Controls are a mode of living. Whether it’s the workplace that requires a key fob or an identification badge, a password to log into the company network, or an access permission to use a copier, there are numerous controls/safeguards that we encounter during the normal course of our everyday lives.
Defining Control Activities
Control activities are actions taken to minimize risk. A risk is the probability of an event or action having adverse consequences on an organization, such as information assets that are not adequately safeguarded against loss.
Control activities occur throughout the organization and include diverse activities, including approvals, authorizations, verifications, reviews of operating performance, and security of assets.
Internal controls are a fundamental part of any organization’s financial and business policies and procedures. The advantages of internal controls are:
- Prevention of errors and irregularities; if these do occur, the inaccuracies will be detected in a timely method
- Protection of employees from being accused of misappropriations, errors or irregularities by clearly outlining responsibilities and tasks
IT controls are a subdivision of internal controls, and refer to policies, procedures and techniques on computer-based systems. IT controls are essential to protect assets, highly sensitive information and customers. IT controls support business management and governance; they also offer general and technical controls over IT infrastructures.
Subdivisions of IT Controls
Generally, IT controls are divided into two main categories:
1. General Controls
These apply to all system components, processes and data for a specific organization. General control activities are conducted within the IT organization or the technology they support, which can be applied to each system that the organization depends upon. These controls facilitate confidentiality, integrity and availability, contribute to the safeguarding of data, and promote regulatory compliance. General controls make safe reliance on IT systems possible. Examples of such controls include access controls (physical security and logical access) and business continuity controls (disaster recovery and back-up).
2. Application Controls
These controls are business process controls, and contribute to the efficiency of individual business processes or application systems. Examples of application controls include access authorization, which is essential for security of the corporate network. This prevents users from downloading illegal material or viruses, and may also block unproductive or inappropriate applications. Other examples of application controls include segregation of duties and concurrent update control.
Modern IT Solutions
Virtual private network (VPN) technology enables a secure connection to the organization’s data to be made over insecure connections, such as the Internet, and is essential to providing comprehensive security, safety and flexibility to businesses. Furthermore, advanced VPN technology offers several services which help users maintain access to critical information. VPNs facilitate the implementation of IT controls. For instance, VPNs provide dynamic access portals, whereby network managers can define server access with application publishing in such a way that the user only sees his or her personal, customized portal.
Control activities occur throughout the organization, and IT controls are fundamental to protect information assets and mitigate business risks. Deployment of a modern virtual private network (VPN) technology facilitates the implementation and management of IT controls.
If you would like to learn more about VPN technology, and review some helpful tips on critical security aspects, download our free e-book: How Do I Find the Best VPN Solution for My Company?
Businesses today face a new challenge in the form of data – big data analytics make businesses more efficient, and for many companies, managing large volumes of data (storing, sharing and backing up company files) has become mission critical. In part, this challenge has been overcome by cloud storage services such as DropBox and Google Drive, but how safe are such services?
While there are many exciting uses for cloud storage, using public cloud storage services to store the bulk of your private or corporate data is not advisable.
No Security, No Protection from Deletion or Loss
The notion of storing all or the majority of your files online appears to be a simple and affordable option for everyone. However, there is a catch – none of your data is safe! Almost all of the main cloud storage services refuse to assure the security of any data uploaded to their servers. Until a provider is ready to guarantee the safety of your data, it is not sensible to upload anything of importance. With these solutions, all of the individual or company’s sensitive data is housed on a cloud server that the individual/company has no control over. This is obviously an issue for many organizations.
No Protection from Spying or Termination
One issue is having data deleted or inaccessible, but what if all private documents are scanned and searched through? Transferring documents to a digital/online medium does not indicate that that we should lose all rights to privacy. However, when using cloud storage services, we are losing our privacy.
No Permissions and Access Control
More traditional server systems or private cloud deployments allow for extremely fine-grained access control of files by setting up group permissions allowing certain data to be accessible to specific users. Often, groups are set up on servers and folders are shared accordingly, such as “administrators,” “financial,” and “sales”. In this manner, the sales staff cannot access your HR data, and the receptionist cannot read your financial information. Implementing similar permissions on cloud services is not an easy task. Many cloud storage services adopt the philosophy of simplicity, whereby they do not offer more advanced controls such as permissions and access control.
Other Prevalent Issues to Consider
Apart from the issues outlined above – security, spying and access control – there are several other issues to consider before opting for cloud storage services. Some organizations, businesses and industries may have regulations or by-laws that prevent them from using such services because they handle data that is highly sensitive and requires a high level of protection. Furthermore, these service providers are allowed to change the way that the service operates, unbeknownst to their customers, which can cause issues for organizations who are not prepared for it.
Due to minimal costs involved, these cloud services may appear to be an easy solution to data management, but it is still not worth the risk; for businesses, data loss or theft may result in complications that translate into millions of dollars, and may permanently damage the company’s brand and reputation. Public cloud storage services are an innovative step in cloud computing, but our advice is not to put anything of value in it. Ultimately, security should never be sacrificed for compatibility.
Author: Hazel Farrugia
Today, mobile workforces stay connected in and out of the office and use their devices for work and personal purposes. The ultimate goal of a remote working strategy is to increase productivity and reduce costs; indeed, studies by Best Buy, Dow Chemical and many others have proven that teleworkers are 35-40% more productive than their in-office counterparts.
The drafting and implementation of an organization-wide workplace strategy will ensure that end users at all levels of the organization will enjoy a positive experience. The following are five best practices that effectively boost remote workers’ productivity:
1. Maximize Employee Participation
Maximizing employee participation is the first step to maximizing employee productivity. Not all employees benefit equally from remote working; however, without a critical mass of users, the benefits will be limited. IT teams should not restrict solutions, such as mobile workplaces, to only those who “seem” to need it. Remote working allows employees to respond to colleagues and customers faster, therefore IT teams and managers should not deter employees from working anywhere and anytime.
2. Ensure Employees Have the Productivity Tools they Require
Employees should be encouraged to use a wide range of productivity tools which do not pose network security risks. However, if IT teams are uncertain how to handle such employee requests, they generally allow employees to use these tools without providing adequate security, or block the use of the tools entirely. Regardless of the circumstances, IT teams should circumvented security risks by deploying security solutions that allow employees to utilize tools without compromising the network security.
3. Free Use of Personal Apps and Services
Whether the device is personally owned or provided by the company, employees should be able to use their personal apps and services. Blocking an employee from storing their personal information with a cloud service provider is significantly different from ensuring corporate data does not end up in the public cloud. IT teams should focus on controlling data rather than controlling devices.
4. Offer Self-Service Support for Everyday Activities
There is a common notion that mobile devices will result in an increase in support costs – however this is a misconception. Conversely, if the IT teams provide a self-service capability, particularly for routine activities, it usually results in decreased in support costs. IT teams should stop short of supporting personal apps and services, but should invariably offer to assist with supporting business apps.
5. Support Wide Range of Devices
For the mobile workplace program to be widely adopted, the program should support a wide range of devices. Though challenges may arise, such as Android’s variability regarding support for on-device encryption and other enterprise-level security and management controls, the overall benefit is net positive.
The Future of Remote Working
The current trend towards remote working is expected to become even more prevalent in the future. With the right practices and controls in place, employee productivity can be maximized, without putting the security of the network at risk.
If you would like to learn about the advantages and limitations of mobile workplaces, and find out how to develop a strategy for mobile workplaces with the help of VPNs, please download our free eBook “Home Offices Made Easy”.
Author: Hazel Farrugia