Report to Supervisor Revised

Date: 21 November 2023 To: Maria Carman From: Lily Calfee Subject: Suggestions for All Washed Up It has been a pleasure to work as Assistant Manager for All Washed Up these past few weeks. 1 admire how hard the staff works, how their customer service has expanded the customer base and the different opportunities this company offers its employees. I am submitting this report to you to outline a few improvements that could take All Washed Up to the next level. Some of my observations show potentially concerning activities pertaining to job functions and security. I will outline the details of my observation throughout the report. Overall, this is an amazing company to work for. The growth he company has shown over the past few years is tremendous and commendable. It shows that All Washed Up has an unleashed potential. The issues I will mention in this report show how All Washed Up can improve and go to the next level with a few minor adjustments to the job functions and security.

Executive Summary All Washed Up has been growing since its beginning in 2012. It has grown both its customer base as well as its number of staff. Starting off as a do it yourself car wash bay, it has expanded it to a full service car wash. This expansion aided in growing the customer base by: Allowing for people with disabilities and young children to get their car washed Adding interior cleaning, which automated car washes do not offer Allowing for a deep and thorough clean, which automated car washes do not offer Expanding the car washing market and enhancing the customer experience. However, there are a few potential problems that exist with the current business model. These include the following: e Improper credit card handling o Customer hands their credit card/ debit card to an attendant who then take it over to the counter and place it on the counter to be run As many as three cards can be on the counter at once As many as 10 customers and even more employees are able to see the credit card information when it is laying around on the counter e Cybersecurity threats o There is one shared password for the computer system o The password has not been updated in over 6 months e Misuse of Social Media o Employees are taking pictures on their personal phones of themselves next to expensive cars, they are then posting it to their personal social media and not covering the license plate o You are taking pictures of customer’s cars and posting it to your social media account without covering up the license plates Solutions to these problems include the following: e Implementing new policies for check out of customers e Creating individual accounts and passwords for the computers and having one master password that has access to all accounts e [Establishing a company social media page e Implementing new policies for taking photos of work content and posting it on personal social media accounts If these solutions are implemented, All Washed Up will be able to go to the next level, be more secure and have a solid foundation for continued growth.

Cybersecurity Risks e When it comes to the computer system there is only one password. This issue can lead to cyberhacking and information being stolen or leaked. When there is only one password that many people share this means that all employees have access to all company data. All employees having access to all company data is a major security risk. ® The password has not been changed in over six months. Your password should be reset frequently to avoid cyberhacking. When you keep the same password for an extended period of time, this allows hackers enough time to figure out your password and then, they can steal/ leak important information. e Both of these options listed above leave the company open to many abuse of data issues. If an employee gets fired or leaves the company on bad terms, they can share the only password that the company has which leaves the company vulnerable. It is shown that “Recent statistics show that only less than half the companies in the USA are fully prepared to deal with cyberattacks” (Chansukree, Sagarik, & Cho. 2022) so by reevaluating the areas above I believe All Washed Up can advance to the next level. The Misuse of Social Media ® You post business posts on your personal social media accounts. While getting publicity out there, there are a few issues with this. The first is that unless people know you they cannot attach a business to the work. The second is that business social media accounts have many different features to help you promote your business and they should be used. e When you or the employees post photos of client’s cars you do not cover the license plate up, which is considered personal information for the customer and should be treated as such. Having clients license plates open on social media leaves them open to a host of issues such as safety, personal security breach, etc. While there is no reason to assume that any of these issues will cause something negative to happen at All Washed Up, there is still a need to improve these areas to not leave us vulnerable.

Suggested Solutions 1. Implement new policies for the checking out process as well as credit card handling a. The first thing that should be implemented is that only one person should be collecting payments. One person should take the card from the customer, check them out and then bring the credit/ debit card back to the customer. b. Credit cards should not be left in the plain view of any customer ever. Credit/ debit cards should never be set down where anyone can see it. Having the attendant hold the form of payment until they process the payment will be the easiest thing to do. c. You should also keep the credit/debit card in view of the customer at all times, this will reduce the risk that there will be any fraud allegations from the customer, Jefferson County explains, “If handling the credit card is required 3 due to the location of the credit card device or other factors, keep the credit card in view of the customer at all times.” (Jefferson. 2023) d. I would also consider having the customer complete the transaction themselves. After they get out of the car and before they go into the waiting area, the customer should go up to the counter and complete payment. 2. Having individual passwords for each employee, with this limiting access to the companies’ information on a need to know basis a. Zviran and Haga say that “despite the widespread use of passwords, little attention has been given to the characteristics of their actual use.” (Zviran, Haga. 1999). Hence, each employee should have their own personal username and password to be able to access the company's computer system. This change will allow the company’s servers to remain secure. This change also protects the company from a security breach if someone leaves the company on bad terms. If someone leaves on bad terms, their password can be revoked so they are no longer allowed access. b. There should be requirements for each employee's password that enhances security and decreases the likelihood of someone being hacked. IBM says that “You can specify the following standards and other rules for passwords: Minimum and maximum length, Character restrictions, Frequency of password reuse, Disallowed user names or user IDs and Specify a minimum password age” (IBM. 2023). c. Each employee should be allowed a certain amount of access to the company's computer system so that they only have access to exactly what they need to do their job, this can be granted by requiring them to input their password to be able

Conclusion All Washed Up is a groundbreaking company in the car washing business. There has been substantial growth since it opened in 2012. As the owner of All Washed Up, you have built this company from the ground up and have done an amazing job. Although the growth of All Washed Up is amazing, it has come with strains on the job functionality and company security. One of those strains is only having one password for the entire company system, which also has not been changed in over a month, leading to major security risks for the company. The others are improper card handling and social media abuse. All three of these issues lead to poor job functionality and security risks for All Washed Up. Implementing new policies regarding check out of customers, creating individual accounts and passwords for the computers and having one master password that has access to all accounts, establishing a company social media page and implementing new policies regarding taking photos of work content and posting it on personal social media accounts will strengthen All Washed Ups job functionality and job security.

References Ameen, N., Tarhini, A., Hussain Shah, M., Madichie, N., Paul, J., & Choudrie, J. (2020, August 26). Keeping customers’ data secure: A cross-cultural study of cybersecurity compliance among the Gen-Mobile Workforce. ScienceDirect. https://www.sciencedirect.com/science/article/pii/S0747563220302831 Chansukree, P., Sagarik, D., & Cho, W. (2022). Public employee use of social media at work: Competency ... - sage journals. Sage Journals. https://journals.sagepub.com/doi/10.1177/00910260221098737 IBM. (2021, March 4). Password policies. IBM Spectrum Discover. https://www.ibm.com/docs/en/spectrum-discover/2.0.2?topic=access-password-policies Jefferson County. (2020, January 1). Credit card payments procedure handling and security. Jefferson County, Colorado. https://www.jeffco.us/DocumentCenter/View/288/Credit-Card-Payments-Procedure-Han dling-and-Security-PDF Kenan, J. (2023, November 1). Social Media Policy: A guide for your organization. Sprout Social. https://sproutsocial.com/insights/social-media-policy/ Lewis, S., & Hall, R. (2022). (PDF) managing workplace bullying and social media policy: Implications ... Research Gate. https://www.researchgate.net/publication/312769225 Managing workplace bullying an d social media policy Implications for employee engagement Martinez, A. (2020, February 6). What employers should consider when drafting a social media policy. Forbes.