pt the auditor
Response to the Response...
Well, it was heartwarming for this old dog to see Blake Laufer's response to my notes in the October issue of my favorite magazine. He makes some good points, and frankly, I can't agree more. I was happy that someone with some expertise in computers and software was around to fill in the blanks I left in my humble attempt at scaring the pants off you in regards to your PC security.
However, I can't stress enough the point that Blake makes concerning your personal responsibly in this issue. See, Blake is a computer expert; I am an auditing expert. I spend my life in garages looking at not only the tickets and the numbers, but also the people and the equipment they use. Frankly, it's horrifying.
Blake and I would love to see upgrades of the computers available, have the software moved to the next level, and have the staff trained on that software and on computer security. However, that simply doesn't happen in most garages.
Think about it. New software, training and equipment costs money. Most garage managers think that it's their goal to NOT spend the client's money. They seldom budget for computers or training. The operator is supposed to be knowledgeable on these topics, and that is what they are to bring to the party. Somehow, however, in the daily grind, it just falls through the crack. This isn't how it should be -- it's reality.
I hasten to add that many operators use a modem/dial back system to ensure security in their data transfer. My concern is the security of the data BEFORE its transferred. Can an auditor be certain that the numbers on the report are actually the same as those generated in the garage? Where is the raw data? Is it correct?
I have the greatest respect for computers and the people that write software for them. They are, however, simply tools to make our lives easier and increase our productivity. Like all tools, they must be used properly. A hoe can be used to make a great basin around a rose, but its pretty useless at sinking a screw into that wobbly gate.
Likewise, the proper tools in a garage are important. Unfortunately, the tools we have now aren't as easy to use as a hoe or screwdriver. They require training and more training. They are often out of date before they are broken in. My master still uses the hoe his grandfather used in the garden. He replaces his PC every couple of years.
Thanks to Blake, I will now ensure that I look at the phone records to see just how often the local computers are connected with those at central. When he talks about auditing, and mentions checking the spreadsheets against receipts, he's right of course. However, it's more basic than that. We have to check each transaction against the totals for that lane, or that POF, and ensure that the numbers are correct.
But let's get back to your responsibility for computer security. Blake quotes a famous hacker who in most cases simply called the computer operator and talked his way past firewalls and secure access. I don't know how many times I have gotten access to a parking garage's computer system simply by asking for it. Sigh. They don't even call upstairs to find out whether I'm legit or not.
I agree that with the proper steps, your remote PCs can be made mostly secure. My expert, quoted in the October Issue, is holding her ground.
A good friend once told me that if you think that you have developed a system that is completely secure, then you are saying that you are smarter than the next guy. And you do that at your peril. With all its technology and security, the National Security Agency knew that it was not secure if its telephone system was connected to the outside world. So they had two phones: one for inside, secure communications, and one to call out. Not very high tech, but it worked.
One final note: being an auditor, I am concerned about all types of theft. I note that Blake is concerned about Bill Gates getting his pound of flesh every time a PC is fired up with new software. I would recommend that you ensure that you have paid the licenses for all your software. It's a small price to pay to get good support, and frankly, that's how our system works.
Article Abstract from March, 2003