News

 The Massachusetts Data Privacy Act has been in place since March, and companies are learning more and more how important compliance is going to be.  In their online newsletter, Security Privacy and the Law, Foley Hoag LLC reported on results of the Ponemon Institute and PGP Corporation ‘s Global 2009 Annual Study on Cost of a Data Breach (.pdf) [available directly from EncryptionReports].  Ponemon surveyed companies in the U.S., UK, Germany, Australia and France and found that in 2009, the average cost of a data breach was $3.4 million.  That is $142 per customer affected by the breach.

Unfortunately for U.S. businesses, the survey found that data security breaches In the U.S. were more expensive that in other countries, $204 per customer on average.  The survey found that the existence of breach notification laws, such as the 45 state notification laws adopted in the U.S., correspond to substantially increased costs of data breaches.

The survey’s other findings include:

• The most expensive breach remediation cost one U.S. company $31 million, while the least expensive was $750,000.
• 35% of all breaches involved outsourced data provided to third parties, while 36% of breaches were caused by hackers.
• Businesses that have a Chief Information Security Officer (CISO) incurred reduced costs for data breaches, 21% less on average.

NENGroup is looking for smart, savvy, customer-friendly engineers to join our team. We are an established but growing networking company located in Burlington MA. Having happy customers is our number one goal, but we also want happy team members. NENGroup provides competitive compensation and comprehensive benefits. Our benefits plan is designed to keep our most important assets – our people – healthy, happy, and moving ahead at optimal speed with insurance for health and dental, vision, long term disability and a matched 401k retirement plan (we kept our match program current throughout the recent economic challenges.) We can work with flexible schedules, and we provide training opportunities. We also have a clear, fair bonus program to reward achievement.

Requirements
We’re looking for demonstrated skills which vary by position, see the full job descriptions below for specifics.

How to Apply
Send a resume to hr@nengroup.com. Feel free to follow up by phone after emailing.

How to Stand Out
Customer service is our top priority. Tell or show us how you OWN customer satisfaction. Include a cover letter that tells us why you want to work with us. Do something besides telling us that you took Intro to Networking, Data Structures and have an A+ certification.

Current Openings:

Network Engineer: CCNA required, Outstanding Customer Service a MUST

Field Technician/Help Desk

Many small businesses believe that they are exempt from the Massachusetts Data Privacy Act (201 CMR 17); the perception is that the law is geared to retailers and financial institutions, whose day to day operation involves the gathering and sharing of large amounts of personal information.   A few simple questions should convince you that you are most likely NOT exempt, and that your business must comply.

Do you have any employees? 
Do you receive payments from individuals, whether check or credit card? 
Do you need to send out 1099s? 

If you  answered yes to any or all of these questions, then you have personal information in your possession, and therefore must bring your business into compliance.

Massachusetts has recently revised the 201 CMR 17 law, and there is much good news for businesses:

• The  effective date for 201 CMR 17 is now March 1, 2010
• The application of the regulations to those that “own or license” personal information about Massachusetts residents versus their service providers has been more clearly described.
• The Regulations now take a “risk-based” approach that allows a business to take into account their size, scope, amount of resources, nature and quantity of data collected or stored, and the need for security, in determining how to implement the requirements.
• The definition of encryption is now technologically neutral, and all computer security system requirements only need be applied “to the extent technically feasible.” According to the Massachusetts Office of Consumer Affairs and Business Regulation, this means “that if there is a reasonable means through technology to accomplish a required result, then that reasonable means must be used.”
• Businesses must “take reasonable steps to select and retain” third-party service providers capable of maintaining security measures consistent with the Regulations, and bind them by contract to implement and maintain them.

These changes are going to make 201 CMR 17 compliance easier.  However the deadline is now less than six months away.  Businesses may want to start the hard work that needs to be done now. 

• Write a 201 CMR 17 Comprehensive Information Security Program, with the aid of an attorney.  We have provided a model for you to follow. 
• Implement a strong password policy.  Passwords need to be impossible to guess and should include letters, both upper and lower case, numbers and symbols.
• Secure Email so that personal information can not be sent out on the Internet unless it is encrypted.
• Encrypt laptops and other portable devices in a method that doesn’t interfere with a user’s ability to read and create documents.
• Have a system to maintain up to date security patches, antivirus, malware, and firewalls for all computer equipment.

Then ask who what why when where:

• WHO:  Choose a point person.  Having a designated driver will make the complicated process more efficient and more effective.  And make sure they have the resources needed to get the job done. 
• WHAT:  What are the potential risks?  Identify any foreseeable risks to Personal Information and come up with a plan to eliminate or reduce those risks
• WHY:  Educate and Train all employees about the importance of protecting Personal Information and Computer Network Security
• WHERE:  Identify where Personal Information comes from, where it is stored, how it is utilized– and by whom.
• HOW:   How are you going to get this done?  Decide if internal resources are enough or is an outside network firm needed to create a reasonable secure network
• WHEN:  Now is the time to start tackling these tasks.  We have compiled a check list to help you through the process. 

There are a number of resources available to help small businesses with their questions and concerns on this law that aims to protect them, their customers and their employees.  The Massachusetts Office of Consumer Affairs and Business Regulation created these regulations and can be helpful. 

We have put together several documents to view or download, including a 201 CMR 17 compliance checklist; a sample 201 CMR 17 Comprehensive Information Security Program to help you understand the type of document that needs to be created;   a 201 CMR 17 Personal Information Discovery Form to help you and your team determine where and in what form personal information may exist; and a copy of the 201 CMR 17 Regulations.
 
Please call me at 781 362 1199 or toll free at 800 696 2309.  Or you can email me at rokeefe@nengroup.com.  I will be happy to set up an appointment to guide you through this process. 

For more information:

NENGroup 201 CMR 17 Compliance Page
NENGroup 201 CMR 17 Press Release

New England Network Group, Inc’s (NENGroup) array of IT solutions can help local companies comply with Massachusetts’ Comprehensive Identity Theft Prevention Regulation – 201 CMR 17.

The 201 CMR 17 personal data protection law outlines stringent new rules for companies to develop and implement computer security safeguards, including setting up a comprehensive written information security plan, protecting against anticipated threats to the security of personal information, and developing policies to regulate employees’ ability to access records outside work.

Regardless of their size, all Massachusetts companies and businesses that compile or maintain personal information records, including employee data, are subject to 201 CMR 17’s regulations. Many local companies may find themselves ill-equipped to internally implement the required security strategies.

Fortunately, (NENGroup), as one of the leading full-service IT companies in the Boston area, can help local companies meet the regulations set forth by the new personal data protection law. As part of their IT solutions services, NENGroup offers comprehensive computer security services, including secure user authentication protocols, secure access control measures, encryption tactics and firewall protection. Companies can enjoy peace of mind knowing NENGroup will set up a system that provides the utmost protection for their customers’ personal information as well as adheres to the new state law.

Though Massachusetts companies have until March 2010 to comply with the 201 CMR 17, new regulations also require businesses to complete internal and external security risk assessments prior to the effective date. In light of this, NENGroup encourages companies to reach out to one of their skilled IT specialists as soon as possible.

NENgroup can be reached at: govirtual@nengroup.com or (800) 696-2309. More information available at: http://nengroup.com or http://nengroup.com/the-basics/products-and-services/ma-201-cmr-17/.

About NENGroup:

New England Network Group, Inc. (NENGroup) has been a full-service managed IT service provider to hundreds of New England area businesses for nearly 15 years. NENGroup’s technical expertise, passionate customer service, highly trained staff, industry certifications, responsiveness, business savvy and ability to think outside-the-box provides their customers with the Technical Peace of Mind that permits them to keep their minds on their businesses, instead of on their computer equipment.

8.31.09

Are you ready for swine flu? The Federal government has offered guidance to businesses on how to prevent the spread of the H1N1 virus and how to prepare for a major outbreak. They stressed the importance of allowing employees who exhibit flu symptoms to go home and stay home until at least 24 hours after their fevers subside. They also said that businesses should consider eliminating policies requiring a doctor’s note to justify a sick day and that employers should be prepared to operate with fewer people.

Public health agency recommendations for dealing with swine flu include not only staying home from work, but keeping children home from school FOR SEVEN DAYS at the first sign of flu-like symptoms.

Will you be able to give your team the flexibility to take care of their first priorities while keeping an eye on yours?

Yes. If you Think Outside the Box.

Think Outside the Box IT allows a “work from anywhere” office environment. It also has many other benefits, including saving thousands on your equipment costs—no more new servers. Low monthly hosting fees include almost a full T-1 of bandwidth. Save hundreds and even thousands of dollars on power costs as you no longer need dedicated air conditioning to keep your servers cool. Be secure with full disaster recovery; put your operations in a carrier class data center with full redundant power, internet and state of the art security. And virtual servers are Green Technology, and will reduce your carbon footprint and make you a more environmentally friendly company–all with no changes to your current IT providers!

I am not only the president and CEO of New England Network Group (NENGroup), I am a satisfied customer of Think Outside the Box IT. I can attest to its value and security. After losing power and having my office flood after the recent biblical rains, I was able to operate uninterrupted, thanks to the virtual servers.

I would love the opportunity to tell you more about Think Outside the Box IT, and to offer your first month free. Please call me at 781.362.1169, or email me at sducharme@nengroup.com to learn more and to take advantage of our one month free offer.

- Sarah Byrne Ducharme