Only by implementing data security policies can the data security problems be solved

Two months ago, Old Customer A said that the computer that they managed suffered from falsified E-mail and the criminal wanted to defraud payments for goods from the manufacturer by leveraging such technique and the customer expected that we can assist with investigation. After we arrived at the manufacturer and assisted with the inspection and investigation, we found that effective records were not previously started for the policies applied to the supervisor and it was very difficult to conduct analysis and judgment at this time when data security problem was encountered.

This indicates that combination between correct data security tools and appropriate management policies is a truly effective application and this is a common method for many customers to implement data security policies. The supervisor was not controlled and recorded and this caused the company to be unable to provide evidences in case of a data security event. A high level supervisor may have few vulnerabilities, however, once a risk occurred the severity of that risk may be much greater than that caused by ordinary employees and we should keep cautious on this.

To avoid system records of a high level supervisor from being seen by the manager, FineArt provides a double-insurance method in which view cannot be done until consent (entry of password) from the audit personnel is obtained via right decentralization to protect privacy. These two methods are the main direction in which old customers will be assisted in continuing to improve data security services.

Constructing an effective defense system via tools and management system

Customer B with one month expired after import unexpectedly found that the host computer was hacked on the day following the day when import occurred and the criminal was transmitting the supervisor’s Outlook files (PST) out. IT personnel couldn’t help saying that it was very dangerous. Although the event occurred, a possible disaster was disclosed and prevented via various effective records of the electronic control system of FineArt.

Actually, IT personnel knew that internal operation in which no data security control was deployed was a freestyle world. At the beginning of import into the system, IT personnel can know that the severity of the violation of internal data security against provisions through records was beyond their imagination. Customer B imported data by means of release of bulletins to demonstrate the determination of the company to improve data security and this exactly triggered the inside criminal to start the crime in advance.

The senior executive of the listed company was determined to purchase our product via Customer C to record and control internal out-of-sequence events. For example, the higher price was quoted for over one hundred computers although such computers were purchased at a lower price, version control was untrue and personal computers were brought to the company as a springboard and others’ computers were hacked to send messages without permission.

The above three data security attacks and threats may be just online news for ordinary people or ordinary people may mistake that the data security service provider got used to being threatened. Actually, for FineArt, such attacks and threats are customer anxieties that can be felt every day and are data security cases close enough to touch. Such three scenarios also indicate that the role of IT department lacking or failing to properly utilize tools tends to be rigidified and even weakened when facing the problem of Shadow IT inside enterprises.

The IT department should proactively cope with the core data security problem. They should seek assistance from an outsourced data security service provider, deploy an appropriate data security system, implement controlling and recording, automatically make an inventory of software and hardware assets, send reports, audits, warnings, software and online security control and even import file encryption to protect internal confidentiality source and select correct tool products and teams. Only by doing so can the IT department yield twice the result with half the effort. The key is to seek the support and insisting on data security from senior executives of the company and investment can be effective.

Complying with data security management system and coping with future challenges

In the trend that data security regulations become increasingly stringent, the new version of personal data protection law, cyber security law, EU GDPR (general data protection regulation) and communication languages for information security will gradually tend to be unified. The enterprise not only needs to comply with various regulations but also needs to choose a good data security system so that they can provide evidence and comply with requirements of regulations. Only by fulfilling their various responsibilities can they remain invincible and avoid huge amounts of penalties.

Different mentalities determine different futures 

I was told a story of querying the job,

Worker A thinks that he is laying bricks,
Worker B thinks that he is bricking a wall,
Worker C thinks that he is hopefully building a church.

So what changes can FineArt make to the enterprises and data security?
Why did the customer import the product into their system?
Is the price war product with bad after-sales services the one that the customer wanted?

We believe that the customer choosing FineArt will never want to just try our product.

Our mission
is not just program research and development,
not just product selling.
Our team has always been building a solid data security fort for the sustainable operation of the enterprises!