Tropical Storm Noul Approaching Thailand

September 21, 2020
Nareerat Moottatarn

Tropical Storm Noul Approaching Thailand

Summary

  • Typhoon from Category 3 Tropical Storm Noul could reach Thailand as early as this Friday 18th of September, according to TMD (Thai Meteorological Department).
  • Torrential rain is expected with strong winds starting from the Northeast, then reaching the North, Central, East and South of Thailand respectively.
  • Areas with low elevations could risk flash floods and water runoff from the severe rainfall.
  • Recommendation to factories are to secure buildings for wind and storm damages, while closely monitoring the news for further updates.

Forecast

  • At 10:00 am 17th September, the storm is due 600 km northeast of Vietnam with sustained winds of 80 km/hour, and travelling at 20 km/hour and expected to intensify.
  • In the Andaman Sea and the Gulf of Thailand, the wind waves will be stronger with the waves 2-3 meters high in the Andaman Sea, about 2 meters high in the Gulf of Thailand.
[caption id="attachment_2785" align="aligncenter" width="893"] Expected track of tropical storm Noul (Source: TMD)[/caption]

Affected Provinces

Very heavy rain (over 90 mm/hour) and heavy rain (over 35 mm/hour) are forecasted by TMD in many provinces from 18th to 20th September as follows.
North: Mae Hong Son, Lamphun, Lampang, Nan, Phrae, Uttaradit, Sukhothai, Tak, Kamphaeng Phet, Phitsanulok, Phichit, Phetchabun North: Mae Hong Son, Chiang Mai, Chiang Rai, Lamphun, Lampang, Phrae, Phayao, Nan, Uttaradit, Phitsanulok, Sukhothai, Tak, Kamphaeng Phet, Phichit, Phetchabun North: Mae Hong Son, Chiang Mai, Lamphun, Lampang, Tak, Sukhothai, Kamphaeng Phet
Northeast: Loei, Nong Bua Lamphu, Nong Khai, Bueng Kan, Udon Thani, Sakon Nakhon, Nakhon Phanom, Chaiyaphum, Khon Kaen, Mahasarakham, Kalasin, Mukdahan, Roi Et, Yasothon, Amnat Charoen, Nakhon Ratchasima, Buriram, Surin, Sisaket, Ubon Ratchathani Northeast: Loei, Nong Bua Lamphu, Nong Khai, Bueng Kan, Udon Thani, Sakon Nakhon, Nakhon Phanom, Chaiyaphum, Khon Kaen, Mahasarakham, Kalasin, Mukdahan, Roi Et, Yasothon, Amnat Charoen, Nakhon Ratchasima, Buriram, Surin, Sisaket, Ubon Ratchathani Northeast: Nil
Central: Ratchaburi, Kanchanaburi, Saraburi, Lop Buri, Nakhon Sawan, Uthai Thani. Central: Kanchanaburi, Uthai Thani, Chainat, Nakhon Sawan, Lop Buri, Saraburi, Bangkok Central: Ratchaburi, Kanchanaburi, Uthai Thani, Suphanburi, Chainat
East: Nakhon Nayok, Prachinburi, Sa Kaeo, Chachoengsao, Chonburi, Rayong, Chanthaburi, Trat. East: Nakhon Nayok, Prachin Buri, Sa Kaeo, Chachoengsao, Chon Buri, Rayong, Chanthaburi, Trat East: Chon Buri, Rayong, Chanthaburi, Trat
South: Phetchaburi, Prachuap Khiri Khan, Chumphon, Surat Thani, Ranong, Phang Nga, Phuket, Krabi, Trang, Satun South: Phetchaburi, Prachuap Khiri Khan, Chumphon, Ranong, Phangnga, Phuket, Krabi, Trang, Satun South: Phetchaburi, Prachuap Khiri Khan, Chumphon, Ranong, Phangnga, Phuket, Krabi

References

https://www.windy.com/?15.813,74.795,5 https://www.tmd.go.th/en/list_warning.php https://reliefweb.int/report/thailand/weather-warning-category-2-tropical-depression-middle-south-china-sea-no-2-time

Sustainable Development Goals (SDGs) Part 2

June 18, 2020
Sutiwat Prutthiprasert

– Eliminate poverty within 2070. At present, the income lower than $1.90 per day is used as an indicator. – Equal access to economic resources, including basic need and land ownership – Build immunity to natural disaster, economic, and political crisis. – By creating warranty of significant resource assemble from different sources – By creating optimal scope of country, regional and international policies, based on a pro-poor strategy – Eliminate hunger and access to food safety and nutrition within 2070. – Eliminate all kinds of Malnutrition – Increase in agricultural products and in income of small food producers to be twice, including equal access to land property, resources, import factors, knowledge, financial management and value-adding opportunity. – By investing in rural and agricultural research and development – By preventing trade barrier in agricultural trade world – By allow access to food market information and eliminating food price fluctuation

– Reduce maternal mortality ratio worldwide to be less than 70 per 100,000 within 2070. – Eliminate infant mortality rate (IMR) to 12 per 1,000 and under 5 mortality rate (U5MR) to 25 per 1,000 within 2070. – Eliminate AIDS, Tuberculosis, Malaria and neglected tropical diseases. – Reduce one-third of untimely death from NCDs by supporting good metal health and well-being within 2070. – Promote prevention of using drugs and alcohol. – Reduce road accident death. – Access to reproductive health information – Fulfill the universal health care coverage. – Reduce death and sickness from dangerous chemicals and pollution – By proceeding under the WHO Framework Convention of Tobacco Control – By funding vaccines and medicine R&D – By investing more on healthcare and developing medical staff – By increasing potential in healthcare warning and risk management

– Free quality basic education (elementary/secondary) – Sufficient access to quality elementary education – Access to affordable and quality basic techniques, vocational and undergraduate study. – Increase skilled youths and adults for employment. – Eliminate gender inequality in education and ensure that fragile group: disabled, tribes and children have equal access to education. – Assure that high proportion of youths and adults, both male and female are literate. – Assure that all students are well-educated and trained with skills for sustainable development. – By improving educational devices to suit all groups of people – By expanding scholarship worldwide and IT and science vocational training – By increasing number of quality teachers

– Eliminate all forms of discrimination against women and girls around the world. – Eliminate all forms of violence to women and girls in public, including human trafficking and sexual violence. – Eliminate all harmful practices such as forced and early marriage. – Acknowledge and value unpaid care and domestic work and promote of shared responsibilities within the household and the family. -Assure women’s full and effective participation and equal opportunities for leadership in all levels of decision-making in political, economic and public life. – Assure universal access to sexual and reproductive health and reproductive rights as agreed in accordance with the Programme of Action of the International Conference on Population and Development and the Beijing Platform for Action and the outcome documents of their review conferences. – By reform to give women equal rights to economic resources, as well as access to ownership and control over land and other forms of property, financial services, inheritance and natural resources, in accordance with national laws – By enhancing the use of information and communications technology, to promote the empowerment of women – By applying and strengthening suitable policies and enforceable legislation for the promotion of gender equality and the empowerment of all women and girls at all levels

– Succeed in clean water access for everyone. – Succeed in adequate sanitation and terminate outdoor excretion. – Improve water quality by reducing pollution, stop littering, reduce non-treated water to half and increase the reuse of water. – Improve water using efficiency to relief water shortage. – Improve holistic water management. – Protect and restore water ecosystem. – By expanding international cooperation to increase capability for developing country regarding water and sanitation – By promoting and strengthening in community involvement in water management – Ensure the access to new affordable and reliable energy services. – Increase the share of renewable energy in the global energy mix. – Improve energy utilization efficiency. – By enhancing international cooperation to facilitate the access to R&D of clean energy and renewable energy, including clean fossil energy and promoting investment in clean energy infrastructure and technology – By expanding infrastructure and developing technology to deliver the modern and sustainable energy services – Increase individual’s economic growth, especially increase the GDP of low-developing countries at least 7% per year. – Succeed in increasing productivity and economic values through technology and innovation. – Promote the policies that support productivity, employment, entrepreneurship, creativity and innovation, and growth of SMEs. – Improve resources utilization and persevere to disconnect economic growth from environmental impairment. – Succeed in maximum employment and productivity with equality for all groups of people, including youths and disabled. – Reduce proportion of unemployed, uneducated and untrained youths. – Immediately and efficiently eliminate forced labor, slave labor, child labor and human trafficking. – Protect labor rights and promote safe working environment for all labors, including alien labors. – Create sustainable tourism policy to support employment, culture and local products. – Strengthen access to financial institutions and financial services. – By increasing Aid for Trade for developing countries – By following International Labor Organization (ILO) for child employment

– Develop quality, reliable sustainable infrastructure that is affordable and equal. – Promote inclusive and sustainable industry development. – Increase access to financial services for SMEs. – Enhance industrial infrastructure for sustainable and efficient resource utilization. – Increase science and innovation research – By promoting infrastructure in developing countries – By promoting technology and innovation development in developing countries. – By increasing access to information and internet References *1: https://en.wikipedia.org/wiki/Sustainable_Development_Goals *2: https://sdgmove.files.wordpress.com/2017/04/sdg-e0b881e0b8b1e0b89a-e0b881e0b8b2e0b8a3e0b89ee0b8b1e0b892e0b899e0b8b2e0b88ae0b8b8e0b8a1e0b88ae0b899e0b897e0b989e0b8ade0b887e0b896.pdf *3: http://e-plan.dla.go.th/activityImage/422.pdf

Introduction to Business Continuity in Thailand

June 17, 2020
Nareerat Moottatarn

What is Business Continuity Management?

Business Continuity Management (BCM) is the framework to counter the effects of crises and interruptions from external and internal risks to a business. The strategy consists of hard and soft assets for successful prevention and recovery. BCM can be part of a business’ risk management (RM) strategy. The term “Business Continuity” is, according to the ISO 22301 Standard, defined as the “capability of an organization to continue the delivery of products and services within acceptable time frames at predefined capacity during and after a disruption.” BCM covers disaster recovery, business recovery, crisis management, incident management, emergency management and contingency planning. The following Figure 1 shows the relationship between BCM, BCM, Disaster Recovery Planning, and Crisis Response.

What is Business Continuity Planning?

Business Continuity Planning (BCP) is a planning process that is part of BCM. The main purpose of a BCP is to address and mitigate all risks affecting a company’s business operations for managing and responding to risks, used for public, non-profit, non-government and private entities. Risk can include many incidents from cyber-attacks to natural disasters. Between 35 and 50 percent of businesses never recover after major disasters. These disruptions cause revenue loss and difficulty in recovery if no BCP or inadequate BCPs were implemented. Not all companies have business continuity planning, however this is quickly changing. BCP is now an important process that should be implemented across all industries.

What is an Emergency?

An emergency is an occurrence that needs response to minimize loss of life, property, environment and business operations. These could be human-caused, natural or technology-caused. A typical example of an emergency where BCP is used, is a fire incident that caused property loss. Other common emergencies include natural disasters such as earthquakes or floods, information security, product liability, long-term delay and suspension of product supplies, impacts of climate change, terrorism, political unrest etc. Planning for all possible disruptions is ideal, but most plans try to incorporate as many likely to occur main threats to the business as possible, depending on the type of industry and current global risk trend.

What is the difference between Emergency Planning and BCP?

Emergency planning and business continuity planning play different roles for an effective risk strategy. In general, emergency plans cover response and reactions to the disruption, whereas BCPs deal with continuing the business following the disruption. A single business continuity plan may have many disaster recovery plans.

BCP Standards

Standards provide criteria to develop, implement, assess, and maintain the BCP program to cover prevention, mitigation, preparedness, response, continuity, and recovery. Major standards are NFPA 1600, mainly used in the US, and ISO 22301, which is internationally used.

Components of BCP

There are 4 main components in BCP. The following is a brief description on how to conduct a BCP program: Understand: Understand your organization’s operations and hazards (risk assessment) and how disruptions affect them (Business Impact Analysis). Plan: implement and organize the strategies for recovery, allocating people to procedures, and documentation. A clear prevention plan is included. Improve: Exercising, testing and changing plans for review. Planning must be tested regularly for different risk scenarios for continuous improvement consistent with the entity’s policy, goals, and objectives. Audit activities are included. Train: All employees should be aware of such plan. [caption id="attachment_2670" align="aligncenter" width="640"] Your business could stop indefinitely if no BCP is in place.[/caption]

BCP in Thailand

In terms of preparedness, Thailand has no clear plan in business continuity on a national level. Most large corporations will already have BCPs as part of their risk management plan to comply with the company’s good business practice and risk policies. In addition, only businesses with direct disaster experience will have BCPs or partial BCPs in place. Much more awareness creation is needed. SMEs: 99% of Thai business enterprises are SMEs (Small and Medium Enterprises), which is defined as private organizations with less than 200 people. The Office of Small and Medium Sized Enterprises Promotion (OSMEP), under the Ministry of Industry, showed that there are 2.9 million SMEs in Thailand. Thai SMEs have low-level preparedness on business continuity planning, according to a study from 2018.  In addition, the degree of knowledge on BCP depends on the size of the business, period in which the business is in operation, and disaster experience. Those with disaster experience are more likely to have BCP. In another survey conducted in 2012, only 13% of SMEs have a business continuity plan, while 34.8% are in the process of developing one. Supporting business resilience in disaster-prone areas will need public and private support in promoting BCM practices. Industrial Estates: In the past, BCP of industrial estates in Thailand mainly focused on natural disasters. This is inevitably due to the direct experiences with catastrophes such as the 2011 Flood, where Thai businesses who activated their BCP strategy after the flood recovered better than those without. Increased interest in developing business continuity usually results from these crises. Others:  More immediate opportunities have emerged for Thailand to develop BCP in other areas which applies to all businesses. This is shown recently by the case of Covid-19 pandemic this year, as most businesses were caught off-guard and were unprepared to handle the global virus pandemic which affected all business across the country. Cyber security will be another key risk in the future for Thailand. [caption id="attachment_2672" align="aligncenter" width="624"] Covid-19 Pandemic Timeline & Cisco MWFH (Mandatory Work from Home) Response. https://youtu.be/vBWwyJwcdlg[/caption] [caption id="attachment_2673" align="alignright" width="241"] http://www.un.or.th/wp-content/uploads/2019/09/UN-Thailand-Annual-Report-2018.pdf[/caption]

Frameworks in Thailand on BCP

In Thailand, The National Economic and Social Development Board (NESDB) conducted a BCP study in 2011. Implementation of the BCP is classified into 3 levels: the national, regulatory and business enterprise levels and identifies that at: The national level: Thailand has no clear plan in business continuity. The Department of Disaster Prevention and Mitigation (DDPM) manages and handles emergency situations, and the agency only focuses on the implementation and management of disasters that affect the lives and property of citizens. The regulatory level: This is an agency that links the implementation of the BCP between the national level and the business enterprise level. Currently, regulators encourage the development of BCP by some financial institutions, such as the Bank of Thailand. The group actively promotes and pushes the development of more robust BCP measures. The Industrial Estate Authority of Thailand Area BCP Bangkadi Industrial Park Area, Pathumthani Province, Thailand also promotes the development of BCP in their industrial and entrepreneurial networks together with exercise of a drill at least once a year. The business enterprise level: Large enterprises have been implementing business continuity management (BCM), which is caused by the awareness of the organization itself and because it is also regulated, such as by the ISO 22301. This has influenced some sectors such as the banking sector to comply with the regulations. Despite these implementations, some organizations may manage and plan for BCP, but still have not understood its concept well, which hinders co-operation on the national level. [caption id="attachment_2713" align="aligncenter" width="625"] https://dga.or.th/upload/download/file_51e3e02b538bbe574b9b3c0da63fb96b.pdf[/caption]

Tools

Developing BCP should be a dynamic, ongoing process, as ‘crisis adaptability is the key to continuity’.  Many different tools and services are available to facilitate BCPs. Gathering this information could be done manually or automated with the help of software to reduce time and cost, common for IT recovery planning.  An example guidance for BCP can be found from WHO (World Health Organization). #1 Risk assessment:
  1. Identify and evaluate risk
  2. Actions to manage/mitigate the risk
  3. Future monitoring and procedures to prevent risks from occurring
#2 Business Impact Analysis (BIA): an analysis that identifies, quantifies, and qualifies the impacts resulting from interruptions or disruptions of an organization’s resources by using engineering analysis, mathematical modeling, simulations, surveys, questionnaires, interviews, structured workshops, or a combination thereof.
  1. Assess impact over time on the products and services and at what cost
  2. Prioritize recovery from key areas and critical functions, identifying the critical business processes and “Single Points of Failure” (SPOFs)
  3. Identify dependence between business areas and functions
  4. Determine the acceptable downtime for each function
  5. Identify resources for continuity support
  6. Make an initial plan to maintain operations
#3 Recovery strategy planning: The risks (see Figure 4) could either be controlled, transferred, avoided, or accepted. The most common strategies involve some type of third-party data center for backup, an alternate, off-site processing location and alternate workspace to restore operations to a minimally acceptable level. #4 Testing: Many organizations test several times a year to improve the plan, depending on the business type of the organization. Employee turnover, number of business processes, and other changes will affect the frequency of testing. Drills or disaster role-playing could be incorporated once a year through discussions (tabletops) with key business units or actual disaster walk-through (exercises). [caption id="attachment_2717" align="aligncenter" width="625"] https://www.set.or.th/th/regulations/supervision/files/Disclosure_Focus/Aug_%2053.pdf[/caption] A PDCA (Plan-Do-Check-Act Cycle), shown in Figure 5, can be used in the BCM strategy.

Example BCP Scenarios

The following could be used as example for tabletop exercises: Scenario 1: A fire occurs in the office. Employees are safely outside, however, client information cannot be accessed as most computers and servers were destroyed in the fire. Hard copies of files and documents containing important data are lost. How is data backed up? Where? How much can be recovered? How are clients to be notified of the fire accident? Scenario 2: Viral pandemic An ongoing flu pandemic is occurring globally. Staff numbers are likely to fluctuate due to sickness or care for family members. Loss of 25% of staff is likely. How can the organization continue to serve customers? What is the chain of command? How to communicate during the crisis and what are the policies? What should happen when attendance drops and fatalities occur? What if the pandemic disease continues for longer than one year?

Conclusion

To ensure a successful plan, companies must be proactive about implementing technologies and protocols that will prevent disruptive events from occurring in the first place. Creating a clear path to recovery with an ongoing BCP will give the organization confidence in dealing with such protocols and systems, hence, rapid business recovery will result. Find out more about our BCP services.

Reference

NFPA 1600, Standard on Disaster/Emergency Management and Business Continuity Programs 2019 Edition “Business Continuity Management” GAP.1.15, Global Asset Protection Services LLC 2015 https://www.enisa.europa.eu/topics/threat-risk-management/risk-management/current-risk/bcm-resilience/bc-rm-interfaces Doi: 10.1016/j.proeng.2016.06.390 Practical Process for Introducing Smart Business Continuity Management of Smart City in Japan – Scientific Figure on ResearchGate. Available from: https://www.researchgate.net/figure/BCP-concept_fig1_304713463 [accessed 18 May, 2020] Photo by Curioso Photography from Pexels Video on BCP https://youtu.be/vBWwyJwcdlg WHO Guidance for Business Continuity Planning. Geneva: World Health Organization; [2018]. License: CC BY-NC-SA 3.0 IGO https://www.enisa.europa.eu/topics/threat-risk-management/risk-management/current-risk/bcm-resilience/files/ic_relationship.jpg https://www.sciencedirect.com/sdfe/pdf/download/eid/3-s2.0-B9780123822338000169/first-page-pdf https://www.adpc.net/igo/contents/Publications/publications-Details.asp?pid=1163 https://www.adpc.net/igo/category/ID1163/doc/2017-kpg6Jv-ADPC-01_AreaBCP_English_Final_Report_20170220.pdf https://www.sumipol.com/knowledge/smes-%E0%B8%AB%E0%B8%B1%E0%B8%A7%E0%B9%83%E0%B8%88%E0%B8%97%E0%B8%B5%E0%B9%88%E0%B9%81%E0%B8%97%E0%B9%89%E0%B8%88%E0%B8%A3%E0%B8%B4%E0%B8%87%E0%B8%82%E0%B8%AD%E0%B8%87%E0%B9%80%E0%B8%A8%E0%B8%A3/ https://doi.org/10.1016/j.ijdrr.2017.10.002 https://www.adrc.asia/publications/bcp/survey_2012.pdf https://www.iso.org/obp/ui#iso:std:iso:22301:ed-2:v1:en https://www.researchgate.net/publication/240177042_Business_Continuity_Management_Time_for_a_Strategic_Role https://www.researchgate.net/publication/240177042_Business_Continuity_Management_Time_for_a_Strategic_Role https://www.sciencedirect.com/topics/computer-science/continuity-planning

Sustainable Development Goals (SDGs) Part 1

June 10, 2020
Sutiwat Prutthiprasert

What is a sustainable development?           

A development that can satisfy the demand of the current generation and will not reduce the future generation’s potential to satisfy their needs. A society will be sustainable when there is a balance of 3 dimensions: Environment, Economy and Society. After the Millennium Development Goals (MDGs) came to an end in 2015, the Sustainable Development Goals (SDGs) are launched by all United Nations Members States on September 2015 which are part of UN resolution 70/1 and intended to be achieved by the year 2030. The goals provided a shared blueprint for peace and prosperity for people and the planet, now and into the future. SDGs consists of 17 topics as follows: All 17 goals which are classified into 5 topics (5P).
  1. People End poverty and hunger in all forms and ensure dignity and equality. (Goals 1-5)
  2. Planet Protect our planet’s natural resources and climate for future generations. (Goals: 6 12 13 14 and 15)
  3. Prosperity Ensure prosperous and fulfilling lives in harmony with nature. (Goal 7-11)
  4. Peace Peaceful, just and inclusive societies. (Goal 16)
  5. Partnership Implement the agenda through a solid global partnership. (Goal 17)

Features of Sustainable Development Goals

1. Inclusive Development – Sufficient coverage of development. Leave no one behind. 2. Universal Development – Not for only poor countries but to support all countries 3. Integrated Development – Harmonizing of all 17 goals 4. Locally-focused Development – The goals must be applied to both urban and rural areas (Bottom up approach). 5. Technology-driven Development – SDGs need a modern technology to succeed, especially the one relating to data. One example of understanding SDGs systemically. In countries that has increasing rate of enrollment, there are some students who are still not able to access to schools due to poverty and the distance to school. In addition, if the student is a female, her parents may think that going to school is not necessary. In order to solve this problem, 7 goals have to be integrated: Goal 1 No Poverty, Goal 2 Zero Hunger, Goal 4 Quality Education, Goal 5 Gender Equality, Goal 6 Clean Water and Sanitation, Goal 10 Reduce Inequalities, Goal 16 Peace Justice and Strong Institution. SDGs in Thailand SDGs are used as a guide to Thailand’s 20-Year National Strategy (2018-2037) which is legislated in the Constitution of Thailand 2017. To achieve SDGs, the Sufficiency Economy Philosophy (SEP) and Thailand’s 20-Year National Strategy are the ideas and method to conduct. In Thailand, SDGs are supervised by the National Committee for Sustainable Development (CSD) which is set up by thai government, headed by the Prime Minister. Consisting of 37 members from the integration of public sectors, private sectors and civil society sector and having the Secretary-General National Economic and Social Development Board as the secretariat. In order to provide more channels for the local communities to work with the government sector, the cabinet also established three new national committees in 2017-2018. Such committees are a committee for the implementation of government policies, a committee on building the capacity of local communities and a committee on the Sustainable Thai Nyom Project*. “Business sectors are the largest culprit in destroying environment” said Ray Anderson, CEO of Interface Company in TED TALK 2019. Many thai companies have initiated their projects towards the SDGs. Most companies have to review their corporate social responsibility (CSR) activities and/or have to adjust their production processes to decrease the impact on environment. In Thailand, there is an organization that specially aims for sustainable development called Thailand Business Council for Sustainable Development (TBCSD), founded in 1993. Currently, there are 38 organizations as a member that involves following occupancies: agricultural, financial, service, technology, industrial, consumer products, resources, real estate and others. Some examples of cooperation projects between TBCSD and Thailand Environment Institute (TEI) are Carbon Reduction Certification for Building which encourages the involvement of manufacturers and consumers in global warming reduction via the market mechanism and Green Label for the environmentally friendly products. Several large Thai corporations also initiates their SDGs projects. CP All and PTT, for instance. *Thai Nyom Project can be translated as “sustainable Thai way”. It is a project for government to collect opinions (Big Data) from citizens to allow the government to know about people’s needs such as the economy in people’s views. In 2015, CP All became a member of UNGC (United Nation Global Compact) and use 17 goals as a business plan guide. By classifying SDGs into 3 topics: Heart (Living Right), Health (Living Well) and Home (Living Together). Heart focuses on “Governance” inside the organization which can refer to a core value for all staff and be more open to different point of views to create new innovations. Health focuses on what we can do to create sustainability for a society. And, Home is how we can reserve dwellings for our and future generations. What Pid Thong Lung Pra foundation, supported and cooperated with UNGC, is doing is an example of “Home”. The foundation is targeting on water management which is the heart of farmers’ living. PTT, as an energy company, comes up with 3P strategy which is the balancing between People, Planet and Profit. Famous project for “People” are “Pacharat School” by becoming 1 from 12 supporter companies. The project applies the management way of private company to the school system. Another significant project is EECi (Eastern Economic Corridor of Innovation) in Wang Chan Valley in Rayong Province to be the Smart Natural Innovation Platform with the purpose of driving research and innovation. The project develops infrastructure on the area of 3,302 rai to be in accordance with “Smart City”.

What are business risks and chances for Thai company with SDGs?

It is apparent that the world’s population keeps increasing every year. By 2050, the world’s population is expected to increase by 10 million people, meaning that the demand will also increase. This can benefit in a larger market segment. On the other side, in order to produce more products, can the technology satisfy that production level, while land limitation exists. There are several challenges or risks that the business sectors have to consider. The challenges may be separated into 2 forms: External drives and Internal Drives. External drives are mostly from international organizations such as UN and WTO that regulate how the productions will not further damage environment. Internal drives are more critical as It is important for business sectors to be proactive rather than reactive. Business sectors have to know themselves well, for example, is the cost low enough? are there new innovations? are there new markets? or using Dow Jones Sustainability Index (DJSI)* as an indicator. *Dow Jones Sustainability Indices (DJSI) are a family of indices evaluating the sustainability performance of thousands of companies, operated under S&P Dow Jones Indices. Thailand has advantages in some industries due to the location such as Trade & Finance, as Thailand is located in the center of ASEAN, Tourism and obviously agricultural and food industries. On the other hand, there are lots of units that are still in Thailand 1.0 level, especially the agricultural units (farmers) which are 40-50% of the overall Thailand’s population. The more SMEs transformed to 4.0, the more inequality it will become for the agricultural section.

In the following chapters, we will talk about all 17 goals in detail.

 

Are Medical thermometer and Industrial thermometer interchangeable?

June 10, 2020
Sutiwat Prutthiprasert

            VS       

Infrared thermometers are tools used to quickly measure the surface temperature of an object without touching it. The infrared thermometers are used in wide range of applications including medical and industrial use. The measured temperature can range from 0-3,600 °C. The device takes in the radiation emitted by the object and calculates its temperature.

How an infrared thermometer works?

As the world is facing a COVID-19 crisis, the demand of infrared thermometers greatly increases to filter for the infected people. The question is “Can we used Medical and Industrial Infrared Thermometers interchangeably?” The answer is “yes but only recommended for preliminary screening. Normally, an industrial infrared thermometer is designed to measure surface temperature over an extensive temperature range. The temperature can range up to 500 °C. The wider range means there is a trade-off in measurement accuracy. Industrial thermometers can have an error factor that average around ±1 °C to ±1.5 °C. On the contrary, the output of medical infrared thermometers must be more accurate as they are well calibrated for human body temperature. The temperature of the medical infrared thermometer only ranges from 32 °C to 42.5 °C, so the error can be expected to be average at ±0.1 ºC. A reliable medical infrared thermometer is certified for medical use such as ASTM 1965-1998: Specification for Infrared Thermometers for Intermittent Determination of Patient Temperature and FDA. To ensure the best accuracy of the measurement, a trained or experienced operator is needed to reduce error, even for the medical infrared thermometer. Generally, inaccuracies when using infrared thermometers can be from operating errors and misinterpretation of readings. The common causes of inaccuracy include: 1. Not following instructions – Thermometer is too close or too far away 2. Require skilled adjustment – A different surface temperature needs different settings. (Emissivity) 3. Subject to environment influences – Changing in ambient temperature can cause inaccuracy. 4. Not transparent to glass and other substances – Thermometer cannot read temperature through the glass and other transparent materials. In conclusion, industrial infrared thermometers can be used to measure body temperature but they are not recommended. An accurate industrial infrared thermometer that can adjust the setting usually comes with an expensive price. Using a medical infrared thermometer would cost less with enough accuracy. The safest way to use industrial infrared thermometers for measuring human body temperature is the primary screening and requires a contact measurement to confirm the result. References 1: https://pixabay.com/th/photos/%E0%B9%80%E0%B8%97%E0%B8%84%E0%B9%82%E0% B8%99%E0%B9%82%E0%B8%A5%E0%B8%A2%E0%B8%B5-%E0%B8%AD%E0%B8%B8%E0%B8%93%E0% B8%AB%E0%B8%A0%E0%B8%B9%E0%B8%A1%E0%B8%B4-%E0%B9%81%E0%B8%AA% E0%B8%94%E0%B8%87%E0%B8%AD%E0%B8%B8%E0%B8%93%E0%B8%AB%E0%B8%A0% E0%B8%B9%E0%B8%A1%E0%B8%B4-3094663/ 2: https://www.instrumentchoice.com.au/news/what-s-the-difference-between-medical-and-industrial-ir-thermometers 3: https://www.sciencedirect.com/topics/engineering/infrared-thermometer 4: https://www.theblazinghome.com/infrared-thermometer-vs-digital-thermometer/ 5: https://pixabay.com/th/vectors/%E0%B9%81%E0%B8%82%E0%B8%99-%E0%B8%A1%E0%B8%B7% E0%B8%AD-%E0%B8%82%E0%B9%89%E0%B8%AD%E0%B8%A1%E0%B8%B7%E0%B8%AD-%E0%B8%A1% E0%B8%99%E0%B8%B8%E0%B8%A9%E0%B8%A2%E0%B9%8C-153258/ 6: https://buythermopro.com/knowledge/infrared-thermometer-gun-temperature-screening/ 7: https://www.egat.co.th/index.php?option=com_content&view=article&id=3420&catid=49&Itemid=251 8: https://www.eevblog.com/forum/testgear/is-an-industrial-ir-thermometer-adequate-for-measuring-body-temperaturefever/ 9: https://ennologic.com/corona/

Thailand PM2.5 Crisis

May 7, 2019
Sutiwat Prutthiprasert

Why is PM2.5 harmful in Thailand?

Bangkok’s hazy morning could be pleased to many people but this fog is actually a cluster of very small and dangerous dust particles that can easily enter and harm human’s body. The air quality of Bangkok has been getting worse since the second week of January. The pollution level (PM2.5) remains at hazardous level in many areas of Bangkok and the surrounding provinces. This year’s situation is worse than that in 2018. Experts conclude that the combustion from diesel engines, burning of biomass and industrial activities are the main causes of the situations from both inside country and neighboring countries. From the study, Bangkok’s PM2.5 haze usually occurs in drought season or cold season of Thailand due to the stagnant air movement. In the big picture, the haze problems also takes place in other ASEAN countries such as Myanmar, Laos and Cambodia. This could be a failure of Asean Agreement on Transboundary Haze Pollution (AATHP) to enforce its members to stop expansion of monoculture farming and rapid deforestation.

What is PM 2.5?

            PM2.5 dust is any particle that is smaller than 2.5 microns which is comparable to bacteria size. Human’s hair has an average size around 50 microns and PM2.5 dust is 20 times smaller than human’s hair. Thus, the particles can easily penetrate the nasal hair to the lungs which can increase the risk of lung cancer. PM2.5 is the main pollutants in many countries like China, USA and European countries as it can stay in the atmosphere for a long time and can travel for a long distance. The sources of PM2.5 are mainly from the diesel engine combustion, the burning of biomass, dust from combining of pollutant gases and the industrial activities.

Pollution from Industrial Dust
Pollution from Engine Combustion

Impacts of PM2.5 and StandardsImpacts of PM2.5 and Standards

National Air Quality and Global Guidelines for PM2.5 by WHO

Because of its tiny size, PM2.5 can easily enter human’s lungs and bloodstream which can obviously affect human’s health. The study shows that the PM2.5 can cause respiratory disease, cardiovascular disease, cancer or even death. Children, elderly and pregnant women will be more risky to PM2.5 than adults. Long term exposure to PM2.5 might be an important risk factor of hypertension in adults and can even deteriorate the reproductive system. According to Thailand’s standard, the PM2.5 level should not exceed 50 micrograms per cubic meter of air, while the WHO’s standard is set at 25 micrograms per cubic meter of air.

Countermeasures

The Pollution Control Department strictly orders the vehicles emitting black smoke off the roads and to prevent people from lighting a fire outdoors, and asks people to reduce their use of private vehicles. However, these actions may not be effective immediately.
The help from meteorological factors such as weather (temperature and wind speed) and precipitation could be the best option. The study has found that the high temperature weather was more helpful to diffusion of pollutants than the low temperature. The rainfall also affects the removal of particles. The average PM2.5 concentration decreased by 56.3% after the rainfall by the PM2.5 concentration remains after 1 hour of rainfall and will keep declining within the next 12 hours. Therefore, there is an attempt of rainmaking to settle the dust.
The simplest way people can protect themselves is to wear N95 mask when going outdoor which is more capable of filtering the PM2.5 than the normal mask. Since the outdoor PM2.5 pollution cannot be easily controlled, it is important to control the indoor air quality by using the air filter.

N95 mask

Applications for checking PM2.5

The air quality can be checked by the following applications and website.
-Air4thai (application)
-AirVisual (application)
-http://air4thai.pcd.go.th/webV2/
-https://aqicn.org/city/
-https://www.airvisual.com/

The graph below indicates the changes in the mass density of PM2.5 at one of the monitoring station in center area of Bangkok from 1st January 2019 to 15th February 2019.


Changes in the mass density of PM2.5 (micrograms per cubic meter)

References

https://www.beartai.com/article/tech-article/303260 https://thaipublica.org/2019/01/air-pollution-pm10-pm2-5/ https://www.bangkokpost.com/news/general/1610854/bangkok-air-pollution-remains-at-hazardous-levels http://www.nationmultimedia.com/detail/national/30343974?fbclid=IwAR3kN-1X0MXD2guaftMiNAWu9RuM83uH6d0p2LeI4NF1oApFBpv1ff2-FCg https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5876983/ https://aqicn.org/city/thailand/bangkok/chulalongkorn-hospital/ http://www.ccacoalition.org/en/content/air-pollution-measures-asia-and-pacific

Fire at Centara (Central World)

April 12, 2019
Nareerat Moottatarn

From the investigations of the Forensics Department of the National Police Force, staffs of the Engineering Institute and staffs related to the incident, Mr. Pichaya Chantranuwat, the Director of the Engineering Institute of Thailand states that the origin of the fire is from the fire pump room on the B2 basement floor. The fire travelled from the underground floor B2 up to the 8th floor via the interconnecting duct between the B2 and 8th floor. The duct is horizontally installed and is made from fiberglass, which is not designed for high heat resistance. The heat spreading to the 8th floor’s duct caused it to collapse and obstruct the fire exit of the 8th floor which caused the smoke to be trapped and was not able to escape outside. The situation was worsened by large amount of combustibles which helped sustained and grow the fire.  

Due to the old age of the building, the outdated duct design is considered to be a weak point. On the other hand, newly constructed buildings would have the heat resistant ducts installed or fire dampers inside the duct in order to prevent the air from coming inside. Building inspections for old buildings will be restricted to original structural inspections, and no emphasis will be made on the matters previously mentioned. Mr. Pichaya also states that the laws and regulations for building fires exist, but are difficult to enforce.

From our experience of surveying numerous factories, we hypothesize that the underground B2 floor, which contains the wastewater treatment equipment and other utilities, had methane gas, hydrogen sulfide gas, and ammonia gas accumulated from the wastewater treatment process. These gases can be ignited and catch fire quickly from electric sparks of the blower machine, which was inside the room, according to the news. This could be the cause of the fire incident. Afterwards, the smoke and heat rose into the ventilation duct which if no inspections were regularly performed, debris and residues could be the fire’s medium and helped spread the fire. This lead to continuous fire inside the duct due to the duct’s inability to resist fire, finally causing the pipe to be damaged, collapsing to block the exits.

[caption id="attachment_2260" align="aligncenter" width="225"] Traffic Congestions in Bangkok[/caption]

Tropical Storm Pabuk to Hit Thailand

January 11, 2019
Nareerat Moottatarn

Background

              A few days after a New Year’s festival celebration, Thailand’s Meteorological Department reported the incoming tropical storm to hit the Southern Thailand, named “Pabuk”. It was originated in the Southern South China Sea with the maximum wind speed of 65 km/hr or faster. Its name was given after the large fresh water fish in Mekong River by Laos as a member of the World Meteorological Organization Typhoon Committee. The storm is approaching the Gulf of Thailand from the south direction with the speed of 25 km/hr and expected to hit Southern Thailand between 3rd and 5th January. An expert revealed that its moving speed and wind speed are not that fast comparing to the well-known storms in the past, which will result in continuous heavy rainfall and very rough seas for several days. Due to the location, Thailand has been occasionally affected by serious storms. In the past 30 years, Thailand has encountered 2 destructive storms: “Typhoon Gay” and “Typhoon Linda”. Typhoon Linda hit The Gulf of Thailand in 2540 as a tropical storm with wind speed around 80 km/hr and moved across Thailand to the west side and dissolved in the Bay of Bengal. Typhoon Gay, Thailand’s most severe storm in the last 35 years, started from low pressure air and developed to depression, tropical storm and eventually typhoon just in a few hours. The storm landed at Chumphon on November 4th 1989 with the wind speed around 185 km/hr (Level 3 typhoon) and caused wide range of damage. More than 446 deaths were reported. Pabuk will not be as aggressive as Gay because of the lower wind speed but the damage is still expected to be intense. [caption id="attachment_2209" align="aligncenter" width="375"] Thailand storm Pabuk simulation https://www.windy.com (Friday 4th 2019 – 9:00AM)[/caption]

Effects and Countermeasures

              There will be heavy rainfall and very rough sea which will lead to floods in Pattani, Yala, Pattalung, Songkhla, Nakhon Sri Thammarat, Suratthani and Chumphon and the Andaman side from 3rd January and will be worst on 5th January. Nakhon Sri Thammarat and Suratthani are expected to receive most damage. Some damages have been reported; more than 20 electricity poles in Nakhon Sri Thammarat were collapsed and the electricity blackout was spread to many areas. Since the wind speed has raised to 85 km/hr which could damage constructions such as windows, doors and roofs. Tourists in famous islands such as Koh Tao, Koh Samui and Koh Phangan had to be evacuated. Several closures and cancellations has been reported as follows: Nakhon Sri Thammarat Airport, Moo Koh Similan and Moo Koh Surin National Parks, Raja Ferry Port, Seatran Ferry and Ang Thong National Park (updated January 4th 2019). On January 4th, one death has been reported near Pattani. Officials has announced a warning and civilians living in the affected areas or expected areas were evacuated, including workers who work at the oil rig in the middle of Gulf of Thailand, but some insisted to stay. However, the prediction of storm’s movement is still uncertain, the situation is still needed to be monitored day to day.  

Forecasts

              Regarding to forecast from Thailand’s Meteorological Department, Pabuk will move across the Southern Thailand to Andaman Sea from 4th-5th January. As a result, there will be downpour and heavy rain in many locations. The flash flood has to be aware. The waves in both Gulf of Thailand and Andaman Sea will be even more powerful. Read more flood news at Interrisk’s News Page. Copyright 2018 MS&AD InterRisk Research & Consulting, Inc. All Rights Reserved

References

https://www.pptvhd36.com/news/%E0%B8%9B%E0%B8%A3%E0%B8%B0%E0%B9%80%E0%B8%94%E0%B9%87%E0%B8%99%E0%B8%A3%E0%B9%89%E0%B8%AD%E0%B8%99/95947 https://thethaiger.com/news/phuket/pabuk-latest-information-on-the-path-of-the-storm-across-the-gulf https://www.theguardian.com/world/2019/jan/03/thailand-tourists-flee-as-tropical-storm-pabuk-set-to-bring-seven-metre-waves https://www.thairath.co.th/content/1416990

No tag assigned

Rainy Season Brings Heavy Rainfall to Northern Thailand

June 13, 2018
Sutiwat Prutthiprasert

Thai Flood Report: Forecast of Thailand’s Rainy Season 2018

Summary

As the rainy season has arrived last week, there have been a few flood situations; mostly caused by heavy rainfall but the situations were relieved in not long time. The rainfall in Northern area of the country caused water logged on the road and stream to the village such as in Chiang Mai and Lampang. The water storage levels in main dams are still low as well as the water levels in main rivers and canals.

Forecast

For the rainfall amount forecast in 2018 rainy season, it is expected that the overall rainfall amount will be 5-10% less than normal value and also less than last year’s. By the beginning of the season (June), the rainfall amount will be close to normal value. Then, in the middle of season (July-August), the rainfall will also be close and less than normal value and will be less than normal value in the end of season (September-Middle October). The period with the most amount of rainfall will be in August and September which will also have high probability of tropical storms.

Expected rainfall amount in each region of Thailand

Area Expected rainfall amount in rainy season 2018 (mm)
May June July August September October
Northern 178 156 176 223 218 124
Northeastern 187 203 211 266 242 117
Central 172 145 156 181 257 187
Eastern 224 262 278 303 257 187
Sothern (Thai Gulf) 224 262 278 303 330 255
Sothern (Andaman) 310 312 337 399 424 367
Bangkok 248 157 175 219 334 292
Red cell: 5%-10% higher than normal value Green cell: close to normal value Blue cell: 5%-10% lower than normal value Remarks -Normal value refers to the average rain fall amount in the past 30 years The overall amount of rainfall in May and June will be close to the normal level except in the Northern and the Northeastern region because of an influence from the monsoon that moves pass the Northern and Northeastern regions.

Flood events

Flood news during the past weeks: May 16th 2018: Heavy rainfall in Bueng Sub-District of Sriracha District, Chonburi Province caused 50 cm high flood as an influence from the tropical storm. The area has never been flooded before. May 20th 2018: Windstorms hit several provinces causing falling trees and electric posts such as in Chaiyaphum, Phrae and Uttaradit. May 22nd 2018: The water from stream overflowed to the villages in Lampang Province after 5 hours of rainfall. May 24th 2018: Heavy rainfall in the night caused water logged in the village in Muang District of Chiang Mai Province. May 26th 2018: All-night rain in Pang Nga caused flood on Takua Pa-Phuket road which paralyzed the traffic. May 27th 2018: After 2 hours of raining, the flash flood from mountain attacked villages in Phayao Province. June 4th 2018: 30 cm high flood due to heavy rainfall in Khon Kaen and Udonthani Provinces. June 5th 2018: One-hour heavy rainfall in Phuket caused floods on many road surfaces and flowed to the residence areas. It also caused landslides in some areas. June 5th 2018: Heavy rain in Korat caused flood and flashflood to destroy road. This caused paralyzed traffic and car accident. June 9th 2018: Chao Phraya dam increased the drainage rate from 250 m3/s to 350 m3/s to due to the increasing amount of water from the northern region.

Dam Storage Level (Sirikit Dam, Bhumibol Dam)

The water storage level in both dams are close to 2011 but higher than last year. Since this period is the beginning of the rainy season, the water storage level will be starting to increase in the next coming months but may not so much as last year.

Dam Storage Level (Pasak Dam, Kwaenoi Dam)

Both dams are now having low water storage level, as the dry season has just ended. Comparing to 2011 and 2017, the water level is very low. The storage level is expected to be higher in the following months.

The Upper Chao Phraya River Flow

The water situations in main rivers and canals are at normal level. The current levels are a lot lower than the river bank.

The Lower Chao Phraya River Flow

As the amount of water from the upper Chao Phraya is still low, the amount of water in the lower Chao Phraya is also low, since there has been not much rainfall as the rainy season has just begun.

References

https://www.tmd.go.th/monthly_forecast.php
http://www.arcims.tmd.go.th/dailydata/yearRain.php
http://climate.tmd.go.th/content/file/831
https://www.thairath.co.th/content/1276647
https://www.thairath.co.th/content/1282627
https://www.thairath.co.th/content/1288119
https://www.thairath.co.th/content/1290271
http://www.thaiwater.net/DATA/REPORT/php/rid_lgraph3.php?dam_id=19
http://water.rid.go.th/flood/plan_new/chaophaya/Chao_up.php?cal2=25052018
http://water.rid.go.th/flood/plan_new/chaophaya/Chao_low.php?cal2=25052018http://water.rid.go.th/flood/flood/weekreportnew.pdf
http://www.arcims.tmd.go.th/dailydata/yearRain.php
https://www.tmd.go.th/7-day_forecast.php
http://www.thaiwater.net/DATA/REPORT/php/rid_lgraph3.php?dam_id=19http://water.rid.go.th/flood/flood/daily.pdf
http://water.rid.go.th/flood/plan_new/chaophaya/Chao_up.php?cal2=12062018
http://water.rid.go.th/flood/plan_new/chaophaya/Chao_low.php?cal2=12062018https://www.ryt9.com/s/tpd/2835764
https://www.ryt9.com/s/iq01/2837021
https://www.ryt9.com/s/nnd/2839123https://www.ryt9.com/s/nnd/2839123http://thaiflood.kapook.com/view192788.html

19 Ways Data Can Be Leaked

January 3, 2018
Tawan Punsang

Have you ever wondered how our confidential or personal information leaks from us? Or how they fall into the wrong hands? The answers differs from a simple methods to advanced ones, so firstly for someone who may not be involved in cyber security to understand overall pictures is to know what is data breach? And where do data flow? Data breach is an incident where information is stolen or taken from a system without the knowledge or authorization of the system’s owner which can cause a small company or a large organization to suffer great loss. Stolen data may involve sensitive, proprietary, or confidential information, such as credit card numbers, customer data or trade secrets. There are so many ways data can easily leak out of an organization. There are three buckets or containers where information “lives and flows”; in digital form, in hard copy (paper) and in the conversation. Information is constantly flowing between these containers, usually resting in more than one of them at any given moment without some type of map or landscape that lays them all out. Data leak is divided into 2 classes which are internal data leakage and leakage from external threats. In total, there are shown 19 ways below.

Instant Messaging (Peer to Peer)

  • Many organizations allow employees to use instant messaging from their workplace which include products such as Skype, Google talk and peer to peer (P2P) networks. These programs could act as file sharing networks that allow users to inadvertently share confidential documents to an external users.

Email

  • Email also represents a route for a simple data leakage. Because traditional email clients, such as Microsoft Outlook, etc. are widespread within organizations. Internal users could even be tricked to email or inadvertently send confidential documents as an attachment to an unauthorized individual due to employee oversight or poor business process.

Web Mail

  • Web mail runs over HTTP/s which an organizations’ fire wall may allow it through uninspected. When the connection is initiated by internal IP user, an individual may leak their confidential data, either as an attachment or message body.

Web Logs / Wikis

  • Web logs and Wikipedia site are a collaborative website where everyone could write their thoughts, comments, opinions and edit on any particular subject. These site could be used as a way to release confidential information, simply entering the information on the blogs. However, these are perhaps a less likely medium to leak confidential information because they would most likely be able to be tracked.

Hiding in SSL

  • Another ways to leak sensitive data is through SSL connection. Users may try to obscure data by utilizing a public proxy service via an SSL connection. They enter the proxy service with a browser, type in the URL of the site and then their entire session is encrypted without any detection of firewall.

Malicious Web pages

  • Visiting either a compromised or malicious sites could present user’s computer a great risk of being infected with malware. A web page containing malicious code with an OS/browser. The malware could be in form of a Trojan, Key logger, etc. Users might download a key logger/backdoor, thus providing the attacker with full access to user’s computer.

Data theft by intruders

  • There have been numerous stories about the theft of credit card information or others electronic break-in to an organization by intruders. This particular event holds remarkable concern, because resumes contain a significant amount of information of individual, including their personal information or even details of third parties. Believable phishing attacks or social engineering could be used by a theft to obtain these sensitive data.

Malware

  • Malware can evade inbound gateway protection measures and desktop anti-virus then initiate outbound communications, sending out files which may contain sensitive data. Malware can be categorized as Virus, Worm, Trojan horse, Spyware, Key logger, etc. These allows a hacker to remotely access your computer, perform various operations such as capturing potentially sensitive information, corrupting files on target computer and so on.

SQL Injection

  • SQL injection is a code injection technique that can be used in a range of ways to cause serious problems. By using SQL injection, an attacker could bypass authentication, access, modify and delete data within a database. The initial action of the attack could be to enter a single quote within the input data in a POST element on a website. Following with trial and error by the attacker could eventually reveal table names, field names and other information. This will allow an attacker to construct SQL query within the POST element that yields sensitive data.

Phishing

  1. Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email. Typically a victim receives a message that appears to have been sent by a known person or organization. An attachment or links may install malware on user’s device or direct them to malicious website and cause them to lose sensitive information. Phishing is popular with cybercriminals, as it is far easier to trick someone into clicking a malicious link in a seemingly legitimate email than trying to break through a computer’s defenses.

Dumpster Diving

  1. Many organizations that do not take appropriate care with destruction of hard copy information have a risk of confidential data falling into dumpster diving. Instead of having the document destroyed securely, Individual may throw their confidential information into the rubbish which could be discovered by an attacker through this method.

Physical Theft

  1. Many organizations underestimate the importance of keeping their offices and their equipment physically secure. They often lack a clear policy describing what measures they should take to protect computers and backup storage devices from theft. As a result, Poor physical security at an organization’s file or poor security practice of individuals creates a possibility of physical theft. Physical theft of devices such as laptops, computer systems, back up tapes, and other media also post a risk for data leakage to organizations.

Removable Media / Storage

  1. Theft or loss of a data storage medium such as USB memory key, and external hard drives made up nearly 54 percent of all identity theft-related data leaks. Due to the size, USB keys are so easy to lose. Although some data when were copied to the key are legitimate, the risk of the key lost onto the third party still exists.

File Transfer Protocol (FTP)

  1. FTP represents another method for a user to leak their information. It is simply straightforward to install and configure a basic FTP server external to the organization. The shortcomings of FTP stem from both the design of the protocol and evolving business requirements. The individual then merely has to install a publicly available. FTP client and upload the file.

Security Classification Errors

  1. Security models are intended to provide a framework for organizations to avoid classified and / or sensitive information being sent to individuals (internally and externally) without the appropriate security clearance level. It is conceivable that an individual with Top Secret clearance may either intentionally or inadvertently send a Top Secret document to another individual with only “Classified” clearance.

Hard Copy

  1.  If an individual wishes to provide a competitor with sensitive material, and the victim organization has already implemented electronic countermeasures, it is still possible for the individual to print out the data and walk out of the office with it in their briefcase. Or, they simply place it in an envelope and mail it, postage happily paid by the victim organization.

Inadequate Folder and File Protection

  1.  If folders and files lack appropriate protection (via user/group privileges etc) then it becomes easy for a user to copy data from a network drive (for example) to their local system. The user could then copy that file to removable media, or send it out externally by methods discussed above.

Cameras

  • A determined individual may choose to take digital photos (or non-digital for that matter) of their screens. A camera is not even needed nowadays. Cellular telephones today are likely to have a camera built in, perhaps with up to 2 mega pixels or more. The photo could then be sent by email or Mobile Messaging directly from the telephone.

Inadequate Database Security

  • Poor SQL programming can leave an organization exposed to SQL injection attacks, or allow inappropriate information to be retrieved in legitimate database queries. Additionally, organizations should not implement broad database privileges as this can lead to users accessing confidential information (either intentionally or inadvertently).