Newsletter November 2006

Security or Even Paranoids Have Enemies: Part Three

You'll recall that in our last two issues we proposed three key questions for understanding security:

We answered the first two earlier, so let's move on to question number 3:

Do you know what you send out the door every day?

Businesspeople are constantly reminded that certain data leaves the offic -- they see laptops walk out. However, key information is also transferred in less visible ways -- by e-mail, electronic file transfers, etc. Here are some examples:

  1. payroll records
  2. information sent to an external Web site
  3. clearing and reconciliation (positive pay) records to the bank
  4. financial information to an accountant or partner
  5. names and addresses to a marketing company

What's the message? When it comes to the electronic world, no company is an island.

Some of the questions here are similar to the ones we raised about the laptop, and the answer is the same: just make sure that critical information doesn't get out.

But there's another issue:
Some information needs to be sent out. Once you've determined what that is, you have to worry about two particular areas. First, are you sure that no one can touch the information before it gets to its destination? For example, if you prepare a list of checks to be sent to your bank for clearing and reconciliation, are you sure that no one who touches the file can modify it before it gets there? I know you don't let just anyone sign your checks, but giving people access to these files is just as bad.

Second, are you sure that the outside party that receives your data has proper controls in place? In general, I wouldn't be worried about your bank or payroll company. Most of these entities have far more knowledge -- and a much higher level of paranoia -- than the average medium-sized business. However, what if you're partnering with someone who will host your Web site? Will your system talk directly to theirs? Do multiple companies share the same server? Again, if it's a large enough company, you're probably O.K. But what if your computer guy tells you he also hosts Web sites and will do it for you on the cheap? How do you know that he will keep your data safe and sound?

It's important to be paranoid, because too often, when you're thinking about these areas, you're focusing on getting the job done (Can the bank do the reconciliation? Can I get a Web site up and running?) and not thinking about what can go wrong and what needs to be secured.

If we've made you nervous, contact us at info@redthreeconsulting.com and we'll help you sleep again.

Red Three Consulting: Transforming Information Technology into Answer Technology

So, what if you really can't do something?

Fundamentally, many people spend ages getting complex systems to work, but then can't get any information out of them. Often this results in them blaming the system as insufficient and thinking that their very expensive investment just wasn't worth it.

It's All About the People: A Pop Quiz

We want to insist that above all, what makes IT fail is a lack of communication and shared understanding.

Opening the IT Black Box, Part 1

Lucky for us, many people are unhappy with the technology that runs their business. This unhappiness manifests itself in many ways-they can't serve their customers properly, they can't get the information they need, or maybe they just can't sleep at night because they have no certainty that anyone really knows how their systems work.

Archives

Red Three offers:

  • Accounting System Support (Lawson, Oracle and many others)
  • Multi-System Reporting
  • Legacy Integration & Optimization
  • Business Intelligence