May 19, 2009

GFS Web-Ex Wednesday

gfs2008(small)

GraVoc is demonstrating the use of the GFS field service management system in a Web-Ex Wednesday morning.  Several businesses are already participating in the event, which begins promptly at 9:00 AM and will last for about an hour.

GFS is a powerful, easy-to-use business process management system built specifically for the service industry, as it manages the entire lifespan of a service call from entry and dispatch to billing and history.  Due to GFS’s ease of use and rapid accessibility of information, clients are wasting less time tracking hours and inventory, increasing customer service capacity, financial transparency, and profitability.

Jason Vlacich and Michael Roma from GraVoc Associates will demonstrate the use of the software, its features, and most importantly, what problems it can potentially solve for your business.  There is still availability for this free informational webinar.  You can register for this event online at the following link:  http://www.gravocsoftware.com/gfswebinar.html.  On the form, you have input on what questions you would like answered in Wednesday’s event.

GraVoc Associates, Inc, celebrating fifteen years of business, is a full-service consulting firm located in Peabody, Massachusetts. GraVoc prides itself on its ability to outfit clients in the Greater Boston area, New England, and beyond with quality software solutions that result in better business decisions, more productivity, and a prompt ROI. For more information about the GFS application, please visit gravocsoftware.com, and for more information about GraVoc, please visit GraVoc.com.

May 7, 2009

The “Year of the Insider Threat?”

What typically comes to mind when a person thinks of information security breaches is a sophisticated hacker maliciously using his or her technological manipulation skills to gain access to an organization’s information systems.  For the banking industry, this is similar to someone putting a mask on and robbing the bank.

However, perhaps partially due to the weakened economy and widespread concerns about job security, the threat of insiders—i.e. employees, vendors, or consultants—is a threat that is growing at an alarming rate.  This is similar to an employee pocketing money from a vault or from a cash register.

Statistics indicate that in 2008, the number of insider threats being realized skyrocketed.  Endpoint Security reports that out of all data breaches in 2008, insiders were responsible for 15.7% of them.  This is more than double the 2007 figure.  Logic would indicate that employees or consultants, fearing layoffs or due to other conditions of economic uncertainty, have more of a motive to compromise their own company’s systems and data.  BankInfoSecurity wonders if 2009 is the “Year of the Insider Threat” while offering advice on how to prevent insider threats from being realized.  In a whitepaper by Kevin Prince of Perimeter eSecurity, malicious insiders are identified as a “rising threat” and the biggest “network security threat of 2009.”

The threats are there and are largely unavoidable.  Every organization will have trusted insiders who have access to information and therefore have the capabilities to compromise that information.  However, there are many ways to control the risks associated with malicious insiders. 

Limiting access to information to those with a clear need-to-know is a generally-accepted best practice, and making sure insiders are following this “need-to-know” as well as information security policies is also a simple but crucial mitigating control.  It may be worth considering software that inhibits a user’s ability to use data storage devices such as PDAs, flash drives, or CD-ROMs.  But constant attention and diligence towards information systems, including upgrading technologies in a timely manner and monitoring access logs for suspicious activity is necessary.

Preventing insider threats must be an enterprise-wide effort.  Background checks should be considered before hiring a person with access to sensitive information, and procedures regarding issuing and removing access should be written and followed.  Policies should be drafted about responding to an insider threat.  With information more portable than ever, enterprise-wide decisions should consider the feasibility of a data breach caused by a malicious insider, and trying to minimize the likelihood and impact of such an event happening should be a consideration in these decisions.

GraVoc Associates, Inc., based outside of Boston in Peabody, MA, is celebrating fifteen years of providing consulting services in the practices of information security, information systems, and professional and technical services.  GraVoc is committed to informing clients about the latest information security threats, and their information security team is willing to help your business achieve your compliance with regulations and keep your information safe.  For more information about the company, please visit www.gravoc.com or call the GraVoc offices at 978-538-9055.

May 4, 2009

If It Blows Over…

The latest reports of the swine flu outbreak indicate that the virus is not as bad as first feared, and it is starting to wane in its epicenter of Mexico.  Of course, this is very good news, but it is important to note that the world is certainly not “out of the woods.”  The WHO has not downgraded the alert phase from 5, and it is unlikely they will do so anytime soon.

This is partially because historically, many flu pandemics do indeed start in the spring, then wane, but come back even stronger during the traditional flu season that starts around December.  The H1N1 virus may follow that trend.  Luckily, that gives scientists time to develop a vaccine for the virus so that the impact of it will more closely resemble the impact of the seasonal flu instead of a catastrophic event.  It also gives businesses that may have been panicking about swine flu more time to plan for a pandemic event.

If the crisis does indeed blow over, it serves as a very relevant wake-up call.  If you saw your business start to panic due to lack of preparedness for a pandemic, GraVoc continues to be here to help.

GraVoc Associates, based just outside of Boston in Peabody, Massachusetts, is celebrating fifteen years of business in information security, information systems, and technology and professional services.  With years of experience in business continuity and pandemic event planning, GraVoc is committed to minimizing the impact of any flu outbreak on its clients’ business operations.  For more information, please visit the new GraVoc.com or call the GraVoc offices at 978-538-9055.

May 1, 2009

CNN: Companies Preparing For Worst

There is a useful article available currently on CNN.com regarding some of the largest companies in the country preparing for the worst by starting to implement their pandemic contingency plans.  This is a good sign, as these businesses represent a significant portion of the economy.  A disruption in business operations for firms and institutions of all sizes significantly decreases the affected business’s income.  Therefore, it is important for businesses of all sizes to begin instituting pandemic plans similar to the ones being activated by these large companies.

The article relies on analysis by the Gartner research firm, including vice president Ken McGee.  From the article:

For companies that already have contingency plans in place, he says that they need to halt all other activities and direct all their resources to activating their plans. He suggests testing home networks of critical employees to make sure they are working. He also suggests talking with vendors to see their level of preparedness.

"This is not a snow day," he said. "Companies need to review their plans and find their weaknesses and gaps readiness. And then they need to fill them immediately."

For companies that do not have a plan in place already, McGee says they need to be aware of hotspots where the virus is already infecting people, and they should be preparing to set up home networks and possibly shut down their offices in those regions.

The CNN article also refers to the blog of Gartner analyst Nick Jones, where Jones outlines how companies must consider exploiting technology to minimize business disruption while keeping employees safe from a pandemic.  Thanks to technology like telecommuting/remote access from employees’ homes, wireless broadband, and high-capacity mobile devices, it is certainly possible to keep people working while closing an office location.  It is, however, essential that your organization would not be technologically overwhelmed by a significant increase of telecommuting.

GraVoc Associates, based in Peabody, MA, is willing to help your business design contingency plans for pandemic events and other disasters that put business continuity in jeopardy.  As GraVoc celebrates fifteen years of business in greater Boston, the GraVoc information security team has many years’ experience in business continuity and pandemic planning.  Please don’t hesitate to browse past posts regarding the swine flu outbreak in the GraVoc news blog.  For more information about the company, please visit the website at www.gravoc.com.  Also feel free to call GraVoc at 978-538-9055 if you need assistance in planning and preparing for a pandemic.