Archive for February, 2010

Issue No. 2 Feb. 22, 2010

Identity theft is the fastest growing financial crime in America, affecting 10 million people a year and costing the economy $50 billion. Businesses need to take measures to protect themselves, their customers and their employees. It is much more difficult for a business to recover from this kind of theft, and they are a much more lucrative target with less risk but less protection than consumers.

The government advices us to “deter, detect and defend.” But what does that mean? Please reference the Lomasne rule — “Never write if you can speak; never speak if you can nod; never nod if you can wink”-which has been updated to include:”never put it in email.” Be careful what your employees say during office phone conversations. Avoid giving identifying or financial information over the computer or only on secure pages. Monitor all monthly statements. Check your credit reports regularly.

On a practical level, protect all passwords and personal identification numbers. Sensitive information should be kept behind locked doors and in locked file cabinets and on the Internet through passwords, or other mechanisms like bioidentity devices. Use shredders for all unneeded documents and trash that might include personal information or identities, even unopened solicitations.

Be on the lookout for “phishing.” How it works: recipients will get what appears to be a valid email from a legitimate company, asking for an account number and the related password. The explanation used is that the recipient’s records are being updated or that there is a new security measure in place that requires confirming the requested information. This “fishing” for information has been used to obtain stolen identities to commit identity crimes, with a single act of phishing generating hundreds of thousands of stolen identities.

Just because the email contains authentic trademarks, logos, language and even the urls does not mean it’s authentic. Often, the email contains links to pages that are programmed to look like those on the company’s actual site, and only a discerning eye can tell that the pages are not “real.” One of the clues is bad grammar and poor spelling. Most large institutions are paying someone to proof these materials-a spammer is not!

Next Issue: Protecting Mobile data

Uptodata is brought to you by New England Network Group.
Find helpful materials on CMR17 compliance at http://nengroup.com/

Issue No. 1 Feb. 10, 2010

Small and medium sized businesses in Massachusetts are paying close attention to the personal information in their workplaces in light of the passage of CMR 17, which aims to protect consumers from data theft. The law goes in to effect in March of 2010, and establishesa standard set of regulations for businesses to protect and store Massachusetts residents’ personal information. NENGroup has a series of checklists and discovery forms to help small business owners through this process. But there are benefits to strong network security beyond compliance with the new law.

We depend on internet connectivity today for transactions, data processing, and information delivery. In a survey of 7,300 business and technology executives worldwide from a variety of industries, including government, health care, financial services and retail by CIO magazine, the large majority admitted they fear attacks from social networking sites. Many of us have received that email purporting to be from Facebook, but actually leading to a virus. But blocking social networking is out of the question for many of these companies as many businesses use these sites for marketing.

According to CIO, “only 23 percent said their security efforts now include provisions to defend Web 2.0 technologies and control what can be posted on social networking sites. One positive sign: Every year, more companies dedicate staff to monitoring how employees use online assets-57 percent this year compared to 50 percent last year and 40 percent in 2006. Thirty-six percent of respondents monitor what employees are posting to external blogs and social networking sites.

To prevent sensitive information from escaping, 65 percent of companies use Web content filters to keep data behind the firewall, and 62 percent make sure they are using the most secure version of whichever browser they choose. Forty percent said that when they evaluate security products, support and compatibility for Web 2.0 is essential. ”

There is no technology available that can change employee behavior, and that is what will really make the difference. Educating companies and their teams about the perils and pitfalls of personal computer use can really make a difference.

Next issue: Identity theft: Are you responsible?
Uptodata is brought to you by New England Network Group.
Find helpful materials on CMR17 compliance at www.nengroup.com.

————–
Important Message!
NENG will sponsor a seminar on how small- and medium-sized businesses can reach compliance with Massachusetts’ new data privacy act, CMR17.
IT IS 99.99% CERTAIN YOU WILL NEED TO COMPLY!
The session will be led by Warren Atlas, a partner in the law firm Atlas and Atlas PC. Attorney Atlas specializes in labor-management relations and employment law, and is recognized as an expert on the new law, scheduled to go into effect on March 1, 2010. Robert O’Keefe, NENG’s Director of Sales Engineering, will add his in- depth knowledge of critical technology compliance to the presentation.

WHAT: CMR 17 Compliance Seminar
WHEN: Thursday, February 18, 2010, 8 AM
WHERE: Burlington Marriott
One Burlington Mall Road
Burlington, Massachusetts 01803 USA
Phone: 1-781-229-6565
RSVP or questions: NENG (781) 362 -1199