Category: PCI DSS

Adopting a BYOD policy

Employee convenience is touted as one of the primary drivers for adopting a BYOD policy. However, just because it can make life easier doesn’t mean employees don’t have serious concerns about the implementation of BYOD in the workplace. From the employee perspective, there are downsides.

One particular issue that arises with BYOD are employee’s concerns about the privacy of personal data and applications. Because these are their own devices, they have an enormous amount of personal data, including health information, photos, texts, emails and other information stored on the device. Also, apps they may have installed could potentially reveal information about their religion, politics, sexual orientation or other characteristics that they may consider private and off-limits. Concern that their employer could see their personal data is a legitimate worry; there are Human Resource implications here. Knowledge of certain data about an employee could make an employer vulnerable to discrimination laws. What about GPS tracking? Can the employer track employee whereabouts? The employer has a compelling interest to track the device in case it is lost or stolen, but the employee has similar competing concerns about privacy.

There are no absolutely correct answers here, but a perception of overstepped boundaries could lead to an atmosphere of distrust that can be counter-productive. It is also important that these decisions be made with knowledge of all applicable local, state and federal regulations. In short, just be aware BYOD is a complex matter that can’t be handled within the silo of IT.

Click here to learn more about our cybersecurity and compliance solutions.

Hiring seasonal staff? Here are a few things to consider from the IT

In many industries, there are seasonal spikes in business around specific times. For example, CPAs/Accounting firms, though busy all year, generally see a spike in business around the time of tax planning, IRS return filing, etc., the retail industry sees a boom around the Holiday Season, and so on. During such peak times, it is common practice in the industry to employ part-time staff to meet the immediate resource needs. While this works well in terms of costs and for handling additional work/client inflow, this poses a few challenges from the IT perspective. In this blog, we explore those challenges so you know what to watch out for before bringing part-time staff on board.

Security

When you are hiring someone part-time, security could be a concern. You or your HR person may have done a background check, but their risk score nevertheless remains much higher than permanent employees who are on your payroll. Trusting a temp worker with customer and business data is a risky choice.

Infrastructure

Having seasonal employees is a good solution to temporary spike in workload. But, there is still a need to provide your temps with the resources they need to perform their tasks efficiently. Computers, server space, internet and phone connectivity, all need to be made available to your temp workforce as well.

Lack of training

Your permanent employees will most likely have been trained in IT Security best practices, but what about your temps? When hiring short-term staff, SMBs and even bigger organizations rarely invest any time or resources in general training and induction. Usually brought in during the peak seasons, temps are expected to get going at the earliest. Often IT drills and security trainings have no place in such hurried schedules.

Collaboration needs

Often businesses hire seasonal staff from across the country or even the globe because it may offer cost savings. In such cases when the seasonal staff is working remotely, there is a need to ensure the work environment is seamless. High quality collaboration tools for file sharing and access and communication needs to be in place.

Having part-time or seasonal staff is an excellent solution to time-specific resource needs. However, for it to work as intended–smoothly and in-tandem with the work happening at your office, and without any untoward happenings–such as a security breach, businesses need to consider the aspects discussed above. A MSP will be able to help by managing them for you, in which case hiring temps will be all you need to think of.

Click to learn more about our managed service provider solutions.

The reality of cybercrime requires permanent organizational change

Because cybercrime isn’t going anywhere soon, every business needs to consider changes within its organization to institutionalize its emphasis on data security. This is not a problem that can be handled within a few particular operational or administrative silos.

Here are just a few things to consider:

  1. BYOD policies: A Bring-Your-Own-Device policy, which refers to allowing employees to use their own laptops, tablets and other mobile devices instead of company-issued ones, has become common practice in many organizations. However, permitting BYOD opens up new security issues because your IT department has potentially less control over how company data is accessed. With BYOD, many additional doors are being used to access corporate databases, etc., so it can be harder to keep your data secure. Because of the ubiquity of cybercrime, IT departments need to approach BYOD with a heightened awareness of new security vulnerabilities.
  2. Employee Training – Generally a topic for Human Resources, IT needs to now be involved in designing ongoing employee training to teach employees how to be vigilant about data security, password hygiene, and similar topics. Employee errors, such as opening phishing emails, are one of the largest causes of data breach events in the business world.
  3. Operations and IoT technology – Another area where there should be a re-focusing of attention involves the Internet of Things (IoT). The IoT has, at least in part, been introduced operationally, with Line of Business managers (LOB) discovering new specific applications for IoT devices, adopting them, and then being responsible for their maintenance and security. Such devices are introduced as-needed to address discrete needs throughout the organization. As a result, IoT devices have tended to function in operational silos. The unintended consequence is that the IT department, traditionally responsible for security issues, is left out of the loop. This means that data security is un-coordinated across all of the IT facets of the organization and security vulnerabilities are being overlooked. C-level tech leaders need to recognize this and adapt accordingly.
  4. The corporate mission – In order to give appropriate recognition to the threat that cybercrime represents to the health of a business, companies should consider including security as a core part of their mission. Both B2B and B2C customers take security very seriously, so companies should realize their mission is not to “provide X product or service,” but “securely provide X product or service.” To paraphrase a car maker’s phrase from many years ago. “Security is Job One.”

Click here to learn more about our cybersecurity solutions.

Device configurations need to be backed up as well

Device configurations need to be backed up often to maintain a repository of backups ready to be restored in case of emergencies. In large enterprises with more number of devices, this task of getting the device configuration backup up becomes a huge mundane task taking up most of the time of an admin. Being able to automate configuration backups will free up a network admin’s time to do productivity enhancing tasks.

Any change made to the device configuration in a network carries the possibility of an error. An erroneous configuration change can cause network issues ranging from performance degradation to network outage. This is particularly true for those network devices that are crucial for the infrastructure. Any change in such devices should be detected and the configuration file of the device must be backed up.

Unauthorized configuration changes often wreak havoc to the business continuity and hence detecting changes is a crucial task. Detection should be real-time to have effective control. Network Configuration Manager offers real-time configuration change detection.

All of these are reasons why you should have an automated software solution to backup and monitor your network infrastructure.

Click here to learn more about our managed service provider solutions. 

Secure Offsite server backup software provides more than piece of mind

Data is the most important aspect of your computer. An operating system can be reinstalled and so can applications, but it may be difficult or impossible to recreate your original data.

It is essential that you always back up your important information and have a plan for recovering from a system failure. An attacker could crash a computer’s operating system or data may be corrupted or wiped out by a hardware problem.

Whether you run a small business or work for a large corporation, your data is important as that’s the powerhouse of information for making future strategies, providing better services to clients and for measuring both challenges and progress of your business.

Your organizational data needs to be protected for growth of your server backup and you cannot and should not simply consider it as a secondary task to be given attention to in your spare time as data once lost can never be recovered to the full extent.

There are many factors which cause loss of information, like hardware failure, power outage, data corruption, human errors, disasters, and criminal activities like hacking, theft, malicious activities etc.

With an offsite backup solution, you can securely access, restore or administer data from anywhere. It guarantees high level of security and peace of mind as it allows data storage off site/online. It helps you in saving time and costs too.

It provides much better protection against the natural disasters. Also allows unlimited amount of data retention. Moreover, it does not need any manual tasks to change tapes, label CDs etc.  Thus, remote backup is the preferred method of backup.

Click here to learn more about our managed IT services.