Tag Archives

4 Articles

Management Lessons from the Great Explorers w/ Ralph Kliem

Posted by presspass on
Management Lessons from the Great Explorers w/ Ralph Kliem

Join me Thursday, January 12/23 at 1pm EST on the VoiceAmerica Business Channel.
What does Lewis & Clarke, Marco Polo, Christopher Columbus, Jacques Cartier and many other explorers had in common? They are all great examples of key management and leadership concepts that many people and organizations struggle with today. I speak with Project Management and Business Continuity expert, Ralph L. Kliem about his new book ‘Management Lessons from the Great Explorers’.
We touch on:
1. Strong sponsors,
2. Risk Management,
3. Data and information,
4. Adaptation,
5. Stakeholder Management, and
6. The willingness to say no.
It’s a fascinating new way of looking at some of today’s key issues – by looking at the past. If we don’t learn from those that came before, we won’t be able to manage today. It’s a great chat you won’t want to miss.

How Do Fingerprint Scanners Work?

Posted by rstapholz on
How Do Fingerprint Scanners Work?

Many modern IoT (Internet of Things) apps rely on fingerprint sensors to identify users and for security and safety purposes. Fingerprint sensors have become commonplace in smartphones and wearable devices (as well as in smart home applications and the smart industry) for data security and entry identification. The importance of device fingerprinting is rising to protect our devices. However, when it comes to fingerprint sensors, two common types are in use today. These are capacitive sensors and optical sensors. Here is a look at how they work.

Optical Fingerprint Scanner versus Capacitive Fingerprint Scanner

Whether you want to identify yourself before entering a building or secure your phone, fingerprint sensors are a reliable way to add identification and security with ease. In the modern world, there are two common ways these sensors are being used, and that’s either through capacitive or optical sensors.

How Do Optical Fingerprint Scanners Work?

While optical fingerprint sensors might sound like new technology, it’s worth noting that they’ve been around for quite some time now. These scanners work by shining a bright beam of light over a user’s fingerprint after which a light-sensitive microchip takes a digital photo. The microchip makes a digital image of the fingerprint by looking at the print’s ridges and valleys, turning them into binary (0’s and 1’s). It then uses this information to create a code that’s unique to the user. The drawback of using this option, though highly improbable, is that digital photos can be reproduced.

How Do Capacitive Fingerprint Sensors Work?

Today, capacitive fingerprint scanners are quite common and are found on virtually all smartphones. Capacitive sensors measure a user’s fingerprint by using human conductivity to create an electrostatic field. It’s this field that helps create a unique digital image of the user’s fingerprint.

Let’s go a bit deeper. Capacitive fingerprint scanners use very small capacitor array circuits to track the details of a user’s fingerprint. The capacitive scanner features a conductive plate on which a user places their finger for scanning. When a user places their finger over the conductive plate, the ridges of their fingerprint alter the charge stored inside the capacitors – while the gaps/valleys leave the charge inside the capacitors unaffected. An amplifier integrator circuit inside the scanner then tracks these changes and records them using an analog to digital converter for analysis.

The technology behind capacitive fingerprint scanning is much more difficult to bypass since capacitive fingerprint sensors can’t read images while other types of materials will elicit varying changes in the charge inside the capacitor. While more expensive, capacitive sensors are also more secure and complex.

As technology advances and the Internet of Things continues to grow, accurate data collection via different sensors becomes even more important. Smartphones are a good example of how security sensors are rapidly changing how we go about things today. After all, it’s not so long ago that phones did not have fingerprint applications or touch screens on them.

How Secure Is My Tax Data?

Posted by presspass on
How Secure Is My Tax Data?

When we enter a tax preparer’s office for the first time, we are unknown and have to provide not only our W-2’s and/or business records, we often need to provide copies of prior years tax returns, social security cards for all family members, birth certificates, and other highly personal and private information.  The office either makes paper copies or scans the information into some type of electronic filing cabinet.  In this era of rampant identify theft, often times we hesitate to provide such information, wondering how secure will our private information be in this accountant’s office.  This concern is very valid as hackers are trying to penetrate accountant’s systems now more than ever, because of the amount of private information that is contained in accountant’s computers.  How can you as the tax client know how secure your information is?  What steps should a tax office take to protect client data?

First, ask about the accounting firm’s privacy policy.  Is a copy provided on the firm’s website?  Is a copy provided with each tax return?  I have the company privacy policy posted on the website and have copies available in our waiting area.  This policy should disclose any 3rd parties that have access to your data and describe any outsourcing of services by the firm.  As a practice, I keep all work inside my office completed by employees under my supervision.

Second, what physical measures are in place to protect client data?  Does the office have a security system with 24-hour monitoring?  Not only does this office have 24-hour monitoring,  we also place any physical client data in locked desks and file cabinets at the close of business each night.  During business hours client data is kept out of sight of any outside parties entering the office for assistance.  All original information is returned to the client.  Any physical copies no longer needed are shredded into confetti.

Third and probably the most important step is how data is protected electronically.  All paid preparers are required by IRS publication 4557 to maintain a written electronic security policy.  In harmony with the IRS direction, my office uses a quality internet security software suite that provides a firewall, anti-virus protection, and malware protection.  To maintain security at a high level, our router and switch were recently upgraded.  High risk and threatening websites are blocked, so employees cannot access places they should not be going.   Employees are well trained on the “No-Click Policy”.  This policy reduces risk by not allowing the clicking on links and attachments in emails.  All clients are required to submit tax information by physical delivery, fax, or by upload to their client portal.  Next, what kind of backup systems are used?  In the event of disaster, theft, or data loss, will the office be able to restore my data?  We keep multiple on and off site secure backups.  One last necessary action is complete hard drive encryption.  All computers used to access client information must use hard drive encryption.  Without hard drive encryption a desktop or laptop computer is vulnerable if physically stolen.  Computers that have hard drive encryption require a password even before the operating system, such as Windows 10, starts.

Warning: No system is 100% safe from a data breach.  We do take all the precautions possible to protect and maintain client data in the best and most secure environment that we possibly can.

For the security and safety of your data, it is vital that you check with your accountant on the steps they take to protect and secure client data.  Click here for my podcast.

Don’t Let Third Parties Bring You Down

Posted by Editor on
Don’t Let Third Parties Bring You Down

Without an effective vendor management program, the threat looms large.

How can a business effectively manage the oversight of its third-party vendors’ security and privacy programs? After all, these are completely independent organizations, running their own businesses and executing their own practices.

It may sound overwhelming (perhaps even impossible), but it is doable with an effective vendor management program.

Below are five key components to such a program. Keep in mind these are not one-and-done to-do’s. Each of the following should be performed on an ongoing basis.

  1. Document all third-party vendors.

Do you know every vendor doing work for your organization? The first, and possibly most neglected, step is to identify and document at least the following details for all vendors:

  • Contact names
  • Office locations
  • Dates contracted
  • Services performed
  • Data shared

Be sure to keep these details up-to-date for all vendors. You should also retain this information for past vendors for at least six years (longer if your business must follow strict data retention requirements).

One thing to watch out for, especially in large organizations with multiple locations, is multiple vendor contracts. Often, these firms will contract the same vendor to perform the same activities for each location, yet under differing contractual agreements. This creates an additional risk of vendor non-compliance.

  1. Document the information each vendor accesses.

Once you have identified all vendors, you need to document the types of information each has access to. For example: full name, mailing address, phone number, social security number, email address, birthdate, etc. More access to sensitive information (e.g. health data, social security numbers, etc.) means higher risk, and therefore, requires more oversight. Be sure to document the security controls associated with each vendor and establish a way to keep the information up-to-date.

Once you’ve identified the data each vendor accesses, you are ready to determine the risks to that data. The most effective way is a data flow analysis in combination with a risk evaluation. When it comes to performing this analysis, keep in mind simpler is usually better.

  1. Establish and update contractual requirements.

Determine if your contractual requirements for each vendor are adequate. At a minimum, your contract should include rights to:

  • Audit
  • Request completed risk evaluations on a regular basis (quarterly or bi-annual)
  • Be notified and approve of any subcontracting involving data
  • Review vendors’ documented information security and privacy policies
  • Be notified as soon as possible (typically within one business day) of a breach
  1. Determine and monitor risk levels.

You also need to determine the level of risk each vendor presents to your organization. You can often establish a preliminary risk level based on the following details:

  • The amount of sensitive information involved
  • The number of locations, including number of countries, the vendor is using to store and process data
  • The number of the vendor employees who have access to data
  • The number of technologies / devices used
  • The maturity of the vendor’s information security and privacy program
  1. Establish a plan for ongoing oversight.

There are many effective ways to maintain oversight of your vendors. Which you choose depends on the type of service the vendor provides. Below are some options to consider:

  • Obtain monthly or quarterly attestations from your vendors’ executives. By attesting that security and privacy programs are maintained and enforced, the executives become even more personally accountable.
  • Perform risk assessments. These assessments may include requiring the vendors to complete surveys to help you evaluate their security and privacy programs.
  • Require and monitor your vendors’ regulatory compliance specific to their industries and applicable legal requirements.

The more automated you can make ongoing oversight the better. However, some of your highest risk vendors may require personal phone meetings, or even on-site visits.

How SIMBUS360 can help

If you need help with any of the above processes, consider a vendor tracking automation tool, such as SIMBUS Tracker. SIMBUS Tracker is powerful vendor management software designed to monitor organizations with access to personal information. It consolidates all necessary compliance verification information and associated records into one simple-to-use, secure platform and performs ongoing oversight of your vendor relationships.

SIMBUS Tracker is available for direct use. It’s also available in a white-label version. So, if you lead a business, such as a law firm, managed services IT firm, consultancy or an accounting practice, and you’d like to help your clients with their own vendor management, SIMBUS Tracker is ideal software for opening up that additional business line or revenue source for your firm. Contact Dave Greek to learn more.

For more information, download our Vendor Oversight & Risk Management Tips guidance document. The document includes common security and privacy risks discovered from more than 300 vendor assessments.

Enjoy this blog? Please spread the word :)

Follow by Email