How Secured Is Your Outsourced Bookkeeping Operations? (By Sukant Senapaty)

Every company in market today relies heavily on its information technology systems to meet its operational, financial, and informational obligations. A secured IT system has thus become key to maintaining a secured environment for the company. But with the spurt in outsourcing of vital business processes, which necessitates the handling over of vital IP assets to outsource service providers in the process, this key concern of security has shifted to domains outside the company's control. The concern of security increases ever more when outsourcing involves key business function like accounting and bookkeeping.

Security breaches of the following nature concern most of the companies outsourcing their bookkeeping operations

> Loss of confidential data.

> Tampering of data.

> Breach of personal data.

> Email intrusion.

A closer look and it can be concluded that information security concerns in outsourced bookkeeping process involve in it, three basic criteria. First, technology. Second, Management and third and most important being the Staff. Barring for the first point of loss of confidential data which encompasses in it all the three criteria, the rest are mostly about management's policy and staff involved in a process.

Outsourcing of a business process does not necessarily mean the outsource of responsibility. To make the bookkeeping outsource process secured, it is needed that company outsourcing its bookkeeping, first take responsibility of its own security. It is advisable to designate internal focal points and allocate responsibility within the company to ensure proper and smooth functioning of the entire outsource process.

Companies outsourcing bookkeeping should make the vendor's involvement to ensure resources and fulfillment of its security objectives. Taking the key management into confidence it should develop, implement, and maintain an internal security policy across the vendor's organization which addresses following issues with relation to afore mentioned three criteria:

1) Management:

i) First it should be assessed whether the vendor has proper security systems in place to take care of client's security concerns.

ii) Rigorous and regular auditing (physical and electronic) and monitoring process should be put across the organization to ensure proper security systems.

iii) Appropriate back-up systems should be developed to ensure minimum data loss.

iv) Ensure a prompt, effective, and orderly response to security incidents, including, without limitation, information system failures and loss of service or breaches of confidentiality.

2) Technology:

i) Data transfer technology: The data transfer process needs to be secured first. It has to be ensured that secure technology that is user protected and cannot be hacked should be used for all transfer of information.

ii) Work station security technology: The work station should be free of any facilities that provide external hard drives. Similarly restricted use of internet has to be allowed. And use of firewalls protected networks should be ensured.

iii) Employee/visitor surveillance technology: Restricted access based entry/exit, Log in details of the employees and use of CCTV cameras should be encouraged.

iv) Monitoring of security system with relation to technology employed: Periodic review of the entire security system with relation to technology adopted should be undertaken and the client apprised about it.

3) Staff:

i) Proper recruitment policy with thorough back ground checks will mitigate the risk of any person with dubious back ground working for the client.

ii) User authentication by means of a user ID and password is a must.

iii) Frisking of Employees during entry/exit to avoid theft or sneaking in of any external drives.

Outsourcing bookkeeping, doesn't relieve a company of its obligation of information security rather it brings in more responsibility of gelling in the benefits of outsourced bookkeeping like exponential savings and growth for the company with the organizational goal of proper internal security system and better decision making process.

Sukant, an accountant by profession is the co- founder of APT Services.Please follow the link http://www.aptservicesonline.com to know more about the bookkeeping services provided by APT Services.

Article Source: http://EzineArticles.com/?expert=Sukant_Senapaty

How Safe is Your Online Business? (By Rob McAdam)

Make no mistake - cybercrime and hacking aren't likely to go away anytime soon. That means it's down to you as a business owner to make sure you protect your business and computer systems in the best possible way you can, and that starts with taking an in depth look at everything you are doing, to see how safe your business really is.

Unfortunately this is where many businesses fall down on the job. They are quite literally too busy to take care of the security issues which could bring down their whole business in the space of a few hours if those issues were ever exploited.

Of those businesses who do take steps to protect themselves, the time and money invested often aren't in proportion to the actual needs a business has. And you shouldn't make the mistake of thinking that just because your website doesn't sell anything you aren't at risk, because you are.

The bottom line is that hackers get through people's defenses for all kinds of reasons. Some send malicious viruses and worms which can destroy all kinds of valuable data. Someone's bizarre attempt at entertaining themselves can mean serious consequences for your business if you don't take the right steps to combat them.

You might think that your internet business is safer than it actually is. Because we often can't see or tell that someone is trying to hack into our systems - until it's too late - it's easy to be blissfully ignorant and assume that everything is okay. That's why it pays to sit down and analyze your whole business to see how well protected it really is.

The steps you can take vary from the most basic to the more advanced, which you will probably need help to achieve. Make sure you have the right anti-virus and anti-spyware software in place to protect you and perform your updates and scans on a regular basis. Make sure you have a secure firewall as well, since this will also help protect your data. If you employ a lot of people it is wise to make sure they are aware of the need to protect the business in every possible way. Don't assume that everyone knows what to do because not everyone does. It only takes one person opening an infected attachment on an email to cause havoc and lose you business as a result.

There is something of an assumption that hackers are only after personal information, but that isn't always the case. Some businesses have been the victim of hackers who have used their systems to distribute spam emails by the thousands, for example. If this happened to you, you can bet it would effectively shut down your website until the problem was sorted.

Many businesses are now taking on the services of external and trusted internet security companies to keep regular checks on their systems to make sure no vulnerabilities appear or are left unchecked. If you do this, you stand the chance of remaining in the group of businesses who are fully protected right round the clock.

Pure Hacking helps protect your Internet security by providing world-class penetration testing and ethical hacking risk management services. For a free consultation, please visit Penetration Testing.

Article Source: http://EzineArticles.com/?expert=Rob_McAdam

Information Security - Denial of Service Attacks (By Augustine Umezurike)

The security of organizations networks have continued to be threatened by hackers
in spite of the firewall behind the Internet facing routers. This is as a result of the increase in the availability of numerous software programs known as attack tools. These software have graphical user interface and are easy to be used and deployed by even computer novices.

This development has opened hacking to a much wider cross-section of the Internet population, including an organization's own non-technical employees. Resultantly, continued growth in the number of attacks has been recorded

These attacks that flood a network and tie up valuable resources that run e-commerce or internal applications is known as denial of service attacks (DOS). The DoS attacks bring down a computer network by overloading it with heavy traffic using the UDP or ICMP data packets. ( Rycom Inc , 2001)

The kinds of Dos attacks include the following: (McClure,S., Scambray, J. & Kurtz,G, 2003)

1. PingFlood or Ping of Death - Occurs when large number of ICMP echo packets are sent to a site causing system resources to respond to each packet thereby crashing or hanging.

2. UDP Flood or Service attack - This attack allows UDP datagrams to be sent to the subnet broadcast address with the destination port set at 19

3. Smurf Attack- Uses other sites known as bounce sites to generate ICMP echoes which generate several response echoes from the site under attack thus bringing it down.

4. SYN Flood - Several TCP connection request are sent every second to the target computer. The source IP address is spoofed with a forged IP address. The target computer allocates resources to handle the SYN - ACK responses
The malicious data packets are disguised as legitimate traffic and as such not subjected to the necessary checks.
References:

McClure,S.,Scambray , J. & Kurtz,G (2003). Hacking Exposed :Network Security Secret & Solutions (4th ed.). New York: Osborne/McGraw-Hill

Dr. Austin Umezurike is an experienced Information Technology management consultant with more than 15 years experience in business technology consulting. He has unique experience in utilizing the mix of technology and business to achieve organizational and industry leadership in technology and to gain competitive advantage. His interests include Organizational IT strategy, Organizational assessment, Business IT alignment, Outsourcing/Sourcing, Supply Chain management, SAP, IT Audit/Compliance, training and new business development strategies.

Dr. Umezurike holds a Ph.D. in Information Technology Management and Masters in Information Technology from Capella University, Minneapolis, MN.

Article Source: http://EzineArticles.com/?expert=Augustine_Umezurike