Are you subject to Data Protection laws?

 

 
Are you subject to Data Protection laws?
 
This blog introduces a new topic that many may be unaware of: Data Protection laws. These are laws that define fully, or in part, what type of data is covered by government regulations, proscribe general standards for the securing of covered data, and may also require notification of victims and governmental authorities in the event of a breach. Small businesses, no matter what product or service they provide, are likely subject to some manner of regulations regarding the storage and use of digital data. For instance, any medical office or organization that handles medical records is subject to HIPAA, the federal law regarding health data privacy. Meeting IT regulations can be expensive and time consuming and they also require timely upgrades. Failure to stay up to date can lead to fines, penalties, and a damaged reputation.
 
Chances are, you are subject to some data protection or data security laws. You are also very likely to be subject to breach notification laws. As a small business you should consider having an audit conducted to determine if you possess data that may be regulated by these laws. Failure to be aware that you are covered by them does not protect you in the event of a data breach.
 
In our next blog, we will discuss one category of information that is the focus of many data protection laws. This category is referred to as Personally Identifiable Information. When you discover what that includes, it will be pretty apparent why protecting this data is important for the integrity and success of your business.

Are you subject to Data Protection laws?

Ransomware Part II

 

 
Ransomware Part II
 
In our last blog, we explained what ransomware is, and why it can be an especially troublesome virus. Today, let’s look at what you can do to avoid falling victim.
 
Prevention is the best cure. Follow standard “data hygiene” principles that you probably hear about all of the time. Update your OS, software, and apps whenever a new release or patch is released. Do this ASAP. Some patches may be released solely as a result of the discovery of a vulnerability. Watch out for phishing scams. If anything looks “off” about an email, don’t open it. And never open links you aren’t totally sure of. If unsure, email back to the sender to verify they actually sent you a link. Unfortunately, human error is one of the biggest problems for data security. Employees unwittingly open links received via email or download information from insecure websites.
 
Beyond prevention, the most important thing you can do to make sure your data cannot be held ransom is strictly adhering to a regimen of backups. Routinely backup your data. However, with ransomware, even backups may not be foolproof. If your data has been infected and you are unaware of it, or the backup is not segregated from your network, your backups may also be corrupted. Given the severe consequences of a ransomware attack, consider having a security evaluation done by a managed service provider who will have the security expertise to advise on the best backup protocols for your situation. Ransomware presents some unique challenges that require more sophisticated data protection protocols. Contact a managed service provider for a complete security evaluation.

Ransomware Part II

Ransomware part I

 
 
Ransomware part I
 
The daily reports of cybercrime are important reminders about the need to protect your business from malicious behavior that could threaten the success of your business. There are so many different things that can attack your computer, steal your data, and wreck your day. One of the most troublesome has been the development of ransomware. (FYI. Ransomware isn’t actually all that new– some version has been around for decades)  Ransomware is a type of computer virus that takes your data hostage and like any kidnapping scheme, demands money for the release of your data.
 
Why is ransomware so nasty? Because it steals the most important thing your business possesses. Data. Worse, once infected there isn’t generally a way out. No one can “disinfect” your machine. You aren’t going to be able to call in IT support to solve the problem. Basically, you have three options.

  1. Pay the ransom. This payment is usually via credit card or bitcoin (a digital currency). Some ransomware viruses even provide help lines if you’re having trouble. Of course there are no guarantees your will get access to your data–these are thieves you’re dealing with.
  2. Don’t pay and lose your data – This has its obvious downsides, unless…
  3. You have a safe, clean backup. In that case, you are stuck with the nuisance of restoring your data with the backup, but you aren’t out any money. However, this comes with a caveat: your backups have to be clean. The problem with ransomware viruses is that just making backups may not be sufficient to protect your data, as the backups can be infected also. In the next blog, we will address your need to add an additional layer of protection to handle ransomware attacks.

Ransomware part I