Welcome to The Pentad Group

Greetings! 

It's hard to believe we are already half-way through 2008; has time flown by as quickly for you as it has for The Pentad Group?  Fortunately, we have had two very productive quarters, so we look back with no regrets!
 
Our biggest news to share is our recognition this month by the Boston Business Journal as the 14th Best Small Company to work for in the Boston area.  We are proud of this accomplishment, and we have a goal to be in the top 10 next year, so be on the lookout.  We move forward into the second-half of 2008 with great excitement as we try to reach our goal!
 
One of the factors in being one of the "Best Places to Work" is a commitment to new ideas and innovation, and we have done just that this year with the initiation of our Information Technology (IT) Practice, headed by Sally Guenette.  Please read on to learn more about our IT service offering.  
 
We hope you enjoy our newsletter, and as always, your comments and suggestions are welcome.   Please send your feedback to Kate McLellan at kmclellan@thepentadgroup.com

Project in the Spotlight - System Selection at Telecommunications Company

The Pentad Group was engaged to manage a systems selection project for a rapidly growing telecommunications start-up company.  The client had several key requirements, which included the ability to provide immediate key financial reporting in order to make business decisions, ease of integration with the client's sophisticated "homegrown" system, and the ability to implement the package themselves within a very tight time-frame.  

The first phase of the project involved gaining an understanding of client's current and future accounting and business needs, as well as their unique "homegrown" system. The Pentad team, lead by Pentad Engagement Manager Eric Milgroom, also identified all accounting application needs and related interfaces that were critical for the new system.  The second phase involved conducting research on stand-alone ERP applications which met the requirements of the current state, but also provided future extended business capabilities.  At the end of phase two, the Pentad team created and distributed an RFI, evaluated the response from vendors, and identified the top two systems. Milgroom engaged the two vendors for discussions and demonstrations of their applications.  Phase three was comparison and analysis of the two systems, which included identifying  and evaluating the "pros" and "cons" of each application, based on the requirements identified in phase one. 

 The final phase of the selection process was developing a comprehensive cost analysis of both applications, including software acquisition, related infrastructure, implementation, training, and annual maintenance costs.  The Pentad team presented the client a complete and objective analysis for both applications.   The client successfully implemented the system themselves, within their desired timeframe. They have found the assimilation of the selected application to be seamless to their staff and are confident in the application's ability to expand as their business grows.


 

Visions of Vanishing Data Keeping you up at Night?      
We've all heard the horror stories:  more than 45 million credit and debit card numbers were stolen from TJ Maxx; CardSystems Solutions, a credit-card processing company, exposed 40 million debit and credit-card accounts in a cyber break-in; 4.2 million account numbers were stolen from Hannaford Bros, the list goes on and on.  While these examples differ in their methods, some were hacked into over a period of time; Hannaford's data was captured by thieves while customer's cards were swiped at checkout machines. They serve to remind us of the need for developing policies and procedures to secure sensitive data and to apply these policies consistently across the entire company.  Hackers, thieves and unscrupulous employees continue to find new ways to infiltrate data systems and steal or corrupt data.  Management must continue to refine and audit its approach to dealing with these threats.
 
There is no magic solution to keeping these attacks at bay, however vigilance and consistency are necessities to stemming the tide.  Not following simple rules can cost a person his job or a company its reputation.  Consider a few of Los Alamos Lab's unfortunate situations:
 
1.  An employee of the lab took his laptop containing sensitive government documents with him on vacation where it was stolen.
2.  Los Alamos data was discovered on a crack dealer's USB stick.
 
It's not comforting to think this information is getting into the wrong hands!  Here are some of the many simple ways management can ensure their employees help prevent data theft:

• Don't leave laptops or any data storage device unattended (in a car, airport, etc)
• Store all sensitive documents and data on the company's network drives, not your local hard disk.  Local disks rarely get backed-up regularly and pose a theft risk.
• Passwords - Always password protect your computer and files, such as spreadsheets or documents holding private data.  Passwords should be at least 8 characters with a combination of letters, numbers, and symbols.  Choose something easy to remember but hard to guess.  Change passwords regularly.  Do not share passwords.  Keep them locked-up.  No post-its stuck to the monitor! 
• Encryption - Encrypt your sensitive data, especially if it resides on portable devices, such as laptops and PDAs.  At the simplest level, encrypted data requires a key or password to decrypt into human readable form.

The company as a whole has many areas to consider when implementing security policies.  A few that must be addressed:

• Environment - Is the server room dedicated to housing the network servers?  Is it always locked?  Is it adequately ventilated and cooled?
• Wireless Network - The range must be tested to ensure that it can't be accessed outside the specified area.  Don't broadcast the SSID.  Use a sufficiently complex network key.  Use MAC addresses along with SSL or secure HTML for maximum security.
• Virus protection and spam filtering - Make sure all computers using your network, including those of consultants and vendors, have adequate virus protection and spam filtering software.  Ensure updates are current and are being applied on a regular basis.
• Data storage - Make regular data backups at least once a day.  Store backups offsite in a secure place (safe deposit box, data storage company).  Protect the data during transit.  Do a test restore on a periodic basis to ensure the backup procedure works effectively.
• Security software - Consider using server security software to lock out certain functionality on pcs connected to the server.  In the Los Alamos example, all USB drives could have been rendered unusable by security software.

There is a delicate balancing act between ironclad security and accessibility to data by authorized personnel.  The Pentad Group can listen to your concerns, analyze your company's current IT security measures and help map out an ongoing security plan to best fit your needs.   The bottom line is that security policies and procedures must be clearly explained to all personnel, consistently enforced, and frequently reviewed so that we can all get a better night's sleep.