Ready for GDPR? What you need to know about new privacy regulations.

GDPR Compliance

If your company collects data on customers, you need to be GDPR compliant by May 25. Even though this is a European privacy law, it affects businesses here in the US. GDPR (General Data Protection Regulation) has new, more transparent regulations for how all companies collect and analyze data tied to EU residents.

Your company will be required to provide a clear notice when you’re collecting data, and let your customers know why you’re collecting it, how long you’ll retain it, and your deletion policies. You’ll need to ensure your employees understand the new policies, and that all your vendors are also compliant.

Your customers will now have the right to access their personal data, and correct or remove it from your database. They can also object to your processing their personal data.

For complete unbiased information on GDPR visit the European Commission.  For network security, penetration testing and all other compliance issues contact mPowered IT at 678-389-6200.

Why Bear the Outrageous Cost of Downtime?

Cloud Backup

Most SMBs don’t have a realistic idea of what it would cost if their computer network were to go down or be inaccessible for any reason. Businesses that do estimate the cost figure around $5000 per hour – but that’s actually low. The cost is actually around $18,000 per hour. Considering how much of your business is tied to your network, you have to figure not only the hard costs of recovery, lost productivity and sales, but also lost opportunity costs – the potential customers who attempted to access your business and couldn’t.

But SMBs with a solid backup and disaster recovery plan can continue business as usual, even with a system failure or power outage that lasts for days. With our Ensure program, your system is backed up continuously throughout the day, every day, and should your server fail, your business is not disrupted. Your business continues off the backup system during repairs.

No business should bear the cost of downtime, when the loss of revenue is almost completely avoidable. The Ensure program provides all the backup and disaster recovery you need for a low monthly rate. In fact, you could be on the Ensure program for many years, enjoying the peace of mind knowing your data is safe and accessible to you, and your cost would be nowhere near what you’d pay for even a few hours of downtime. It just makes good business sense to have Ensure in place – because eventually something will go wrong.

Call mPowered IT to Ensure your business continuity through any disaster – 678-389-6200

 

Would your medical practice pass a HIPAA audit?

One thing I’ve noticed as an IT professional  – and occasionally as a patient – is that no matter how brilliant doctors are with medicine and medical technology, their practices usually struggle to stay up to date with computer and network technology. It also almost goes without saying that medical practices are nearly 100% focused on patient care, scheduling, and insurance, leaving little energy to devote to HIPAA compliance. But even an innocent oversight of a detail of HIPAA compliance can be costly, in terms of fines and loss of reputation.

What medical practices really need is a way to put HIPAA compliance on rails – so it’s simple to understand and easy to handle. We’re now offering an easy-to-use software solution, Embrace Compliance Guard. It will help you with risk assessment, train your staff, verify your compliance status, produce the reports you need, and a whole lot more. It also provides Compliancy Coaches for live human help when you need it.

This software is the solution I’ve been wanting to provide to my medical clients for a long time, and now it’s available. mPowered IT, as a provider to medical clients, has been trained on this system, and we have ensured that we are HIPAA compliant too. We can provide Embrace Compliance Guard on its own or as an addition to our Managed IT Support Services for medical practices.

Learn all about it here. Or, give us a call at 678-389-6200.

How’s that phone system working out for you?

IT service issues

That phone system you put in years ago is probably in need of an upgrade, but who wants to deal with that hassle and expense? Yet, it’s hard to grow and move forward with what you have.

We are helping small businesses get a better, more advanced phone system, without the huge cost and drama. The small business phone system of the future is VoIP – a cloud-based system.

With our Embrace Voice cloud-based phone system, you never have to worry about set ups, managing, updating or repairs ever again. For one low monthly fee, you suddenly have the most cutting-edge phone system with the most advanced features.

Why stumble though another awkward conference call or irritate another customer with a less-than-friendly on-hold system, when you can quickly switch to a system that really helps your business and its future growth.

Learn more about VoIP and let’s talk about how we you can use it help your business. Call 678-389-6200.

No Personal Email Accounts for Company Business!

The Yahoo! Data Breach of 2013 may seem like old news, but 2017 revealed it was far worse than reported. After Verizon acquired Yahoo! in June 2017, they discovered the 2013 breach affected every Yahoo! customer account – three billion in total!

That mind-boggling number is three times more than Yahoo! reports when they first disclosed the breach in 2017. It’s almost 10 times greater that the whole US population.

How could that happen?

The hackers had free access to billions of email accounts for three years before they were discovered. More that 150,000 of the accounts were owned by current and former US government and military employees. They included the accounts of White House staff members, US Congress, and members of the FBA, NSA, and CIA.

Part of the problem is Business Email Compromise (BEC), a growing trend of organized cyber criminals. They get into your network, spend weeks or months studying your organization’s vendors, billing systems, and your CEO’s style of email communications. They can then send a fake email from your CEO (while he or she is away and unavailable) to someone in your finance office, requesting you send payment to someone your company would normally pay. This is a scam that works and the money is hard to track and recover.

How Your Business Could Avoid a Yahoo-type Breach 

  • Patch Vulnerabilities: This must be done in a timely manner. The more time your system spends vulnerable the easier it is for hackers to get what they want.
  • Don’t trust email from an employee’s private account. Anytime someone in your company sends you an email from a private email account, be suspicious. Reply by phone or use the company email to ask if that email was from them.
  • Use your company email for business. Make sure all company business that must be emailed is done via your company email account. That includes minor things like requesting a meeting or sending a file. Because data breaches are a huge and growing threat, it’s best to always keep your company email communications within the safety and security of your business email account.
  • Get a real security partner to assess your vulnerabilities and catch issues before they blow up into expensive and damaging problems. Call mPowered IT at 678-389-6200 and ask for a FREE VULNERABILITY ASSESSMENT.

 

 

Password Protect Customer Data!

secure customer data deep roots analytics voter exposure

The Republican National Committee hired Deep Root Analytics in 2017 to gather political information on US voters but didn’t secure the data. They had personal information on about 61% of the US population stored on an Amazon cloud server – with no password protection. It was exposed there, open for anyone to access, for about two weeks before a security researcher discovered it. A class action lawsuit, and a media storm of negative publicity immediately followed.

A company that acquires and manages personal information should know how to secure data. They were entrusted with sensitive information such as names, birthdates, home address, phone numbers, regions, ethnicities, and voter registration information, and carelessly stored them without password protection. A class action lawsuit immediately followed.

Your business may not have millions of personal records, but you need to secure data for your own customers, because their trust is important to you. And their information is gold to hackers.

How Your Business Could Avoid a Deep Roots-type Error 

  • Recognize What Data is Sensitive: While you don’t want any company data to become public, you do need to recognize that your customer data should be considered sensitive. Names, addresses, phone numbers, email address should always be kept secure. The mere fact that these people are your customers is a major piece of information for hackers, and they can sell that data to your competitors. If you have your customers’ annual income, social security numbers, date of birth, etc., you have to be even more careful about protecting them.
  • Password Protect Your Customer Database. Your customer data should never be accessible to anyone without a password.
  • Limit Access to Your Customer Database. Only the people in your company who absolutely need to access your database to perform their jobs should have access. Limiting access will reduce both unintentional and intentional data breaches by employees.
  • Get a real security partner to assess your vulnerabilities and catch issues before they blow up into expensive and damaging problems. Call mPowered IT at 678-389-6200 and ask for a FREE VULNERABILITY ASSESSMENT.

 

 

No Personal Email Accounts for Company Business!

The Yahoo! Data Breach of 2013 may seem like old news, but 2017 revealed it was far worse than reported. After Verizon acquired Yahoo! in June 2017, they discovered the 2013 breach affected every Yahoo! customer account – three billion in total!

That mind-boggling number is three times more than Yahoo! reports when they first disclosed the breach in 2017. It’s almost 10 times greater that the whole US population.

How could that happen?

The hackers had free access to billions of email accounts for three years before they were discovered. More that 150,000 of the accounts were owned by current and former US government and military employees. They included the accounts of White House staff members, US Congress, and members of the FBA, NSA, and CIA.

Part of the problem is Business Email Compromise (BEC), a growing trend of organized cyber criminals. They get into your network, spend weeks or months studying your organization’s vendors, billing systems, and your CEO’s style of email communications. They can then send a fake email from your CEO (while he or she is away and unavailable) to someone in your finance office, requesting you send payment to someone your company would normally pay. This is a scam that works and the money is hard to track and recover.

How Your Business Could Avoid a Yahoo-type Breach 

  • Patch Vulnerabilities: This must be done in a timely manner. The more time your system spends vulnerable the easier it is for hackers to get what they want.
  • Don’t trust email from an employee’s private account. Anytime someone in your company sends you an email from a private email account, be suspicious. Reply by phone or use the company email to ask if that email was from them.
  • Use your company email for business. Make sure all company business that must be emailed is done via your company email account. That includes minor things like requesting a meeting or sending a file. Because data breaches are a huge and growing threat, it’s best to always keep your company email communications within the safety and security of your business email account.
  • Get a real security partner to assess your vulnerabilities and catch issues before they blow up into expensive and damaging problems. Call mPowered IT at 678-389-6200 and ask for a FREE VULNERABILITY ASSESSMENT.

 

Oops! Your private data is showing.

data security best practices

Do you know how easy it is for a competitor to gain access to your customer list?
Or how easily one employee can accidentally make your company files publicly accessible?
Or how anyone who really wants to can read all those “private” emails you send?

 Learn Data Security Best Practices to Keep Your Company Data Secure

Your company data is a major asset, so keeping it secure should be a top priority. Most small businesses do not have data security best practices in place for keeping their data safe, which makes them vulnerable to accidental release of data and purposeful hacking.

Download a FREE copy of Data Best Practices from mPowered IT to learn how to keep your info safe!

Company data you really don’t want made public

  • Employee records
  • Payroll records
  • Proprietary product info
  • Customer lists
  • Projects in progress
  • Client emails
  • Personal emails

Whether you transact online with customer credit cards or not, you are especially vulnerable to exposing your private data. Most small businesses are easy targets because they’re not putting reliable data security measures in place. And not all data security breaches come from an outside hacker – sometimes they come from a disgruntled employee. Or, more likely, they happen because employees do something innocent not realizing they’ve created a vulnerability. Or, management has provided too much access to too many employees.

If you don’t want your business to become anyone else’s business, download your free copy of Data Security Best Practices or call mPowered IT at 678-389-6200.

 

 

Keep Your Systems Updated and Patched

What some have called “the worse ransomware attack ever” struck in May 2017, infecting an estimated 300,000 computer systems in just four days. WannaCry was similar to many ransomware attacks, i.e. it encrypted files and demanded a Bitcoin payment to decrypt them.

However, it differed in one major way: worm tactics.

Once WannaCry infected a machine, it scanned the connected LANs and WANs to find and attack other vulnerable hosts. The subsequent infections occurred automatically without user interaction.

This allowed WannaCry to seize entire networks and even hop to others, rapidly sparking a flash epidemic worldwide.

The National Health Service in the U.K. was hit particularly hard, with at least one-third of health trusts (i.e. healthcare offices and services) disrupted and over 19,000 appointments canceled, including surgeries.

Stolen NSA Cyber Weapons

WannaCry spread via EternalBlue, an exploit for Windows Server Message Block version 1 (SMBv1), a legacy network file-sharing protocol present in every version of Windows released in the last 15 years (and maybe more).

The exploit is allegedly from a cache of cyber weapons stolen from the U.S. National Security Administration (NSA) and released publicly on April 14, 2017.

Microsoft issued a patch for the vulnerability on March 14, 2017. When the attack began, every Windows system that had not been patched within eight weeks was vulnerable.

How Your Business Can Avoid a WannaCry 

  • Patch Vulnerabilities: The importance of patching cannot be overstated. When WannaCry struck, administrators with freshly patched Windows machines were safe.
  • Plan for Disaster: This attack targeted a vulnerability in millions of Windows systems. A patch had been available for only about two months. Another attack of this scale is always possible. If your systems are compromised, what will you do? If you don’t already have one, get a backup and disaster recovery plan in place.
  • Get a real security partner to assess your vulnerabilities and catch issues before they blow up into expensive and damaging problems. Call mPowered IT at 678-389-6200 and ask for a FREE VULNERABILITY ASSESSMENT.

 

 

Never Hide a Data Security Breach from Your Customers

Uber’s CEO revealed on Nov. 21, 2017, that the ride-hailing service failed to disclose a massive data breach last year. In Oct. 2016, hackers accessed a server containing personal information for more than 57 million Uber drivers and riders. They demanded a $100,000 ransom to delete their copy of the data, which Uber paid.

The attackers allegedly first accessed a private GitHub repository used by Uber’s developers. The repository contained code with login credentials for other Uber systems, which ultimately provided access to the stolen data.

Uber later identified the hackers and pushed them to sign nondisclosure agreements. It also disguised the ransom payment as part of a bug bounty program, according to the New York Times.

The Biggest Mistake was the Cover-up

The Uber data breach may prove to be an example of when the cover-up is worse than the crime. The breach undoubtedly harmed the company’s brand, but the damage caused by hiding the attack has only begun. Lawsuits are now raining down on Uber from attorneys general across the U.S.

How your Business Can Avoid Lawsuits and Customer Distrust from a Security Breach

Even though the security breaches at large corporations make the headlines, it’s the smaller companies that are the most vulnerable. Small businesses are generally easier to hack because they don’t put real security measures in place. Here’s what we recommend:

  • Know the laws. There are federal, state and local laws on how to handle a data breach and notify customers, and some are industry specific.
  • Err on the side of transparency – Thousands of companies have experienced a data security breach. It’s how you respond to it that matters to your customers. Most will forgive you, especially if you care enough about their information to keep them informed.
  • Get a real security partner to assess your vulnerabilities and catch issues before they blow up into expensive and damaging problems. Call mPowered IT at 678-389-6200 and ask for a FREE VULNERABILITY ASSESSMENT.

 

 

Web Analytics