Tag Archives: data security

Lost Employee Smartphone? Do This NOW!

15 Feb 17
lverbik
, , , , , , , , , , , , , , , ,
No Comments

“Hey boss, I lost my smartphone.”

How well have you prepared for this moment? It will happen sooner or later. If your company has a plan in place, no big deal. If not, you may suddenly get that sinking feeling in your gut …

And well you might. You now have three big worries:

Compliance Issues – If your employee had access to information covered by any number of regulations, your company could be subject to stiff penalties. One employer we know of wound up with a $900,000 fine.

Data Security – Sensitive company data in the wrong hands could spell disaster. Access to your network, secure sites, proprietary files, work-related e-mails and corporate secrets may now be out of your control. You must move quickly to prevent serious financial harm.

Employee Privacy and Property Concerns – If a valued employee had family photos and movies on the device, and you remotely delete all data on the phone, you may now have a disgruntled, or even uncooperative, employee. Especially if company policy regarding BYOD (bring your own device) and data loss were not clearly stated and agreed to up-front.

So how do you prevent a relatively minor incident from blowing up into a big problem? Here are seven smart measures you can take right now to prepare for the day an employee smartphone is lost or stolen:

  1. Install a mobile device management (MDM) system on any employee device to be used at work. This software can create a virtual wall separating work data from personal. It facilitates any security measures you wish to impose. And to protect employee privacy, it can limit company access to work data only.
  1. Determine which devices will be allowed and which types of company data people may access from them.
  1. Require that employees agree with an Acceptable Use Policy before they connect to your network. Make sure these include notice as to conditions in which company data may be “wiped” – i.e., destroyed. Also include specific policies regarding device inspection and removal of company records.
  1. Put strong data protection practices in place. Require use of hard-to-crack passwords and auto-locking after periods of inactivity. Establish protocols for reporting lost or stolen devices. Mandate antivirus and other protective software as well as regular backups.
  1. Designate someone at your company to authorize access to software and critical data. This person can also be your main point of contact for questions about BYOD policy and practices. It might also work well to distribute a resource page or FAQ document to your employees.
  1. Establish a standard protocol for what to do when a device is lost or stolen. Both Android and iOS phones have features that allow device owners to locate, lock and/or “wipe” all data on their phones. Make sure your policy requires that these features are set up in advance. Then, when a device is lost or stolen, your employee can be instructed to take appropriate action according to your protocol in order to protect company data.
  1. And finally, your best protection is to implement a well-crafted BYOD policy in advance. Develop it in partnership with risk management and operations personnel, as well as legal counsel and IT professionals, to come up with an effective and comprehensive plan.

Do not delay on this – it is a serious vulnerability that can and must be addressed in order to assure the safety of your company’s data and systems.

 

Your #1 MUST-DO Resolution For 2017

28 Dec 16
lverbik
, , , , , , , , , , , , , , , , , , ,
No Comments

With every New Year comes the chance to reset priorities. Unfortunately, when the topic of implementing a data recovery plan comes up, the comment we most often hear is “I know I should, but I haven’t gotten around to it yet…”

So…what if the pilot on the next flight you’re on announces right after takeoff, “I know we should have run through our preflight checklist, but we haven’t gotten around to it yet…???”

Without a solid backup and recovery plan in place, just one mission-critical file that gets lost or stolen could put your company in a world of serious hurt. When you compare the high cost of replacement, repair and recovery to the relatively trivial price of keeping good backups, the choice is an absolute no-brainer.

Why disaster recovery planning matters more than you think

Let’s face it, data is the nucleus of your business. That means that a single ransomware attack could wipe you out in a matter of minutes. Today’s cybercriminals are raking in literally billions of dollars (yes, billions) preying on the unwary, the poorly protected and those who “haven’t gotten around to it yet.” Let’s consider the facts…

Ninety-seven percent of IT services providers surveyed by Datto, a data protection company, report that ransomware attacks on small businesses are becoming more frequent, and they expect that trend to continue. These attacks are taking place despite anti-virus and anti-malware measures in effect at the time of the attack.

Windows operating systems are most often infected, followed by OS X. Cloud-based applications, particularly Dropbox, Office 365 and Google Apps, are also being targeted.

Ransom demands typically run between $500 and $2,000. About 10%, however, exceed $5,000. And even at that, paying a ransom demand is no guarantee that encrypted files will be released.

For a typical SMB, downtime from ransomware can cost around $8,500 per hour, and will take an average of 18.5 hours of the company’s time. That’s a hit to your bottom line somewhere in the neighborhood of $157,250. Yet in many cases the ultimate cost has reached into multiple hundreds of thousands.

In a recent survey of 6,000 IT professionals by the Ponemon Institute, 86% of companies had one or more incidents causing downtime in the past 12 months. Typical downtime was 2.2 days, with an average cost of $366,363. And that’s just the average. Could your company survive that kind of hit? It’s no wonder that 81% of smaller businesses suffering such an attack close their doors within three years.

It’s tragic. And yet the solution is so simple…

The #1 antidote for a data disaster

What’s behind these costly incidents? Here’s the breakdown of contributing factors:

  • Human error: 60%
  • Unexpected updates and patches: 56%
  • Server room environment issues: 44%
  • Power outages: 29%
  • Fire or explosion: 26%
  • Natural disasters: 10%

Note that human error accounts for 60% of the breaches. It’s no wonder then that ransomware attacks are on the rise, since they can be triggered by just one employee inadvertently clicking a bad link in an e-mail or social media site. Human behavior is hard to control. However, the #1 antidote for a ransomware attack is having a secure backup ready and waiting to replace encrypted files.

And when you scan through the rest of the list above, it becomes clear that, while you need to implement a comprehensive set of data security measures, having a solid and reliable data recovery plan in place and ready to go the moment disaster strikes is still your best defense.

 

Lost Employee Smartphone? Do This NOW!

07 Sep 16
lverbik
, , , , , , , , , , , , , , ,
No Comments
“Hey boss, I lost my smartphone.”
How well have you prepared for this moment? It will happen sooner or later. If your company has a plan in place, no big deal. If not, you may suddenly get that sinking feeling in your gut …
And well you might. You now have three big worries:
Compliance Issues – If your employee had access to information covered by any number of regulations, your company could be subject to stiff penalties. One employer we know of wound up with a $900,000 fine.
Data Security – Sensitive company data in the wrong hands could spell disaster. Access to your network, secure sites, proprietary files, work-related e-mails and corporate secrets may now be out of your control. You must move quickly to prevent serious financial harm.
Employee Privacy and Property Concerns – If a valued employee had family photos and movies on the device, and you remotely delete all data on the phone, you may now have a disgruntled, or even uncooperative, employee. Especially if company policy regarding BYOD (bring your own device) and data loss were not clearly stated and agreed to up-front.
So how do you prevent a relatively minor incident from blowing up into a big problem? Here are seven smart measures you can take right now to prepare for the day an employee smartphone is lost or stolen:
1. Install a mobile device management (MDM) system on any employee device to be used at work. This software can create a virtual wall separating work data from personal. It facilitates any security measures you wish to impose. And to protect employee privacy, it can limit company access to work data only.
2. Determine which devices will be allowed and which types of company data people may access from them.
3. Require that employees agree with an Acceptable Use Policy before they connect to your network. Make sure these include notice as to conditions in which company data may be “wiped” – i.e., destroyed. Also include specific policies regarding device inspection and removal of company records.
4. Put strong data protection practices in place. Require use of hard-to-crack passwords and auto-locking after periods of inactivity. Establish protocols for reporting lost or stolen devices. Mandate antivirus and other protective software as well as regular backups.
5. Designate someone at your company to authorize access to software and critical data. This person can also be your main point of contact for questions about BYOD policy and practices. It might also work well to distribute a resource page or FAQ document to your employees.
6. Establish a standard protocol for what to do when a device is lost or stolen. Both Android and iOS phones have features that allow device owners to locate, lock and/or “wipe” all data on their phones. Make sure your policy requires that these features are set up in advance. Then, when a device is lost or stolen, your employee can be instructed to take appropriate action according to your protocol in order to protect company data.
7. And finally, your best protection is to implement a well-crafted BYOD policy in advance. Develop it in partnership with risk management and operations personnel, as well as legal counsel and IT professionals, to come up with an effective and comprehensive plan.
Don’t risk waiting until an incident occurs!
This is a serious vulnerability that can and must be addressed in order to assure the safety of your company’s data and systems.
Contact a Techno Pro today to see how we can help.