Acceptable Use Policies Can Save Your Business

Policy, procedure and process.

I was asked recently why do I need a computer policy?

The short answer? It’s the law.

Massachusetts 201 CMR 17.00 Compliance

In Massachusetts, the law 201.cmr.17 clearly states that a business must have a clear and defined polices when it comes to internet and data access for their employees. To quote the purpose section directly:

This regulation implements the provisions of M.G.L. c. 93H relative to the standards to be met by persons who own or license personal information about a resident of the Commonwealth of Massachusetts. This regulation establishes minimum standards to be met in connection with the safeguarding of personal information contained in both paper and electronic records. The objectives of this regulation are to insure the security and confidentiality of customer information in a manner fully consistent with industry standards; protect against anticipated threats or hazards to the security or integrity of such information; and protect against unauthorized access to or use of such information that may result in substantial harm or inconvenience to any consumer.

MA Privacy Law Compliance for Your Business

What does this mean for businesses? If an employee decides to copy client’s data to an external drive or an external network and their is no company policy in place, it could possibly cause a tremendous amount of fines and penalties when it comes to data loss and lack of accountability that comes from a data breach.

The other problem is failure to prevent the data loss can also mean something larger when it comes to their clients data. If they are so careless with your clients data, it shows that they could be careless with your companies intellectual property such as client list, client information and more. Nothing is worse for a business owner than their client and accounting information to fall into their competitors hands.

Reviewing Your Company Policies

What we recommend to our client is to review their client handbook and their company policies when it comes to networks, computers and mobile devices. Many times our clients and some new ones are surprised when we ask for a copy of their handbook so we can make modifications.

Many attorneys believes that they do a great job when creating an acceptable use policy when it comes to their clients networks, but from an IT perspective, it can always be tightened up. From social media, mobile devices, flash drive, and password policies, it is imperative that we advise clients to have us review it so they are not at risk to penalties and data loss. Too often there is the one-two punch of losing client data, and then losing clients. Let us help you be proactive.

Dispelling Ransomware Myths

Ransomware is the new underground economy.

In the last few years, a new breed of exploit has arrived on the scene, called Ransomware. Basically, what it does is encrypts all your files, demands bitcoins or some other crypto currency and waits. It usually has a timer giving you a couple of days to setup an account, transfer the funds and when done they usually send you the decryption codes.

Why Does This Happen: Money, Greed, and a Lack of Patching

A majority of infections are from “drive-by” downloads. You go to a website, or to an obscure search engine and a virus writer has purchased an AD on that page or engine. In the coding, it displays to the search engine something different than what others see to avoid detection. When you go to that page, it runs a JavaScript with usually a zero-day exploit and tries to inject itself in your computer, and you don’t have to do anything for it to come in. It tests the weaknesses of your java, shockwave, HTML interpreter or other system weakness and exploits it.

What is a “Crypto Currency”?

Years ago (and there is some disagreement how it was developed), a new type of currency was developed. It was named “BitCoin”. Bitcoins are computer generated slices of encrypted code that utilizes each other to generate a code when it considered a currency. You can slice and dice up this code to pay other people, bundle up all the bitcoins or be able to send money to anyone else on the planet. It is extremely fast, easy to use and no one government controls it. It also has some drawbacks: enter in the wrong bitcoins address and it is gone, never to come back.

My Files are Encrypted. What do I do?

Most people don’t think anything of the popup that they receive when the initial demand for payment is made until they go to launch a program or access a file. That is when people begin to panic. Word, Excel, PDF’s and more are locked down solid. They want their bitcoins and your data is being held hostage to deliver them. The virus is smart, so it disabled system restore and in some cases deleted backups in the process.

I’ll Call the Police, They’ll Help!

Nope. The people who develop these ransomware viruses are overseas and they use the highest encryption they can get their hands on. Usually, 4096 bit+ RSA multi-key crypto keys and they are extremely hard to break if you’re not a major super power. FBI, NSA, DHS and the local police have no tools to help you. These writers specifically target small business owners, hospitals, and smaller targets so the governments do not get involved. If they targeted larger, then something would be done. The best thing is just to NOT get infected to begin with by utilizing a terrific antivirus, patching, and maintenance program and being proactive in your security.

Patching Your Computer

If you see a leak in a dam, you patch it right? Why not your computer?

Many people avoid patches, and yes, there are many. From Windows updates to Office updates, Adobe Reader, Shockwave, Firefox, Google Chrome and more it requires you to keep on top of them. Why? Anyone of them can be a vector to enter into your computer and you should be patched. At Triton Technologies, we have an excellent patching system in place for our clients and networks. We update once a day for workstations, weekly for servers, and hourly for 3rd party software such as Adobe, Google and more. It pretty much KILLS the ransomware even before it has a chance to come in.

I Have a Firewall, I Don’t Need to Patch All the Time!

Nope, the firewall is just another line of defense, but it shouldn’t be your only defense. You need to have a proper maintenance program in place, security protocols in place, anti-virus that is up to date and more. Just relying on a single piece of technology for a total system defense is not only bad for data security, it could potentially bankrupt your business. If you’ve got any of these concerns, or are recovering from a ransomware attack: contact us. We can help you get your system back up and backed up, and make sure it never happens again.

Apple Wins the PR Battle, but Loses the War

But Once Again, No Technology Is Really Secure…The FBI Has Managed to Break Through Apples iPhone Security.

Did you doubt they could? Did you think the iPhone could really stand up to this? If you did, you need to know more about security. Good security means fast detection and real-time response. The front door can always be broken into.

Should Apple Have Folded?

Security is a funny thing. If Apple had given in, case law would have been established. Any future crime could have forced the developer to change the code, create a backdoor, or make things less secure. I know there are many people saying this isn’t true, but most of them can’t claim any security expertise. I haven’t met one serious security expert who disagrees with me – although I’m sure there are some.

Since Security Was Broken…

On the other hand, security can always be broken into…that’s why there’s a huge opportunity for every technology company right now. If you take on security there’s new business out there. We have a problem. If the FBI gained access (or some of their third party contractors), the bad guys can do it too.