Cybersecurity is Everyone’s Job

Are your employees putting your business at risk? Even the most loyal employee can expose you to a phishing or ransomware scheme – cyber training for your entire team can help you significantly reduce your risk.

Employees put you at risk in several ways:
Poor password choices: Passwords like “Password”, 123456 and “qwerty” are some of the most commonly used and easy to guess and increase your risk.

Poor password protection: Passwords don’t do any good if they are written down and posted on the device or on a nearby fixture.

Personal device issues: BYOD programs can help you save money, but employees using personal devices to access your network need training to reduce the risk of a breach

Falling for a phishing scam: Someone on your team clicks a link in an app or email – and your entire network is impacted

Unapproved software: Downloads of pirated or legal material could contain a virus or malware

Social engineering: Criminals use sophisticated methods to befriend your team and then exploit them for access to your system.

Cutting your Risk
Training and informing your team about known threats can massively cut down your risk. Comprehensive network security training should include:

  • Formal classes on how to keep your network secure, including password use and ploidies

  • Education about suspicious links and emails

  • Information about the high threat posed by pirated or legal downloads

  • What to do if you receive a suspicious email

  • What to do if you lose your personal device (for those with BYOD programs)

  • Proper password selection and management

Covering all of these aspects of security in a formal training session and then issuing updates as needed allows you to protect your business and ensure that every person on your team does their part when it comes to cybersecurity.

Will Your Backup Strategy Protect Your Business Against Cyber Attacks?

If you run a business or are the head of IT, then protecting your network should be one of your top priorities. Because so much of the world relies on electronic data, it is vital to keep your information safe. Like many other modern companies, you probably have more challenges than ever when comes to shielding the sensitive data that your business relies on for day-to-day operations.

Employers often use external apps and services to get work done. Workers may share private information with contractors. There may be multiple people, located thousands of miles from one another, working on the same file. With the complexity of modern computing, it is essential to have a sound network backup strategy in place to guard against the devastating effects of a cyber attack. Like most businesses, you probably already have backups. However, will they protect your information?

The headlines are full of reports about large organizations, such as police departments and hospitals, that are being forced to pay cyber attackers ransom after having their data encrypted in ransomware attacks. According to CNN Tech, cybercriminals extorted nearly $210 million from businesses and institutions after locking their computer servers.

Many of the large organizations and firms that were hit by cyber criminals surely have backups in place. So, why aren’t they working? Could your organization be at risk? It is not always easy to determine how secure your company data is. So, what can you do to protect your business?

Information technology and network security experts agree that because each organization’s security needs and priorities are different, there is no one-size-fits-all answer. Your backup strategy will depend on your organization’s priorities and requirements. For the best protection for your business, contact a security expert to help you design a backup plan that is right for your company.

The Importance of Email Archiving for Healthcare, Financial and Government Sectors

Archiving emails after a certain time is not just a good idea, for many industries, it’s the law. Failure to archive emails in a timely manner could result in both official sanctions and penalties and an inability to properly defend yourself in a criminal or civil case. Learning more about email security and archiving and the penalties for non-compliance can mitigate your risk and ensure your business stays on the right side of the law.

What Archiving is Required?

Many industries, including healthcare, banking and finance, and even government entities are required to keep track of email correspondence in an archive for a specified time period. Specific guidelines vary by industry, but your business needs to be in compliance with the Federal Regulations on Civil Procedures, which includes the following points:

  • You need to know where your emails are

  • You need to be able to comply with data requests

  • You need to be able to retrieve your emails when requested

  • You may not alter archived data; alteration is a crime and can be penalized with fines and jail time

For Financial Institutions

Outlined in Section 17a-4 of the SEC’s Securities Exchange Act, records of financial transactions and statements and other communications (including emails) need to be retained for three years. Brokers, investment firms, banks and other organizations are required to comply with this regulation.

In addition, rules under the Sarbanes Oxley Act require the retention of correspondence and documents relating to audits and financial data. Penalties for altering or deleting electronic records, including emails range from hefty fines to jail time.

For the Healthcare Industry

HIPAA may not specifically mention emails, but there are still requirements regarding documentation. Since patients can ask for a full accounting of disclosures of their PHI (Protected Health Information) for up to size years after the event, any organization wishing to comply with HIPAA should retain all communications, including emails. HITECH also specifies the need to protect and retain patient data and outlines the penalties for failing to do so.

Cut your Risk

Regulations are complex and varied, creating a robust email backup policy can protect your business not only from official sanctions and non-compliance penalties, and it can protect you in the event of a lawsuit as well.

Need help creating the right archive solution for your business? We can help you mitigate risk, fully comply with the law and protect your good name. Contact us to learn more about your options and to implement an archival program that works for your organization.

Upcoming Webinar
During an upcoming webinar on July 20th at 3pm EST / 2pm CST, experts from White Rock Security Group and Mimecast, a leader in email security and archival, will discuss the dual challenges that businesses have when it comes to archiving emails as well as protecting their networks from phishing and other types of attacks.  There is no cost to register for the webinar but there is a limit on the number of registrants.  Click here to learn more and to get registered.