warehouse management are “locally implemented” solutions, extending and integrating these solutions to address the new global and mobile paradigm may represent a significant expenditure in time and resources for the small enterprise.

Application hosting and web-based solutions have emerged to help businesses address the need to “modernize” legacy applications and enable greater levels of system management and access.  Introducing the applications into a centralized and remotely accessible environment allows the business to immediately deliver the necessary support for remote work and mobile access, and positions the system to facilitate collaboration within the business and with outside participants, such as outsourced bookkeepers, accounting and finance professionals.

These professionals can be instrumental in assisting their clients manage the change to new collaborative computing paradigms.  Where accounting was previously viewed as an after-the-fact process, accountability through detailed activity tracking and reporting is now a focus which begins at the front end of the business, and accounting professionals are finding far greater value in helping structure and manage this daily activity in order to deliver greater operational information and insight.  Rather than being the last people to know what is happening in the business, accounting professionals are recognizing that their ability to positively impact business performance requires getting “in front of the ball”, initiating process structure, data control and collection which ultimately results in better and more informed decision-making through better and more timely access to more meaningful information.

Businesses at all levels are realizing that new computing paradigms can ease the burdens of collecting and sharing information, yet most small companies need help in determining exactly how to approach this “enabling” of the business and systems.  While accountants are also experiencing dramatic change in how they do business, it makes sense for them to embrace the opportunity and recognize that enabling client systems will ultimately allow the accounting professional to work more closely and to deliver more tangible value to their client on an ongoing basis.  Online accounting approaches are no longer a fad but are the new reality supporting how many bookkeepers and accountants work with their business clients.  Extending access beyond accounting and bookkeeping systems, and incorporating support for operational and line-of-business solutions, is the next step which will bring the accountant closer to the client business, and position both to benefit from deeper collaboration and useful insight.

Make Sense?

J

Posted on

Mobility and the Cloud – Managing “Bring Your Own Device” and Securing Company Resources

There are lots of reasons why businesses are adopting cloud and Internet technologies in great number, and supporting mobile workers is one of the big ones.  In order for traveling sales people or workers in remote offices to have access to business applications and data, many organizations are turning to hosted and cloud solutions to centralize systems and make enterprise-wide access easier to deliver and manage.

What many businesses are just now realizing, however, is that allowing individuals to use their own mobile devices to access corporate data is exposing the enterprise to new (and often unknown) risk with each and every device and app that gets used.

Most businesses recognize the need to secure corporate systems while allowing users to remotely access resources from home or mobile computers.

Many CIOs and IT managers are failing to address the vulnerabilities introduced through the proliferation of tablets and smartphones in the business. Some enterprises initially embraced the concept of “bring your own device” [BYOD], as it tended to encourage users to work from home or while on the road, increasing employee productivity and keeping workers more “attached” to their jobs – all without the business having to pay for the device.

With growing numbers of reported “rogue apps” and apps that secretly collect and pass data, the potential benefits of allowing workers to use their own devices is rapidly being overshadowed by the risks involved.

Earlier this year, Apple, Facebook, Yelp and several other firms were sued for privacy-infringing apps that, among other things, pillaged users’ address books. …but what if the app uploads a sales representatives’ contact list and the developer then sells it to a competitor? That’s a new type of data leakage that most organizations aren’t ready for.

http://www.cio.com/article/716368/Free_Mobile_Apps_Put_Your_BYOD_Strategies_at_Risk  

Phones, in particular, have not traditionally been viewed by most business owners as a primary platform for information theft or damage – other than when an employee uses one to tell someone something they shouldn’t.  But in terms of intrusion, data theft, application hacking and things like that… not so much.

But that was before phones got really smart.

Phones that most folks carry around now are actually computers with a great deal of processing and storage capacity, and as such are just as capable of running bad programs and being vulnerable to attack as their more obvious portable computer counterparts.  Perhaps they are even more vulnerable because of the “connected” nature of the device, because by its very nature it is geared towards communication of information, not just processing it.

It’s not that hackers and developers of exploits (or just bad code) are necessarily focusing on stealing your business data (well, OK, a lot of them are).  Maybe someone just got lucky one day, when they first realized that the employee phone was the “camel’s nose under the tent” which would get them inside, far enough to deliver access to confidential corporate information and data someone would pay for.  People tend to be the weakest element in the security chain, and exploiting vulnerabilities under the guise of “making things easier” for the user has been a highly successful approach (would you like to sign in with your Facebook account?).

..because attacks that target employees may well end up targeting the employer as well, even if the employer wasn’t the original target.

Whether it is intentional or not, the risk is very present, and every business and enterprise has a responsibility to recognize the vulnerabilities introduced with mobile device use and to do what it can to mitigate that risk.  It is also important to recognize that the risk is not a purely personal one, either.

Since the information held by most businesses also includes the information of others – customers, vendors, partners, etc. – it is essential that the business not expose itself to unnecessary problems (litigation, fines or penalties, or simply lost opportunity) caused by accidental leakage of confidential information belonging to 3rd parties.

For some businesses, the best answer may be to only allow use of devices the business provides, along with clearly written use policies and guidelines.  This approach allows the organization to determine which applications may be installed and to dictate how the device is to be used for business needs.

There are even solutions available which can assist businesses in managing the expenses related to mobile devices in the enterprise, addressing not only security and privacy concerns but also helping to optimize expenditures on mobile devices by monitoring contracts and usage, identifying underused agreements or overage charges, or even identifying contracts still in force which should have been cancelled.

For many businesses, however, allowing users to continue accessing business resources with their personal devices may be desirable for a variety of reasons, cost being only one of them.  If this is the case (as it is most often in small and growing businesses), it is important to make certain that users understand what is and is not appropriate device use, and to inform users on the policies relating to apps which may or may not be allowed and why.

Make sense?

J

Posted on

There are only two types of businesses: those who have lost their data, and those who will

The portable computer was the secret business weapon of yesterday, and is today’s essential business tool.  The processing power, portability, storage, and connectivity available with laptops, tablets and even smartphones can create a seamless extension of the office.

Truly, the workforce of today is mobile and fully-enabled.  Business owners, working in conjunction with their accounting advisors and business consultants, are able to access all the information and analytical capability they need to make informed business decisions at any time, capture and collect important information, and keep productivity at the highest levels no matter where they are.

Mobility doesn’t come without risk, however.  Some studies estimate that as much as 80% of the business data that a company has (like customer files, contracts, financial data, product specifications) is stored on portable computing devices.   While these files may be recoverable from backups in the case of loss or damage, there is an even larger potential cost in terms of exposure of confidential or proprietary – or personal and private – information.

Loss or theft can create big business and legal problems, too. Customer or client privacy may be compromised, sensitive information may be exposed, and confidential plans may be made public if a business doesn’t take steps to secure mobile data.   Software and network attacks are also prevalent, with a variety of exploits designed to take advantage of any vulnerability present.

There’s an old saying we IT folks have that there are only two types of businesses: those who have lost their data, and those who will.  Imagine the potential chaos and risk exposure, not to mention the expense, of losing your valuable business data, or having it exposed to unauthorized users.

While computing mobility delivers a host of advantages to the business and the user, care must be taken to ensure security, privacy, and confidentiality of business information.  Cloud computing solutions and managed IT services will help you provide the mobile capability your business needs, but with the additional protection, additional security, and ongoing management that the value of the data demands.  Increased exposure to liability is a reality for any mobile business, and the risk is only multiplied by the number of systems a company has in the field.  The smart business reduces risk by deploying secure yet versatile platforms for their workers that allow data to be stored and protected in centralized environments, rather than on the individual computing devices. Via the cloud, businesses of all kinds are reaping the benefits of new and innovative service delivery models and enhanced security solutions, achieving the freedom and functionality (and data security) the mobile workforce demands.

Here are a few data loss statistics for your reading pleasure…

Enjoy  🙂

J

(stats drawn from summary on BostonComputing.net.  They may be a bit dated, but the numbers have only increased since then.) http://www.bostoncomputing.net/consultation/databackup/statistics/

The following statistics were gathered from various sources:

  • 6% of all PCs will suffer an episode of data loss in any given year. Given the number of PCs used in US businesses in 1998, that translates to approximately 4.6 million data loss episodes. At a conservative estimate, data loss cost US businesses $11.8 billion in 1998. (The Cost Of Lost Data, David M. Smith)
  • 30% of all businesses that have a major fire go out of business within a year. 70% fail within five years. (Home Office Computing Magazine)
  • 31% of PC users have lost all of their files due to events beyond their control.
  • 34% of companies fail to test their tape backups, and of those that do, 77% have found tape back-up failures.
  • 60% of companies that lose their data will shut down within 6 months of the disaster.
  • 93% of companies that lost their data center for 10 days or more due to a disaster filed for bankruptcy within one year of the disaster. 50% of businesses that found themselves without data management for this same time period filed for bankruptcy immediately. (National Archives & Records Administration in Washington)
  • American business lost more than $7.6 billion as a result of viruses during first six months of 1999. (Research by Computer Economics)
  • Companies that aren’t able to resume operations within ten days (of a disaster hit) are not likely to survive. (Strategic Research Institute)
  • Every week 140,000 hard drives crash in the United States. (Mozy Online Backup)
  • Simple drive recovery can cost upwards of $7,500 and success is not guaranteed