Issue No. 3 Mar. 3, 2010

HIDDEN SECURITY THREATS-What to look for and how to stop them

PC World Magazine’s Tony Bradley recently shared an insightful look at the latest online security threats, including scareware, trojan horse text messages, and social network data harvesting-and how to avoid them. For those concerned about compliance with Massachusetts new data security law, we have included the section on encryption of email and laptops below. This is one of the solutions that NENG offers as part of the comprehensive CMR compliance materials available at www.nengroup.com. We urge you to read the full article.

Lost laptops, exposed data

The portability of laptops and cell phones is convenient, of course, but that same portability means that such devices are easily lost or stolen. If your laptop, netbook, phone, or other device falls into the wrong hands, unauthorized users may access the sensitive data that you’ve stored there.

Encrypt your data: You can use a utility such as Microsoft’s BitLocker to encrypt data. Unfortunately, BitLocker is available only for Windows Vista and Windows 7, and even then it’s exclusive to the Ultimate and Enterprise editions of those OSs (and is also available in Windows Server 2008); you won’t find the tool in the consumer versions of Vista and Windows 7.

Use stronger passwords: If encrypting seems to be more of a hassle than it’s worth, at least use strong passwords to protect your PC. Longer passwords are better; more characters take longer to crack. You should also mix things up by substituting numbers and special characters for letters. For example, instead of using the plain “PCWorldMagazine”, you could use “PCW0r1dM@g@zin3″. Though that’s still a phrase you can easily remember, the character diversity makes it significantly harder to guess or crack.

Though less comprehensive, free utilities such as the FireFound add-on for Firefox provide similar capabilities. You can configure FireFound to automatically delete your passwords, browsing history, and cookies following a failed login attempt.

Mobile phones can hold a significant amount of sensitive data, too. Fortunately, services such as Find My iPhone, part of Apple’s $99-per-year MobileMe service, and Mobile Defense for Android-based smartphones perform similar feats of location tracking and remote data wiping for smartphones. Both MobileMe and Mobile Defense can use the built-in GPS capabilities of your smartphone to pinpoint the current location of the device and relay that information back to you.

Uptodata is brought to you by New England Network Group.

Important Message

If you are a Massachusetts small business, you are now required to comply with new legislation that sets standards for the protection of personal information of residents of the Commonwealth. CMR 17 requires companies to develop and implement several security safeguards, including:

· A comprehensive written information security plan creating effective administrative, technical and physical safeguards of personal information
· Protection against any anticipated threats or hazards to the security or integrity of personal information
· Policies regulating employees’ ability to access and transport records outside work
· A complete employee training regarding new security strategies
· Disciplinary measures for violations of these new safeguards

All Massachusetts companies and businesses, regardless of their size, are subject to the regulations set forth by the new personal data protection law, THIS INCLUDES YOUR OWN EMPLOYEE DATA. Conversely, many local companies may find themselves ill-equipped to internally implement the required security strategies.

NENG HAS THE SOLUTION! Visit us online and look for the COMPLIANCE SOLUTIONS tab. Contact a skilled NENGroup IT specialist today to ensure your company is prepared for the new standards: GoVirtual@NENGroup.com or (800) 696-2309.