The General Data Protection Regulation & The Duty to use Encryption

The General Data Protection Regulation, abbreviated to GDPR, raised a storm when it arrived. In reality, it merely tightened up on existing good practice according to digital security specialists Gemalto. The right to withhold consent and to be forgotten has always been there, for example. However, the GDPR brings a free enforcement service for consumers, thus avoiding the need for third party, paid assistance.

The GDPR Bottom Lines for Data Security
Moreover, the GDPR has penalties it can apply, of the order that might have a judge choking on his wig. Under it, data security measures such as pseudonymisation (substitution of identifying fields) and encryption (encoding including password protection) have become mandatory. Businesses must further respect their client data by:

a) Storing it in a secure environment supported by robust services and systems

b) Having proven measures to restore availability and access after a breach

c) Being able to prove frequent effectiveness testing of these measures.

The General Data Protection Regulation places an onus on businesses to report any data breaches. This places us in a difficult situation. We must either face at least a wrist slap upon reporting failures. Alternatively, pay a fine of up to ?10 million, or 2% of total worldwide annual turnover.

The Engineered Weak Link in the System
Our greatest threat of breach is probably when the data leaves our secure environment, and travels across cyberspace to an employee, stakeholder, collaborator, or the client themselves. Since email became open to attack, businesses and individuals have turned to sharing platforms like Dropbox, Google Drive, Skydrive, and so on. While these do allow an additional layer of password protection, none of these has proved foolproof. The GDPR may still fine us heavily, whether or not we are to blame for the actual breach.

How Hacking is Approaching Being a Science
We may make a mistake we may regret, if we do not take hacking seriously. The 10 worst data hacks Identity Force lists are proof positive that spending lots of money does not guarantee security (any more than having the biggest stock of nuclear weapons). We have to be smart, and start thinking the way that hackers do.

Hacker heaven is finding an Experian or a Dun & Bradstreet that may have shielded 143 million, and 33 million consumer records respectively, behind a single, flimsy cyber-security door. Ignorance is no excuse for them. They should simply have known better. They should have rendered consumer data unreadable at individual record level. The hackers could have found this too demanding to unpick, and have looked elsewhere.

How Data Encryption Can Help Prevent Hackers Succeeding
Encrypting data is dashboard driven, and businesses need not concern themselves about it works. There are, however, a few basic decisions they must take:

a) Purge the database of all information held without explicit permission

b) Challenge the need for the remaining data and purge the nice-to-haves

c) Adopt a policy of encrypting access at business and customer interfaces

d) Register with three freemium encryption services that seem acceptable

e) After experimenting, sign up for a premium service and be prepared to pay

Factors to Consider When Reaching a Decision
Life Hacker?suggests the following criteria although the list is a one-size-fits-all

a) Is the system fast, simple, and easy to operate

b) Can you encrypt hidden volumes within volumes

c) Can you mass-encrypt a batch of files easily

d) Do all other files remain encrypted when you open one

e) Do files automatically re-encrypt when you close them

f) How confident are you with the vendor, on a scale of 1 to 10

It may be wise to encrypt all the files on your system, and not just your customer data. We are always open to a hack by the competition after our strategic planning. If we leave the decision up to IT, then IT, being human may take the easy way out, and encrypt as little as possible.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

Top 10 Disadvantages of Spreadsheets

Fraudulent manipulations in company Excel files have already resulted in Billion-Dollar losses. The main underlying reason behind this spreadsheet vulnerability is the inherent lack of controls, which makes it so easy to alter either formulas, values, or dependencies without being detected.


Disadvantages of Spreadsheets - Kindle

Disadvantages of Spreadsheets

Comprehensive information and data your organisation needs, to circumvent the threats posed by spreadsheets.


Buy Now

1. Vulnerable to Fraud

Of all the spreadsheet disadvantages listed here, this is perhaps the most damaging. Fraudulent manipulations in company Excel files have already resulted in Billion-Dollar losses. The main underlying reason behind this spreadsheet vulnerability is the inherent lack of controls, which makes it so easy to alter either formulas, values, or dependencies without being detected.

2. Susceptible to trivial human errors

While fraud will always be a threat to spreadsheet systems, there is a more significant threat that should make you seriously consider getting rid of these outdated systems. And that is its extreme susceptibility to even trivial human errors. Missed negative signs and misaligned rows may sound harmless.

But when they damage investor confidence or cause a considerable loss of opportunity amounting to millions of dollars (Are we serious? Google up ?spreadsheet horror stories? to find out), you should understand that it?s time to move on to better alternatives.

3. Difficult to troubleshoot or test

So how about testing spreadsheets to mitigate the risks of items 1 and 2? Good luck. Spreadsheets just aren?t built for that. It?s not uncommon to have interrelated spreadsheet data scattered across different folders, workstations, offices, or even geographical locations.

Worse, even if you are able pinpoint the locations of every related file, tracing the logic of formulas from one related cell to another can take ages. It?s pretty obvious now how you?ll also encounter a similar problem when troubleshooting questionable data.

4. Obstructive to regulatory compliance

Combine items 1, 2, and 3, and what do you get? A big headache impacting regulatory compliance. There are number of regulations that have a serious impact on the use of spreadsheets.

Some of the many regulations that impact spreadsheet systems include:

And to think it looks like regulatory bodies are just getting warmed up. Over the last two decades, we’ve seen a surge in regulations that directly affect spreadsheet-based systems. Now, you tell me that you haven?t wished there was a better way to beat regulatory compliance deadlines. Well, if you?re still using spreadsheets, then there certainly is a better way.

5. Unfit for agile business practices

We’re now in an age when major changes are shaping and reshaping the business landscape. Mergers and Acquisitions, Management Buyouts, earthquakes, tsunamis, hurricanes, uprisings, climate change, new technologies, and so on. If your business is not agile enough to adapt to such changes, it could easily be left behind or even face extinction.

Spreadsheets are normally created by individuals who have not the slightest know-how regarding software documentation. In the end, spreadsheet files become highly personalised user developed applications. So when it?s time for a new person to take over as part of a large scale business change, the newcomer may have to start from scratch.

Read further about Implementing Large-Scale Business Change

 

6. Not designed for collaborative work

Planning, forecasting, budgeting, and reporting are all collaborative activities. In other words, plans, forecasts, budgets, and reports typically require information from different individuals belonging to different departments. In addition, the final documents are a result of multiple exchanges of data, ideas, and files.

Now, if your company?s offices are scattered throughout the country or if certain team members are separated by large distances, the only way to exchange data stored in spreadsheets is through email.

Experience will tell you that such a method of exchange is susceptible to duplicate and even erroneous data. Team members will tend to find it hard to keep track of similar files going back and forth, and sometimes even end up sending the wrong version.

7. Hard to consolidate

When it comes to simple data entry and quick ad hoc data analysis tasks, spreadsheets are highly favoured by end users. This has made them one of the most ubiquitous office tools on the planet. But as a consequence, data in spreadsheet-based systems are distributed throughout the organisation.

So when it’s time to generate reports, you’ll really have to go through a slow consolidation process. In most cases, end users would have to collect data from different files, summarise them, and submit the same to their department heads through emails, portable storage media (e.g. CDs or USB flash-drives), or by copying to a commonly shared network folder.

Department heads would have to undergo a similar process before submitting them to their own superiors. This has to go on until all the information reaches their organisation’s top decision makers. Throughout the entire consolidation process, data is subjected to numerous error-prone activities such as copy-pasting, cell entry, and range specification.

8. Incapable of supporting quick decision making

In a spreadsheet-based environment, extracting data from different departments, consolidating them, and summarising the information so that it could aid the company’s top brass in making sound decisions can be very time consuming.

And because we know how susceptible spreadsheets are to errors, everyone involved in the information processing has to be ultra careful to keep the integrity of the data intact. Hence it would be prudent to enforce double-checking as much as possible.

This extra but necessary exercise can further delay the process. So, when the final information arrives at the hands of the top executive, he may not have much time to work with. (Read about Business Intelligence)

9. Unsuited for business continuity

As mentioned earlier, data in spreadsheet systems are never kept in a single place. In fact, it’s the exact opposite. The worse thing about it is that they’re always in the hands of non-IT personnel, who are understandably not familiar with storage and backup best practices.

Thus, if a major disaster strikes, full data recovery can be very difficult if not impossible. As a consequence, even if the company has financial reserves, the absence of data (e.g. accounts receivable records, customer records, and inventory) to work on can prevent the company from making a quick restart.

10. Scales poorly

As an organisation grows, data in spreadsheet-based systems get more distributed; subsequently compounding the issues outlined above. It is absolutely not advisable for a large organisation to keep using spreadsheets.

 

More Spreadsheet Blogs

Spreadsheet Risks in Banks

Top 10 Disadvantages of Spreadsheets

Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry

How Internal Auditors can win the War against Spreadsheet Fraud

Spreadsheet Reporting – No Room in your company in an age of Business Intelligence

Still looking for a Way to Consolidate Excel Spreadsheets?

Disadvantages of Spreadsheets

Spreadsheet woes – ill equipped for an Agile Business Environment

Spreadsheet Fraud

Spreadsheet Woes – Limited features for easy adoption of a control framework

Spreadsheet woes – Burden in SOX Compliance and other Regulations

Spreadsheet Risk Issues

Server Application Solutions – Don’t let Spreadsheets hold your Business back

Why Spreadsheets can send the pillars of Solvency II crashing down

 

Advert-Book-UK

amazon.co.uk

 

Advert-Book-USA

amazon.com

 

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Which Services to Share?

It often makes sense to pool resources. Farmers have been doing so for decades by collectively owning expensive combine harvesters. France, Germany, the United Kingdom and Spain have successfully pooled their manufacturing power to take on Boeing with their Airbus. But does this mean that shared services are right in every situation?

The Main Reasons for Sharing

The primary argument is economies of scale. If the Airbus partners each made 25% of the engines their production lines would be shorter and they would collectively need more technicians and tools. The second line of reasoning is that shared processes are more efficient, because there are greater opportunities for standardisation.

Is This the Same as Outsourcing?

Definitely not! If France, Germany, the United Kingdom and Spain has decided to form a collective airline and asked Boeing to build their fleet of aircraft, then they would have outsourced airplane manufacture and lost a strategic industry. This is where the bigger picture comes into play.

The Downside of Sharing

Centralising activities can cause havoc with workflow, and implode decentralised structures that have evolved over time. The Airbus technology called for creative ways to move aircraft fuselages around. In the case of farmers, they had to learn to be patient and accept that they would not always harvest at the optimum time.

Things Best Not Shared

Core business is what brings in the money, and this should be tailor-made to its market. It is also what keeps the company afloat and therefore best kept on board. The core business of the French, German, United Kingdom and Spanish civilian aircraft industry is transporting passengers. This is why they are able to share an aircraft supply chain that spun off into a commercial success story.

Things Best Shared

It follows that activities that are neither core nor place bound – and can therefore happen anywhere ? are the best targets for sharing. Anything processed on a computer can be processed on a remote computer. This is why automated accounting, stock control and human resources are the perfect services to share.

So Case Closed Then?

No, not quite. ?Technology has yet to overtake our humanity, our desire to feel part of the process and our need to feel valued. When an employee, supplier or customer has a problem with our administration it’s just not good enough to abdicate and say ?Oh, you have to speak to Dublin, they do it there?.

Call centres are a good example of abdication from stakeholder care. To an extent, these have ?confiscated? the right of customers to speak to speak directly to their providers. This has cost businesses more customers that they may wish to measure. Sharing services is not about relinquishing the duty to remain in touch. It is simply a more efficient way of managing routine matters.

Technology and process improvement

Tightening organisational flow to improve productivity and minimise costs is a growing concern for many businesses post the Global Financial Crisis. Businesses can no longer afford to waste time and personnel on inefficient processes. Organisations using either Six Sigma or Lean techniques better manage their existing resources to maximise product out-put. Both of these techniques involve considerable evaluation of current processes.

What is Six Sigma?

Six Sigma is an organisational management strategy that evaluates processes for variation. In the Six Sigma model, variation equates waste. Eliminating variation for customer fulfilment allows a business to better serve the end-user. In this thought model, the only way to streamline processes is to use statistical data. Each part of a process must be carefully recorded and analysed for variation and potential improvements. The heart of the strategy embodied by Six Sigma is mathematical. Every process is subject to mathematical analysis and this allows for the most effective problem solving.

What is a Lean Model?

Lean businesses do not rely on mathematical models for improvement. Instead, the focus is on reducing steps in the customer delivery cycle, which do not add value to the final deliverable. For example, maintaining excess inventory or dealing with shortages would both be examples of waste behaviour. Businesses that operate using Lean strategies have strong cash flow cycles. One of the best and most famous examples of Lean in action is the Toyota Production System (TPS). In this system, not only is inventory minimised, but physical movement for employees also remains sharply controlled. Employees are able to reach everything needed to accomplish their tasks, without leaving the immediate area. By reducing the amount of movement needed to work, companies also remove wasted employee time.

Industry Applications for Lean and Six Sigma

Lean businesses reduce the number of steps between order and delivery. The less inventory on hand, the less it costs a business to operate. In industries where it is possible to create to order, Lean thinking offers significant advantages. Lean is best utilised in mature businesses. New companies, operating on a youthful model, may not be able to identify wasteful processes. Six Sigma has shown its value across industries through several evolution’s. Its focus on quality of process makes it a good choice for even brand new businesses. The best use is the combination of the two strategies. With the Lean focus on speed and the Six Sigma focus on quality combined, the two organisational processes create synergy. By itself, Lean does not help create stable, repeating success. Six Sigma does not help increase speed and reduce non value-added behaviours. Combined, these two strategies offer incredible value to every business in cost savings.

Using Technology to Implement Lean Six Sigma

Automation processes represent an opportunity for businesses to implement a combination of both Lean and Six Sigma strategies. Any technology that replaces the need for direct human oversight reduces costs and increases productivity. A few examples of potentially cost saving IT solutions include document scanning, the Internet, and automated workflow systems.

  • Document Scanning – Reducing dependency on paper copies follows both Lean and Six Sigma strategies. It is a Lean addition in that it allows employees to access documents instantly from any physical location. It is Six Sigma compliant in that it allows a reduction on process variation, since there is no bottleneck on the flow of information.
  • The Internet – The automation potential offered by the Internet is limitless. Now, businesses can enter orders, manage logistics and perform customer service activities from anywhere, through a hosted portal. With instant access to corporate processes from anywhere, businesses can manage workflow globally, allowing them to realise cost savings from decentralisation.
  • Automated Work Systems – One of the identified areas of waste in any business is processing time. The faster orders are processed and delivered, the greater the profits for the company and the less the expense per order. When orders sit waiting for attention, they represent lost productivity and waste. Automated work systems monitor workflow and alert users when an item sits longer than normal. These systems can also reroute work to an available employee when the original worker is tied up.

Each of these IT solutions provides a method for businesses to either reduce the number of steps in a process or improve the quality of the process for improved customer service.

Identifying Areas for Lean Six Sigma Implementation

Knowing that improved processes result in improved profits, identifying areas for improvement is the next step. There are several techniques for creating tighter processes with less waste and higher quality. Value Stream Mapping helps business owners and managers identify areas of waste by providing a visual representation of the total process stream. Instead of improving single areas for minimal increases in productivity, VSM shows the entire business structure and flow, allowing management to target each area of slow down for maximum improvement in all areas.

Seeing the areas of waste helps management better determine how processes should work to best obtain the desired outcomes. Adding in automated processes helps with improved process management, when put in place with a complete understanding of current systems and their weaknesses. Start with mapping and gain a bird’s-eye view of the situation, in order to make the changes needed for improvement.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Ready to work with Denizon?

Contact Us Today