Network ServicesWeb DevelopmentMobile AppsSoftware Development

TeamViewer QuickSupport
Home About Us Clients/Testimonials Certifications Blog Newsletters Upload/Download Chat

Copeland Data News - October, 2017

Welcome...

We welcome you to the Fall Edition of Copeland News.  With technology consistently being used to move businesses forward, it is critical that we continue to inform you about the latest threats and how to best reduce the risk of an attack or system outage. 

Multiple security mandates have recently surfaced to force the hand of organizations in high-risk industries.  We have collected some of the key concepts from these mandates and have included them below.  Many of the concepts are easily implemented and can make big improvements on data security for your business.  While you cannot 100% protect against threats, you can reduce the likelihood of a breach and can reduce the damage if one does happen.

As always, if you think of anything today or in the future that you would like to discuss --never hesitate to drop us a note.  We are here to help and serve you in any way we can.

Thank you,

Tom

In this issue of Copeland Data News

Sign up for CDS News

What's Going On?

Business infrastructure continues to change at alarming rates.  While much of the media has reported on the large breaches (Equifax, Target, ECMC, DocuSign), small to medium sized businesses are at a higher risk.  Typically the smaller sized organization has less protection, looser procedures and are not paying attention to software patching and updates.

This is how hackers find you:

An individual sets up a bot (a piece of software set to do a routine of tasks automatically) to look out on the internet for any device it can find with a whole or vulnerability.  They let it run for a few hours, come back and analyze the results.  They don't care where you are located, your industry or size.  If they can get in, they get in.

Once in, they slowly poke around to see what they have access to on the network.  They try to elevate permissions to allow them to install programs or access data.  A typical hacker is on your network for 6 months before anyone knows.  They will try to encrypt data, open up ports, collect password information or just flat out steal your data. 

They can also come in via email attachments or infecting a website.  While antivirus and SPAM protection addresses much of this, the threats are a continuously evolving ahead of these protection technologies.

It is imperative that your management team has a plan to address company policies, IT security, Backup and Disaster Recovery and training for users to better protect against these threats.  We can no longer think of a breach as "if it happens" but "when it happens."

New York State DFS Mandate and GDPR Mandate – What we can learn

Takeaways from NYS DFS and GDPR Mandates …

While we are referencing two specific mandates (one for NYS and one that is global), all states have their own regulations in place to protect data and require organizations to report data breaches.  This will continue to expand beyond the financial and medical industries and also across state and country borders.  Below are some baseline practices all businesses should begin implementing.

Here is a quick definition of the NYS DFS Mandate and the GDPR Mandate:

Here is a list of key takeaways that these mandates enforce:

Just like any major change, it is important to have a plan to continuously improve over time.  You could address training and policies first, implement Disaster Recovery (to recover if something does happen) and then slowly address each point over time.

Network security - Simple ways to lock down your network

Lock It Up!

Network devices provide PCs, Smartphones, printers and other devices a connection to information on servers and a connection to the internet.  Any access point that you add to the network is now a touch point that must be managed.  These devices are not "set it and forget it" technologies and need to be updated, swapped and managed.  Here are some ways to ensure your network is not being accessed maliciously:

Did you know?

  1. Backup and Disaster Recovery is not as scary as it used to be.  There are many ways to protect your data and applications that cost as much as a multi-function copier.  If you cannot be down for more than a day or lose up to a day's worth of data, Backup and DR should be reviewed.
  2. SSD Drives are becoming more and more a standard at the PC level.  For 50.00 dollars more, you can add an SSD Drive which increases performance significantly and extends the life of your PC.
  3. Server disk space is more affordable than ever.  If purchasing a server, ensure you cover your existing needs and add additional resources to handle what may come later.  It is much easier and cheaper to purchase up front then to add resources later.
  4. Email should be migrated to the cloud unless there is a substantial reason to keep in house.  If someone sends a message, it should always get delivered whether your internet in the office is up or down.

Your comments are always appreciated...

Have a comment on anything in this issue of Copeland Data News, or maybe an idea for a future topic you would like us to cover?  Please connect with us on Facebook and let us know your thoughts!