Category: Uncategorized

The recent announcement of the vulnerabilities found in the Intel, ARM, and AMD processors has sparked a new phishing campaign – not the good kind of fishing with bait and largemouth bass. Although, these hackers are using a particular kind of bait.

While Meltdown and Spectre require access to your system, hackers have various ways to gain access. Already hackers are using phishing emails to trick users into giving them access. They send out an email claiming to contain a patch for Meltdown or Spectre. Instead, the email installs malware on your system. This malware gives the hacker access to your system, allowing them to exploit the bugs and take the unprotected data.

Be wary of social engineering scams like phishing emails. Hackers are all too eager to take advantage of problems like this, and unfortunately, some people are so eager to fix the problem that they might not realize that the “patch” they just clicked on is now allowing a hacker to steal all their data.

WHAT IS PHISHING?

Phishing is a hacking technique that “fishes” for victims by sending them deceptive emails. The “ph” replaces the “f” in homage to the first hackers, the “phone phreaks” from the 1960’s and 1970’s. Virtually anyone on the internet has seen a phishing attack. Phishing attacks are mass emails that request confidential information or credentials under pretenses, link to malicious websites or include malware as an attachment.

Many phishing sites look just like the sites that they are impersonating. Often, the only difference in many spoofed sites is slight, and easily missed difference in the URLs. Visitors can easily be manipulated into disclosing confidential information or credentials to the hacker if they can be induced to click the link. Even blacklisted phishing sites can often get by standard filters through the technique of time-bombing the URLs. Then the URL will lead to an innocent URL initially to get past the filters but then redirect to a malicious site.

Although malware is harder to get past filters, recently discovered and zero-day malware stands an excellent chance of getting through standard filters and being clicked on, especially if malware hides in a non-executable file such as a PDF or Office document. This is how many of the recent ransomware attacks were pulled off.

Now with Meltdown and Spectre looming over us, the average person is more susceptible to “quick fixes” and solutions to this issue.

Despite the lack of personalization, an astonishing 20% of recipients will click on basically anything that makes it to their inbox.

SPEAR PHISHING

Spear phishing is an enhanced version of phishing that aims at specific employees of the targeted organization. The goal is usually to gain unauthorized access to networks, data, and applications. In contrast to the mass emailing of a phishing attack, which might see hundreds of attack messages sent out to random recipients within the space of a couple of hours, spear phishing is methodical and focused on a single recipient. Often the initial email will contain no URL or attachment. Instead, it will simply try to invoke the recipient into thinking that the sender is who they say they are. Only later on will the hacker request confidential credentials or information, or send a booby-trapped URL or attachment.

The additional customization and targeting of a spear phishing email, along with the lack of easily recognized blacklisted URLs or malware customization results in click-rates more than 50%!

Technology is constantly evolving, and so is its relevance. In the world today, technology is fast-becoming a human being’s best friend. Just think of the number of times that you rely on technology in a day’s time. Everyone, even the self-proclaimed analog dinosaur, depends on technology to some extent.

Of course, this has spawned a major increase in the number of cybercrimes that occur daily across the globe. Cybercriminals are targeting information technology systems that are simply not well-protected from intrusion. The fact that people are so reliant on technology makes it easier for these criminals to achieve their goals. This is where Managed Detection and Response (MDR) comes in.

Information Technology experts face a constant struggle to curb cybercrimes. This crime, which has become deep-rooted in our society today, has led to the loss of time, money and reputation. Cybercriminals target websites with weak security because they’re an easy mark. Then they sell that data on the black market. It’s an ongoing crime and has quickly become a familiar scenario to many.

This is why MDR is so important in our society today. MDR is not a new concept; it has been around for a long time. Like technology, however, MDR continues to evolve with the changing trends in hacking. The main goal of Managed Detection and Response is to ensure that cybercrimes are prevented. It’s not enough to arrest and prosecute these criminals. The crimes need to be stopped before they actually happen.

How can MDR help with this cause? The simple answer to this question is that MDR is a system used to enable organizations to better understand their cybersecurity environment. With this program in play, your organization can more fully understand the IT environment in which you operate. This will provide you with some important advantages that can help prevent hacking.

Environmental threat detection

First, as mentioned above, the main goal of MDR is to aid in detecting cybersecurity threats in a particular environment. To this end, this system performs a series of functions including analyzing the types of risks that your organization may be exposed to. This can enable you to determine exactly what the most critical threats are. Using MDR, companies are able to gauge which threats are more serious. This allows you to take preemptive steps to close those doors to cyber thieves. Preventing just one attack can save you millions of dollars.

Makes threat detention faster

By making the organization aware of the threats they face, MDR makes threat detection simpler. Since MDR enhances threat analysis, your business can fully understand exactly which cybersecurity threats you face. Imagine being able to act before a breach occurs. You can take action today and avoid a nightmare tomorrow. With MDR, your company can quickly assess its level of security and take action right away.

Increases ability to respond to threats

MDR enhances the capabilities of organizations that use it to respond to cybersecurity threats. Preparation is everything when dealing with hackers and cyber thieves. Your organization needs to be prepared for every type of threat, from ransomware and hacking to data leaks. Having greater knowledge of those threats that pose the biggest risk helps you to respond with more precision. Anticipate threats before they happen. Define those weaker areas and eliminate them.

Enhances threat prevention

An ounce of prevention is better than a pound of cure, they say. This holds true especially when millions of dollars are at stake. The impact of cybersecurity in our world today is far-reaching. Every year, cyber breaches cost businesses millions of dollars. They damage your reputation and slow your forward progress.  With MDR, threat prevention becomes your greatest ally. Proactive security monitoring can apply proven rules to your security system, thus offering a new level of breach management.

Do we really need MDR?

Many business owners feel frustrated by the sheer number of cyber breaches occurring each day. It seems that the criminals have the upper hand and there’s nothing we can do to stop them. MDR allows you to take back control of your data security. It’s a reliable system that focuses on one thing: preventing cyber breaches from occurring.

The threat of cyber-attacks is ever looming. Thieves are constantly finding new ways to get through any crack or hole in your security system. And, their methods are getting more and more sophisticated as the days go by. The whole cyber security industry evolves at such a fast pace that most business owners are unable to keep up with it. This fact leaves you at a distinct disadvantage.

Final thoughts

Though the intricacies of MDR may be somewhat complex, it is important to remember the advantages of this system. With MDR in place, you can avoid being the next victim and sleep much better at night. For business owners, peace of mind is priceless. You can focus on running your company once again and take pride in your accomplishments.

Where Did They Go?

In 2017, Microsoft planned to release a lightweight version of Windows 10. This was their effort to provide a Windows solution that delivered a predictable performance by using only Microsoft-verified applications via the Microsoft Store.

Microsoft also wanted to compete with the Google Chromebook and promote Windows 10 S for use in the K-12 education market. Windows 10 S was initially offered as part of the Surface Laptop which is a premium, and quite expensive product. So, this addition to the education market was quite a leap.

Windows 10 S was going to be offered at a reduced price with the option to pay more to “unlock” the full Windows 10 Operating System. But Microsoft changed their minds. They realized that we don’t want to pay extra for something that should have been included, to begin with.

On March 7, 2018, they said:

Based on customer feedback we are simplifying the experience for our customers. Starting with the next update to Windows 10, coming soon, customers can choose to buy a new Windows 10 Home or Windows 10 Pro PC with S mode enabled, and commercial customers will be able to deploy Windows 10 Enterprise with S mode enabled.

What this means is that the Windows 10 S computer has been retired. Instead, Microsoft has decided to incorporate Windows 10 S as a “mode” for all Windows 10 Operating Systems.

Microsoft hopes this new approach will make it possible for their customers to start using the S mode. They say that it provides a streamlined computing experience that enhances security and performance across all editions.

So, for the foreseeable future, Windows 10 S is now a configuration in the Windows 10 Pro and Windows Home computers. The S Mode will lock down Windows 10, so it can only run applications from the Microsoft Store–essentially, exactly what the dedicated Windows 10 S operating system was intended to do.

Microsoft is letting Windows 10 Home users disable the S Mode free of charge. However, Windows 10 Pro customers with S Mode enabled on their device will have to pay $49 to get access to the full version of Windows 10 Pro.

Should You Consider Using the S Mode? The “S” in Windows 10 S was supposed to stand for “simplicity.” Its intent was to provide a productive and secure Windows experience. Microsoft says that it’s designed for superior performance. Starting up, streaming HD video and switching across applications is much faster than with Windows 10.

Windows 10 S only uses apps from the Microsoft Store and provides a safer browsing capability via Microsoft Edge. Because the applications for Windows 10 S only come from the Microsoft Store, the folks at Microsoft say that it ensures security and integrity. And they say that Microsoft Edge is more secure than using Chrome or Firefox browsers. The Windows Defender Antivirus and other security features in Windows are also included in Windows 10 S.

Windows 10 S comes with built-in apps and new features like Cortana, Windows Ink and Windows Hello so you can sign on without a password. It integrates with OneDrive, so you can easily save your files to the cloud and sync them across your other devices. If you decide you want to run applications that aren’t in the Microsoft Store, you can easily switch to Windows 10 Pro (except you’ll have to pay $49 to do so).

What Do Others Think About Windows 10 S?

Microsoft says that 60% of their users stay with Windows 10 S when using third-party devices. And those who do switch, do so within 24 hours of setting up their device. Those who keep using Windows 10 S for a week or so, end up keeping their device in S mode (83 %). These statistics are for low-end PCs as the only high-end computer running Windows 10 S is the Surface Laptop. These users weren’t included in their survey.

It looks like the Windows S Mode is here to stay. But some experts predict that it poses problems for Microsoft down the line. They believe that it’s going to confuse people. While the Home versions offer a free switch path, the charge for the Pro versions could bother users who want more premium devices.

Here is another issue with this change— Microsoft says that AV/Security apps will come in the Windows 10 S mode. But what about the AV software from third-party providers? Will these applications run in the S mode? If so, this defeats the purpose of what the S mode is supposed to do. Does this mean that using these apps will hamper the promised performance in Windows 10 S? We’ll have to wait to see how Microsoft deals with this. But for now, it seems like a contradiction.

Windows 10 S devices span a price range from $189 to $2,199 (for the top Surface Laptop). It’s not impossible to provide solutions for both low-end and high-end device users, but some feel this will be difficult for people to get their minds around.

Windows 10 Spring Creators Update will probably be released with a different name: Windows 10 April Update. However, it’s been delayed while Microsoft rushes to fix a newly-discovered bug. Between the changes with Windows 10 S and now the next Windows 10 update, it seems there’s a lot of “plate-spinning” going on at Microsoft right now.

Security researchers have discovered a new hacking group that is targeting healthcare organizations and other major international corporations related to this sector all around the world, and especially in United States, Europe, and parts of Asia. The intent of this group is to conduct corporate espionage. Researchers have named this hacker group “Orangeworm”. According to a recent report, this group has been active since early 2015, and its primary focus is the health sector.

How does Orangeworm work?

The healthcare industry has been targeted by Orangeworm to get access to patient’s records and to learn more about imaging devices. The hackers install a Trojan (dubbed by security researchers as “Kwampirs”) in computers used to control high-tech imaging devices like MRI and X-Ray machines. This allows the hackers to steal sensitive data and remotely access equipment by opening a backdoor in these compromised computers. It also infects machines that are used to assist patients in filling consent forms.

Kwampirs then takes some basic information from these compromised computers and sends it to the hackers to a remote command-and-control server. This server then determines if the hacked system is being operated by a high-value target or a researcher. If the server finds the victim to be of interest then the virus spreads itself across network shares and infects all the other computers in the same organization. The malware uses the system’s built-in commands to gather information about the victim’s compromised system and network instead of using enumeration tools and third-party reconnaissance.

Companies infected by Orangeworm

Almost 40% of companies infected by this malware belong to the healthcare sector while the rest of the organizations, although not belonging to the medical sector, are related to healthcare organizations. Other organizations infected with Orangeworm belong to companies in the agriculture, logistics, IT services, and manufacturing sector. According to researchers, hackers attempted a supply-chain attack to penetrate the software of healthcare organizations by infecting a service provider.

Profile of the hackers  

According to investigators Orangeworm does not fit the techniques, procedures, and tactics of a classic nation-state APT (advanced persistent actor) but it is still an APT. The most common observation is that Orangeworm is a single hacker or a group of lone hackers working to steal information about patients from healthcare organizations to sell on the black market. This patient information is considered to be more complete than customer data stored in financial or any other institution. Hackers gather as much information as they can about their victims such as network shares and user groups, configuration information, account policy information, list of directories and files, running system process and systems, accounts with admin access and the like.

If the virus detects something of value in the system, Kwampirs will copy itself, propagate across the network and infect other computers. Investigators are of the opinion that the hackers are working on some sort of espionage on the sector as they do not appear to be copying any data from the network.

The hackers are not concerned about being detected as they are using lateral movement methods that are thought to be noisy and antiquated. In spite of this, it took investigators three years to disclose and identify the group’s attacks. According to investigators, the reason why this malware went undetected for so long is that the healthcare organizations usually use computers that are old and have software that is rarely updated, doesn’t have an antivirus, and are therefore easy to hack.

According to experts, hackers employed a similar pattern in all the attacks that were carried out. They infected one computer with Kwampirs, and then proliferate to others. This ensured them remote access to every infected host. The hackers spread the virus to as many systems possible that is why the malware has also infected the computers that control the medical devices.

Security concerns

According to the findings of a detailed report on the group’s method of operation, hackers have made no efforts to update the virus since the first attacks which suggest that the attackers are either stupid or supremely confident about never getting caught.

These attackers are bold as their methods have proved very effective. Security researchers have been stressing for a long time the need to install security measures to safeguard the weakened ports. Medical devices have been targeted before also. Recently, WannaCry ransomware also targeted hospitals all around the globe.

Even though the motives of Orangeworm are unclear and investigators have been unable to find the group’s origins, they are of the opinion that the group is conducting espionage for personal gain and commercial purposes. They have been unable to find any significant evidence suggesting that a nation-state backs it.

Although, Orangeworm is not the first or the last malware to hit the healthcare organizations it is imperative that these organizations routinely search and monitor their computer systems to make sure that their devices are safe from such attacks.

The cost of downtime goes up exponentially when you’re waiting for an unresponsive IT company. So why bother? Try our responsive Help Desk instead. 

So much of the IT industry is dependent on time. How quickly an IT firm can respond to a problem, how much downtime their client deals with, how much they’re charged for on-site repair hours, etc.  The speed of resolution is a primary factor in how valuable an IT firm’s services really are.

We all know that downtime is bad. It’s bad for business, bad for employees, bad for clients – bad for you. When your systems fail, your employees sit around twiddling their thumbs, waiting for it to come back online. Your customers get more and more frustrated, waiting to get what they were expecting when they came to your office or called you that day.

But the truth is, it’s even worse than that.

Beyond the surface level issues caused by unexpected downtime, there’s the reality that downtime both wastes your money and costs you in revenue. When you really dig into the details, downtime can cost you a lot of money in a relatively small time frame.

That’s why it makes zero sense to put up with unresponsive IT support. Every minute of delay costs you more money in wasted staff hours, lost data, and lowered productivity, all on top of what you’re already paying the IT firm in the first place!

The reality of modern technology is that cybercrime, serious weather, or even human error can quickly take your systems offline. IT is now such a central part of a business that server failure and software crashes will affect every aspect of it.

The computer isn’t just one part of your business anymore. It’s how you process sales, place orders, track inventory, and more. That means that one full day of computer downtime equals one full day of not being in business.

Given that your IT is such a foundational part of your business, you need to invest in support that will make sure it keeps working for you, day after day, regardless of increases in cybercrime, or bad weather, or a careless employee.

{company} is proud to offer high-quality Help Desk support services for your business. Unlike other network support companies, we won’t put you on hold when you need our help.

We know when you have problems with your technology, your employees are unable to stay focused and productive, which means time and money are wasted and work doesn’t get done. Our Help Desk professionals are here to give you the quick and reliable support you deserve with:

• E-mail applications and Web browsers
• Hardware and network troubleshooting
• Printer installation and support
• User administration
• Desktop performance problems
• Virus and malware infections
  

We specialize in proactive management and maintenance of your IT environment. With this type of support, most of the pending issues and possible threats in your system are neutralized before they affect your business. In-house IT staffs often operate on a break/fix model, which only address issues after a problem has occurred. Proactive maintenance keeps your systems running and your employees productive, which ensures a maximum return on your investment in technology and employee wages.

However, when something does go wrong, and you need our help, we won’t keep you waiting!

Technology issues need to be sorted out as quickly as possible, and that’s exactly what we’ll do. Our Help Desk services give you:

• Access to knowledgeable technicians that are able to resolve issues remotely or come onsite when needed.
• Around the clock availability via our online ticketing system, phone or email, which means you are never left without the help you need.
• A thorough explanation of the situation in plain, easy-to-understand terms to help you understand what is happening with your technology.
• Comprehensive support solutions for anything you need to stay productive, including remote access, printing, email, phones, connectivity, and more.

Your business can’t afford downtime, slowdowns, and breakdowns. Our proactive approach to IT management and Help Desk Services gives you the answers you need and speedy resolutions to any IT issues that may come up from day to day.

Our responsive Help Desk staff is internal and based right here in our offices.

Your assigned Help Desk technician will even come to meet you at your office – so you know exactly who you are talking to every time you pick up the phone and call.

We won’t make you wait on hold – you can speak with us directly by telephone. If it’s more convenient, you can access our Help Desk through the agent we set up on your computers, online portal, or email.

The legal industry is facing its most challenging obstacle to date and it’s not from judges, court cases, the mafia, felons or any of those things you might guess. Instead, these attacks against law firms are coming from hackers. Once viewed as impenetrable to hackers, today’s law firm is just about as likely to be hacked as any other business.

John Sweeney of LogicForce explains: “Law firms are the subject of targeted attacks for one simple reason,” he recently said. “Their servers hold incredibly valuable information. That includes businesses’ IP, medical records, bank information, even government secrets. For hackers looking for information they can monetize, there is no better place to start.”

His comment highlights a growing problem for the legal industry. Each day, they are faced with new and practically unstoppable cyber-crimes. One of the most startling aspects of this troubling trend is that many times, the law firm doesn’t even know it’s been hacked. A 2016 study done on this topic showed that 40 percent of the law firms that were breached had no idea that a crime had been committed. This is disturbing on several levels.

If you’ve recently done business with a law firm, there is a possibility that your business, personal and/or financial information could already be in the hands of hackers on the other side of the world.

A global problem for law firms

The fourth largest law firm in the world, Mossack Fonseca lost 11.5 million files from its database. The information was eventually shared with journalists, the BBC and newspapers. This offshore law firm specializes in helping wealthy clients hide their money. The documents that were leaked contained highly sensitive information about wealthy clients and their offshore tax schemes.

Mossack Fonseca’s client base also included national leaders and well-known politicians. The documents that were leaked held clear evidence of how and where large amounts of money were hidden by illustrious leaders like Vladimir Putin. Embarrassing revelations were made public such as how British prime minister, David Cameron’s father, had been avoiding paying taxes in Britain for many years. Any law firm would find it difficult to recover from such a devastating breach of security.

Solving the problem

For most companies who are breached by cyber thieves, the recovery process begins with contacting those who were affected while stopping any other data leaks. With law firms, this process usually begins with helping the firm to find out whether they’ve already been a victim of a cyber-crime. This requires experts in cybersecurity who will run a series of tests looking for specific anomalies. Once they find out whether data has been lost, the experts will recommend a course of action. This typically includes securing the data so that no other intrusions will occur, while notifying those who were affected.

Law firm hacking on the rise

In spite of all the hype about hacking and cyber-security, a new report says that 14 million businesses were, in some way, affected by cyber-crimes last year. The experts believe that the reason the number is so high is that most small business owners do not believe they are at risk. This is also true of most law firms. They simply think they are exempt from data breaches. This leaves them even more at risk because they are unprepared.

Senior attorneys don’t fully understand how hacking is done and what types of weaknesses a hacker looks for. The principles at a law firm are often not up to date on the latest techniques that hackers are using. This leaves them defenseless. If you want to defeat an enemy, you must first learn everything you can about that enemy. Very few people including attorneys, understand the science behind hacking.

In addition, lawyers use a wide range of devices from smartphones to laptops and desktop computers. Each device is a potential gateway for cyber-thieves to enter and steal information. With the Internet of Things (IoT) now growing, even appliances in the break room can be hacked.

The recent rise in law firm breaches proves that professionals are still not fully aware of the dangers lurking around us on the internet. Attorneys may be reluctant to spend the money and time on a security team that will come in and create the proper security protocols. But waiting to see will place all customer data at risk. People often tell their attorney sensitive information that could harm their clients in many ways. A data breach is embarrassing and hard to explain to those clients who have entrusted you with personal information.

Preparing for data breaches

A good place to start for a law firm that does not have proper security in place is the American Bar Association’s guide. This comprehensive document includes a great deal of information about preventing cyber-attacks. It also addresses ways to respond once an attack has occurred. Employees should be trained about phishing attacks and this training must be ongoing because the method that hackers use evolves with each new attack.

The managers at a law firm can begin by engaging an outside IT security expert that specializes in legal data. The team of security experts will assess your current level of protection against intruders, then recommend new initiatives. They should institute a regular training program that teaches employees how to spot phishing attacks in emails. Even trained employees may get careless, but continual training helps everyone to remember how important it is not to click on suspicious links or give away passwords.

What a law firm can do today

Many law firms are also writing their own policies about password protection, log-in credentials, and web-surfing. Once you have policies in place that your employees are aware of, you can begin to enforce them and this will help to eliminate threats. Your onsite IT people should be checking weekly for patches and updates to software. New updates should be downloaded as soon as possible.

Regardless of the time and expense of these security initiatives, the alternative could be devastating. One of the most important assets a law firm has is its reputation. Once a data leak has occurred, it’s too late. Legal professionals must do everything possible to prepare and prevent these leaks.

There’s every reason to believe that this digital age will continue to expand across the world. Businesses and the legal industry are facing unprecedented challenges for the future, but there are solid remedies that work. It all begins with realizing how vulnerable you are and how important it is to protect your client’s information. Regardless of the cost, the alternative is just too costly.

Your manufacturing company is in the crosshairs of hackers. Cyber-spies are using backdoor viruses to steal intellectual property from businesses like yours.

According to Verizon’s 2017 Data Breach Investigations Report, these cyber-spies are supported by nation states.

• 620 of data breaches hit the manufacturing sector last year, and 94% were committed by state-affiliated actors.
• 91% of the intellectual property (IP) that was stolen was proprietary data owned by manufacturing businesses.

China in particular expanded their state-sanctioned hacking of US manufacturers in 2017. It’s expensive to do the R&D necessary to design and build a product. It’s a lot less costly just to steal it. Nation-state cyber-espionage is the predominant cause of breaches in the manufacturing industry.

In February 2018 the Worldwide Threat Assessment of the U.S. Intelligence Community confirmed that some nation-state actors are continuing to use cyber attacks to “acquire U.S. intellectual property and proprietary information to advance their own economic and national security objectives.” They say that advances in manufacturing, particularly the development of 3D printing, almost certainly will become even more accessible to a variety of state and nonstate actors and be used in ways contrary to our interests.

The problem is that while manufacturing increasingly involves high-tech processes, in many cases manufacturing businesses don’t have the right IT security in place.

40% of manufacturing security professionals say they don’t have a formal IT security strategy in place. And 37% say they don’t have an incident response plan. This makes manufacturing businesses a prime target for hackers who want to steal IP.

A Backdoor Could Be Secretly Leaking Your IP

The Verizon report reveals that most computer intrusions in the manufacturing industry began with a spear-phishing email that was sent to a company employee and which contained a malicious link or attachment. The malware comes in the form of a backdoor that gives the hacker secret remote access to the computer.

A backdoor is an undetectable technique where a technology system’s security is bypassed without anyone knowing so a thief can steal data. Hackers use backdoors to install malware to modify a code or detect files and gain system and data access. Any connected device in the manufacturing process is at risk.

Social engineering and malware-based cyberattacks combined for a whopping 73 percent of all data breaches in the manufacturing sector last year. Spies favor email phishing techniques with malware to compromise victims.

A recent article in the CIO Journal stated: “Almost any connected device, whether on the shop floor in an automated system or remotely located at a third-party contract manufacturer, should be considered a risk.”

Manufacturers aren’t asking their Technology Service Providers to perform cyber risk assessments on technology they use on the factory floor. If they did, these backdoors could be detected and “closed.”

This is a nightmare that will only get worse if manufacturing companies don’t perform their due diligence where IT security is concerned. If this doesn’t scare you, these statistics should. In 2017:

• 21 percent of manufacturers lost intellectual property to hackers.
• Four of the top ten cyberthreats facing manufacturing organizations are caused by their employees.
• 28 percent of manufacturing organizations lost revenue due to cyber threats.
• Over 35% of manufacturing executives believe IP theft was the primary motive for the cyber attacks in their businesses.

To change this paradigm requires buy-in from leadership. However, although the manufacturing industry is focused on innovation, updating and enhancing technologies on the factory floor is a cumbersome, slow process. Hackers know this.

It’s time to protect your intellectual property. Develop a cyber-risk management program with the help of your Technology Solutions Provider. They can do a complete IT risk assessment and detect if there are any backdoors installed on your systems.

The right Technology Solutions Provider (TSP) will customize an IT strategy for you that includes protection for your intellectual property.

Data Security: With ever-increasing threats from cybercrime, your manufacturing business requires risk assessments, data protection, data recovery, staff awareness training, and maximum security of your critical data. You must be able to backup, protect and recover your proprietary and confidential information. To do this, you should outsource your disaster recovery and backup solutions to an expert TSP who will analyze your current state of preparedness and offer guidance on potential courses of action.

Disaster Recovery/Business Continuity: You must be able to recover data after a power outage, disaster, or when IT services are compromised. This requires backing up data to a secure, offsite location so it can be retrieved anywhere you have an internet connection. This way, your employees can continue working.

The right TSP will:

• Develop and deploy a complete Business Continuity and Disaster Recovery Plan, a customized program to integrate the policies and procedures into your corporate culture, and conduct training sessions to ensure all employees are comfortable with procedures.
• Maintain an on-going program designed to ensure the validity of the Business Continuity and Disaster Recovery Plan and keep the plan up to date and communicated to all key personnel.

Security Enhancement Via Continuous Monitoring and Maintenance: The right TSP provides continuous monitoring to remotely view your technology network, identify risks and halt IT attacks and breaches. They will address IT issues before they cause downtime or data loss.

Identity and Access Management: They will help you comply with security and regulatory requirements, allowing only authorized individuals to access confidential information.

Virtualization—Servers, Desktop, Storage, Applications, Data Center: Virtualization in information technology refers to the use of virtual servers, desktops, storage devices, applications, and computer network resources. It allows you to virtualize your entire IT infrastructure or specific aspects of it. Virtualization simplifies technology to promote security and efficiencies and reduce costs for your manufacturing business.

The right Technology Solution Provider will ensure the security of your intellectual property. They will also be available 24/7 to provide the specialized and customized IT Service and Support you need to succeed.

The question of the hour for attorneys and law offices is clear: What do law firms need to do to make sure they aren’t making headlines with a security breach? A good follow-up to this question is, who provides security in the cloud that keeps law firms free of security breaches that can cause reputation damage and even liability?

For {company}, that’s an easy one to answer.

We provide all the security in the cloud for law firms who want to stay free of data breaches.

How do we do this?

Well, it begins and ends with a strategic IT manager like {company} who can successfully guide you to Total Data Security in the Cloud that provides round-the-clock data protection.

What Do Law Firms Need to Know About Cloud Computing?

Cloud computing, broadly defined, is a category of software and services delivered over the Internet rather than installed locally on a user’s computer.  The cloud offers a variety of potential advantages including:

• Low upfront costs.
• Easy mobile access.
• Simple setup and configuration.
• Built-in disaster preparedness.

Because of cloud computing places data–particularly client data–on remote servers outside of the lawyer’s direct control, it also causes for some concern regarding client confidentiality and the applicable rules of professional conduct.

We’ve collected a variety of excellent resources from the ABA Legal Technology Resource Center and the ABA Law Practice Management Section to help you address the questions and concerns you may have regarding cloud computing.

Why Do Law Firms Need Security in the Cloud?

Every law firm has two major challenges. One of them is the storage of the sheer volume of data their business creates and the other one is the protection of that data, via security in the cloud and other systems. The last few decades’ have seen a rise in technology which has presented very solid solutions to these challenges (if you know where to find them).

A small computer disk, for instance, can hold terabytes of data inside an enclosed drive. If that seems like too much, the cloud has offered an off-site solution to the problem that eliminates hardware maintenance. Before these solutions came along, information could only be saved on paper that filled boxes and boxes.

Security in the cloud is a much more complex challenge. Before, you could lock those boxes of papers in an office, turn on the burglar alarm and go home. Someone would have to physically go there and break into your office to steal that information, and it would be noticeable when they walked out carrying boxes.

Now, all that’s required is some knowledge of computers and software, and someone can hack into that material from afar. They don’t even have to be in the same country, much less in the same city or neighborhood. Therefore, the unintended consequence of a solution for one problem has resulted in the creation of another, yet much more serious problem: the loss of data security.

Now the technology must be managed systematically and monitored very closely. That is why law firms need security in the cloud – and, we propose, managed IT services via a trusted IT partner.

Security in the Cloud Advantages for Law Firms

Here are some advantages of having a Managed Service Provider or MSP handle your IT and cloud security needs:

Given the nature of the information that law firms are entrusted with, security can’t be overemphasized. Breach of that information can ruin lives, sometimes irreparably. That means damage to your professional reputation as well as the bottom line. So how can managed services for law firms prevent that from happening? By being proactive. Your core business is to provide legal services to your clients.

Worries about security in the cloud and in your IT systems should be the last thing on your mind. That’s why we’re there to prevent viruses and any other suspicious activity that might bring your systems down. Their software applications are capable of alerts whenever something unusual is taking place inside your networks.

With secure cloud computing, you also get:

• Accessibility: As an attorney, you need to have the ability to access your files anytime and from anywhere. Let’s say you are in a court and suddenly you discover that an important document is needed. You should be able to retrieve that on-demand from any device you carry. Managed IT could have all the files available to you through in-cloud storage.
• Compliance Regulations: Law firms deal with a lot of client information that is protected by law. For example, HIPAA has very stringent regulations protecting medical records. Laws provide for stiff penalties and fines if the security of those records is breached (by Covered Entities and Business Associates alike). Outdated software and hardware may expose those records to hackers because your in-house IT team is behind with updates.
• Multiple Offices: Many law firms operate from more than one location. IT managed services can bring uniformity and the necessary coordination between multiple sites. Your in-house IT team may not have the ability to do that or the budget to maintain it. Also, some firms that work in coordination with other organizations may allow access to some of their systems. Your IT management company should be able to ensure that other firm’s systems don’t create risks for your network because of lack of compatibility or security flaws.
• Outsourced Technical Experience: You may know the law, but you can’t be expected to also keep up with ever-evolving technology, can you? With new complexities emerging, such as Bring Your Own Device (BYOD) to work, must be implemented if businesses want to survive in a very competitive environment. It is also important for revenue growth due to the efficiencies it brings to your environment. As a law firm, it is in your best interest that you let an MSP take care of your IT needs.
• Better Growth Management: Your law firm probably started with a couple of computers, printers, copiers and a fax machine. It was easy to take care of all your hardware. Also, during those good old days, nobody was trying to hack into your computers. Your business is now growing. You have a staff of dozens and many desktops, servers, and software packages. Every day it gets increasingly difficult to keep track of new technologies. So, having managed services with cloud security services is not negotiable, really. It has become a necessity for the revenue growth and business continuity of law firms nationwide.
• Monitoring: One way for your law firm to avoid critical breakdowns and security breaches is through 24/7 monitoring. This is the surefire way to avoid and control security breaches, viruses and hacker attacks, but it isn’t something a small firm can do on its own. It requires the presence of 24/7 labor plus investment in exceptionally sophisticated software and as well as hardware. This sort of investment is not practical for smaller firms.
• Business Continuity: In the long run it makes good financial sense to have someone who is proactively monitoring your systems day and night, preventing system breakdowns, especially with extremely sensitive information on your computers and servers. You do not want to wait for disaster to strike to fix the problem. Some of the damage may be irreparable. In addition, breakdowns are costly in terms of lost productivity and business disruption. MSPs like ours specialize in BDR (Backup & Disaster Recovery), which is important for minimizing downtime and maintaining business continuity.

In short, the peace of mind that an MSP can provide will not come from the “break-fix” computer services guys – it’ll come from seasoned experts who can objectively assess and remedy all IT contingencies, long-term.

Get Your Law Firm Security in the Cloud It Can Trust.

If you don’t know what the GDPR is, and if you’re not ready for it, you’d better read on or watch our webinar on demand by clicking here.

The General Data Protection Regulation goes into effect May 25, 2018. It’s a privacy law the European Union is enforcing to protect the personal data you collect from the individuals you do business with. Even if your company isn’t in the EU, if you do business there you must comply.

What Data Does The GDPR Cover?

The GDPR applies to personal data you collect from the individuals you do business with. This means from the time you collect it and as long as you keep it. This includes data like names, email addresses, physical addresses, and even IP addresses – anything you collect and add to your database including information from surveys, questionnaires or quizzes. If you segment information in your CRM database, it includes this too.

The GDPR Protects:

• Information such as names, addresses, and ID numbers
• Web data such as locations, IP addresses, cookie data and RFID tags
• Health and genetic data
• Sexual orientation
• Biometric data
• Racial or ethnic data
• Political views

What Businesses Does The GDPR Affect?

It affects any organization that stores or processes personal information about EU citizens who reside in the EU. For example, it covers any businesses:

• Located in the EU.
• Located anywhere in the world that collects the personal information of EU citizens located in the EU.
• Businesses of any size.

Does It Apply To Startups, Businesses With Only One Or Two Employees Or Businesses Outside the EU?

Yes –Even if you’re in the U.S., an entrepreneur or a one-man (or woman) office, you still must comply. The GDPR will apply to any relationship or business transaction in the EU no matter where you are, or how small your business. It’s based on where the people are you’re collecting data from. Plus, if your business is in the EU and you’re collecting data from someone in the U.S., you also must also comply. Essentially, any data collected in the course of doing business to or from the EU must adhere to the GDPR regulations.

And here’s what most businesses don’t know! The GDPR applies to collecting personal data EVEN IF YOU GIVE SOMETHING AWAY FOR FREE. It doesn’t necessarily apply to paid-for products. If you collect personal data for business purposes for ANY REASON, you must comply. Once you save a name or information in your database, you must follow the GDPR regulations.

Are You Unknowingly Collecting Personal Data?

If your business has a Facebook, LinkedIn or Twitter page, and you gather personal information from people in the EU (or if you’re in the EU and collect personal data from anyone, anywhere) you must comply. For example, if your business is in the U.S. and you have an ad on one of these social media pages, and a person from the EU responds with their personal information, you must comply with the GDPR. Even if you add a disclaimer saying what you’re advertising is only for people in the U.S., and someone from the EU provides their personal data, you’re not exempt. You must comply.

More Rules You Must Follow

1. Process data lawfully, fairly, and in a transparent manner. In other words, you must be open about what data you’re collecting and what it’s for.
2. Data must only be collected for explicit, legitimate and specified purposes. You must be able to explain why you’re collecting it and how you plan on using it.
3. Data collection should be limited for legitimate purposes. In other words, if you don’t need someone’s address for the specific reason you’re collecting personal information, you shouldn’t collect it. And, once you collect the data it can only be used for its intended purpose.
4. You must keep the data up to date and ensure it’s always correct. This is especially for businesses like Facebook and Google and others like them.
5. You shouldn’t keep this data longer than necessary. If you’ve completed the project or sale, and don’t need the data for marketing purposes, you must erase it all.
6. Data must be kept secure with appropriate data protection solutions and kept behind a secure wall and encrypted. You should already be using SSL certificates and adhering to other security policies. (Ask your Technology Solutions Provider to help you with this.)

What About Soliciting Leads?

The personal information you collect from leads for marketing purposes also falls under the GDPR rules. This means that you must get their consent. And this consent should be given freely and applied for specific and clear purposes.

This also means that you can’t automatically add personal information to your marketing lists if someone fills out a form. You must get their consent to do this. Plus, you can’t require that they give you their personal information for something you’re giving away (like a webinar registration or a free white paper, or another freebie).

AND EVEN MORE CONFUSING is the fact that you can’t require that they be added to your list to obtain the free item. The only way you can require that individuals give you the authority to keep their personal information is if they purchase something from you.

The rules aren’t totally clear, but you may be able to send a nurture sequence after someone downloads your free item. (This is called an expanded processing.) However, what you must consider is the link between the reason for the collection of the information, the purpose for expanding the process, and the potential consequences of doing this.

What About Existing Lists?

The GDPR regulations also apply to your CURRENT lists. If you can’t prove that you have specific consent to store or use their personal information you will be in breach of the GDPR rules. If you don’t have this consent, between now and May 25, you must get it to keep their personal information. You’ll want to do this if you plan to re-engage with these individuals.

Begin by segmenting your list into two parts:
1) Non-EU individuals

2) Individuals from the EU and any of unknown origin (treat these as if they are in the EU)

Many email service providers can help you with this.

You should delete anyone from your lists who hasn’t provided consent by May 24th. You cannot store or process this information without their explicit consent.

Many businesses are running re-engagement campaigns to the individuals who need to provide fresh consent. You can no longer offer a lead magnet to EU citizens and add names to your marketing lists without consent.

What About Technology? Are There Changes You Should Make To Your IT Infrastructure?

The following are steps your organization should take to prepare your technology for the GDPR.

• Perform a thorough inventory of your personally identifiable information, where it’s stored–in onsite storage or in the Cloud. And determine in which geographical locations it’s housed. Don’t forget about your databases. PII is often stored in databases.
• Perform a Gap Analysis. This is a process where you compare your organization’s IT performance to the expected requirements. It helps you understand if your technology and other resources are operating effectively. By doing this, your Technology Solution Provider (TSP) can then create an action plan to fill in the gaps. The right TSP will understand the GDPR regulations and how your IT must support your compliance efforts.
• Develop an Action Plan. Your TSP should document a detailed action plan for how to use technology to meet the GDPR if you experience a data breach. This should include individuals’ roles and responsibilities. Conduct tabletop exercises to practice how the plan will work with specific timelines and milestones.
• Ensure data privacy. If you don’t have a Technology Solution Provider, then you need one for this. Data protection is key for organizations of any size. Consumers have the right to have their data erased if they want. This is called “the right to be forgotten.” This is a concept that has was put into practice in the European Union in 2006, and it’s a part of the GDPR. You won’t be able to do this if their data is stolen.
• Be sure to document and monitor everything that you do that’s related to GDPR Compliance. This includes any changes or upgrades that your Technology Solutions Provider makes to your IT environment. You may need to demonstrate that you’ve done your due diligence when it comes to protecting citizens’ private information and that you practice “defense-in-depth” strategies where you use multiple layers of security controls when it comes to your technology.

If a breach occurs, and you have all these processes properly in place, you should be able to meet the GDPR breach notification 72-hour period. The organizations that have met most of the International Organization for Standardization information security requirements should also be ready for the new regulations.

Don’t Forget To Publish Your Privacy Policy

You need this regardless of whether the GDPR applies, but it’s a MUST now. Along with the EU, California laws are very stringent in this regard.

The following is a sample Privacy Policy:

PRIVACY POLICY – YOUR PRIVACY RIGHTS

Effective Date: {effective date}

Last updated: {last updated}

This Privacy Policy applies to the sites and apps where it appears.

This Privacy Policy describes how {company} treats personal information collected through the websites and applications where it appears (sometimes referred to collectively as our “website”) and how {company} treats personal information transferred pursuant to the E.U.-U.S. and Swiss-U.S. Privacy Shields.

{company} serves its client base in and around {location} from our office(s) in {address}. We may also refer collectively to these entities as “we” or “us”. This Privacy Policy applies only (1) to personal information collected through the websites and applications where it appears, including the sites and apps for our brand, as well as information collected at our call center pursuant to the E.U.-U.S. and Swiss-U.S. Privacy Shields. This Privacy Policy does not apply to information collected through other channels.

Your Consent

Please review this Policy before using this website or mobile app. By using this website, you are consenting to the collection, use, and disclosure of your information as set forth in this Policy. If you do not agree to be bound by this Policy, you may not access or use this service.

We collect information from and about you.

We collect contact information. For example, we might collect your name and email address. We may also collect your phone number or mailing address.

We collect demographic information. We may collect information such as your gender, age, and language preferences.

We collect payment information. For example, we may collect your credit card number for products or services.

We collect business information. For example, we collect contact and other relevant information about your business if your business signs on for our services, or if your employees or agents use a corporate account to do business with us.

We collect information you submit or post. For example, we collect feedback about our services that you submit to us. We also collect information if you apply for a job.

We collect other information. If you use our website, we may collect information about the browser you’re using. We might look at what site you came from, or what site you visit when you leave us. We may collect your precise, real-time location using GPS, cell phone towers, Wi-Fi signals, and/or beacon technology (including Apple’s iBeacon), and/or future technologies. We might look at how often you use an app and where you downloaded it. We collect this information using the tracking tools described below and in compliance with the applicable local law. To control those tools, please read the choices section below.

We collect information in different ways.

We collect information that you give to us. For example, if you sign on for our services.

We collect information about you automatically. Where permitted by law we use tracking tools such as browser cookies and web beacons to collect information from you. We collect information about users over time when you use this website.

We may have third parties collect personal information this way. We also collect information from our mobile apps.

We get information about you from third parties. Where permitted by law, we may share information with third parties with whom we do business. We may get information from persons acting on your behalf. We may also get information from social media platforms and advertising and analytics providers.

We combine information. For example, we may combine information that we have collected offline with information we collect online, to the extent covered by the transactional purpose or your consent. Or we may combine information we get from a third party with information we already have.

We use information as disclosed and described here, subject to any consent required by applicable law.

We use information to respond to your requests or questions. For example, we will use your information to provide the services you request, such as to fulfill a request for IT services or solutions, or to ask you to participate in a customer survey. Where legally permitted, we may use your personal data to personalize your experience with us. We might use your information to respond to a question about our services or products. We use social security numbers and tax ID numbers to process tax documents.

We use information to improve our websites and services. We may use your information to make services better. We might use your information to customize your experience with us. Where legally permitted, we may combine information we get from you with information about you we get from third parties.

We use information to administer our site and for internal operations. For example, we may aggregate or anonymize your information for analytics, research or other business purposes.

We use information for security purposes. Where legally permitted, we may use your information to protect our company, our customers, and our websites.

We use information for marketing purposes. For example, we might send you information about new services or special offers. We might tell you about new IT solutions or updates. These might be third-party offers or products we think you might find interesting. If you register with us, we’ll send you our promotional emails. We obtain consents as required by law before marketing to you. To manage this, read the choices section below. We may also use push notifications on our mobile apps.

We use information to communicate with you about your account or our relationship. We may contact you about your account or for feedback. We might also contact you about this Privacy Policy or our Site Usage Terms and Conditions.

We use information as otherwise disclosed or permitted by law.

We may share information with third parties.

We will share information with our branch offices unless legally prohibited. For example, we will share your information to facilitate services or to customize offers to your preference.

We will share your information with data processors that perform services on our behalf. For example, we share information with vendors who send emails and other communications for us. We also share information with companies that help us operate our sites or run promotions and advertisers and advertising networks that assist us in marketing and advertising our products and services. Some vendors may be located in a country other than where you live. We may also share information with analytics and search engine providers who act on our behalf.

We may share information with our business partners unless legally prohibited. For example, we might share information with third parties who co-sponsor a promotion. Some of these partners may send you information about product or services by mail or email where legally permitted or based on your prior consent.

We will share information if we think we have to in order to comply with the law or to protect ourselves, our customers or others. For example, we will share information to respond to a court order or subpoena, or in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. Or, when required by law, we may share your information if you are the winner of a contest or other contest with anyone who requests a winner’s list. We may share information in order to enforce our Site Usage Terms and Conditions or other agreements and to protect the rights of others. We might share if we are investigating potential fraud. This might include fraud we think has happened during a promotion.

We may share information with a successor to all or part of our business. For example, if part of our business or assets is sold, we may disclose user information as part of that transaction. You have certain choices about sharing and marketing practices.

You can opt out of receiving our marketing emails. To stop receiving our promotional emails, you can visit your account settings on the site or follow the instructions in any promotional message you get from us. Even if you opt out of getting marketing messages, we will send you transactional messages. These include responses to your questions.

You can control participation in our iBeacon program. iBeacons are electronic devices that broadcast signals that can be received by mobile devices on which one of our mobile apps is installed. If you have voluntarily installed one of our apps on your device, and if you have granted permission for the app to track your location, then iBeacons installed in our offices may send a signal to the app on your device about the precise, real-time location of the device. The app may use this information to deliver special offers and promotions to you, at a time and place when the information is most relevant. As a convenience to you, receipt of the iBeacons signal and delivery of the special offer or promotion may occur even if you are not currently using the app. To make our mobile apps and services operate better, we may also collect other information based on iBeacon signals, for example, the strength of the signal between the iBeacon and your device, the duration your device is near the iBeacon, or the battery level of the iBeacon itself. To avoid having us receive or use your precise, real-time location, do not opt-in to location services. If you did opt in and have changed your mind, you may opt out of location services through your device settings or by deleting the app.

You can control cookies and tracking tools. To learn how to manage how we – and our vendors – use cookies and other tracking tools, please visit: INSERT LINK

You can control tools on your mobile devices. For example, you can turn off the location services or push notifications on your phone. Choices you make are device specific.

EU and Switzerland Residents.
Information about European Union and Switzerland residents may be sent to the U.S., where it is processed in accordance with this Privacy Policy and our Ad and Cookie Policy, the U E.U.-U.S. and Swiss-U.S. Privacy Shields. {company} complies with the E.U.-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland (please note that the Privacy Shields principles do not necessarily apply to the collection, use, and retention of personal information from other countries). {company} has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. The Federal Trade Commission shall have enforcement jurisdiction over {company} compliance with the Privacy Shield. {company} may have potential liability in cases of onward transfer to third parties. To learn more about the Privacy Shield program, and to view our certification page, please visit www.privacyshield.gov/.

Inquiries and Enforcement of Compliance.

In compliance with the E.U.-U.S. and Swiss-U.S. Privacy Shield Principles, {company} commits to resolve complaints about your privacy and our collection or use of your personal information. European Union and Switzerland residents with inquiries or complaints regarding this privacy policy should first contact {company} at the address provided below.

{company} has further committed to refer unresolved privacy complaints under the E.U.-U.S. and Swiss-U.S. Privacy Shields to the American Arbitration Association, http://go.adr.org/privacyshield.html. Finally, in certain limited circumstances and as a last resort, it may be possible for individuals to invoke binding arbitration before the Privacy Shield Panel to be created by the U.S. Department of Commerce and the European Commission.

Please note that if you are not a European Union or Switzerland resident, then Privacy Shield requirements regarding the handling of complaints may not apply to you and Privacy Shield enforcement mechanisms may not be available to you.

Russian Citizens.
In accordance with Russian Federal Law “On Personal Data” No. 152-FZ we collect, record, systematize, accumulate, store, update (renew and modify), and extract personal data about Russian citizens using databases located in the territory of the Russian Federation. If you indicate that you are a Russian citizen of the Russian Federation, we will process your personal data in compliance with this requirement and your profile will be maintained on databases in the Russian Federation. If you do not indicate that you are a citizen of the Russian Federation, we are not able to process and maintain your personal data under these requirements and will not be liable for that. You are solely responsible for indicating the country of your citizenship. Information containing personal data of Russian citizens may be transmitted from the Russian Federation to countries that ensure an adequate level of protection for personal data, including member states of the European Union and other countries which Russian law recognizes as ensuring adequate to protection, and also to other countries that may not ensure adequate level of protection for personal data. By submitting information to us on our sites and apps, submitting forms to us, or registering on our sites, programs, and apps, or scheduling services, you grant us consent to process your personal data.

Your California privacy rights. 
If you reside in California, you have the right to ask us one time each year if we have shared personal information with third parties for their direct marketing purposes. To make a request, please send us an email at {email} or write to us at the address listed below. Indicate in your letter that you are a California resident making a “Shine the Light” inquiry.

Our sites and children.
Our sites and apps where this Privacy Policy is found are meant for adults. We do not knowingly collect personally identifiable information from children under 18 without permission from a parent or guardian. If you are a parent or legal guardian and think your child under 18 has given us information, you can contact us at {email} or write to us at the address listed as the end of this Privacy Policy. Please mark your inquiries “COPPA Information Request.” Parents in the United States, you can learn more about how to protect children’s privacy online at www.consumer.ftc.gov/articles/0031-protecting-your-childs-privacy-online.

We use standard security measures. The Internet is not 100% secure. We cannot promise that your use of our sites and apps will be completely safe. Any transmission of your data to our site is at your own risk. We encourage you to use caution when using the Internet. This includes not sharing your passwords.

We retain data. We keep personal information as long as it is necessary or relevant to the practices described in this Privacy Policy. We also keep information as otherwise required or permitted by law.

We store information both in and outside of the U.S. Information we collect from you may be transferred to or stored at, a destination in the United States or another destination outside of United States. It may be processed by staff operating in these locations who work for us or one of our suppliers. Such staff may be engaged in, among other things, the processing of your payment details and the provision of support services. If you live outside of the United States, you understand and agree that we may transfer your information to the United States. U.S. laws may not afford the same level of protection as those in your country.

We may link to other sites we don’t control. If you click on a link to a third-party site, you will be taken to a website we do not control. This Privacy Policy does not apply to the privacy practices of that website. Read the privacy policy of other websites carefully. We are not responsible for these third-party sites or their policies.

Feel free to contact us if you have questions. If you have questions about one of our branches or the information it retains, please contact it directly. If you have any questions about this Privacy Policy, or if you want to correct, update, reasonably access or delete, your information with us, please email us at {email}

For your safety and ours, we may need to authenticate your identity before fulfilling your request.

We may update this Privacy Policy. 
From time to time we may change our privacy policies. We will notify you of any material changes to our Privacy Policy as required by law. We will also post an updated copy on our website. Please check our site periodically for updates.

© 2018 {company} All rights reserved.

I know this is a lot to consider and to do. But you make GDPR compliance a priority. Contact us if you need more information or assistance.

As of May 25^th, 2018, if local businesses aren’t ensuring the highest possible level of data privacy, they’re risking serious financial consequences. The General Data Protection Regulation (GDPR) is coming into effect. What does this mean? All local businesses MUST be ready to take security more seriously than ever before. The EU Parliament approved GDPR in April of 2016 with enforcement set to start in a couple of weeks on May 25^th, 2018.

Who Must Comply with GDPR?

All businesses storing or processing data of people living in the European Union must comply, regardless of where you’re located in the world. The EU is very consumer-focused and always has been. As data travels beyond the borders of the EU, GDPR is designed to help protect citizens as any company, anywhere in the world, is bound by its rules as long as they’re holding data on citizens.

Businesses of all types and sizes – from small one or two person shops to multi-national corporations – must comply. There are no exceptions. For those businesses already complying with the Data Protection Act (DPA), they’re one step closer to being in compliance with GDPR.

What’s the Risk of Non-Compliance?

Local companies who fail to comply with face fines – up to $24 million OR 4% of annual global turnover, depending on which number is higher. In addition to fines, local companies who fail to comply will also face the devastating impact of reputational damage as most consumers won’t feel comfortable working with a company that doesn’t prioritize data privacy.

What Do Local Companies Need to Know About GDPR?

First and foremost, local companies need to know that compliance is not optional. Every organization should become familiar with the provisions of GDPR so they’re aware of the requirements.

Here are a few key facts to know about GDPR:

• Strict parameters must be followed to receive consent for the use and/or storage of data. These parameters require an easily accessible form and withdrawing consent must be simple.
• The right to be forgotten enables consumers to request their personal data be deleted and/or erased immediately with all third-parties halting any processing of said data.
• In the event of a breach, notification must be done within 72 hours of becoming aware of the breach. This means all affected parties must be notified and offered information on the incident.
• Consumers may request to receive their personal data, in order to transmit said data to another data controller as needed. Companies must ensure data is easily accessible to provide upon request.
• Data protection must always be considered when designing any system or solution, which means it cannot be an afterthought or addition done after the system or solution is designed.
• Specific protection is in place for children as they are generally more vulnerable. When storing data relating to or involving children, parental consent must be received for children up to age 16.

Essentially, local businesses will have to review their marketing processes in terms of data mining and remarketing. However, those who have already prioritized data privacy will have less work to do to ensure compliance.

What Steps Must Be Taken to Ensure Compliance?

1. Assess what needs to be done: Review all requirements of GDPR to understand how the provisions impact your company and/or which departments will be affected.
2. Perform a complete audit: Audit what personal data is collected and stored, where the data came from, and who the data is shared with, then record your processing activities.
3. Update all privacy notices: Privacy notices must be updated to communicate how personal data will be used and collected, as well as explaining the lawful basis for processing personal data.
4. Verify data accessibility and portability: Verify that access requests can be accommodated in 30 days and data can be received in a commonly used, machine-readable format.
5. Review instructions for receiving consent: These instructions will help you properly seek, record, and manage consent for the use and/or storage of data.
6. Work with all third-party providers: You can be held responsible for breaches resulting from non-compliance on a third-party providers part, so work with email service providers, CRM providers, and more.
7. Educate every single staff member: ALL staff members must be educated in case they come into contact with information relating to customers.

Lastly, make sure you’re working with a trusted team of technology experts who can help you put all of the tips above into action. You almost certainly WILL require some changes to your information technology environment in terms of how data is stored and processed. A good {city} IT support company will help with this.

You need a technology services company {city} businesses trust to help them comply with GDPR. {company} is that technology services company. Call us now at {phone} or email us at {email} to get started.