Effects of Financial Data Loss and How Organizations Gear Towards Safeguarding It - Research Proposal Example

Research Proposal: Effects of Financial Data loss and how Organizations Gear Towards safeguarding it Table of contents Research Topic Introduction/Background The need for advanced Information Technology (IT) by the segments of economy is increasing each day. IT is being used in banks, is used by insurance companies and is used in hospitals and in many other businesses. IT has become the highway in the provision of services. IT has become the new mode of communication in all corners of the world. However, while businesses strive to provide for services to their customers, the threat to personal financial information (of the customers) looms high. Such information held by these businesses in databases is at risk from both external users who collect and use, collect and spread, collect and manipulate as well as disclosing this information to other parties for their personal gains. Research Question Personal financial information held by organizations in their respective data banks has been lost through fraudulent activities in many countries. This has led to many losses to the organizations. In this regard, this research proposal will aim at establishing whether financial organizations have had negatives about technological advancements and how these organizations gear towards data protection from information warfare due to advanced IT. The questions to answer are as below; Whether the organizations have ever heard of financial data loss Whether they have ever incurred financial data loss or know of an organization that lost financial data and how it happened How they are prepared or how they safeguard their financial data Research Objectives The objectives of this study will be asses the seriousness of personal financial data loss and at the same time enlighten financial institutions on the importance of strict financial data protection from fraud. With the findings, organizations will have a feeling of what is at stake. Justification Customer information ranging from credit card information, identity card number, email address, account number and social security card numbers are some of the most targeted by fraudsters. Organizations have lost such information causing losses amounting to millions of dollars. For example, HFSG1 in America in 2007 lost personal information of 210,000 customers, During the same time last year, Art.com lost credit card information on a hacked server, The incident of Citi Bank debit/credit cards in Canada, UK and Russia in 2006 is still fresh in our minds. In addition to the above, websites have come into existence which purports to be a certain organization’s official site but in real sense, the sites are designed to collecting personal information for fraudulent activities, Review of the literature When an intruder breaks into the network, into the server or into the storage defenses of a company/organization, he/she is guided by one of these three goals; to have a look at information he/she should not look at, to deny the organization/company the importance of using its data and to damage/destroy/share data (Walsh, J 2007). According to him, since the harm is indented, the intruder may do more damage all aimed at being a long-term harm. These intruders are of two types; from inside the organization/company and outsiders-operating from outside the organization. Many people tend to think that the outsiders are more dangerous but the insiders are a big problem-almost the same level as the outsiders. This is so because, insiders already have access to important systems (no need to work hard to get any important data) and are aware of the type of damage which can do the most harm to the organization/company. According to Walsh, insiders have an advantage in that, less scrutiny is required as they are part of the venture. Walsh, J 2007, points out that, many IT departments in the various organizations have up to date methods to detect outsiders who try to break into the organization’s databases or servers, however, very few is any monitor activities form inside their network. It is for this reason that, insiders can do much damage than the outsiders who are often hindered at the network perimeter (Sushil, K. 2002). According to Elizabeth, T (2002), the maiden goal of each and every commercial venture is to provide the customers with the right information concerning their financial status while at the same time keeping wrong hands at bay. Breach in security however does occur often from both external and internal attacks (from inside the organization). To Ramnath, K. (2002), how customers perceive security of their financial information in organizations has dwindled since many admit to having hesitations while giving out their details due to the fear of losing them which translates to loosing financially (p.356). According to him, credit card information and social security card numbers are among the forms of information which is most targeted by hackers. Ramnath, K. (2002) argues that, with advanced technological advancement being experienced all over the world, hackers find it cheap to hack into peoples/organizations machines with the sole purpose of stealing information for their own financial good. According to him, the noble idea behind the progress of IT is being abused by individuals since organizations as well individuals have been in many times lagging behind security wise. According to Walsh, J (2007), information loss from databases in pronounced a lot these days due to advancement in technology as some people are finding it difficulty to log online and get as much information as possible from unsuspecting sources; which include financial institutions and other organizations which hold personal financial information for their own businesses. To him, once an organization looses data 10 times, its chances of regaining back are few and in most cases such ventures just close down or have huge debts which at times cannot be paid or wished away. To Walsh, although IT has made work easier in many organizations, it has also caused some downs at the same time. When an organization looses customer information, then, there is no way it can communicate with the customer which means losses in profits. According to him, this is more disastrous if the data lost cannot be retrieved/recovered back as this will require experts in computers to carry out this activity at a huge fee. Also, a worse situation is where some organizations cannot stand the loss at all. Large scale data loss like loss of an entire database even if that happens for a short while or temporarily, may cause an organizations to fail (Petrocelli, T 2005). This is so because, an organization/company will not be able to fulfill its obligation such as updating employee records or producing financial reports. According to Petrocelli, T (2005), this dependence on information technology which is not tight is a clear risk and that, data loss can render an organization impossible to perform properly. To him, when data is lost, employees may be idle for long spells of time during which data is being recovered thus reducing productivity of the organization. To Petrocelli, T (2005), loss of financial data makes it difficult for a manager to measure how the company is operations. Nowadays, many businesses rely fully on financial data, market information and manufacturing metrics in making tangible decisions which can propel the organization some notches higher. Destroyed, damaged as well as manipulated data leads to skewed decision making. In overall, this leads to the disruption of normal business and thus reduced returns and higher cost of doing business, leading to loss of profitability (Petrocelli, T 2005). To him further, there is the aspect for lawsuits as well as fines when an organization/company experiences financial data loss. Shareholder lawsuits are quite common since failure to protect financial data can easily cause litigation and especially when the data loss can be tied negatively to change in share price of the organization’s/companys stock. Also, data loss affects the operations and sales areas in a venture causing it to under perform thus triggering suits form shareholders. Legal action can also result form the failure to perform duties outlined in their contracts or the failure to produce goods and services which have already been paid for (Petrocelli, T 2005). Also, when data is unavailable, other applications which are not directly related to the lost data may fail. This happens when a relational database that is referenced by other databases is lost. For example, loss of the central database which holds all the customers’ information causes problems to the sales system since it references customer information from the central database. All in all, this type of loss result in many failures due to their dependence on another applications data already lost (Petrocelli, T 2005). Methodology The research work in this case will be done over a period of 10 months to complete. Research Tool The research will be conducted using both a questionnaire and interview. A questionnaire will be used since; The participant (organization) gives more information than he/she would have given in any other method, The researcher has the freedom to control some responses making it easy to analyze the data, Open-ended questions give more information, The participant has the will to answer the questions at his/her own pace; there is no strict deadline, A questionnaire has the potential to getting information from a large group of people. The researcher will design the tool assisted by experts in this field after which it will be test-retested (piloted) to confirm whether it will serve the purpose it is meant for. Samples of the questionnaire follow below, Table 1: General Sample Questionnaire Please, fill the below questions appropriately (The information provided below is confidential and will be used for the indented purpose only) 1. Ever lost your data? Yes No 2. Do you know of an organization which lost data? Yes No 3. If so which one?................................................ 4. Were you or any of your relatives/friends affected by the loss? Yes No 5. How were they affected?........................................................................ 6. What do you think should be done to avoid this in future?............................................................... 7. Any other comment? …………………………………………………… 8. Thank you. Table 2: Sample questionnaire for the organizations Please, fill the below questions appropriately (The information provided below is confidential and will be used for the indented purpose only) 1. Do you have an IT department? Yes No 2. Ever lost data? Yes No 3. If yes, was it internal or from outside? Internal Outside 4. How were you affected?........................................................................ 6. What do you have in place to avoid this in future?............................................................... 7. Any other comment? …………………………………………………… 8. Thank you. Interviews basing on the above questionnaire questions will be conducted. Sample A sample will be used to draw inferences about the entire population of organizations because; It is cheap as compared to complete observation of all organizations, It has a greater scope, Takes a short while to complete, in this case 10 months, and that, It is participatory. Some 100 institutions will be targeted as participants in this research work thus, some 200 will be selected in the initial stages to allow room for those that terminate. Since organizations are not the same, the noted ones will be arranged in sub-groups (strata) and each sub-group will have organizations which are said to be almost the same in terms of customer niche. In this case, random sampling cannot apply at all as the organizations are not homogenous at all. Once the stratum is fully set, then a random sample will be drawn from the population of the strata. Restrictions While choosing the sample to be used in this case, some restrictions will be imposed so that the organizations selected can be representative, some of them are; The organizations must have a database where they store customer/employees data as well as any other form of data, The organization must have an IT department, It must have more than 100 staff members, Must be dealing with customers directly and not through any other link, and Should if possible be a manufacturing where some sales are carried out. Assumptions In the course of the study the following will be assumed; That the organizations selected will be an un-biased representative of all organizations, That the results from the organizations can be generalized, That, all the organizations selected to take part in the study will complete the whole process since its only questionnaires and interview schedules completed which will be included in the final analysis, That, the information given by the various organizations is true, Ethical Considerations To participate in a research study, the security of the participant as an individual or an organization should be guaranteed according to research ethics. Security is determined from the onset of the study through the signing of the consent form. In this research study, the following ethical issues will be considered; The privacy of the organization will be maintained by protecting its identity, The data collected will only be used for the sole purpose of the study and nothing more The participants in the research; those who will be tasked by the management of the organization to give information on their behalf will remain masked, In case customers gives out data about a certain incident in a certain organization then his/her identity will remain a secret, Organizations will be made aware that, participating in the research work is not mandatory but by free consent and that they can terminate their participation any moment at will, however, they will be made aware of the seriousness of the activity and what leaving half-way means. Data Collection and Analysis Data will be collected using the research tools explained above. The open questions answers will be coded and then entered into the computer for analysis using SPSS. Descriptive statistics and frequencies will be used to get the findings from this research study. Tables and graph will form part of the report since they are a bird’s eye view and even non-statisticians can comprehend what is happening. Schedule and Budget The study will take part for about 10 months for the final report to be produced. The table below shows the schedule, Table 3: Schedule of activities Activity/Time in months 1 2 3 4 5 6 7 8 9 10 Research tool design                     Pilot survey               Sampling                     Administering the tool                 Data collection                     Data coding               Data entry                     Data analysis             Report writing                     Table 4: Budget Activity Funds ( £ ) Research tool design £ 150 Pilot survey £ 150 Sampling £ 150 Administering the tool £ 500 Total £ 950 A total of £ 950 will be required for the research study from research tool design to report writing. Reference Elizabeth, T. (2002). Security of personal data across national borders. Information Management & Computer Security, 10 (5), pp. 233-242 [Online] Available from: Emerald. http://www.emeraldinsight.com/0968-5227.htm [Accessed 07 April 2007] Petrocelli, T (2005). Data Loss and Business Risk: The Effect of Lost Data on Business Operations. [Online] Available from: http://www.informit.com/articles/article.aspx?p=422303&seqNum=4 [Accessed 07 April 2007] Ramnath, K. (2002). Perceived information security, financial liability and consumer trust in electronic commerce transactions. Logistics Information Management, 15(6), pp. 356-368 [Online] Available from: Emerald. http://www.emeraldinsight.com/0957-6053 [Accessed 07 April 2008]  Sushil, K. (2002) Securing information infrastructure from information warfare. Logistics Information Management. 15 (6), pp. 414-422 Walsh, J (2007). The Effect of Data Loss on Financial Institutions. [Online] Available from: http://www.articlegarden.com/Article/The-Effect-of-Data-Loss-on-Financial-Institutions/82782 [Accessed 07 April 2008] Read More