Privacy

It’s Time to Focus on Data Privacy and Compliance

Most businesses have compliance regulations they need to meet. 2021 is becoming somewhat of a tipping point for some. Companies are dealing with the development of new data privacy laws that will surely add some responsibilities on top of already established regulations. This month, we thought we’d take a look at compliance and why it is important to stay on top of it. 

Before we get into regulatory compliance, we should mention that compliance with company-wide regulations (that presumably you’ve set up for a reason) are not exempt when considering your business’ compliance responsibilities. Understanding where your organization is in meeting both outside and inside compliance requirements can set you up for success, even as your business doesn’t look the same way it did in the past.

Outside Compliance Considerations

When compliance regulations are considered, typically these are the qualifications that need to be met. They are traditionally ethics-based regulations set up by legislators to help govern fair enterprise. Today’s business creates, collects, and uses data in new and exciting ways, and having to meet regulatory benchmarks becomes more and more crucial. Most of these regulations are governed by federal, state, and industry legislative bodies and organizations created to do that. If they are not met, it can cause some difficult problems for any business. These include fines, suspension of service, and more. 

Inside Compliance Considerations

The regulations you set up for your own business obviously don’t carry the risks inherent in meeting regulatory requirements, but presumably you’ve enacted these benchmarks and requirements to help manage and operate your business effectively, so meeting those standards is important. 

Massive Push For Data Privacy

For some time now, consumers have been more cognizant of how their personal information can be used against them. That doesn’t mean that many people have taken the steps to protect that data, but that is evolving. Typically, any regulations aimed at data protection have been made to keep organizations from taking advantage of stakeholders, but now, it seems, there is a fairly large section of people that are actively looking to help individuals protect their personal data. Unfortunately, many of the major technology companies don’t seem to be among them. 

The establishment of the General Data Protection Regulation (GDPR) by the European Union was a landmark day for individual data privacy. It held businesses accountable and gave individuals control over a lot of their personal data. Much of the same data was shared with impunity before the GDPR went into effect. Today, there are several data privacy laws on the books in the United States, with a federal data privacy law looking inevitable in the years to come. 

Compliance Tips

Outside of the GDPR (which affects any business that does business with European companies) most of today’s requirements have been in place for quite some time. Regulations like HIPAA and PCI DSS affect millions of businesses, so it is important to have a set of strategies in place to keep compliant. Here are a few tips:

1. Stay in Good Standing - You need a Certificate of Good Standing. Otherwise you can’t legally do business in most states. This is a certification that is issued by your state and requires your business to be registered as a legal entity, be current on tax filings, and meet other benchmarks or be suspended from doing business in that state. 

2. Be Aware of Any Laws that Govern Your Business - These days, the regulations and laws are always changing. Business in 2021 moves fast, so staying up on the latest regulations will help your business maintain good health and go a long way toward putting you in a position to maintain compliance. 

3. Keep Your Contacts Updated - It’s important to keep your business contacts list up to date. This strategy helps by having contacts on hand so that you can handle important issues that might arise.

4. Follow Best Practices - Complaint companies understand the best ways to stay that way. Typically, by following best practices, your business can maintain compliance more effectively.

If you need help staying compliant or understanding how to, give the IT professionals at Jackson Thornton Technologies a call today at 334-834-7660.

 

Tip of the Week: Keeping Peeping Eyes Out of Your Webcam

With many—if not most—computers and especially laptops featuring integrated webcams at this point, it isn’t hard to imagine how disastrous it would be to be spied on through it. Let’s take a few moments and go over a few ways to be sure that your webcam isn’t being used without your consent by someone else.

Keep Your Software Up to Date

To spy on you through your webcam, a cybercriminal (which is what that person would be) needs to have access to it. This can be as simple as simply hijacking an insecure program that has already been granted this desired access.

Keeping your software up to date helps to eliminate the likelihood that the hacker will have that opportunity, from the programs and apps you have installed to the operating system itself. When working on a PC, navigating to Settings and to Update & Security will bring you to the option to schedule your Windows Update. Rather than being interrupted mid-workflow, you can Change active hours to have these updates implemented after hours.

Maintain a Firewall

When it comes to keeping unwanted guests out of your network, a firewall is one solution you certainly need to prioritize. Making sure it is up, activated, and effective is a relatively simple process.

In Settings, once again under Update & Security, you should find Firewall & network protection in the left sidebar. The menu that opens when you click it will offer Windows Defender Firewall, one rudimentary way to stave off threats. This is a good enough solution for home users, but businesses will want to deploy an enterprise-level firewall that is designed to protect every facet of their network.

Securing Your Wi-Fi

It isn’t uncommon that attackers will target your network via the router, rather than the computer that uses it to connect to the Internet. If they can access this piece of your network infrastructure, there’s a considerable list of devices they’ll then be able to access. Better securing your router equates to better securing your entire network.

The first step is to rename your wireless network to something that doesn’t tie back to your business and lock it down with a strong, complex password. You’ll need to remember it, of course, but using a passphrase with some added symbols and alphanumeric switching will help keep it memorable to you and bamboozling to cybercriminals.

Cover Up Your Webcam

If you’re really and truly worried that someone may be peeping at you through your webcam, the simplest way to prevent the possibility is to simply obscure their view. Covers are available to make it simple to “deactivate” the camera when it is not needed, and in a pinch, a sticky note will do the job just fine.

Privacy always needs to be prioritized, in the office, the home, and in the home office. For more tips, practices, and advice on keeping your data secured, make sure to check back on our blog every few days.

 

 

 

Category: 

Facebook’s Massive Data Leak

Facebook is many people’s favorite—or at least most used—app and it does bring value to people by letting them keep tabs on friends and family, or grow their businesses. It has grown to be one of the largest, most successful software technology companies in the world. Unfortunately, with that type of exposure comes the responsibility of securing massive amounts of personal data. In this quest, they leave a lot to be decided. Today, we take a look at the situation Facebook is in as they are dealing with one of the largest data leaks in history.

What’s the Issue?

The current situation didn’t start recently, but at the beginning of April, some 533 million Facebook records were leaked by hackers for free on the dark web. Over half a billion users have had their personal information, including Facebook ID, corresponding phone numbers, birthdates, some email addresses, relationship status, and bio, dumped into a public database online. 

Facebook confirmed that the data was from a 2019 data leak, and that they have long since patched the vulnerability used to obtain it. That’s a good thing, but it’s still concerning that two years after a major data leak, the data, which was for sale for the past two years, was just dropped on the web for free. Obviously, the tech giant wants the narrative to be that this is old data and they have since made the changes necessary to protect their massive amount of user data, but the fact that it is still available is the bigger issue.

Once Data is Leaked, It’s Out There Forever

We may not really know the tangible value of the data found in this massive database. What we do know is that once data is leaked, it’s going to cause some consternation for Facebook, because:

● One of Facebook’s major revenue streams revolves around transactions with this data.

● This data is out there for free.

● It was likely obtained from a hacking tactic called scraping.

Your company doesn’t have the huge amount of data that Facebook has, but you have the same responsibilities with the sensitive data you have. If Facebook wasn’t, you know, Facebook (that being a platform that is typically used to share data) they wouldn’t be able to simply shrug off something like this. We can say with confidence that a data leak of nearly a quarter of your client base’s data would come with massive repercussions for your business. 

That’s why you need to ensure that you have the tools in place so that you don’t have to deal with data theft, loss of customer confidence, and all the other negative variables that come with a data breach. If you would like to find out more about how Jackson Thornton Technologies can help you secure your business’ and customers’ data, reach out to us today at 334-834-7660.

 

Category: 

Pros and Cons of Biometric Security

A lot has been made about biometric authentication over the past decade, so much so that it has been loosely integrated into a lot of the access control mechanisms on most modern mobile devices. Fingerprint scanners, retina scanners, and facial recognition are all part of the transition to biometrics to enhance security and privacy. For modern businesses, however, implementing biometrics can have some major drawbacks. Today, we will go over the pros and cons of biometric authentication.

For those who aren’t familiar with biometrics, they are the measurement and analysis of an individual's physiological or behavioral traits by technology that uses these measurements for authentication. Physiological biometrics are things such as a person’s fingerprints, face shape, eye patterns, or hand shape. Behavioral biometrics include a person’s online behavior, the IP addresses they send and receive information from, voice recognition, and other “behaviors."

The Pros of Biometric Authentication

The first thing that should be said is that biometric authentication is all about enhancing security, whether that is a fingerprint scanner to let you access a device or a state-of-the-art retina scanner to let you into a secure location in a building. As far as keeping unauthorized people out, it has to be said that biometrics work. 

That’s the first benefit. 

Biometrics Work for Security

They provide enhanced levels of security and privacy by increasing levels of assurance that the person looking for access is the person they say they are. Most accounts use passwords and PINs, and while they do offer some security benefits, biometrics present very real obstacles for hackers, scammers, and fraudsters.

Fast and Convenient

Another benefit is the sheer speed of biometric systems. They don’t take long for authentication as compared with other platforms such as pins and passwords with two-factor authentication that can take minutes rather than less-than-a-second to work. 

Can’t Fake It

One of the best parts of biometric authentication is that users can’t fake it. They will need authorization to gain access to the resources they are attempting to gain access to. Period.

The Cons of Biometric Authentication

Like any technology, businesses need to weigh the pros and cons of installing biometric technology. Despite being spoof-proof faster, and better at keeping out unauthorized people, there are some negatives that biometric implementation can bring. They include:

Cost

To say biometrics are more costly than traditional security methods is an understatement. In fact, if they were a comparable price and brought a relatively rapid ROI, you would see more businesses integrating biometric solutions. As it is, cost is cited as the number one detriment to biometric authentication.

Need for Security

Ironically, the most secure solution for authentication also carries the need for additional security. The biometric data that is used needs to be secured from outside threats as it is irreplaceable. If it were, it wouldn’t work to be secure. If a password or a PIN is compromised then you can change it, but if biometric identifiers are compromised, they are not usable again.

Lack of Privacy

Some biometric standards actually work to eliminate or marginalize user privacy to enhance the security of whatever is being secured. This has long been a trade off that people have had to make, but with biometric technology, privacy is all but negated.

Whatever you may think about biometric technology, it is the future of security. If you would like to talk to one of our security professionals about biometrics and getting the security solutions you need to protect your most prized assets, call us today at 334-834-7660.

 

Your Success Comes Down to Your People

We’re getting close to the end of 2020. Finally? Has it been a long year for you? Has it gone by really fast? We think every other day we have a different opinion about it.

Either way, it’s time to look at 2021. A fresh start, a clean slate. We think if there is one big mindset all business owners and C-levels need to take into consideration for 2021, it’s their people.

We’ve all had our full helping of lessons to learn in 2020. Many of us had to make hard decisions and take on uncomfortable roles in order to get through the year. Some were able to make the best of a difficult situation and adapted quickly, while others had a much harder time.

We think one of the bigger lessons to take away from this past year, and attempting to commit to business as usual, is that a lot of us are blessed to be surrounded by great, caring, forward thinking people.

We feel this way about our team at Jackson Thornton Technologies. They worked hard to help our clients earlier in the year get set up remotely. They worked hard to keep the internal communication happening and adjust our internal processes and deal with obstacles despite what was going on in the world. We're proud to be a part of this group of people.

We feel thankful about having great clients too. Clients who trust uswith their technology. The clients who have been with us for a long time, through ebbs and flows, who continue to put their faith in JTT to keep the gears running in their organizations—we thank you. To the new relationships we’ve made over the last year or two, we are so grateful that you chose to work with us and we can’t wait to see where we can go together over the next several years.

Our hearts go out to those who have been struggling and have had to downsize, or close their doors altogether. It’s not been an easy year. We hope we see you all again, building new opportunities for Alabama.

We're specifically addressing the business owners and C-levels here—we hope you are proud of your people. We hope you are thankful for them. We hope they were able to adjust to remote work if they had to, and we hope that, despite the obstacles, your business comes out on top.

As much as we want it to, when the clock strikes midnight on December 31st, the world isn’t going to suddenly change. It’s up to all of us to take the lessons that we’ve learned and apply them to our lives, whether that’s our personal lives or our professional lives. Many of us make promises to ourselves for the new year in the form of resolutions—from one business owner to another, we'd like to suggest one to you.

Nurture Your People

How you do this will depend on your business, on you, and your employees. A good place to start is to realize just how important they are, and how much of an impact they have on your business. For some of us, simply conveying honest, thoughtful gratitude can be huge. If you’ve felt disconnected from your remote workforce, you aren’t alone. It’s harder to sweep the office and check in on people. Doing check-ins and dishing out kudos doesn’t seem as organic when it’s done remotely, but it’s still important.

Commit to educating your staff. Cybersecurity threats have evolved to take advantage of home users more than ever before, and with many organizations already being stressed, the last thing they need is to get caught with ransomware or a phishing attack. Your employees (in general) want to be good at their job. They want to do what’s right. They wouldn’t fall for a phishing attack on purpose, but it is up to you to make sure they understand what to look for. We can certainly help you with this step.

We mentioned check-ins before. Commit to this, or at least commit managers to it. Do it with your staff, with your clients, with your prospects. Communication is critical, and a lot of people are logging into work every day alone from their homes and apartments. They aren’t getting the same face-to-face interaction that they are accustomed to. Remote meetings are nice, and right now, still the way to go, but consider friendly check-ins and temperature checks just to make sure the people you work with and work for are doing well. For your staff, throw a meeting onto the schedule, and for your clients and prospects, have a quick call just to see if there is anything you can do. If it comes from a genuine place, it will likely be appreciated.

That’s all today. We just wanted to give my thanks to our team here at Jackson Thornton Technologies, and our incredible clients. It’s a little early to celebrate the end of 2020 (we’ve yet to yell BINGO with our 2020 Bingo card) but we want to pre-emptively wish everyone a fantastic rest of the year and a wonderful, safe, prosperous 2021.

 

COVID-19 Pandemic Exacerbating Cyberthreats

Keeping your network and infrastructure free from threats is always a priority, but with so many people working remotely, businesses have encountered problems doing so. In fact, hackers and scammers have come out of the woodwork to try and gain entry into unauthorized networks or to flat-out steal data. This month, we thought we would take a look at how the COVID-19 pandemic has exacerbated the threats out there. 

Unsecured Networks

A lot of people are working remotely. In fact, one study showed that 58 percent of all knowledge workers--which are workers that deal in information--are now working remotely. With so many people being asked to work remotely, and no time to plan out a strategy to get them secured, many employees are working with unsecured access to company resources. In fact, unsecured remote desktops have risen by over 40 percent. This is a major concern, because cybercriminals can use brute force methods to gain access to a desktop. If that desktop is part of a larger computing network, they gain access to that as well. Not a good situation. 

Speaking of Brute Force Attacks

With so many unsecured connections out there, brute force attacks are up nearly 400 percent over numbers in 2019. Kaspersky published a report stating as much, and it really isn’t a surprise. IT administrators were given very little or no advanced notice that they were to implement all the services employees would need. This created the current situation where there are many problems securing authentication points and keeping software effectively updated.

There Is Not Just One Virus Going Around

Hackers and scammers are using COVID-19, and the fact people are almost universally concerned about it in one fashion or another, to overcome people’s cyber awareness. This was seen almost immediately as COVID-19-related phishing attacks were deployed en masse. In fact, in April of 2020, there were nearly 70 times more COVID-19-related phishing attacks than the previous month. 

Success Rates for Hackers are Improving

Since people are constantly accessing Internet-based resources, and are getting messages from all over, many people are less deliberate in their ongoing scrutiny of incoming emails, the predominant vector phishing attacks come in. The truth is that people were the weakest link in a company’s cybersecurity platform before the pandemic, but it pales in comparison to how much of a liability some are today without constant oversight. 

COVID-19 is a Field Day for Scammers

As mentioned earlier and understood by many security-minded people out there, hackers are opportunists. A global pandemic is just the kind of situation that hackers look to take advantage of; and they have. There are literally billions of COVID-19 pages up on the Internet, so ascertaining which are legitimate and which are nefarious is going to be difficult. Additionally, thousands of domains are added each day, of which 90 percent are scams. Not a good look for humanity when the largest health crisis in decades is met with people trying to steal money and data from others. 

A Change in Perspective is Needed

Technology’s job is to support the way people work, and with today’s strategies in place, more attacks are resulting in more breaches. This is largely because -- even with a sharp change in strategy -- companies are still trusting their users to do the right thing. They know that most of them will, and some won’t. The only way to get ahead during these uncertain times is to move to a zero trust strategy.

That’s not to say that users aren’t still going to have to do the right things, but under the zero trust model, the user is allowed to access their work regardless of where they are or what machine they are using. It’s less critical because instead of monitoring user behavior the zero trust model relies on the constant monitoring of the machines being used. Zero trust strategies constantly interrogate the network signal, the machine they are on, the data that is being transmitted, and the health of the software that is being used. If something is off, it is noticed and remediated immediately. 

In the new zero trust perspective, risk is managed on a case-by-case basis, and that level of hyper awareness will go a long way toward mitigating further risk. During the COVID-19 pandemic, scammers have run rampant, video conferencing has been hijacked, phishing emails are more common and intricate than ever, but they don’t have to hurt your business. None of these circumstances matter when you seal up your network in a way where the most risk is mitigated. 

If you would like to know more about how the COVID-19 pandemic has affected business and technology, or you would like to learn more about zero trust strategies and how to coordinate your business’ cybersecurity initiatives to give your newly remote workforce the best chance to help your business grow and prosper, call the IT professionals at Jackson Thornton Technologies today at 334-834-7760.

 

Security Best Practices that Get Overlooked

Security is a major part of any business, and if there isn’t a diligent approach to the implementation of it, you can be left with huge holes in your network. This month, we thought we would discuss some of the best practices you can take to make sure that your organization’s security is in the best possible position to protect your digital resources. 

Security Steps

Let’s face it, your business’ cybersecurity starts and ends with your staff. They need simple, practical directions to follow or they simply won’t pay any mind to it. You don’t want to be the business that deals with significant turnover because security tasks are so demanding that their employees would rather work elsewhere. You will want to take the time to go through every part of your IT and brainstorm potential problems. You will address situations such as:

● What qualifies as confidential data, when and how this data is to be shared, best practices and requirements for storage and access credentials

● How devices used for work are to be maintained and handled, which devices may be approved for use, how to get a device approved

● How employees are required to go about transferring data, remote work policies, threat reporting processes

Understanding the potential problems your business faces can go a long way toward dictating where you need to invest capital on the security side. 

Prioritize Training

Many businesses are still not training their employees even though up to 94 percent of all cyberthreats that come in are due to employee error, negligence, or sabotage. As a result, it’s extremely important to have a comprehensive security training platform in place. You need to teach your employees about phishing, about social engineering tactics, and about data care.

Use Innovative Tools

There are a lot of businesses that have a lot of security measures that they use to mitigate problems such as data theft, intrusion, and especially malware deployment. These solutions can be had in a comprehensive security suite that includes firewall, antivirus, content filtering, spam blocker and more.

To learn more about the powerful security tools your business can implement to keep malware and other threats off your network, call the IT security experts at Jackson Thornton Technologies today at 334-834-7660.