Are you subject to Data Protection laws?

Are you subject to Data Protection laws?This blog introduces a new topic that many may be unaware of: Data Protection laws. These are laws that define fully, or in part, what type of data is covered by government regulations, proscribe general standards for the securing of covered data, and may also require notification of victims and governmental authorities in the event of a breach. Small businesses, no matter what product or service they provide, are likely subject to some manner of regulations regarding the storage and use of digital data. For instance, any medical office or organization that handles medical records is subject to HIPAA, the federal law regarding health data privacy. Meeting IT regulations can be expensive and time consuming and they also require timely upgrades. Failure to stay up to date can lead to fines, penalties, and a damaged reputation.

Chances are, you are subject to some data protection or data security laws. You are also very likely to be subject to bre…

Ransomware Part II

Ransomware Part IIIn our last blog, we explained what ransomware is, and why it can be an especially troublesome virus. Today, let’s look at what you can do to avoid falling victim.Prevention is the best cure. Follow standard “data hygiene” principles that you probably hear about all of the time. Update your OS, software, and apps whenever a new release or patch is released. Do this ASAP. Some patches may be released solely as a result of the discovery of a vulnerability. Watch out for phishing scams. If anything looks “off” about an email, don’t open it. And never open links you aren't totally sure of. If unsure, email back to the sender to verify they actually sent you a link. Unfortunately, human error is one of the biggest problems for data security. Employees unwittingly open links received via email or download information from insecure websites.

Beyond prevention, the most important thing you can do to make sure your data cannot be held ransom is strictly adhering to a reg…

Ransomware part I

Ransomware part IThe daily reports of cybercrime are important reminders about the need to protect your business from malicious behavior that could threaten the success of your business. There are so many different things that can attack your computer, steal your data, and wreck your day. One of the most troublesome has been the development of ransomware. (FYI. Ransomware isn’t actually all that new-- some version has been around for decades)  Ransomware is a type of computer virus that takes your data hostage and like any kidnapping scheme, demands money for the release of your data.

Why is ransomware so nasty? Because it steals the most important thing your business possesses. Data. Worse, once infected there isn’t generally a way out. No one can “disinfect” your machine. You aren't going to be able to call in IT support to solve the problem. Basically, you have three options.

Pay the ransom. This payment is usually via credit card or bitcoin (a digital currency). Some ransomware …

The Cloud: Are there security issues

The Cloud: Are there security issues?For many, the idea of offloading their data to another physical/virtual location can seem like a security risk. It seems counter intuitive that moving data away from “ home” is safer. But is that really true? Any server stored at your location is probably more physically vulnerable than one protected in a large server farm. If you had a fire, flood, or other physical damage that included damage to your server, what would be the result? Also, are your backups stored on–site? If a major event damaged your entire physical location, those backups would be also lost.

There is a second reason the cloud may be safer: security. All of your data, no matter where it is located, may be vulnerable to cyber attacks and data breaches. However, cloud storage providers probably offer some of the most sophisticated security projection available. It is unlikely that a small or even mid-sized firm has the internal resources and research capacity to maintain an equival…

How the cloud saves smaller firms money

How the cloud saves smaller firms moneyOK. You pay someone to store all of your data in the cloud, as opposed to keeping it on your own server and backing it up. And you pay on an ongoing basis. How is that possibly going to be cheaper than just making a one-time investment and keeping it your self?

Let’s count the ways:

(1)  You lose the hardware expense –a capital expenditure cost.

(2)  If that hardware fails, you are out in the cold.

(3)  Someone has to maintain that hardware. In house IT labor is expensive. 

(4)  If you need more capacity, you have to ramp up at a tiered level, which means you may need to buy capacity you don’t presently need

(5)  All of that hardware runs on software, which costs money 

(6)  All of that software needs to be installed, updated, etc. (see # 3)

(7)  All of that hardware and software has to run 24/7. Are you large enough to pay for in house monitoring and support 24/7? (See again #3)

(8)  All of that data has to be protected with security software, which mean…

Data regulation and our business: You are probably regulated by these laws

Data regulation and our business: 
You are probably regulated by these lawsSmall firms are probably aware that there are laws regulating the handling of data, but they probably assume that these apply only to larger firms and that they are too small to have any data that is worthwhile or protected under state/provincial or federal laws. Think again. Data protection laws generally worry about the content of your data, not the volume of it. That is, you don’t need to have “tons” (not the technical term) of data to be to regulated by data privacy laws. If you maintain personally identifiable information (PII) you may be regulated by these laws which may include penalties and fines for non-conformance. PII means you store a person’s first name/initial, last name and then link it to another piece of personal information, such as, but not including:

Social Security NumberDriver’s license, or state IDPassportSome financial account number, e.g. credit/debit card, checking account, etc.Health in…

A security hack doesn’t have to mean the end of your company

A security hack doesn’t have to mean the
end of your companyStatistics are showing that each year over 50% of small firms are victims of a cyber attack or data breach. Why does this matter? Most smaller firms have not prepared business continuity plans to keep their IT infrastructure going in the event of an attack. Failing to do so often leads to the failure of the business. Delaying the creation of a business continuity plan is a bit like a younger person delaying writing a will, on the grounds that they are not likely to die soon. That may be true, but if the worst occurs the consequences can be severe for their heirs.

If the chance of a breach that could compromise your data or cripple your IT infrastructure is over 50%, there is every reason to immediately develop plans for how your business could maintain operation in the event of an attack on your IT systems.

This is an effort that shouldn’t be delayed. Contact KTC Consulting to help you develop a complete and holistic business co…