Overview of Major Risks of Subscribing JustFood
With any ERP system, risks are unfortunately unavoidable. The greatest risk in any ERP system is the implementation of the system. Implementation is a huge undertaking; there are many moving parts that make the system function. To make sure the system works as a whole, each application of the system must operate simultaneously. Therefore, the IT department or IT consultants must understand the system well to manipulate and use the system to its fullest potential. Since there are so many applications that rely on one another, implementation is a risky task. For Paragon, the risks associated with implementing JustFood are visible. JustFood offers a variety and diverse range of features and functions. The system has tracking, recording and reporting features from the warehouse to finance department. Therefore, the IT department or employees of Paragon must understand all the moving parts of the system to make sure it works, a risk the distributor must consider when implementing the system.
Indeed, there is a risk in making sure the system functions well as a whole, but there are other risks to consider such as return on investment and security. Recall in the Cost Analysis and Value Assessment sections, it is suggested that Paragon buys the Enterprise package and subscribe to the cloud-based storage system. Both of these packages are the most expensive of their offerings. Additionally, JustFood does not offer ROI rates or examples from other similar companies. For this reason, Paragon is risking themselves when buying this system because they do not know the ROI is worth the purchase and effort of maintaining the system. In addition to the risk of a low or negative ROI, Paragon must consider security as a potential risk. Not knowing how established the system is, JustFood may not have the right infrastructure to maintain all users and comprised data in Paragon. Furthermore, cloud-based subscription (i.e. replacing computing resources in terms of hardware and software with services provided over the Internet (Gallaugher, 2016)) was chosen instead of the hardware storage system, which minimizes the risk of hardware malfunctioning or known as physical risks, but increases all risks associated with cloud-based subscriptions. These risks may include but are not limited to: internet or cloud malfunctions, which hinders users from extracting data needed to complete a transaction for the business; insider hackers, which is due to the ability to share all information with all users; and outsider views, which only occurs when the company does not limit what customers can see on the interface. For these reasons, cybersecurity is a leading technology trend in the industry (Boulton, 2017). Therefore, IT departments must now incorporate cybersecurity into their everyday tasks, something Paragon must consider. Although these risks are concerning, they can be minimized when prior plans and anticipation are considered.
Potential Privacy Issues
when Implementing JustFood
Any change in systems will leave a
company vulnerable especially if they are unaware of the risks or holes left by
an upgrade. That is why first and foremost it is important for the IT team
specifically, but also employees companywide to understand the newly
implemented system. Before choosing or implementing ERP software, it is
important to take stock of the information the company wants to keep private
such as proprietary documents or customer information, which is required by
law. ERP software vendors take securing data very seriously often implementing
double-digit checkpoints and security measures to keep employee’s private
information safe. Incorporating the security aspect in ERP initial design
becomes extremely vital because the entire organization is linked together by
the ERP thus creating multiple points of access to confidential data. The
Gallaugher (2016) details the issue of security loss from inside the company by
either employee error or direct theft. Employee error consequences may vary,
but if a good security system is in place, it should not get too out of hand.
Gardner research firm estimates that 70 percent of loss-causing security incidents
involve insiders (Gallaugher, 2016). As described in The Adventures of an IT
Leader, there may have been a hole in the security system causing a breach
(Austin, Nolan, & O’Donnell, 2016). As mentioned in the book, it is often seen
that security is not up to date or acknowledged until after there has been a
breach. Therefore, the book suggests and states that it is important to
prioritize company technical security and afford the prioritization adequate
funding.
Potential Security Issues
when Implementing JustFood
When examining the potential security
issues faced by Paragon from installing JustFood, there are multiple risks to
consider. Based on the nature of JustFood existing as an ERP system, one of its
main deliverables is scalability: it enables Paragon to “take the system with
them” via mobile devices due to the cloud capabilities, which allows the
company to expand. The system can be installed and run on personal mobile
devices as each employee has the ability to move from the back office, to the
warehouse floor, to vendor meetings, on business trips, and even to their
residence to work from home and other new, potential warehouses. From a
behavioral perspective, this presents a significant security threat as more
employees access Paragon’s secure information from alternative, and potentially
unsecure, locations as well as from alternative, and potentially unsecure
mobile devices. Harvard Business Review states that “it is wildly
underappreciated the huge number of cyberattacks involving the witting or
unwitting assistance of insiders: employees, contract workers, suppliers,
distributors, and others who have legitimate access to an organization’s
cyber-assets” (Prokesch, 2014). For Paragon, these “insiders’” access to Paragon’s
sensitive information (e.g. accounting records, employee records, and
proprietary reports) through the JustFood applications installed on their
mobile devices could be the unwitting assistance, as mentioned in the Harvard
Business Review article. If a traveling employee works from their mobile device
in a hotel lobby using the hotel’s free internet, a cyber attacker in the same
hotel lobby could easily take advantage of this weak link, and this jeopardizes
all of the limitless information contained within the JustFood’s application.
From a technical perspective, behavioral error combined with technical threats
can result in big problems for a highly mobilized ERP system like JustFood.
Many types of Trojans and other types of malware now are made to mimic and act similar
to a real application. But in reality, they carry viruses used to exploit the
weaknesses of mobile devices once users download them (Ledford, 2014).
Scalability by accessing organizations’ ERP system through mobile devices can
be appealing in terms of increasing efficiency and cutting costs; however, as
more users access sensitive corporate information on their mobile devices, the
probability increases of these types of security threats arising through both weaknesses
in human judgement, mobile device, and environmental vulnerabilities.
Risks in Relation to the Estimated
Benefits
As mentioned in the Value Assessment
section, one of the great benefits in using JustFood is the mobility aspect of
having all of the information of the business right at your fingertips. This
leaves room for huge security breaches such as insider trading. Inside trading
is easily achieved because the employee is out in the field and not in the
office with the data. Another benefit discussed in the Value Assessment section
was that employees at Paragon would have much more free time as the new
software would process mundane tasks that would normally be completed with more
effort. While this is a good benefit for employees, employees can use this
opportunity for personal gains. With free time during the workday, employees
can use time to their advantage. One way Paragon can protect the business from
these threats is by encrypting their data in a way that employees cannot share when
not authorized to do so. Encryption is
turning messages or data into a string of characters that are not recognizable.
For example, Apple has already began encrypting the iPhone, and Android users
can download and use the app, WhatsApp to encrypt their data (Dwoskin, 2015). While
JustFood will be a fantastic resource for Paragon and will completely and
positively change the way they operate their business, there will still be a
massive learning curve, and people may still fall into the traps of phishing
schemes and etcetera. Something as simple as an Adobe Flash Player update can attract
an attacker to access the company’s information (Prokesch, 2014). JustFood can also
provide and be used to analyze the amount of product being moved and customer
satisfaction. With the traceability features in JustFood, the system can verify
customers identities data and ensure no data is skewed for any reason
(Ransbotham, 2017).
References:
Austin, R.D., Nolan, R. L., &
O’Donnell, S. (2016). The Adventures of an IT Leader. Boston, MA: Harvard
Business Review Press.
Boulton, C. (2017, October 6).13
real-world digital transformation success stories. CIO Insider. Retrieved from https://www.cio.com/article/3149977/digital-transformation/8-top-digital-transformation-stories-of-2016.html?idg_eid=4d0407b851cb135ef952d0c651197a6f&email_SHA1_lc=3e9c3cafce80ba385893ce11bc2810c4200a1263&cid=cio_nlt_cio_leader_2017-11-02&utm_source=Sailthru&utm_medium=email&utm_campaign=CIO%20Leader%202017-11-02&utm_term=cio_leader
Dwoskin, E. (2015, April 19). What
exactly is encryption?. The Wall Street
Journal. Retrieved from https://www.wsj.com/articles/encryption-uncoded-a-consumers-guide-1429499476?mod=e2fb
Gallaugher,
J. (2016). Information Systems: A Manager’s Guide to Harnessing Technology,
v5.0. Washington, DC: Flatworld Knowledge, Inc.
JustFood.
(n.d. a). One solution to manage your
food business. Retrieved from http://justfooderp.com/software/
Ledford, J. (2014, March 4). Top 4
security challenges for Mobile ERP. Toolbox.com.
Retrieved from http://it.toolbox.com/blogs/inside-erp/top-4-security-challenges-for-mobile-erp-59193
Prokesch, S. (2014. August 20). I was a
cyberthreat to my company. Are you? Harvard
Business Review. Retrieved from https://hbr.org/2014/08/i-was-a-cyberthreat-to-my-company-are-you
Ransbotham, S. (2017, July 25). Improving
customer service and security with data analytics. Retrieved from https://sloanreview.mit.edu/article/improving-customer-service-and-security-with-data-analytics/
No comments:
Post a Comment