|
          |
 |
|
 |
 |
|
|||
 |
|
Thursday, March 1, 2007
2007 Emerging Technologies for Contractors – Are you Ready?March 2007Larry Wendt Are you ready? A new wave of technology is being adopted by contractors. As contractor’s wrestle with new ways to be more efficient, more profitable, and avoid costly mistakes, they are turning to using computer technology as a significant tool. Computer-based systems are moving beyond the basics of accounting, word processing, and e-mail. These new systems, ideas, and techniques are going to impact every contracting business in the next five years, one way or the other. They may act as a tool for the contractor, in other cases as a requirement to do business with larger, more sophisticated customers and – ominously - as a tool to bring an unprecedented level of scrutiny and accountability to contractors and employees. Packed with opportunity and risk, what are the key emerging technologies right now? They are – in order of significance: • Document Imaging and Work Flow Automation • Digital Plan Management • Mobile Computing • Remote Computing • Electronic Financial Transactions • Employee and Job Surveillance Document Imaging and Work Flow Automation Document imaging is the process of converting and storing paper documents as scanned electronic images. These electronic images are the functional equivalent of paper documents and can be viewed, transferred, annotated, and stored on your computer much like a paper document would be passed from person to person. In more advanced imaging systems the documents are notated with key information such as a job number, vendor name, employee name, and other significant items. The images are stored in a database which can be searched in many ways making the retrieval process vastly more efficient than searching through file drawers of paper. Work flow automation takes advantage of the ease of manipulating and accessing stored document images by standardizing and managing the rules by which a document is reviewed and approved in the company. A good example of a process that can benefit from document imaging and work flow automation is the accounts payable approval process. In the typical AP approval process an invoice is received for material or services on a job. The invoice is opened and possibly stamped with a receive date, time, and the job that the invoice should be applied to. The invoice is then forwarded to the job superintendent or foreman for approval. The job superintendent will then read the invoice, possibly locate and check it against the purchase order (if there is one), check it against the receiving ticket (if there is one), manually indicate the appropriate cost centers by writing on the invoice, and then send the invoice back to the office for entry into the computer system. The invoice is then filed (sometimes in multiple files) as a paper document in the office. This process is demanding on the superintendent’s time and can often take several days to complete. Using document imaging and work flow automation, the original invoice is scanned into the computer by a high speed scanner at the time of receipt at the office and the paper invoice is either shredded or filed in batches never to be touched again. The scanning process automatically captures the date and time that the invoice was received. The invoice is immediately matched to electronic images of related purchase orders or receiving tickets that have been already scanned into the system. This creates a complete electronic “packet” of documents to move through the system. The document packet is then assigned a "route" - a set of rules as to who must see and approve the invoice based on such considerations as the amount of the invoice, the job it applies to, and if there is a matching purchase order. Periodically, the job superintendent will log into his or her computer and will see a list of invoices that must be approved or reviewed. These invoices have already been screened by the "rules" of the routing so that the job superintendent only sees those invoices that apply to him or her. The images of the documents can be seen on the computer where changes and comments can be made quickly and efficiently. During the entire approval process – whether it touches one person or five - the status of the invoice approval can be monitored. By creating this “paperless” environment, there can be significant gains in efficiency. Research by “The Gartner Group” (http://www.gartner.com/) determined that it cost about $7.50 each time a document is handled and 40-60% of an employee’s time is spent handling paper. Other studies have found that 30% of construction companies’ costs are due to inefficiencies, mistakes, delays and poor communications (The Economist, 1/15/00). But there is also the legal considerations regarding use of document images instead of originals. Specifications with regard to this issue can be found in more depth at http://www.irs.gov. So who can take advantage of this technology? It can be applied by contractors who have a disciplined and well defined workflow, are concerned about document retention issues, and have consistent document accessibility problems such as storage and retrieval. However, this is not an easy technology to implement. True document imaging and work flow automation is culture changing and should be viewed as such when making a commitment to this technology. Companies wishing to move to a paperless environment must also have a solid computer and network infrastructure with excellent data security such as backups and access control. Digital Plan Management Digital Plan Management is the process of sending, receiving, and handling architectural drawings as digital files rather than paper files. With the proper tools and training, digital plans can allow estimators to quickly evaluate plans that are appropriate to bid and to streamline the quantity survey process, but there are some challenges. Typically, the contractor must identify and print drawings needed to bid or run a job. Since digitized plans are simple to distribute in their entirety, accountability for examining every page of even the largest set of prints becomes the responsibility of the contractor. Some of the other challenges with digital plans are the lack of standardization of digital formats and having the equipment to print large, readable drawings and printing them to scale. Yet despite the challenges, there can be real value to handling digital plans effectively. The cost of the computer hardware and software is dropping dramatically, and it is a realistic expectation to be able to take a digitized plan from evaluation to bid price without ever printing a page. Then, if the job is won, drawings for the field can be printed as needed. Mobile computing Mobile computing is the coming together of wireless broadband access, GPS technology, and software to deliver information on demand to any employee in the field. With the right software and hardware such as a computer laptop or handheld computer device it is possible to send instructions, work orders, maps and directions – virtually any information – directly to a field employee. For quite some time, contractors that do field service of some sort have been adopting mobile technology. As the equipment becomes more reliable and less expensive, other contractors are beginning to adopt this type of system to provide direction and support to their field. Remote computing Where mobile computing is about getting information to the right people at the right time, remote computing allows organizations to be geographically spread out but still share the same computer resources. From any computer that has internet access a contractor can get full access to their office computer network. Accounting systems, scheduling systems, estimating, data entry, and printing – these tasks can be done as though you are sitting at your desk in your own office. The technology involved is remarkably simple and accessible. Remote Desktop Program (RDP) and Terminal Services are software for remote computing included with your Microsoft server package. Implemented correctly, these are quite good and serviceable for most remote computing needs. There are internet based applications such as GoToMyPC.com and Logmein.com that have some additional functionality. For larger scale serious remote computing and incredible seamless access for a remote user, Citrix Metaframe Presentation Server can be used. The primary challenge with remote computing is your own office systems. There is not much you can do through remote computer access if your current office systems are paper-based and manual. Electronic Financial Transactions Electronic Financial Transactions (EFT’s) are the transfer of financial transactions from one organization or individual to another done without any sort of paper document. EFT’s include everything from direct deposit to on-line banking, submission of purchase orders and payment of vendors, tax payments, and even electronic contract payments. The transactions involved are familiar – such as direct deposit for a payroll. What makes this an emerging technology is the depth and availability of transactions that can now be done routinely by any computer with an internet connection and the integration with business software. There are even companies such as Textura (http://www.texturallc.com/) that are attempting to make the complex and challenging world of construction contract payments and waivers entirely electronic for efficiency and convenience. Like all technology though EFT’s come with a price, some challenges, and some risks. The transaction standards are complex and sometimes difficult to implement. Simple routine tasks such as direct deposit can be difficult when trying to work with specific banks. Additionally, basic security protocols such as secure passwords and protecting private information must be taken seriously. Employee and Job Surveillance Using simple new computer technology, employee and job surveillance is increasingly easy and cost effective. It is now possible to track all company e-mails – both sending and receiving - read e-mail contents, track internet usage and even log every computer keystroke and screen image. Any job site can be constantly surveyed through the use of inexpensive and mobile remote viewing via webcams – for both security and documenting contractor progress. Employee and equipment location can be tracked through the use of basic GPS (Global Positioning System) units installed in vehicles and cellular phones. Driving activities can be logged in great detail – starts, stops, speed, acceleration, and location. Although this can generate a huge amount of information for a large fleet or employee base, there are now software programs that can sort through the data and highlight significant items – allowing supervisors to keep an eye on everyone without having to work through mountains of information that they don’t need. Who is Adopting This New Technology? Like most new technology, the more progressive contractors are leading the way in finding and adopting these new technologies now. These tend to be the larger contractors, but that is not always the case. At times, it is the smaller business that wishes to be more nimble and effective against the competition that will take the risk of adopting new systems.  This table is based on a survey of twenty selected contractors. Few contractors have embraced all of the emerging technologies, but they are becoming much more prevalent in the last year. Laying the Foundation These new technologies and tools are exciting and may be potential solutions to some of your business issues. However, you must start with an underlying computer infrastructure that is current and reliable. This includes basic business systems such as accounting software, estimating software, e-mail, and using a word processor for general office documents. Technology is a logical progression of adding to a foundation that has already been built. If you’re not ready for these new technologies, consider it a great motivation to work on installing or improving basic systems. When you are ready to adopt one of these technologies yourself, approach implementation with the following guidelines: • Have you taken care of the basics first? You must start with a solid computer infrastructure, basic accounting system, and documented day-to-day business procedures. • Do an ROI (Return on Investment) analysis before investing. • Be realistic about your expectations on what type of results you will achieve and when. • Once you have made a decision to move forward, make an absolute commitment to the project – in terms of both money and in staff resources. • Consider all technology as continuously evolving systems that must be constantly maintained, revisited and improved. Look out for… • Weak current business processes. “The devil is in the details” and if you’re not sure where everything is, new technology may hurt you more than help you. • Underestimating the cost and effort to implement. • Software that is inappropriate or “buggy”. Software is not as robust as hardware, so it takes more time and effort to get it right – be prepared to take the time. • Insufficiently trained staff. You can spend a fortune on new computer systems and if the staff does not know how to use it, it will not be used. • Staff members that are “sabotaging” a new technology – usually by sticking to what they know rather than implementing the new processes that are designed to make the technology work for you. These situations must be identified early and dealt with firmly and clearly. Computer technology is rapidly becoming a necessity to compete in the construction market. It is critical that contractors take the time to become educated on what is available and learn how to evaluate the appropriateness of new systems for their business. Not all technologies are for all businesses, just as not all equipment is required by every trade. However, by finding the technology that suits your business and your needs – you can open worlds of opportunities. Labels: computing, construction, digital, emerging, imaging, mobile, remote, technology
posted by Web Master
at
9:34 PM
0 Comments
Friday, December 15, 2006
Security, Privacy, Fraud, and Profits - A Common Sense Guide to Computer Technology SecurityDecember 2006Larry Wendt Dependency on computers in the construction business is rapidly increasing. Along with this increased dependency is an increased risk to data security, invasion of privacy, fraud, and – as a result of all this – a direct risk to profits. Before you think that this situation does not apply to you, consider the situation we actually encountered earlier this year: A contractor is running a small office with 5 computers and a server. They run Quickbooks for their accounting and a variety of other software such as Microsoft Word and Excel. There was an unexpected power surge during what the electric company called “a power event.” The result was that the hard drive on the server was physically damaged and the server could no longer boot up from the damaged drive. The installed tape backup system had not been operating for the past six months. The Fix: An emergency replacement of the damaged server hard drive was required. Because there was no backup, a special data recovery service had to be used to recover the data from the original damaged drive. The (Unnecessary) Cost: $1,600 for two days of a network technician and a $5,000 fee to the data recovery service. The Impact: At a 6% net profit, the company will need to do an additional $110,000 worth of profitable work to cover the costs incurred; the users were down for two days; some files were not recovered. This event was expensive for this contractor. The potential risk to profits increases with greater reliance on computer technology. Take a moment to do a quick evaluation of the risks to your company based on how you use computers. You don’t need to know anything about computers, just how your business operates. Ask yourself: • How dependent am I on day-to-day collections of accounts receivable? If I was to lose all or part of the records of what people owe me, how long would I take to collect that money? Could I collect it? • If I suddenly could not get an estimate out for a week because the computer system was down – would I lose any opportunities? • If I had to re-create all of my computerized document templates such as contracts, change orders, waivers, letters, etc. – what would be the cost in terms of time lost? • If someone logged into my accounting system under a false name – could they cut a check to themselves without me knowing it? • If I lost my entire customer list – what would it take to rebuild it? Could I rebuild it? • If I lost all of my payroll records – even if I have paper back up – how long would it take to compile a union report, a 401K contribution, or a tax report? • If one of my employees was hired by a competitor, how easy would it be for them to take critical information from my office to their new employer? Short of keeping a paper copy of everything done on in your computer system – and I admit that a few of our clients try to do this, but it doesn’t work very well – some of these questions should make you feel very uncomfortable if you don’t know exactly how you would prevent or recover from these types of events. There are five basic threats that can compromise your company data – “malware,” hardware failure, data corruption, fraud, and loss from theft or disaster. Malware is software that is designed to infiltrate your computer system without your approval or consent and damage or violate the computer system in some way. This is a general term that includes computer viruses, spyware, worms, Trojan horses, adware, and other undesirable and unwanted software. Computers are remarkably reliable, however hardware failures still occur. In particular, hard drives are one of the few parts of a computer that has moving parts and the hard drives is where all computer data is permanently stored. The moving parts of a hard drive eventually fail – it is just a matter of when – and when the drive fails, the data on the drive is lost. A general description of data corruption is when you think you are saving one bit of data in your computer system and what is being saved is something different. For example, you intend to write the sentence “I made money this year” in your word processor and what is actually stored in the computer is “qfrhwaf; hjf;e a;wkghe.” Does this really happen? Yes. This situation can be caused from everything such as bugs in a software program to a bookkeeper accidentally posting an invoice to the wrong accounting period. Fraud can be committed by any person that is determined, reasonably resourceful and has access to your computer system. The most common form of fraud we see is falsified checks using accounts payable or payroll in the computerized accounting system. There are a multitude of other fraudulent activities that can be done in any accounting system by someone with a modest amount of creativity. And, if the above is not enough to worry about, there is always the possibility your computer equipment will be stolen or destroyed in a disaster. Despite the grim list of threats of things that go wrong, you can protect yourself easily. While you may not completely prevent a loss of data, you can be in a position where it is merely an inconvenience and not an expensive loss. Have whoever is responsible for your computer system go through the following checklist and address each of these issues to your satisfaction. • Back up your data regularly (daily) Simple backups are not enough. Run periodic tests to ensure that you actually restore the data from your backups. Periodically – at least monthly – store a complete backup in a remote location. Backup to tape is still the most cost effective, reliable, and efficient method available. • Use passwords Use passwords that are at least 8 characters in length and have both numbers and letters. Do not share your passwords – no matter how convenient. • Maintain basic security protection on your computer and server Install a firewall on your office network and a run a personal firewall on each computer. Have anti-virus and anti-spyware software installed on every computer and update it weekly. Update internet browsers and any Microsoft Windows operating systems with the latest security patches. This can be done easily through the internet. And, finally, limit user access to sensitive files with basic network security (user access to specific files). • Follow common sense precautions when using e-mail and the internet Never open an e-mail file or attachment that was sent to you by someone that you do not know. Do not ever respond to unsolicited requests for personal information over e-mail or the internet. When using the internet for financial transactions, always use a secure connection. You can tell that you are using a secure connection when the address of the site starts with “https://” or “ftps://”. In the world of computers, the old cliché is true – “it is not a matter of if, but when…” Protect yourself. Labels: computer, fraud, malware, privacy, security
posted by Web Master
at
8:32 PM
0 Comments
Thursday, December 14, 2006
Glossery of Common Security Terms in Computer EnvironmentsAccess AuthorizationAccess authorization restricts access to a computer to group of users through the use of authentication systems. These systems can protect either the whole computer - such as through an interactive logon screen - or individual services, such as an FTP server. There are many methods for identifying and authenticating users, such as passwords, identification cards, and, more recently, smart cards and biometric systems. (http://en.wikipedia.org/wiki/Computer_security) Threat Level: N/A Protection Level: Very Important ACL - Access Control List An access control list (ACL) is a table that tells a computer operating system which access rights each user has to a particular system object, such as a file directory or individual file. Each object has a security attribute that identifies its access control list. The list has an entry for each system user with access privileges. The most common privileges include the ability to read a file (or all the files in a directory), to write to the file or files, and to execute the file (if it is an executable file, or program). Microsoft Windows NT/2000, Novell's NetWare, Digital's OpenVMS, and Unix-based systems are among the operating systems that use access control lists. The list is implemented differently by each operating system. (http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci213757,00.html) Threat Level: N/A Protection Level: Very Important Adware Software that is designed to infiltrate a computer system without the owners approval or knowledge and then presents unwanted ads for goods and services to the user while the computer system is being used. Threat Level: Very High Protection Level: N/A Anti-Virus Software/Anti-Spyware Software Anti-virus software consists of computer programs that attempt to identify, thwart and eliminate computer viruses and other malicious software (malware). (http://en.wikipedia.org/wiki/Computer_security) Threat Level: N/A Protection Level: Very Important Authentication The process of identifying an individual, usually based on a username and password. In security systems, authentication is distinct from authorization , which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual. (www.saol.com/glossary.asp) Threat Level: N/A Protection Level: Very Important Backups Backups are a way of securing your information; they are another copy of all your important computer files kept in another location. These files are kept on hard disks, CD-Rs, CD-RWs, and tapes. Backups can be kept in a multitude of locations, some of the suggested places would be a fireproof, waterproof, and heat proof safe, or in a separate, offsite location than that in which the original files are contained. Some individuals and companies also keep their backups in safe deposit boxes inside the vaults of banks. There is also a fourth option, which involves using one of the companies on the Internet that backs up files for both business and individuals. Backups are also important for reasons other than security. Natural disasters, such as earthquakes, hurricanes, or tornadoes, may strike the building where the computer is located. The building can be on fire, or an explosion may occur. There needs to be a recent backup at an alternate secure location, in case of such kind of disaster. The backup needs to be moved between the geographic sites in a secure manner, so as to prevent it from being stolen. (http://en.wikipedia.org/wiki/Computer_security) Threat Level: N/A Protection Level: Very Important Biometric System An automated system capable of capturing a biometric sample from an end user; extracting biometric data from that sample; comparing the biometric data with that contained in one or more reference templates; deciding how well they match; and indicating whether or not an identification or verification of identity has been achieved. (www.authentec.com/getpage.cfm) Threat Level: N/A Protection Level: Important for High-Level Security Systems Computer Contaminant Term sometimes used for computer malware - particularly in a legal context. Threat Level: N/A Protection Level: N/A Crack Reverse the encryption of an encrypted electronic message without the consent of the original sender of the message. Threat Level: N/A Protection Level: N/A Cryptography Cryptography is the art of keeping messages secret by using different methods. It normally deals with all aspects of secure messaging, authentication, digital signatures, and electronic money. Cryptanalysis is the art of breaking these methods. Cryptology is the study of cryptography and cryptanalysis. (www.infosec.gov.hk/english/general/glossary.htm) Threat Level: N/A Protection Level: Very Important DOS - Denial of Service A denial of service attack is when an attacker consumes the resources on your computer for things it was not intended to be doing, thus preventing normal use of your network resources to legimite purposes. (gul.ime.usp.br/Docs/docs/howto/other-formats/html/HOWTO-INDEX-html/Security-HOWTO-12.html) Threat Level: Moderate Protection Level: N/A Electronic Messaging System Variety of methods to use computers to convey a message from one person to another. E-mail, computer bulletin boards, message centers, blogs, mobile phone text messages, on-line messaging systems are all considered electronic messaging systems. Threat Level: N/A Protection Level: N/A Encryption Encryption is used to protect your message from the eyes of others. It can be done in several ways by switching the characters around, replacing characters with others, and even removing characters from the message. These have to be used in combination to make the encryption secure enough, that is to say, sufficiently difficult to crack. (http://en.wikipedia.org/wiki/Computer_security) Threat Level: N/A Protection Level: Important Firewall Firewalls are systems which help protect computers and computer networks from attack and subsequent intrusion by restricting the network traffic which can pass through them, based on a set of system administrator defined rules. (http://en.wikipedia.org/wiki/Computer_security) Threat Level: N/A Protection Level: Very Important Intrusion Detection System Intrusion-detection systems can scan a network for people that are on the network but who should not be there or are doing things that they should not be doing, for example trying a lot of passwords to gain access to the network. (http://en.wikipedia.org/wiki/Computer_security) Threat Level: N/A Protection Level: Important Logic Bomb Logic bombs maliciously cause legitimate applications to fail. "An application, for example, might delete itself from the disk after a couple of runs as a copy protection scheme."(http://en.wikipedia.org/wiki/Computer_virus) Threat Level: High Protection Level: N/A Malware Software that is designed to infiltrate a computer system without the owners approval or consent and damage or violate the computer system in some way. Malware is a general term that includes computer viruses, spyware, worms, Trojan horses, adware, and other undesireable and unwanted software. Threat Level: High Protection Level: N/A Phishing The act of tricking someone into giving them confidential information or tricking them into doing something that they normally wouldn’t do or shouldn’t do. For example: sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. (www.michigan.gov/cybersecurity/0,1607,7-217-34415---,00.html) Threat Level: Very High Protection Level: N/A Public and Private Key Private Key: The component of a pair of cryptographic keys used in Public Key cryptography (asymmetric) system that is secret and known only to the owner of the public key pair. The owner uses the private key to sign data and/or decrypt data. Public Key: The publicly disclosable component of a pair of cryptographic keys used in Public Key cryptography (asymmetric) system. An entity’s public key can (and is) used by anyone to encrypt the data for the public key owner and/or to verify digital signaturse of the public key owner. (http://www.orionsec.com/Security_Glossary.html) Threat Level: N/A Protection Level: Important for Specific Applications Smart Card Also known as a chip card or IC (integrated circuit) card. A card containing one or more computer chips or integrated circuits for identification, data storage or special-purpose processing used to validate personal identification numbers (PINs), authorise purchases, verify account balances and store personal records. (www.rba.gov.au/Glossary/text_only.asp) Threat Level: N/A Protection Level: Important for Specific Applications Spam Abusive use of electronic messaging to send unsolicited and undesired messages in bulk. The most common spam method is e-mail spam which uses electronic mail (e-mail) to send unwanted messages to users. Threat Level: Very High Protection Level: N/A Spyware Software that is designed to infiltrate a computer system without the owners approval or knowledge and then actively captures information about the use of the computer and sends it to a central database for commercial use and analysis. Threat Level: Very High Protection Level: N/A SSL - Secure Socket Layer A security protocol methodology designed to create a secure connection to the server for the transmission of confidential data through the Internet. SSL uses public key encryption, one of the industry's strongest encryption methods, to protect data as it travels over the Internet. Originally created by Netscape. (webcontent-m1.com/m1/en/support/Library/glossary) Threat Level: N/A Protection Level: Very Important for Financial Transactions Strong Password A password that is at least eight characters in length, has upper and lower case letters, and contains at least one number (0,1,2,…) and at least one special character (!@#$%...). Threat Level: N/A Protection Level: Very Important Trojan Horse A Trojan horse is just a computer program. The program pretends to do one thing (like claim to be a picture) but actually does damage when one starts it (it can completely erase one's files). Trojan horses cannot replicate automatically. (http://en.wikipedia.org/wiki/Computer_virus) Threat Level: N/A Protection Level: Very Important for Financial Transactions Trusted System A system (typically a computer or server) that is set up so that when your computer is attached to it, your computer has no choice but to "trust" the system. That is, any information provided by the attached system is trusted by your computer and not challenged for authenticity or threat. Threat Level: N/A Protection Level: N/A Viruses (E-mail virus) An e-mail virus will use an e-mail message as a mode of transport, and usually will copy itself by automatically mailing itself to hundreds of people in the victim's address book. (http://en.wikipedia.org/wiki/Computer_virus) Threat Level: Very High Protection Level: N/A Worm A worm is a piece of software that uses computer networks and security flaws to create copies of itself. A copy of the worm will scan the network for any other machine that has a specific security flaw. It replicates itself to the new machine using the security flaw, and then begins scanning and replicating anew. (http://en.wikipedia.org/wiki/Computer_virus) Threat Level: High Protection Level: N/A Labels: computer, glossery, security, terms
posted by Web Master
at
3:00 AM
0 Comments
|
|||||||||
|
|
|||
 |
|||
|
|||
|
|
