Introduction
This paper presents general information regarding management information system (MIS) databases, common issues that companies face when implementing these databases and primary considerations related to the process. MIS databases may provide a valuable asset to any business because they allow the storing of valuable information that may then be automatically analyzed and divided into categories. This method of storing valuable information creates the possibility of using it for personal gain. This requires MIS databases to be highly secured, which can also lead to a number of challenges.
One security issue (phishing) is covered more deeply. Phishing is regarded as a significant threat that may cause excessive financial loss due to the compromise of sensitive data. Suggested countermeasures include reinforcing security and authorization measures. An alternate perspective suggests that phishing in itself is not a serious threat. However, this statement is disproved by reports claiming that phishing attempts have caused U.S. companies to lose more than $170 million. Therefore, it is eminently reasonable for large enterprises to take all necessary precautions to prevent phishing attempts.
Management Information Systems
The term management information system (MIS) refers to a computerized database consisting of information regarding finances and other activities of a company. It is “organized and programmed in such a way that it produces regular reports on operations for every level of management in a company” (“Management Information Systems (MIS),” 2017, para. 1). The primary function of an MIS is to provide feedback regarding the company’s performance. The company is then easily monitored via reports obtained from the system. An MIS also allows monitoring expected results in addition to the actual results that the company is demonstrating. Managerial personnel is then able to trace the level of the company’s efficiency. Data stored in an MIS is collected both automatically and manually; the type of data gathering is determined by its nature. A management information system is a complex yet valuable asset. The focus of this paper is to cover the issues and practices related to MIS, followed by a more detailed discussion of one of the issues and a conclusion.
Issues and Practices
Indeed, a number of challenges may arise when a company decides to resort to an MIS. Markgraf (2017) categorizes the four most common problems related to implementing an MIS as identifying a goal, providing proper maintenance, ensuring effortless use, and implementing required changes in a timely manner.
The first issue may be one that causes a company to turn down the possibility of implementing an MIS. Naturally, nearly every company has a need for an automated data-collecting system. However, it is also true that some companies do not necessarily require an MIS.
The need for proper maintenance is a direct result of the complexity of systems like MIS. The data stored in an MIS must also be controlled with care to ensure relevance and accuracy. Excessive processing time and the associated use of computing resources may result in the data being less relevant and, therefore, less valuable.
Naturally, if an MIS is running without any malfunctions, but the company’s employees are unable to use it, the system itself becomes useless. Thus, another important step is to ensure that the system is easy to use (for example, by adopting an intuitive interface). It is also crucial to make all necessary instructions and guides available to the company’s employees.
The ability to make adjustments to a system’s performance or functions is also important because the information involved may and will change. Timely data change is crucial to ensure the relevancy and availability of data. Finally, the changes may occur in the form of intrusions or security breaches. Therefore, it is also vital to adopt proper security measures, which may come in various forms.
Practices for managing these problems are also connected with planning an adequate MIS implementation. Sharma (2016) elucidates five issues related to the planning of an MIS. The most crucial of these is the problem of selecting proper methodologies related to planning an MIS adoption; these deal with a number of factors that may exert both positive and negative influence. Each of these factors must be analyzed and evaluated in the framework of a company. Successful planning ensures that an MIS will function properly, increasing the overall quality of a company’s performance.
Issue Discussion
In selecting MIS software, the issue requiring the greatest focus for any enterprise’s managerial personnel is security. Naturally, information stored in an MIS database is highly sensitive, and any attempt to compromise this data might lead to excessive expense, both to retrieve the information and to prevent future trespass. Therefore, it would be rational to select software offering a high level of security measures. As some cyber theft methods are easily preventable or may be outdated, this paper will focus on one prominent type of security breach facing modern forensic security: phishing.
Phishing is a type of security threat that is based on an attempt to create a copy similar to the authorization request that a company’s employees receive when trying to extract data from the MIS or other databases. Since phishing is mostly used to gain access to login and password information for a certain site located on the internet, resorting to such methods to gain access to an enterprise’s databases would first require a criminal to obtain access to the company’s servers. Following that, the process of authorization is emulated to copy login information.
As mentioned by Baron (2016), the “IRS doesn’t initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information” (para. 5). Although the author is speaking about more common types of phishing aimed at people not working in big business, the same measures may be implemented by employees. The latter would have to be cautious when receiving an email from superiors asking them to handle sensitive data or supply passwords to databases.
Khanna (2016) states that criminals can gain access to the personal data of a company’s staff members who perform financial transactions “from company websites or LinkedIn, or even by posing as a recruiter and calling an organization to obtain a directory” (para. 5). Additionally, phishing attempts may be carried out via uploading a trojan virus (“Requests for account information (phishing),” 2017). This would most likely require a criminal to be directly connected to a company’s network, which may be used to a company’s advantage in the successful prevention of intrusion.
Alternative Perspective
An alternative perspective would suggest that phishing is a method rarely used by modern cybercriminals. This intrusion method is not as effective as it once was, and companies (especially big ones) employ a strong line of protection against such attempts. Moreover, common office workers are also generally aware of phishing attempts and may easily recognize a potentially threatening email or file containing viruses. Therefore, attention must be focused on preventing other types of security breaches. However, phishing is still a hazardous type of scam. According to Khanna (2016), “In 2014, U.S. companies lost $179 million to these scams, according to the FBI’s Internet Crime Complaint Center” (para. 2). Thus, it is evident that, although relatively obsolete, phishing remains dangerous and may cause significant losses to a company.
References
Baron, J. (2016). Phishing schemes: An accelerating threat for accounting firms. Web.
Khanna, S. (2016). Don’t fall victim to the newest phishing scam. Web.
Management Information Systems (MIS). (2017). Web.
Markgraf, B. (2017). Common problems in management information systems. Web.
Requests for account information (phishing). (2017). Web.
Sharma, P. (2016). Problems faced in management information system (MIS) planning. Web.