Author Archive

NENGroup is looking for smart, savvy, customer-friendly engineers to join our team. We are an established but growing networking company located in Burlington MA. Having happy customers is our number one goal, but we also want happy team members. NENGroup provides competitive compensation and comprehensive benefits. Our benefits plan is designed to keep our most important assets – our people – healthy, happy, and moving ahead at optimal speed with insurance for health and dental, vision, long term disability and a matched 401k retirement plan (we kept our match program current throughout the recent economic challenges.) We can work with flexible schedules, and we provide training opportunities. We also have a clear, fair bonus program to reward achievement.

Requirements
We’re looking for demonstrated skills which vary by position, see the full job descriptions below for specifics.

How to Apply
Send a resume to hr@nengroup.com. Feel free to follow up by phone after emailing.

How to Stand Out
Customer service is our top priority. Tell or show us how you OWN customer satisfaction. Include a cover letter that tells us why you want to work with us. Do something besides telling us that you took Intro to Networking, Data Structures and have an A+ certification.

Current Openings:

Network Engineer: CCNA required, Outstanding Customer Service a MUST

Field Technician/Help Desk

Issue No. 3 Mar. 3, 2010

HIDDEN SECURITY THREATS-What to look for and how to stop them

PC World Magazine’s Tony Bradley recently shared an insightful look at the latest online security threats, including scareware, trojan horse text messages, and social network data harvesting-and how to avoid them. For those concerned about compliance with Massachusetts new data security law, we have included the section on encryption of email and laptops below. This is one of the solutions that NENG offers as part of the comprehensive CMR compliance materials available at www.nengroup.com. We urge you to read the full article.

Lost laptops, exposed data

The portability of laptops and cell phones is convenient, of course, but that same portability means that such devices are easily lost or stolen. If your laptop, netbook, phone, or other device falls into the wrong hands, unauthorized users may access the sensitive data that you’ve stored there.

Encrypt your data: You can use a utility such as Microsoft’s BitLocker to encrypt data. Unfortunately, BitLocker is available only for Windows Vista and Windows 7, and even then it’s exclusive to the Ultimate and Enterprise editions of those OSs (and is also available in Windows Server 2008); you won’t find the tool in the consumer versions of Vista and Windows 7.

Use stronger passwords: If encrypting seems to be more of a hassle than it’s worth, at least use strong passwords to protect your PC. Longer passwords are better; more characters take longer to crack. You should also mix things up by substituting numbers and special characters for letters. For example, instead of using the plain “PCWorldMagazine”, you could use “PCW0r1dM@g@zin3″. Though that’s still a phrase you can easily remember, the character diversity makes it significantly harder to guess or crack.

Though less comprehensive, free utilities such as the FireFound add-on for Firefox provide similar capabilities. You can configure FireFound to automatically delete your passwords, browsing history, and cookies following a failed login attempt.

Mobile phones can hold a significant amount of sensitive data, too. Fortunately, services such as Find My iPhone, part of Apple’s $99-per-year MobileMe service, and Mobile Defense for Android-based smartphones perform similar feats of location tracking and remote data wiping for smartphones. Both MobileMe and Mobile Defense can use the built-in GPS capabilities of your smartphone to pinpoint the current location of the device and relay that information back to you.

Uptodata is brought to you by New England Network Group.

Important Message

If you are a Massachusetts small business, you are now required to comply with new legislation that sets standards for the protection of personal information of residents of the Commonwealth. CMR 17 requires companies to develop and implement several security safeguards, including:

· A comprehensive written information security plan creating effective administrative, technical and physical safeguards of personal information
· Protection against any anticipated threats or hazards to the security or integrity of personal information
· Policies regulating employees’ ability to access and transport records outside work
· A complete employee training regarding new security strategies
· Disciplinary measures for violations of these new safeguards

All Massachusetts companies and businesses, regardless of their size, are subject to the regulations set forth by the new personal data protection law, THIS INCLUDES YOUR OWN EMPLOYEE DATA. Conversely, many local companies may find themselves ill-equipped to internally implement the required security strategies.

NENG HAS THE SOLUTION! Visit us online and look for the COMPLIANCE SOLUTIONS tab. Contact a skilled NENGroup IT specialist today to ensure your company is prepared for the new standards: GoVirtual@NENGroup.com or (800) 696-2309.

Issue No. 2 Feb. 22, 2010

Identity theft is the fastest growing financial crime in America, affecting 10 million people a year and costing the economy $50 billion. Businesses need to take measures to protect themselves, their customers and their employees. It is much more difficult for a business to recover from this kind of theft, and they are a much more lucrative target with less risk but less protection than consumers.

The government advices us to “deter, detect and defend.” But what does that mean? Please reference the Lomasne rule — “Never write if you can speak; never speak if you can nod; never nod if you can wink”-which has been updated to include:”never put it in email.” Be careful what your employees say during office phone conversations. Avoid giving identifying or financial information over the computer or only on secure pages. Monitor all monthly statements. Check your credit reports regularly.

On a practical level, protect all passwords and personal identification numbers. Sensitive information should be kept behind locked doors and in locked file cabinets and on the Internet through passwords, or other mechanisms like bioidentity devices. Use shredders for all unneeded documents and trash that might include personal information or identities, even unopened solicitations.

Be on the lookout for “phishing.” How it works: recipients will get what appears to be a valid email from a legitimate company, asking for an account number and the related password. The explanation used is that the recipient’s records are being updated or that there is a new security measure in place that requires confirming the requested information. This “fishing” for information has been used to obtain stolen identities to commit identity crimes, with a single act of phishing generating hundreds of thousands of stolen identities.

Just because the email contains authentic trademarks, logos, language and even the urls does not mean it’s authentic. Often, the email contains links to pages that are programmed to look like those on the company’s actual site, and only a discerning eye can tell that the pages are not “real.” One of the clues is bad grammar and poor spelling. Most large institutions are paying someone to proof these materials-a spammer is not!

Next Issue: Protecting Mobile data

Uptodata is brought to you by New England Network Group.
Find helpful materials on CMR17 compliance at http://nengroup.com/

Issue No. 1 Feb. 10, 2010

Small and medium sized businesses in Massachusetts are paying close attention to the personal information in their workplaces in light of the passage of CMR 17, which aims to protect consumers from data theft. The law goes in to effect in March of 2010, and establishesa standard set of regulations for businesses to protect and store Massachusetts residents’ personal information. NENGroup has a series of checklists and discovery forms to help small business owners through this process. But there are benefits to strong network security beyond compliance with the new law.

We depend on internet connectivity today for transactions, data processing, and information delivery. In a survey of 7,300 business and technology executives worldwide from a variety of industries, including government, health care, financial services and retail by CIO magazine, the large majority admitted they fear attacks from social networking sites. Many of us have received that email purporting to be from Facebook, but actually leading to a virus. But blocking social networking is out of the question for many of these companies as many businesses use these sites for marketing.

According to CIO, “only 23 percent said their security efforts now include provisions to defend Web 2.0 technologies and control what can be posted on social networking sites. One positive sign: Every year, more companies dedicate staff to monitoring how employees use online assets-57 percent this year compared to 50 percent last year and 40 percent in 2006. Thirty-six percent of respondents monitor what employees are posting to external blogs and social networking sites.

To prevent sensitive information from escaping, 65 percent of companies use Web content filters to keep data behind the firewall, and 62 percent make sure they are using the most secure version of whichever browser they choose. Forty percent said that when they evaluate security products, support and compatibility for Web 2.0 is essential. ”

There is no technology available that can change employee behavior, and that is what will really make the difference. Educating companies and their teams about the perils and pitfalls of personal computer use can really make a difference.

Next issue: Identity theft: Are you responsible?
Uptodata is brought to you by New England Network Group.
Find helpful materials on CMR17 compliance at www.nengroup.com.

————–
Important Message!
NENG will sponsor a seminar on how small- and medium-sized businesses can reach compliance with Massachusetts’ new data privacy act, CMR17.
IT IS 99.99% CERTAIN YOU WILL NEED TO COMPLY!
The session will be led by Warren Atlas, a partner in the law firm Atlas and Atlas PC. Attorney Atlas specializes in labor-management relations and employment law, and is recognized as an expert on the new law, scheduled to go into effect on March 1, 2010. Robert O’Keefe, NENG’s Director of Sales Engineering, will add his in- depth knowledge of critical technology compliance to the presentation.

WHAT: CMR 17 Compliance Seminar
WHEN: Thursday, February 18, 2010, 8 AM
WHERE: Burlington Marriott
One Burlington Mall Road
Burlington, Massachusetts 01803 USA
Phone: 1-781-229-6565
RSVP or questions: NENG (781) 362 -1199

Many small businesses believe that they are exempt from the Massachusetts Data Privacy Act (201 CMR 17); the perception is that the law is geared to retailers and financial institutions, whose day to day operation involves the gathering and sharing of large amounts of personal information.   A few simple questions should convince you that you are most likely NOT exempt, and that your business must comply.

Do you have any employees? 
Do you receive payments from individuals, whether check or credit card? 
Do you need to send out 1099s? 

If you  answered yes to any or all of these questions, then you have personal information in your possession, and therefore must bring your business into compliance.

Massachusetts has recently revised the 201 CMR 17 law, and there is much good news for businesses:

• The  effective date for 201 CMR 17 is now March 1, 2010
• The application of the regulations to those that “own or license” personal information about Massachusetts residents versus their service providers has been more clearly described.
• The Regulations now take a “risk-based” approach that allows a business to take into account their size, scope, amount of resources, nature and quantity of data collected or stored, and the need for security, in determining how to implement the requirements.
• The definition of encryption is now technologically neutral, and all computer security system requirements only need be applied “to the extent technically feasible.” According to the Massachusetts Office of Consumer Affairs and Business Regulation, this means “that if there is a reasonable means through technology to accomplish a required result, then that reasonable means must be used.”
• Businesses must “take reasonable steps to select and retain” third-party service providers capable of maintaining security measures consistent with the Regulations, and bind them by contract to implement and maintain them.

These changes are going to make 201 CMR 17 compliance easier.  However the deadline is now less than six months away.  Businesses may want to start the hard work that needs to be done now. 

• Write a 201 CMR 17 Comprehensive Information Security Program, with the aid of an attorney.  We have provided a model for you to follow. 
• Implement a strong password policy.  Passwords need to be impossible to guess and should include letters, both upper and lower case, numbers and symbols.
• Secure Email so that personal information can not be sent out on the Internet unless it is encrypted.
• Encrypt laptops and other portable devices in a method that doesn’t interfere with a user’s ability to read and create documents.
• Have a system to maintain up to date security patches, antivirus, malware, and firewalls for all computer equipment.

Then ask who what why when where:

• WHO:  Choose a point person.  Having a designated driver will make the complicated process more efficient and more effective.  And make sure they have the resources needed to get the job done. 
• WHAT:  What are the potential risks?  Identify any foreseeable risks to Personal Information and come up with a plan to eliminate or reduce those risks
• WHY:  Educate and Train all employees about the importance of protecting Personal Information and Computer Network Security
• WHERE:  Identify where Personal Information comes from, where it is stored, how it is utilized– and by whom.
• HOW:   How are you going to get this done?  Decide if internal resources are enough or is an outside network firm needed to create a reasonable secure network
• WHEN:  Now is the time to start tackling these tasks.  We have compiled a check list to help you through the process. 

There are a number of resources available to help small businesses with their questions and concerns on this law that aims to protect them, their customers and their employees.  The Massachusetts Office of Consumer Affairs and Business Regulation created these regulations and can be helpful. 

We have put together several documents to view or download, including a 201 CMR 17 compliance checklist; a sample 201 CMR 17 Comprehensive Information Security Program to help you understand the type of document that needs to be created;   a 201 CMR 17 Personal Information Discovery Form to help you and your team determine where and in what form personal information may exist; and a copy of the 201 CMR 17 Regulations.
 
Please call me at 781 362 1199 or toll free at 800 696 2309.  Or you can email me at rokeefe@nengroup.com.  I will be happy to set up an appointment to guide you through this process. 

For more information:

NENGroup 201 CMR 17 Compliance Page
NENGroup 201 CMR 17 Press Release