Tag Archives: Data Privacy

Keeping Your Data Safe with Privacy Measures

In our digital age, gathering information online is anything but difficult. It is imperative for both to keep  information from landing in the wrong hands. Read on to learn about the crucial need to keep data safe, the threats to data privacy, and what to do about it.

 

The Importance of Data Privacy

 

A basic definition of data privacy is keeping confidential data confidential online and on computer systems. Privacy of information applies to collected personal information including medical and financial records, customer payment data, and customer data obtained from websites. Medical and financial data especially are subject to stringent regulations on access and security, and many companies indicate on their website how they use customers’ data in the course of business (if they don’t, they should). Personally identifiable data can be kept safe through encryption, and multi-factor authentication–for example, a password and at least one security question. 

 

Awareness of Threats to Your Data

 

Ideally, basic measures to keep data private would be enough. But both existing and new threats continue to increase. For example, in recent years automated calls (“robocalls”) have proliferated, increasing more than tenfold in the last few years. Of the three to five billion robocalls each month, at least 40% are thought to be fraudulent. And phone calls are just one way bad actors attempt to steal your data. Phishing schemes via text or email can also be a way to get unsuspecting recipients to give up personal data that can be used for fraud or even penetrating company computer systems with malware. According to CompTIA, phishing scams account for more than 80% of security incidents, and users are often the “weak link” that allow the attacks to happen. 

 

How to Protect Your Data

 

Even with threats escalating, you can protect your company’s data, customers and reputation. The FCC has recently addressed robocalls with STIR/SHAKEN, a technology framework designed to reduce fraudulent robocalls including ones using “spoofing” to mimic a legitimate phone number. Fraudulent calls will be designated as “potential spam,” which helps keep recipients from being tricked into giving up personal information. Along with STIR/SHAKEN, making your staff aware of phishing emails and texts can keep them and your business from possibly giving fraudsters valuable information. Phishing emails can often appear as urgent requests for help or information, or threaten consequences if the recipient doesn’t act. These emails should be reported, and then deleted, to remove the danger of clicking a dangerous link and introducing malware into your computer system. 

 

While threats continue to grow, there are ways to protect your business. For help in protecting your confidential data, contact us today.

Is the Public Cloud Right for Your Business?

Migration to the cloud has become more common over the years, with more and more companies moving to the Cloud each day. Benefits of the Cloud extend to many if not all business systems—Communication and Collaboration, Email, file sharing and data storage to name a few. Read on to learn more about how companies, especially small to medium-sized businesses, are using the public cloud for their operations.

Benefits and Characteristics of Public Cloud

Overall, the public cloud offers a less-expensive alternative to private cloud resources, with many of the benefits. Like the private cloud, the public cloud enables businesses to avoid investing in the purchase and maintenance of costly hardware, since the underlying infrastructure is already available via the web. Capital expenses can then be converted to operating expenses. What’s more, the cloud is scalable and elastic, giving enterprises the ability to use more or less of the total environment according to different web traffic to their business at different times. Public cloud environments are ready to use, with required resources built in. Other characteristics named by the U.S. National Institute of Standards and Technology include the public cloud being open to more users and more enterprises. Finally, public cloud offers network access everywhere, since the data is accessible via the internet.

Considering Public Versus Private Cloud

As great as the public cloud is, it may not be right for your particular enterprise. Compliance with regulatory standards like Sarbanes Oxley, PCI and HIPAA necessitates confidentiality of information and restrictions on access to it. Companies that need to protect their customers’ and clients’ information will find a private cloud environment vital. Data residency also influences the regulations that must be followed.

These factors will change over time, influencing your choice of a public or private cloud environment. To help you determine which is right for you, public or private cloud, talk to your trusted Technology Advisor today.

Reducing Business Risk with Backup and Disaster Recovery

Business ContinuityDoes your business have a backup and disaster recovery plan? Businesses of any size should know which applications–and their associated data–they rely on and what the cost of interruption would be in the event of an unintended disruption. Cyber Threat, natural disasters, and systems failures may impact your business; however, human error is said to be the top cause of data breach (58%), ahead of technology errors. To avoid unnecessary downtime, here are some questions to ask to help assess your backup and disaster recovery plans.

Assess the Risks of Data Loss and System Downtime

With Backup and Disaster Recovery there is always a balance between cost and risk. To allocate your technology spending, it is important to focus on your areas of exposure. Maybe your business relies heavily on an order-processing and invoicing system, or perhaps a manufacturing and inventory control system. If these systems go down you may lose revenue and productivity from employee idle time.  

You may also have intellectual property that is important to your business. What would be the consequence if this data was lost and could not be recovered? You may also have compliance exposure, if you suffered a breach of privacy or other data that should be encrypted was exposed. Assessing your risks and ranking the exposure is an important step to evaluate your backup and disaster recovery plan priorities.

Not all Backup Plans are Alike

For systems you rely on heavily, you may consider having an offsite failover system in the event of a data loss. This can minimize your downtime by enabling you to rapidly cut over to a live system running in parallel to your production environment. Having daily (or even hourly) backups of these systems will minimize downtime for your mission-critical applications and their data.

Other information, including files and other productivity applications, may not need such rapid recovery. Many File Sync and Share applications also provide real-time recovery using Cloud Backup technologies. For productivity applications, this may provide a cost-effective way for you to keep your team productive in the event of a data loss. Some data that may not reside in the cloud, however, needs weekly backup. This regular backup would allow the information to be recovered on an as-needed basis, ensuring continuity in a cost-effective manner.

Testing your Backup and Disaster Recovery Plan

Periodic testing of your backup and disaster recovery plan is suggested to ensure things are working, in order to minimize downtime and related business disruption. Size of data, network capacity, and other variables could extend your backup window beyond your time requirements. In addition, data may get corrupted during the backup process. So it is important to verify and test your backups to provide confidence in your ability to recover from a disaster.

Every business is different and will have different disaster recovery needs. To ensure that your backup and disaster recovery plan meets your needs, contact your technology advisor for an assessment.

Cybersecurity is Everybody’s Business

Cyber SecurityIt is no surprise, technology flattens the world for many businesses. What’s more, nearly every business sector finds it necessary to collect, maintain, analyze, and monetize user data. Many think Cybersecurity risks only apply to highly regulated industries, such as legal, healthcare and financial services.

Cybersecurity Risks Go Beyond Borders

Factors outside industry, including geographic considerations and sensitive consumer data, can create cybersecurity risks that need to be managed. These factors run the gamut of domestic and international laws, regulatory bodies, and private-party business agreements. Cybersecurity compliance can touch every business to some degree.

Internet of Things (IoT) and Cybersecurity

Adding to the list of concerns are non-traditional technologies entering your businesses network. IP-enabled technology called Internet of Things (IoT) is rapidly being adopted in the workplace.  The Cybersecurity threat is moving beyond desktops, laptops and services. A new generation of mobile devices–Point of Sale (POS), IP video surveillance, embedded sensors, VoIP, and others–is just the first wave of emerging technologies that need to be secured.

How to Minimize Cybersecurity Risks

There are many things a business can do to reduce Cybersecurity threats. According to the Computing Technology Industry Association (CompTIA), the following elements are the building blocks for a cybersecurity program:

  • Documented policies, procedures & standards

  • Asset management

  • Identity & access controls

  • Risk management

  • Vendor management

  • Physical & environmental security

  • Compliance

  • Privacy

  • Remote access

  • Data backups

  • Data destruction

Cybersecurity threats are a reality of today’s world. The risks of data compromise and/or loss can cost more than dollars; such risks can cost your reputation. Your business is only as secure as your Network. If you have questions about your business needs, ask your technology advisor about how to manage Cybersecurity threats to your business.

New Year’s Resolutions for Your IT Systems

shutterstock_326576246Are your IT Systems on the naughty or nice list? Do you proactively monitor your networks for compliance, cyberthreat and performance? Are your data back ups up to date? Have you begun your migration to the Cloud? Are you getting the most from your broadband network? Have you trained your employees on the risks of cybersecurity attacks and do they change their passwords regularly? Here is a list of things to add to your list of New Year’s resolutions for 2016.

Proactive Network Monitoring

Your networks should be periodically monitored to ensure application and operating system (O/S) patches are up to date. In addition, you should maintain your anit-virus definitions and keep your malware threat detection up to date. By doing so, you could prevent an unwanted cybersecurity breach and data loss. Worse, loss of reputation resulting from data leaks or loss.

Beyond Backup

There are a variety of remote back up and data protection solutions to ensure you can recover your systems to keep your business running. It is a good idea to test those backups periodically to ensure you can restore your data quickly. Many older tape backup solutions can be slow and unreliable. What’s more, there are many new file sync and sharing solutions allowing your employees to securely access information anywhere. We put more and more reliance on our applications to run our daily operations, so make sure your data is protected in 2016.

Lift Your Business to the Cloud

Cloud Solutions offer many advantages over premise based systems. Using subscription based services help ensure you are always on the latest version. What’s more, you can shift some of your IT costs from a capital expense (Capex)  to an operating expense (Opex). Starting with migrating email, which is an easy first step, to clean up inboxes, secure and encrypt your communications and take many hassles out of IT. Considering following on with files, applications, single sign on and other IT infrastructure to gain the full benefit of Cloud Computing.

Broadband Network Review

Business class Internet services are as affordable as they have ever been. Consider a telecom expense audit to see if you are getting the most bandwidth for the buck. You may not only save money, you may increase your bandwidth and network performance. With mobile computing, cloud computing and eCommerce on the rise, it is important to get the most from your Broadband network.

Cyber Security Training for Employees

Ensure your employees can identify malware threats, man in the middle attacks, phishing schemes and other Cyber Security hacks. Your employees should have a good understanding of what to do in the event of a data loss (for example lost mobile device) and change their passwords periodically. Your employees are your first line of defense against Cyber Attack, so take the time to remind them of their role in protecting your IT Systems.

This is the time of year to spend with family and friends and reflect on the past, while looking forward to the future. Resolve to be the best you can be in 2016 and ensure your IT Systems are ready for prosperity in the new year.

Technology Outlook for 2016

What drivers will shape 2016 technology trends? Businesses using customer facing technology for competitive advantage will fuel demand for Cloud Computing, in particular, Software as a Service.  The Internet of Everything will amplify the number of connected devices in our world leading to additional needs for data protection and CyberSecurity defense. Mobile computing and Cloud Computing adoption will increase the adoption of fast, affordable and secure broadband networking. Here is the short list of what to expect from the biggest trends in technology for 2016.

Cloud Computing Adoption Remains Strong

Cloud Computing adoption is expected to continue throughout 2016. Software as a Service (SaaS) applications are expected to lead the way. Migration to Cloud based email, sales and customer management applications and other SaaS solutions will drive Cloud growth in 2016. Infrastructure as a Service (IaaS) will continue to grow, however demand will be driven by backup and disaster recovery, single sign on, file sync and sharing, application hosting and other core IT services.  With this increased demand for Cloud Solutions, migration and integration services are expected to also be in high demand.

Greater Need for Fast, Affordable and Secure Broadband

Mobile Computing and Cloud Computing will put additional demands on network infrastructure. With the additional need for SaaS applications, remote backup and file sync and sharing applications, companies will upgrade business Internet technology for fast and affordable broadband options. Companies will pay particular consideration to available, reliability and security as they adopt broadband network technologies.

Internet of Things (IoT):  More Devices, More Security

Tablets, Laptops, desktops and smartphones are expected to continue to grow. Now Smart Devices or Internet of Things (IoT) will put more devices in and near the workplace. Office Equipment, Watches, TVs, and cars now equipped with WiFi connections which will create additional opportunities for Cybersecurity breaches, as these devices may become targets of hackers and Cybercriminals. If compromised and connected to your network, your applications and their data may also be exposed. Maintaining network security including updated anti virus and malware definitions will have exponential importance with the abundance of more connected devices in 2016.

As  you plan and budget for next year, take these 2016 technology predictions into account. Also,  consider any additional changes in industry regulation, compliance considerations and your business growth objectives for 2016. In doing so, you will be well prepared to turn these 2016 technology trends into competitive advantage.

Mobile Hotspots – Is Your Business At Risk?

With almost one billion mobile connections in place, it is easy to understand why these devices are targeted by hackers. Employees connecting at Starbucks, in airports, on planes and in hotels open themselves up to additional security breach risk by accessing information through mobile hotspots. Mobile hotspots can be easy targets for hackers by setting up spoofs to get your employees to unknowingly log into unsecure networks, making them vulnerable to Man in the Middle (MitM) exploits. As an employer, it may be impossible to prevent employees from using hotspots, so it is very important to take steps to protect your business. Below is an example of how hotspot hacking works and how businesses with mobile users can protect themselves.

Is Your Mobile Device Hackable?

According to research by Gartner, almost half of us will first turn to a mobile device for online tasks. Business users in particular rely on mobile connectivity to be productive. Using a open Wi-Fi hotspot may put you and your business at risk of hacking. Most people are aware of the risks, however it comes down to convenience. Hackers can use software that makes a mobile device appear to be connected to a familiar Wi-Fi network, but in reality, all traffic is routed through an imposter that captures your data (MitM). Many mobile applications attempt to stop this type of proxy attack by ensuring a secure, end-to-end SSL connection refusing to make an unencrypted login. However, mobile applications may not always verify the secure SSL connection is actually secure.

Does Your Business Needs a VPN to Protect Mobile Users?

A Virtual Private Network  (VPN) is a network that is constructed by using public wires — usually the Internet — to connect to a private network, such as a company’s internal network. There are a number of systems that enable you to create private networks using the Internet as a way for transporting data. These systems use encryption and other security mechanisms to allow only authorized users to have access. One benefit of having a VPN service is the ability to integrate network security policy and enforcement under a single management platform, meaning remote VPN clients automatically inherit a standard set of policies upon login.

Stay Safe by Educating Your Employees

We may know not to use unsecure Wi-Fi, but getting your employees to do so, may be harder. Educating your employees is a first line of defense to prevent data loss and data leak. Training on the threat, exposure and risk of a data leak or loss reminds your employees to be aware.

If you feel your network should be more secure, contact your IT Service Provider to find out how to protect your network within your budget and the security requirements of your business.

Does Your Business Need Network Monitoring?

According to a recent Trends in Information Security report by CompTIA, malware, hacking, privacy and data loss/leakage top the list of serious concerns over security threats. Companies large and small have been victims of these security threats. While large corporate security breaches makes the news, smaller companies may not have the vigilance to detect, and the resilience to survive a network security breach. Hackers have evolved and are now more sophisticated than ever. Network Monitoring can identify security exploits before it is too late.

 

Network Monitoring is Proactive

Just like getting your vital signs checked at the doctor’s office, network monitoring is a proactive way to detect a network security threat. Network Monitoring scans for viruses, malware, patch compliance and any unauthorized access to help determine network health and compliance. By using intrusion detection when a system has been breached, you are immediately notified. It’s important to proactively monitored your network and act swiftly.

Network Monitoring Saves You Time and Money

By remotely monitoring and managing your network and related IT assets, your IT Service Provider may be able to detect and remediate security issues without ever coming to your office. This will result in an overall reduction of IT costs. Routine IT tasks, including Patch Management will ensure that all Application and Operating System (O/S) patches are up to date thus protecting your business against vulnerabilities. In addition, keeping software up to date may give you productivity features and benefits.

Avoiding Downtime and Increasing Security

Secure remote support is an important element for delivering an IT Managed Service. In addition to remote support, many IT Service Providers offer remote network monitoring, managed backup and managed security in their IT Managed Service offerings. By adopting the Managed Service Model your IT Service Provider can proactively manage your IT needs in a secure and cost effective manner.

Don’t wait until you have a security breach to add proactive network monitoring to your line of security defense. If you have concerns about your network security contact your IT service provider today.

The Most Recent Data Breaches and Their Consequences

data breach securityBig data breaches have been making headlines more and more frequently. It was announced last week that the computer systems at the U.S. Office of Personnel Management had been breached. This is the second computer break-in in the past year for the agency. An estimated four million current and former federal employee records may have been compromised. Guidance Software, a cybersecurity firm, used Einstein, an intrusion detection system, to trace the breach back to a machine under the control of Chinese intelligence.

Is Your Network Protected?

The hard truth about data breaches is that no one is safe: An individual, a small business, a Fortune 500 company, and government agencies can all be infiltrated. Costs from data breaches have grown tremendously in recent years. On average, a data breach will cost a large company about $640,000 to cover the cost of business disruption, information loss, and detection. It takes the average company about a month to recover. If you own a small to medium sized company, it’s doubly wise to be prepared. Small organizations can expect a higher per-capita cost than large organizations. So, what can your organization do to be better prepared for a possible data breach?

Why Invest in Stronger Security Measures

United States senators have added $200 million in funding to their proposed fiscal 2016 budget to fund a detailed study of the cyber vulnerabilities of major weapons systems. Smaller organizations would be wise to follow these footsteps and make data security a priority going forward. The biggest goal for SMBs when it comes to data security is education over technical improvement. Security education must be interactive, ongoing, and measurable in order to raise awareness about data security. In addition, the following tips will help keep your company data free from infiltration

Tips on Keeping Your Data Safe

  • Keep antivirus and anti-malware definitions up to date.
  • Train your employes regularly on IT security measures.
  • Create a clear-cut, step-by-step Data Breach Incident Response plan in the event of a security attack in order to limit damage and reduce recovery time and costs.
  • Hire an Information Security Firm.

One of the best investments your organization can make is to become wholly prepared for a data breach.  If your organization needs guidance on protecting your company’s data, contact your trusted IT advisor today.

Protect Your Organization from Ransomware

ransomwareIt’s a moment every business owner dreads. A message appears on your organization’s computer screen alerting you that your files have been encrypted and the only way to access them is by paying a ransom. Security threats to computers and mobile phones have grown more sophisticated around the globe in the past few years. The United States in particular saw an increase in “ransomware.”

What is Ransomware?

Cypersecurity experts report that ransomware is one of the fastest growing forms of hacking, and the scary part is that no one is safe. An individual, a small business, a Fortune 500 company, and government agencies can all be infiltrated. It also attacks smartphones. Ransomware is malicious software that hackers use to extort money from individuals or businesses by preventing them from opening their documents, pictures, and other files unless they pay a ransom, usually in the amount of several hundred dollars.

How Ransomware Works

Similar to other hackers’ schemes, ransomware can arrive in emails or attachments with links that, when clicked, encrypt your files. Attacks can also occur during a visit to a website, as cybercriminals can attach computer code to even the most well known websites. It could happen during something as harmless as updating an application or downloading an app on your smartphone.

Protect Your Organization

Cybercriminals are starting to target small businesses more and more, because generally speaking, they are more vulnerable. While big companies have backups and separate computers for their different departments, small to medium sized businesses lack technology teams, sophisticated software, and secure backup systems to protect from ransomware. One of the best investments your organization can make is to make sure all your devices are compliant with the latest operating systems patches and security updates and backup your company’s files in the event of a security breach. If your organization needs guidance on secure backups, contact your trusted IT advisor today.