To Backup Your Business’ Data, You Can’t Rely on Tape
These days, it’s unheard of to run a business without some form of data backup and disaster recovery in place, no matter how basic or crude. In a worst-case scenario, you could lose so much more than just your business’ data. All of the future ramifications of such an event compound and can snowball into a situation that makes it borderline impossible for your organization to recover. Therefore, the best way to approach this situation is to make sure that it doesn’t happen in the first place.
Data Loss Can (and Will!) Affect Your Entire Business
Data loss, on any scale, is an organizational nightmare. Not only do you have to restore data, any lost productivity that comes as a result of the data loss incident makes it difficult on the budget. That’s only scratching of the surface of how serious data loss can be.
You Lose More than Just Data
Your data is crucial to your whole business, and when you have some stolen or lost, it can be a problem for multiple parts of your business. Consequences don’t end there. Some businesses, if they lose enough data, would have to close, putting people out of work, and negatively affecting a lot of people.
Considering how important data is, take a second and try to calculate what the financial impact of a major data loss incident would be to you. Between discovering the problem and the resolution there is the possibility that you face downtime and a corresponding loss of productivity, negative exposure, and much more. In fact, a majority of small and medium-sized businesses will close their doors after a major data loss event; it is that serious.
Other Concerns, Regarding Customer Confidence
When we mention negative exposure, what we mean is that once your organization has the perception that you can’t protect their personal data, the customer base simply won’t trust you with theirs. For almost any business that looks at themselves as a responsible operator, this is a death sentence.
So What Can You Do?
Before you lose data, productivity, or customers you need to make efforts to understand who is taking this data. Typically hackers, sometimes working as a part of an organized concern are behind these data breaches, and while you focus on your business, they gain access through any means they can. With this diligent hacking strategy at hand, it is important that you, and maybe more importantly, your employees know what they are up against and are sufficiently educated. If the “weak links” on your network are properly trained and willing to adhere to industry practices designed to keep these issues from becoming problems, you will be a lot less susceptible to attack than the average business is.
The IT security professionals at Catalyst Technology Group deal with these issues every day and have the perspective and knowledge to help you and your organization mitigate potential security threats. We offer comprehensive security solutions that proactively monitor and manage your network traffic. We also provide employee training resources that ensure that the people you depend on know how to approach this new digital world where threats are as numerous as the benefits. For more information about how we can help, contact us today at (317) 705-0333.
Encrypt and Protect Your Data with a VPN
If you’ve ever felt as though someone was watching what you were doing while you were working remotely, either at home or in public, there’s a chance that you were right. Without a private Internet connection, it is a simple matter for others to watch your processes and steal the data you’re generating. Is there any way to protect your data as you work outside of the office?
There is fortunately a relatively simple means of doing so, through a virtual private network. You may have heard of virtual private networks, or VPNs, during the debate on net neutrality and the Federal Communications Commission’s verdict. Many plan to thwart the FCC’s plans to give Internet Service Providers the power to sell their users’ browsing habits to advertisers through the use of VPNs. In addition to defying the loss of net neutrality, VPNs can play a key role in your business and its security.
A VPN works by encrypting data as it is sent to and from important assets on a given network, including the Internet. The data is jumbled while in transit, so if it is intercepted, all the interceptor would see would be a jumbled mess of letters, numbers, and symbols. This renders the stolen data effectively useless to the thief, as the time it would take to manually decrypt the data makes it no longer worth it. With a VPN installed on your device, both the data you send and the data you receive is protected by military-grade encryption.
It might be helpful to picture the data you send as a letter, but instead of just sending your letter unprotected and vulnerable, you’ve locked it in a special box. This box can only be opened by another with the key, so if the box were to be intercepted in transit, the thief wouldn’t be able to open it. As a result, your letter to your friend is still safe.
It is for this reason that a VPN can help protect a business from data loss of any size. A word of warning, however: you will want to utilize a VPN that is suitable for use by an enterprise, capable of securing each device on your network. Catalyst Technology Group can help set your business up with a VPN that suits your needs. To get started, call (317) 705-0333.
Is Your Mobile Data Safe?
In 2018 there are certain technologies most businesses have begun to embrace. Cloud computing, high-end network security, collaboration technologies, and some others have begun to be utilized by businesses, large and small, to build a more productive enterprise. Apart from these technologies, there are a few that every business person should know, if only to understand what is possible; and what is on the horizon for their company.
Blockchain
With cryptocurrencies being in the news lately, many people have come to hear the term “blockchain”. This kind of secure ledger technology has many applications from data and application security to communications. The blockchain allows for enhanced and reliable security for data; specifically, the ownership of data.
Internet of Things
The Internet of Things has been growing exponentially every year; and, going forward will have to be an important line item on any business’ mobile device management policy. By communicating with other devices over the Internet, it naturally opens up security issues for any organization. Since a majority of devices will be connected to the Internet over time, businesses will have to take that into account when devising and supporting their mobile device policy.
Chatbots
Many of today’s businesses are utilizing technologies to help them support their products or services. While the importance of maintaining an open line of communication with clients and customers is indisputable, many companies lack the internal resources to dedicate the commitment to comprehensive support. Improvements in chatbot interfaces have made them an increasingly viable option for companies to field incoming messages, as artificial intelligence attends to many concerns and greatly reduces the number of problems that your staff has to deal with.
As a result of these improvements, more industries are likely to increase their use of chatbots for a variety of purposes.
Subscription Model
The ability for most solutions to be delivered and maintained via an Internet connection has led to a shift in software deployment. Instead of needing to buy a new version of the software every year, the subscription model allows companies to pay a monthly fee for the security of knowing that the software they are using is the most recent (and secure) version available.
Automation
It should come as no surprise that a technology that allows focus to be shifted from menial tasks to other, more pressing considerations would be welcomed in the business world. Automation permits exactly this, with artificial intelligence and predetermined processes stepping in and providing certain business needs.
While there are many processes and fields that still require a human touch, automation allows for more time to be committed to them, and less to “busy” work.
Which of these technologies do you see having the biggest benefit for your business? Let us know in the comments, and make sure you subscribe to our blog!
Tip of the Week: The Basics of Data Backup
Data backup and disaster recovery are two of the linchpins of any business that relies on data and IT solutions storing information. Your business needs to have a plan for when operations are interrupted due to an unforeseeable data loss event. There are a few ways that you can keep your data backups as safe and efficient as possible.
Here are some of the basic conditions that you should attempt to reach for your business’s data backups.
Ensure Quality Backup Security and Safety
It’s important to view your data backup system as more than just an elaborate insurance policy for your business’s operations. The reality of the situation is that your data is arguably the most important part of your organization, as without it, you can forget about resuming business as usual. Therefore, it’s important that you keep your data as secure as possible from both cyber and physical threats, including hackers, natural disasters, and so on. Imagine that your data is safe and secure on-site, only to have it be destroyed by a flood or fire. Cloud-based backup avoid these issues by storing it online in a secure environment, away from entities that could cause it harm.
Keep a Disaster Recovery Strategy
Would your business be out of commission for a long time following a disaster scenario? Even if you have a data backup secure off-site, this means nothing if you don’t have a strategy to implement it as soon as possible. A disaster recovery strategy is of the utmost importance. By considering all of the details about a potential disaster recovery scenario, you can better prepare for situations where you’ll need to initiate it. This means that you can minimize data loss and time wasted due to downtime.
Test Your Backups Regularly
You’ll only benefit from your business’s backup and disaster recovery if it works as intended. Imagine that you experience a scenario where you need to deploy a data backup, but it’s corrupted and you can’t initiate it. This can really put a damper on your plans. You should periodically test your business’s backups to ensure that they actually work when you need them to.
Don’t wait until the last minute to prepare your business for a disaster scenario. To learn more, reach out to us at (317) 705-0333.
Understanding Data Breaches Is The First Step To Stopping Them
Since the very beginning of the year, over 10 million personal records have been lost or stolen on a daily basis. As a result, chances are high that you or someone you know has been victimized by a data breach. However, since many individuals and businesses are never notified, they may have incorrectly come to the conclusion that they are not at risk. This, unfortunately, is not the case.
In actuality, there is a considerably good chance that your personal information has already been compromised–but the company responsible for losing your information wasn’t required to inform you. This is just one reason why it is critical to understand your rights as outlined in data breach laws. Do you know what information is considered ‘personal’? How many loopholes could a company have used to avoid notifying you of the breach?
Legal Definition of Personal Information
Each state has its own laws that govern how businesses must respond to a data breach, and while there is a consensus on the basic responsibilities these organizations have once data is accessed without permission, there are differentiating opinions on what constitutes personal information. Two qualifications most jurisdictions agree on are:
- First name or first initial and last name
AND - One or more of the following elements: social security number, driver’s license or state ID number, finance account numbers.
Some states choose to go a step further than this by only considering accounts secured with a PIN or password as being worthy of notification. For example, if your debit card number was stolen, the business that let it happen doesn’t need to contact you unless both the number AND the pin were compromised.
In states that have a more advanced view of data security, such as North Carolina and Nebraska, they include biometric information as part of their personal information considerations. Other states, like Missouri, have specific laws on the books that limit the legal portability that is inherent in the overreaching statutes.
Since the majority of health and medical data is protected under the federal Healthcare Insurance Portability and Accountability Act (HIPAA), only a few states include this information in their definition of personal information.
Additionally, some state laws state a limit of personal information a company can have compromised before having to contact their state’s attorney general’s office. This number is variable, but most states agree that anything over 1,000-to-5,000 files lost constitute an offense in which reporting becomes necessary.
Currently, however, the statutes on the books are biased to protect organizations from individual legal reprisals. Qualifications that protect corporate interests include:
- Encryption: Many states have deliberately put in specific language to protect corporations if information was encrypted by an organization, stolen, and decrypted afterwards. This also goes for redacted information. If it was found that a business worked to secure the data, no breach notification would be necessary.
- Questionable non-personal information: In various states, questionable information can be included as non-personal information. One example is the last four digits of a person’s social security number. Since the whole number’s integrity remains intact, the organization would not have to file it as having been compromised with the state’s A.G.
- Good-faith acquisitions: Most states list “good faith acquisitions” as exemptions from standing data breach statutes. A ‘good faith acquisition’ is defined as an event where data is lost or compromised by people employed by the organization where an individual works, or had a working relationship with (like a vendor). Since a co-worker, superior, or vendor is not as likely to misuse or lose personal information, no breach notification is necessary if the event meets this very subjective ‘good faith’ requirement.
- Risk of harm analysis: Around half of U.S. states have laws that allow an information-holding entity to run a ‘Risk of Harm’ analysis to quantify the risk any compromised personal information has in regards to its use by another party, or potential abuse that information could have in unauthorized transactions. If they find that risk from harm is minimal, the organization doesn’t need to notify parties involved.
The fact is that a data breach, regardless of the circumstances surrounding it, can be completely categorized as a negative event. Call the IT professionals at Catalyst Technology Group to find out how we can proactively manage your network to keep threats from affecting your data. Call us today at (317) 705-0333.
Cyber Crime and Punishment: Who Is Accountable for Data Loss?
These days you can’t go a week without hearing about governments, companies, and other organizations dealing with major data breaches. It’s so commonplace that sometimes people don’t stop to consider the effect all these data loss events can have. As it pertains to the individual, there is always the chance, if a company gets breached, or loses data from a disaster or a hack, that your anonymity is a casualty. After the media attention fades, there are millions of people that are left exposed and companies, some huge multinational conglomerates, that don’t face any repercussions.
Some time ago, the U.S. Government determined that these general data breach events were an issue for individual state governments. State lawmakers are the only ones that currently have the jurisdiction to create and enforce data security laws in the United States. After an organization is breached, they are typically mandated to provide knowledge of the breach to that state’s Attorney General, who ultimately determines whether or not the state will sink resources into investigating and prosecuting the breached organization.
With data largely running the U.S. economy, however, there have only been two federally-mandated digital security laws passed in the last 20 years: The Healthcare Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (GLBA), which covers the healthcare industry and the financial services industry, respectively. Since data-theft-based crimes are still roundly federally unprosecuted, it has left a large amount of the business sector left to be protected by the various states’ attorney’s offices. In fact, the first complete trial for data theft was in 2015.
Other parts of the world have more overreaching data security mandates. In fact, the only financial entity that has a greater financial stake in world business affairs than the U.S., the European Union, has recently approved a comprehensive cyber security law called the General Data Protection Regulation (GDPR). The GDPR gives regulators authority to stop the transmission of data, or levy fines against businesses that lose individual’s information. The fines are substantial, too, ranging as large as $ 20 million or 4% of the organization’s revenue, whichever is larger.
Since the civil responsibility of prosecuting data security laws lies with individual states in the U.S., there has been a wide disparity of how these situations are handled. It is up to the state to come up with the penalties for offending companies, so different states have different penalties. Some states prosecute by violation, some by series of breaches, and some, strangely, by resident. Moreover, even if a company is prosecuted for the data that has been taken, there are only four current states (Arkansas, Illinois, Nevada, and Pennsylvania) and the District of Columbia that have given their courts the ability to collect reasonable restitution. Stranger even, some states bar individuals and organizations from taking action against entities that compromise their data, as only class action lawsuits are heard in these states.
There are times when state courts can come down heavily on an organization, as some have had to limit or stop operations completely, pending an investigation. The cost and lost revenue from having to halt operations, coupled with the damage done to the organization’s reputation, can cripple a business’ chance of ever resuming normal operations, even before the verdict, and resulting restitution, has been ruled upon.
The lack of cyber security laws on the books is being remedied in several states. Many state legislatures have, at the very least, proposed bills to give courts the ability to hear cyber security-related cases. Additionally, many states have already enacted mandates that make clear the amount given to a breached organization before they have to notify the State’s Attorney, as well as setting a baseline for the number of records that have been exposed before notification is required.
Cybercrime and data loss are major issues today, and the more they become prevalent, the sooner we expect the federal government to create additional mandates to protect citizens’ personal information.
How do you think data breaches should be handled? Do you think the U.S Government has to be more active on this issue? One thing is for certain, cybercrime is not going away. To protect your business from data loss and reputational harm, contact the IT security professionals at Catalyst Technology Group today.
Data Security Must Be a Priority for Your Organization
After 143 million people had their personal information put at risk in the Equifax data breach, it comes as no surprise that data security is an even hotter topic than usual. As much as you’d like to think that a breach like that would never happen to your business, this is an unrealistic hope that won’t do you any good if the threat of a data breach does come around. It is much better to be prepared.
Here are three means of securing your business through preventative measures.
Make Sure Your Users Are Familiar With Best Practices
You entrust your employees with your entire business, whether you mean to or not. After all, they are most likely to encounter a threat, and as a result are in the most contact with them. Are they prepared enough to carry that responsibility? Do they know how to recognize a phishing attempt, or an email that could potentially contain a nasty bit of ransomware? It is best if you take the time and educate your users on the warning signs of the various threats that are out there. Who knows–it may just be an employee’s vigilance that saves you from a major snafu.
Enforce Password Standards and Require Two-Factor Authentication
Your password is often the only bit of verifiable data that distinguishes you from someone else, from the computer’s perspective. Most password requirements demand that a password has a certain amount of characters, including a least one letter, one number, and occasionally one symbol with both capitalized and lowercase letters. While these passwords are considerably effective against someone trying to deduce your credentials, a brute force attack will likely crack it.
There is also the option of using a passphrase, which is a sentence that takes the place of the password that only you know. Either of these approaches work well, as a hacker will have no idea if you are using one method or the other, let alone which one. Two-factor authentication, or 2FA, is another effective means of securing an account, as it requires a second set of credentials that is delivered directly to you via a mobile device before it will permit access.
Use UTM to Help Defend Your Network
A UTM, or Unified Threat Management, tool is a comprehensive defense against threats of all varieties. Including a spam blocker to protect your inbox, enterprise-level firewalls and antivirus solutions to repel threats, and a content filter to keep your workforce away from risky websites, a UTM makes sure that your business’ bases are covered. In addition to these features, your threat reaction time can become much quicker, allowing you to respond to issues before they cause very much damage.
These three defenses are an effective way to minimize the risk of a data breach. For more best practices for maintaining and protecting your business, keep reading our blog, and reach out to us at (317) 705-0333.
Data Security Must Be a Priority for Your Organization
After 143 million people had their personal information put at risk in the Equifax data breach, it comes as no surprise that data security is an even hotter topic than usual. As much as you’d like to think that a breach like that would never happen to your business, this is an unrealistic hope that won’t do you any good if the threat of a data breach does come around. It is much better to be prepared.
Data Backup is Much More Complicated Than It Seems
You must consider a series of worst-case scenarios if you want to protect your business in the long run. While various factors such as physical security, employee training, and network security can help you mitigate the majority of issues you face, what happens when each of these efforts fails? You know what they say–prepare for the worst and you’ll never be surprised by a data loss event again.
With a quality data backup and disaster recovery solution, you’ll be prepared for whatever life throws at your business. Larger companies generally don’t have as much to worry about, as their budgets are more flexible and can accommodate the spending required to ensure business continuity. Yet, smaller businesses can take advantage of these benefits as well, and it’s all thanks to managed IT services. The same backup and disaster recovery services that large enterprises take advantage of can work for your business, too, and it all starts with a business continuity plan. Here are four major concerns that any SMB should take into consideration for preserving their data infrastructure.
Firewalls
Do you store your business’s data backups in a location where they’re not protected by security solutions? If so, you’ll need to reconsider how you store your data backups. Firewalls are designed to keep threats from traveling to and from your infrastructure, and if the data that you’re storing your data backups in isn’t adequately protected by them, you’re going to have a bad time.
Antivirus
The same can be said for an antivirus solution, which protects your data by eliminating threats to it. All it takes is one threat to corrupt your business’s computing infrastructure. Think about what would happen if your data backups were to be corrupted by some ransom strain of malware. Would you be able to restore a backup like that in good faith that it wouldn’t pose a threat to your organization? Probably not–and you shouldn’t be in this situation in the first place. Implement an enterprise-level antivirus solution so that you don’t have to worry about whether your data backups are any good.
Backup Tests
Let’s say that your business experiences a data loss incident. You try to restore your data as soon as possible, but something goes wrong. The data is corrupted. It’s not as complete as you’d like it to be. Regardless of the reason, your business is down and out because you just assumed that your data backups would work as intended. You should be periodically testing your data backups to ensure that they will work when called upon.
Use Automation
The chances of your business’s data backups not working as intended will be drastically reduced if you remove one of the most unpredictable parts of it–the human element. Tape backups require your employees setting tapes to run backups at the end of every day. A cloud-based BDR, however, will accomplish the same goal automatically and send the backup directly to the cloud. There is no room for error here. Everything is handled seamlessly and without human intervention.
Does your business have a comprehensive business continuity plan? If not, be sure to give us a call at (317) 705-0333. Our trusted technicians can help you build the perfect backup solution for your business.