Highly Regulated Industries Come with Their Own Demands
Regulations are put on certain data constructs for a reason: the data within is sensitive. Today, there are seemingly more regulations than ever, and as the GDPR kicks in for organizations that deal with EU-based organizations, we thought it would be a good time to talk about how to navigate these highly-regulated environments to ensure success and security.
Disasters Come in All Sizes
Each organization has a different definition for how they define a disaster. One business might feel that they can get away with losing a few files here and there, while another might need every file to be secure and protected against data loss. Regardless, the importance of being able to define the severity of a disaster cannot be underestimated, as you will need to properly gauge just how much hot water your business has landed in before it can pull itself up by the bootstraps and push forward.
Two factors are typically used to define just how bad a disaster is. The first is how much it costs to resolve the issue. This can include all sorts of costs associated with data loss, including hardware replacement costs and infrastructure damages. The second factor is the overall loss of productivity. This second factor ties into how much downtime your business experiences due to a data loss incident.
Determining the total cost of a disaster incident is critical, and it’s the only way that you can know for sure just how much work you’ll have on your hands just to get back into a bearable position. Depending on the type of disaster experienced, you could have a considerable amount of damage that needs to be repaired. For example, a hardware failure is perhaps the least costly incident. Of course, a hardware failure shouldn’t be underestimated, because it still means that you have to replace a server unit or workstation, as well as pay the employee working with that technology (or your whole organization, for that matter) for the time wasted while waiting to get back in business.
Other disasters can have far-reaching repercussions that drastically affect your organization’s ability to recover. A flood or similar natural disaster could destroy both your data infrastructure and physical infrastructure, including your office space. How much would it cost you to relocate an entire workforce? What about repairs to the building and/or renting a new one? All of these expenses hitting you at once is enough to crush even the most conservative budget–at least, if you’re unprepared for them, anyway.
If data security enters into the picture, you can bet that the costs of resolving the incident can increase exponentially. Depending on the type of information stolen, you could either have stolen credit card numbers, identities, and even health records. In the fallout of a data breach, you might be subject to fines due to regulations like HIPAA that could add insult to injury. Furthermore, you have your reputation to worry about. Will anyone be willing to work with your organization again if you’re negligent with important information? That’s a question that you never want to ask.
Downtime is another major factor for determining how bad a disaster is. Downtime can be defined as anytime your business doesn’t operate as intended. It can be something as simple as an employee not being able to access a critical account, or it could be something as sudden and impossible to avoid as one of the aforementioned disaster scenarios. What it boils down to is that your business loses money when it’s not being productive, so you should do everything in your power to keep this from happening.
Catalyst Technology Group can equip your business with an enterprise-level data backup and disaster recovery solution, as well as a business continuity plan that can help your business survive even the most disastrous scenarios. To learn more, reach out to us at (317) 705-0333.
How the Business Software Alliance Will Come After Your Business
As a business owner, you should know that you shouldn’t abuse the software licenses that your business relies on to function, or use pirated software to fulfill that need. While there are many people do such things, the response from software companies in an attempt to stop such activities has created a system that can award those who exploit it.
First off, we want to make it clear that we don’t condone software piracy or the use of pirated software. Having said this, we also can’t–in good conscience–condone the strategies used by those who fight software piracy, either. A prime example is the track record of BSA | The Software Alliance.
Who We are Dealing With
BSA is the title of an international advocacy group that fights for the proper licensing of software solutions meant for business purposes. Members of this group include many well-known faces, including IBM, Adobe, Trend Micro, Apple, and Microsoft. According to the organization’s website, BSA “pioneers compliance programs that promote legal software use and advocates for public policies that foster technology innovation and drive growth in the digital economy.”
Admittedly, this mission seems perfectly fine, even admirable, at first glance. However, BSA undermines their mission statement through the tactics they have been known to use to accomplish their less-publicized, primary goal: stomping out pirated software by any means necessary, while making any business that possesses unlicensed software pay a hefty, hefty fine.
Using Social Media to Bribe Their Target Audience
BSA targets businesses that are “under suspicion” of using unlicensed software. However, for them to do so, there needs to be a reason to suspect these businesses in the first place.
To get this “probable cause,” of sorts, BSA has historically turned to social media. Using the marketing platforms supplied by the social media sites, BSA once directly targeted their audience, promising a cash bounty to those who turned over a business that used pirated software. There is even a Facebook page devoted to this campaign that seems to have been abandoned, but still provides evidence that BSA was speaking to a very specific audience: the employees of the businesses that BSA was after.
After all, who would know better than an employee whether or not a business was using a piece of software with less-than-legitimate origins?
The trajectory of these campaigns has gone from blatant to subliminal, as BSA started off by running advertisements that encouraged an employee to “Nail your boss. Report Software Piracy.” More recently, BSA has used more targeted social media efforts to focus in on employees like yours, encouraging them to turn you in for your assumed software piracy in exchange for a cash bounty. These bounties are scaled to the amount in damages that the reported company pays BSA according to their settlement.
If someone were to blow the whistle on a company and the settlement came out to something between $ 15,000 to $ 100,000, they could receive a bounty of up to $ 5,000. However, if the company in question was on the hook for $ 15,000,000 or more, the whistleblower could see as much as $ 1,000,000 coming their way.
The thing is, according to BSA, the organization “reserves the right to deviate from that schedule in its sole discretion.” This means that, even if someone blew the whistle and reported a company that had to pay well over $ 15,000,000, BSA could decide to collect that money and stiff the whistleblower.
Why This Should Be Worrisome to You
If you’re the one responsible for the pirated software being on the system, you’re the one who is going to be held responsible. However, if one of your employees is responsible for pirated software being on the system, guess who is considered responsible then?
Still you.
This is still the case if an employee uses the same software license on numerous devices within your business. What’s worse, if an employee who had done such things was ever to leave with a grudge, they could still be the one to report you.
So, if Pete ran a company, and Paul ran his IT, Pete would be the one that the BSA would go after if Paul installed pirated software on his network. In fact, if Pete was fined $ 25,000, Paul could expect a payout of a couple thousand dollars for an issue that he himself was responsible for causing.
Solving this Problem
First and foremost, you need to make sure that your network is completely free of unlicensed software. The way to achieve this is to run a comprehensive audit to identify and eliminate the kind of software that would interest BSA. As a result, even if BSA reached out, you could confidently welcome them in knowing that you wouldn’t be tripped up by something an employee did, either with malice or unintentionally.
For help with this audit and the removal of any unlicensed software there may be on your network, give Catalyst Technology Group a call at (317) 705-0333.
These Gifts Can Come with Security Issues
The holiday season is coming to a close, with meals shared and gifts opened. You may have even received a new gizmo or doodad that you’re looking forward to trying out. Not to burst your bubble, but there is unfortunately a chance that the gizmo you had hoped to get (or purchased for a loved one) may lead to a security breach.
Smart Home Hubs and Assistants
These devices were touted as useful gadgets to have around the house as a mix between a media center and reference source. The trouble with devices like these is that they are always listening for you to speak, with microphones that automatically activate. Think about everything you say in the privacy of your own home. A cybercriminal could listen in, taking that privacy away and quite possibly learning some invaluable information.
To make this situation worse, many “smart home” devices also have cameras, invading your privacy in yet another way.
Admittedly, the thought of controlling one’s house by telling it what to do is, for lack of a better term, pretty cool. However, the questionable security that many of these devices suffer from gives cybercriminals the unique opportunity to spy on you, whether you use the assistant at home or in the office. This is also important to keep in mind if a young person you know recently received one of these devices.
Smart and Connected Toys
While many connected devices are clearly meant for an older demographic, there is an equal amount that are intended for children. For example, many toys are now capable of functioning in a way quite similar to a smart home hub, and others have features that are outright creepy. For example, if a child has a Toymail Talkie, a cybercriminal could use it to communicate directly to that child. Other connected toys offer cybercriminals with intimate details about the schedule of a child. For instance, the connected bath toy, Edwin the Duck, can be used to tell a hacker the general time that a child is in the bath and when they are put down for the night.
Connected and Smart Appliances
Grown-ups have to have their toys, too. Appliances and accessories with “smart” capabilities are becoming increasingly common, but unfortunately lack the security required to protect them from cyberattack and intrusion. Assorted wearable tech, like fitness trackers, and Internet of Things devices, or any of those devices that aren’t a computer or laptop but still utilize the Internet, are becoming more and more popular. Unfortunately, because their security is sub-par, these devices can easily be leveraged as a part of a botnet, or can also be used to extract data from their surroundings.
DNA Tests
It would seem that there was a sizable push to frame these ancestry testing kits as the perfect holiday gift this year, despite there being host to numerous privacy issues. Consider what you have to provide to the company. By handing over a vial of your spit, you’re giving them the most unique piece of personally identifiable information you possess: your genetic code, also known as your DNA.
This information quickly becomes very valuable once the topic of research is brought up.
When using one of these services, there are plenty of agreements to sign. These agreements will often give the company the leeway to use your genetic data as they please, including selling a digitized version to whomever is willing to pay.
Despite the Genetic Information Nondiscrimination Act of 2008 forbidding the use of genetic information to justify discriminatory acts, like firing someone because they have a predisposition to a medical condition, it isn’t easy to prove this kind of discrimination. After all, an employer could easily find some other reason to terminate someone’s employment–the fact that they were predisposed to a medical condition that would keep them out of work would just be a “coincidence.”
While we hope that your holidays were as bright and cheerful as they should be, we don’t want an unexpected data breach to spoil those memories. For more products that could put your security at risk, check out Mozilla’s handy guide.
Did you have any of these items on your wishlist? Is it worth keeping them around despite the risk to your data security? Leave your thoughts on the matter in the comments section!
Security Should Come In Two Parts
As you run your business, you need to remember a few things. First, your digital security is an incredibly important consideration, as your crucial data could be tampered with or stolen outright. However, you can’t forget the shared importance of your physical security systems and how they will keep your business safe as well.
In today’s blog, we’ll review some of the considerations you need to make to keep your physical security up to par.
Access Control
The first step to keeping your business secure is by restricting who can gain entrance to your physical location, and from there, who can access different areas within it. This is accomplished by requiring some kind of identifier to be provided before access is granted, be it an ID card, a pin code, or even biometric data. Access control allows you to keep your location free of unauthorized individuals, and even lets you monitor the comings and goings of employees to catch any suspicious activity.
Identification – This is the key to access control solutions, as it establishes who you are and thereby what you are permitted to access by requiring some form of identification to enter certain areas. Often, security setups will require multiple forms of identification in order to authenticate your identity. This approach is known as 2FA, or 2-Factor Authentication. You’ve most likely seen this before–for example, if you’ve ever needed to enter a PIN number after providing a password.
Security and Monitoring
Quick–could you identify where everyone is in the building at this very instant, including visitors, clients, and others who have entered? Have you made note of where your visitors are supposed to be during their visit? Your security setup needs to include some means of keeping watch over your business–the most obvious component being security cameras, but your access control solutions can play a role here as well by keeping a record of what was accessed, when, and by whom.
Means of Communication
Communication and security go hand in hand. How else would you find out if your company had experienced a security breach? In order to allow this to happen, you need to provide your employees with numerous, reliable means of reaching out to share updates, alerts, and other need-to-know pieces of info.
Document Security
If someone has made the investments necessary to gain unauthorized access to your business, it’s a safe bet that they intend to turn as large a profit as they can. To do so, they will need to access your documentation, so you should ensure that all access to it is secured and only available to those who have been authorized.
Device Management: Of course, modern technology provides more ways to access data than ever before, which means you need to worry about more than just your company’s workstations. Mobile devices that can be used to access your data should be equipped with remote wiping software, including devices you distribute as well as those used under a Bring Your Own Device policy.
Employee Training
Your employees need to be involved in your security processes. They are the ones on the front lines, so they need to know what they are supposed to do to help preserve the security of your business. You need to make sure that your workforce is aware of–and follows–best practices that help keep your business safe.
Creating a Security-Minded Culture: One of the more effective ways of prioritizing security is to educate your employees about the realities of potential security risks. Make sure they understand the possible ramifications of a data breach, how potential threats can be spotted, and how to avoid falling victim to them. Each one of your employees can either be a benefit to your security, or can undermine it. Establishing a company-wide drive to be the former may just save you at some point.
How to Improve Your Physical Security
Consider what physical threats exist against your business. While you may have to contend with criminals trying to gain access to your business, threats to your physical security extend far beyond just that. You also need to consider the threat that natural events pose, such as extreme weather and the natural disasters that affect your area.
You need to ensure that your business’ key data and documentation is safe from risks of all kinds. A good way to accomplish this is to utilize a cloud solution to keep a secure copy of your data offsite, safely away from your office and the possibility of a disaster or intruder wiping out everything.
Catalyst Technology Group can help you ensure your data remains secure. Call (317) 705-0333 to get started.
.