Most states, the District of Columbia, the Virgin Islands and Puerto Rico have passed legislation regarding notification of security breaches. Know the laws in your state.
To answer this question, let’s start with the example experienced by Marriot International recently when a breach exposed the social security numbers of the hotel chain’s associates. Then, we’ll look at the federal and state requirements for notifying those impacted by a breach that involved their data.
Marriott International told some of its employees that their social security numbers (SSNs) had been exposed to an unknown person. The risk came from a vendor that handled documents for the hotel chain.
On September 4, 2019, Marriott found out that someone access information recorded on those documents, which included subpoenas and court documents. The notification, which came two months after the incident, merely stated that someone may have accessed the records, which is all hotel representatives claim to know. The potential breach impacts over 1,500 Marriott employees. On October 30, the hotel started sending notifications via regular mail for anyone it hadn’t been able to find.
Those impacted will receive free credit monitoring as well as identity theft protection for one year at the company’s expense. Notification and credit monitoring services are part of recent data breach laws, but one must wonder what took Marriot so long to notify the victims.
Marriott received a list of those impacted, but most had no address. This may be the most significant factor in the delay. And, it’s not an unusual one. Company records breached by hackers may be incomplete in the best of circumstances, and this information was sitting in several external systems.
The unnamed firm said all Marriott employee data was deleted from its system. One of the problems in cases like this is storing data in multiple systems, which increases the risk of theft and data breaches. Marriott no longer partners with the vendor.
The FTC recommends following these steps, some of which are legally required.
Secure your Operations
Move quickly to take whatever steps are needed to secure your systems. Otherwise, your data breach can result in a series of breaches. Mobilize or form a breach response team to shore up your network against further loss.
As part of the fix, you need to anticipate questions that clients, associates and the authorities may have. Put together clear questions and answers to post on your website. Direct communication may ease frustration and concerns, especially if it takes some time to identify those impacted, as in the Marriott cases.
Work with forensic experts to track to determine what records were at risk.
Most states, the District of Columbia, the Virgin Islands and Puerto Rico have passed legislation regarding notification of security breaches. You must notify the affected parties when personal information is involved. Check the laws in your state as well as the federal laws and consult with your legal team regarding your responsibilities.
November 11th is Veterans Day…
A day where we stand united to honor those who are currently serving and those who have served – those who sacrificed for the common good of our country.
And for all they’ve done, we say thank you.
Thank you to those who have and those who continue to place themselves in harrowing situations in the name of protecting our freedom.
However you’re planning on spending the day, remember to take a moment to think about these exceptional men and women.
Do you know where hackers are most likely to gain access to your private data? Discover the favorite entry points and how you can stop them.
It seems like every week that there are reports of another massive data breach hitting the news. The number of users affected is almost unimaginable. Cybercriminals accessed 983 million records at Verifications.Io and 885 million records at First American Financial Corp., alone. Its scary stuff, but what’s even more terrifying is the majority of compromised companies never show up in the papers.
During the first half of 2019, there an average of 30 data breaches per day. So, how are hackers stealing so many records so quickly? They have their ways.
1. Old Websites. The internet is a graveyard of abandoned and unprotected half-built sites which are the favorite hunting grounds for hackers who are on the lookout for easy and virtually risk-free hacking opportunities. Although it is true that most of these sites contain nothing more than a few email addresses and dummy accounts, every so often, a cybercriminal can strike goldmine. On occasion, legacy and demo sites for large businesses are still connected to the company’s servers and provide a nice backdoor to confidential data.
You can protect your business by completely removing old sites from online and limiting which sites have access to your servers.
2. Free Code. Many sites offer free code snippets that you can use for free on your website. All you have to do is download it and you can save hours of time and thousands of dollars. Good deal, right? Well, have you ever heard the Japanese saying, “There is nothing more expensive than something free?” When it comes to the code for your website, it is a motto you should take to heart. Using someone else’s free code for your company’s website could be the most expensive mistake you ever made. While clean, secure codes for free does exist online, the majority of what you will find is usually poorly written, and as solid as a sieve.
Stop hackers from using embedded backdoors in public code by not using it for mission-critical websites.
3. Unsecured Cloud Storage. Everyone is talking about the benefits of cloud computing and cloud storage, and it seems like businesses can’t wait to make the jump to working on the cloud. But before trusting your company’s confidential data to any third-party cloud storage solution, you better make sure the vendor has tight security. Many big-name companies like Facebook and Microsoft forgot to ensure their third-party vendors had the proper security, and the results were embarrassing and costly data breaches.
Carefully choose who you use for outsourcing and take an active role in protecting your data, even if it is hosted on a third-party’s server.
4. Unprotected APIs. Does your business use custom apps that utilize APIs? If the answer is yes, you may be exposing your confidential data to hackers without knowing it. While in-house app developers spend a great amount of time safeguarding your app itself, from exploits, the APIs you are using from an outside developer to power your app may be a gaping hole in your defense.
Review the end-user agreements for the APIs you use and conduct penetration tests to check for vulnerabilities.
In the end, protecting your data and the confidential information of your customers falls on your shoulders. No one can be perfect when it comes to online security, but every single business can do better.
No matter how secure you may be right now, you could always be doing more. Have you double-checked your cybersecurity lately? Review the best practices below to strengthen your small business cybersecurity.
When everything is going well, the last thing you want to do is think about what will happen when something goes wrong. It’s not necessary to dwell on the potential for a security disaster though – you know that it’s a possibility, so let’s just leave it at that. What’s important about this is that you know to cover your bases.
No need to assume the worst – just plan for it, so you know you’re protected. As that old saying goes, “An ounce of prevention is worth a pound of cure”.
Do what you need to do to “prevent” now, so you don’t have to pay for the “cure” later.
Your firewall is your first line of defense for keeping your information safe.
A firewall is a particular type of solution that maintains the security of your network. It blocks unauthorized users from gaining access to your data. Firewalls are deployed via hardware, software, or a combination of the two.
A firewall inspects and filters incoming and outgoing data in the following ways:
Your staff can have a significant effect on your cybersecurity – either they know enough to keep your assets secure, or they don’t, and therefore present a serious threat to your security.
So, which is it? Do your employees and volunteers have the knowledge they need to spot cybercrime scams, avoid common pitfalls and keep your data secure?
If you’re not sure, then they may need training. Security awareness training helps your employees and volunteers know how to recognize and avoid being victimized by phishing emails and scam websites.
They learn how to handle security incidents when they occur. If your employees and volunteers are informed about what to watch for, how to block attempts and where they can turn for help, this alone is worth the investment.
How Do I Train My Employees For Cyber Security?
A comprehensive cybersecurity training program will teach your staff how to handle a range of potential situations:
Passwords remain a go-to tool for protecting your data, applications, and workstations.
They also remain a common cybersecurity weakness because of the careless way employees go about trying to remember their login information. Weak passwords are easy to compromise, and if that’s all that stands between your data in the cloud and in applications, you could be at serious risk for a catastrophic breach.
That’s why protecting your login processes with an additional layer of security – multi-factor authentication – is recommended. Multi-factor authentication requires the user to utilize two methods to confirm that they are the rightful account owner. It is an available security feature in many popular applications and software suites.
There are three categories of information that can be used in this process:
Implement Mobile Device Management and Bring Your Own Device policies that allow employees to use their own devices in combination with the business’ without compromising your security:
And don’t limit yourself to desktops, laptops, and phones – there’s more out there for you to take advantage of. Have you considered what the Internet of Things and wearable devices can do for workplace efficiency? Now’s the time to get on board – up to 20.4 billion IoT devices will be online by 2020.
This is one of the more basic steps on the list, but no less important. It can’t really be automated or outsourced to any technological aids; it’s just about doing the work. You need to have a carefully implemented process to track the lifecycle of accounts on your network.
Wi-Fi is a necessary part of doing business. Your staff cannot go without it, so it becomes your responsibility to make sure it’s secured, simple as that.
Your cybersecurity measures won’t amount to much if your laptops, tablets, smartphones and other devices are left out in the open for anyone to take.
It’s one thing for a cybercriminal to hack into your system remotely. It can be significantly easier if they’re doing so directly on a business device.
If you accept payment through credit and debit cards, make sure to follow established security policies and practices to mitigate any potential risks.
Whether you agree or not, it’s a fact – just a couple years ago, small businesses with up to 50 million in annual revenue reported that just a single hour of downtime cost them $8,600.
Why Does Downtime Cost So Much?
The main cost of downtime is not the fix itself, it’s the halt in your business’ productivity. If an IT-related or natural disaster occurs and takes critical systems offline, employees will be unable to complete their tasks, yet your normal business expenses will carry on.
During that time, you incur all the expenses of running a business without the revenue you would usually generate. Even if downtime does not grind everything to a halt, some of your staff will have to divert themselves from their normal work to mitigate the problem – again reducing productivity. Furthermore, while your systems are down, you can’t deliver services or sell products to current and potential new clients.
Not all of the costs associated with downtime have a tangible price tag. The trust of your clients and the reputation of your company are invaluable assets that can erode with prolonged or frequent downtime issues. A diminished reputation can negatively affect your future business opportunities.
Some downtime is inevitable, but much of it can be prevented and mitigated.
What Are The Primary Causes Of Downtime?
What’s The Best Way To Prevent Downtime?
…by stopping it in the first place.
The best way to approach downtime prevention is proactively – you need to keep an eye out for system issues that can spiral into total stoppages. You need to implement backup technologies and best practices to prevent outages. You need to enhance your cybersecurity to protect against cybercrime.
Unfortunately, that’s a lot for you to handle on your own, especially when have other work to see to. That’s why a managed IT services company can be so helpful. They’ll provide 24/7 active monitoring of your systems, business continuity best practices and cybersecurity services that will keep costly downtime at a minimum.
Businesses nowadays collect an incredible volume of data from various sources, including online sales, in-store-transactions, social media, and various other places.
So how do you find value in that data? The simple answer: Organizing it properly within worksheets.
Ready to unlock the potential of your data? If you want to analyze and make sense of the information you’re storing, here’s how…
In the video above, we teach you how to link several worksheets together within one workbook AND how to link data across multiple workbooks to:
Questions? Feel free to reach out to us at any time.
Cloud storage helps your employees share and collaborate like never before. Check out these three popular cloud storage solutions to find the one best for you!
Businesses are making the switch from physical servers to cloud storage to increase productivity and streamline file-sharing capabilities. This short review looks at three of the most popular cloud storage options, OneDrive, Dropbox, and Google Drive, comparing their storage capacity, file-sharing capabilities, and pricing.
All three of these cloud storage solutions offer various plans for both personal and business use. OneDrive and Google Drive also have options to bundle cloud storage along with access to online versions of standard office applications. In this review, we will look only at the lower-priced standalone cloud storage business solutions available from OneDrive and Dropbox and the Business and Enterprise solutions from Google Drive that do include access to GSuite applications.
OneDrive has two tiers of dedicated cloud storage. Plan 1 costs $60 a year and gives you 1 TB of cloud storage. You can opt for Plan 2 at $120 per year if your business has five or more users, and you need unlimited storage. OneDrive does not offer per month pricing. There is a 15 GB limit per individual file.
When it comes to collaboration, OneDrive shines. It is easy to access stored files directly from the Microsoft ecosystem of products, or use the built-in search and discovery tools to find the files you need. Share individual files securely with a link and set permissions to prevent unauthorized changes. Plan 2 also comes with upgraded security, including data-loss prevention, to help you to monitor and protect your confidential information.
Businesses with three or more users can choose either the Standard or Advanced business plan from Dropbox. The Standard plan comes with 3 TB of cloud storage and costs $150 a year or $15 monthly. The Advanced plan is $240 a year, or $25 monthly. With a file transfer limit of only 2 GB per file, Dropbox’s Standard plan may not fit your needs, but its Advanced plan does allow up to 100 GB transfers.
Many, but not all, popular business applications are already configured to connect with Dropbox. Users have the option to share files through a secure link or to use Dropbox Spaces to allow other employees access. Administrators can create private groups for members to share their work.
Google Drive offers a Business plan for $12 a month and an Enterprise Plan for $25 a month. Both come with only 1 TB of storage unless you maintain five licenses. Then you receive unlimited storage. The maximum size of an individual file is 5 TB.
Both plans let you share files with links, and admins can set security controls to manage file permissions. The Enterprise plan offers data loss protection and improved security options.
For most businesses, OneDrive makes the most sense. It is already optimized to work with the Microsoft applications you probably already use. The only major drawback is the 15 TB limitation on file transfers, but this restriction won’t affect most businesses.
How has technology transformed your industry? Explore 5 important ways technology has recently changed how we do business, delight customers and grow businesses
It doesn’t matter which industry we’re in. Technology is a must. It makes things faster, safer and better when used right. It can propel our businesses and leave competitors in the dust. But many businesses are simply unaware of what’s out there and just how accessible it is to any size business. Here are five incredible types of technology that are completely reshaping how we do business.
As business leaders, we’ve always made decisions based upon the available data. But more recent advancements in data collection and analysis have made it easier and more cost-effective to gather data and put it to work. We can make smarter decisions about the direction of our companies where we once had to rely solely on gut instinct.
We can enhance customer experiences to not only increase sales but to raise that net promoter score, building trust, loyalty and powerful word-of-mouth.
87% of purchases now begin online. This doesn’t mean they buy online, just that they found the product or service online.
Digital marketing technology is a business technology that has transformed how we connect with customers. We can now more precisely target audiences to enhance the relevance of our ads to specific customer bases.
Thanks to the pay-per-click model, we don’t pay for advertising that doesn’t work. And thanks to optimization tools we continually improve strategies to find what does work.
Digital marketing allows us to reach customers where they find new products and services through:
From healthcare to aviation to manufacturing, virtual reality (VR) and augmented reality (AR) are helping schools and businesses train employees in very lifelike situations. Employers can help employees become more comfortable in likely scenarios by allowing them to experience it in an artificial environment first. They can learn how candidates may perform at their jobs before sending that job offer to get the best people into important roles.
From more effective ways to keep business and customer data safe to data backup to re-routing of important functions to remote locations, advancements in technology are making it easier for businesses to both avoid disasters (physical and virtual) and keep moving when disaster strikes.
Developing a strategy, deploying tools effectively and putting a plan into action, of course, take know-how, but those involved in business continuity planning now have a wider range of tools for the business continuity tool belt.
It’s not news to anyone that technology gets cheaper the longer it’s in use. And by now many amazing technologies have been around long enough that they’re getting very affordable, even for small business. Yet, many businesses still aren’t taking advantage of them because they don’t know what’s out there.
That’s why it’s important to work with technology experts who can introduce you to technology you’ll find useful to cut costs, enhance productivity, delight customers and more. To learn more about how technology is disrupting every industry, follow our blog.
What better time than now to tell some scary stories?
Ok, so they’re not “scary stories” per se, but facts that will alarm AND spook you.
Take action to protect against cybercrime. Hit the reply button to schedule your free cybersecurity consultation with us.
In the meantime, have fun this year, whether you’re taking the kids out trick-or-treating or heading to a few parties.
Have a great day!
Discover why it’s important that your managed services provider develops a regular communications schedule with each customer and what messages to convey.
Managed services providers (MSPs) know that customer retention is a critical element of business success.
Communicating with your MSP customers is a must. But knowing how, when and what to communicate makes a difference.
The frequency of communication is as much an art as it is a science. There may be some customers, especially those who are new, in the midst of a major project or in the throes of strategic planning, when more frequent contact and communication is necessary.
Face-to-face communication is the most effective means of communication, allowing for both a better give-and-take and a clearer interpretation of body language.
Ideally, you’ll schedule at least monthly in-person communication with your customers, meeting both with principals and other employees to understand what’s working and what could be improved. This communication, which includes a healthy dose of active listening, helps your customers feel heard, valued and respected, even if it’s an informal conversation over coffee and doughnuts.
Your customers look to you as more than a service provider. You’re also a valued advisor. You want your communications to have several elements that can bring value to your customers and how they perceive their relationship with you. These do not need to be a sales pitch, and usually should not be, but rather opportunities to demonstrate your expertise and insights, including:
Value-added conversations that help your customers think in new ways are a powerful way of deepening customer relationships.
One of the greatest outcomes of better customer communication is the opportunity to reinforce high-value and valuable services that are already being used or possible. Your communication should regularly reinforce some of the core values of working with a managed services provider. Driving these points home helps to make renewals, upgrades and the purchase of new services much easier.
Those key points are small reminders of why it makes sense for your customers to work with you, including:
A strategic approach to customer communications pays major dividends with regular, trusted and valued discussions.