If you read the news today, you read about another breach in someone’s data security. Just this morning, the Department of Homeland Security issued an alert “urging increased cyber vigilance one year after Russia’s invasion of Ukraine. #ShieldsUp”.
What Does Cyber Vigilance mean for my business?
In truth, you should always be hyper vigilant about your organizational and customer data. Attacks on businesses across the United States have been increasing for about the last decade. Whether they’re state sponsored cyber-attacks or phishing attacks aimed at industry targets, your responsibility to protect data is greater, as well.
Think about this, well prepared, seemingly fully protected, and aware organizations have been hit.
A few examples of major corporation hacks for you, since 2020.
- Microsoft | Breached January 2021
The attack on Microsoft in early 2021 was one of the largest cyberattacks in history. More than 30,000 US based organizations, and 60,000 worldwide were attacked. Through coding errors, hackers exploited email servers for months before the breach was realized. The attack affected businesses and users across the US.
2. Facebook | Breached April 2021
Imagine wanting to affect an organization that effects nearly every individual in the world. The 2021 breach leaked names, phone numbers, account names, and passwords of over 530 million people. While the Facebook team contends that none of the data was compromised or misused…you might want to change your password monthly and keep track of your accounts just the same. Double that if you operate a business through Facebook. (Facebook has worked through at least 5 major breaches that have been publicly known.)
3. LinkedIn | Breached April 2021
The LinkedIn breach was a bit less nefarious. The breach was a “Scrape” of data which exploits the API terms of service. However, full names, phone numbers, emails, usernames, location information, and details (read: user info) to other social media platforms were gathered. The problem with this breach is that it opens the door to hyper targeted attacks.
4. Plex (Streaming Platform) | Breached August 2022
Have you ever received a password -reset request from a vendor that you or your business use? That’s generally a good indication that they’ve been made aware of a breach. The Plex breach in August of 2022 affected nearly all of their 30 million users.
When users logged into to change their personal information, Plex’s inability to manage the traffic on their internal servers highlighted even more issues for the organization. Because their practice doesn’t involve storing financial data online and because they acted quickly, few individuals were deeply affected but the situation does make the case for a strong password.
5. Cash App | Breached August 2022
Have you been doing much financial trading online? Over 8 million users were hit by a former (and clearly displeased) employee who stole customer names, account numbers, trading portfolios, and activity reports.
While that was the limit of the Personally Identifiable Information (PII) the breach was significant enough cause multiple class-action lawsuits for Cash Apps failures.
Which bring us to the more important matters at hand.
Are you protecting your data and how liable are you for customer data?
In Colorado, there are a few things to keep in mind when it comes to breaches.
Effective January 2022, organizations that have been affected by a breach are required to notify customers and provide notice to the Office of Attorney General (if 500 or more individuals are affected).
Consider these data security guidelines.
- Colorado law requires notifications of data breaches affecting any personal information or (PI), including detailed notice to Colorado residents and (again over 500 individuals) notice to the Attorney General.
- If you maintain Personal Identifying Information (PII) in paper or electronic form, you must also establish the written policies governing the disposal of that information.
- If you collect PII then you must also take reasonable steps to protect that information.
And therein lies the issue, “reasonable steps” is slightly ambiguous. So, what reasonable steps can you take to protect PII?
How do I partner my business with an MSP (Managed Services Provider) or Managed IT Services (MITS) Provider?
The good news here is that there are a number of businesses that provide managed IT services, although we recommend one who also has a strong support team and one who provides other services that may help you manage your business processes.
Data starts with documents, streamlining your document management process and handling not only protects your business, but also helps reduce waste keep your business or facility in compliance with HIPAA, FERPA, and PII compliant.
What is included in a Risk-Free IT Environment Assessment?
Most business owners entered the business world do something that inspired them. Managing processes is typically not the end goal. So, how do you know what you might need when it comes to data security, business data compliance, and business insurance.
You start with an environment assessment. The truth is, no one will know what your business really needs until they “take a look under the hood”, so to speak. While some businesses may charge for this assessment, others will not. That varies throughout.
In an IT Environment Assessment, your provider will investate your servers, networks, equipment, and practices to uncover gaps, problems and more. They may even investigate your information to find out how many of your executives have information lurking on the deep web. Are your passwords out there? What about your business information.
While we blog about the many ways your security can be breached in an earlier blog (found here “Cybersecurity | What your business needs to know in 2023”, we understand that your team may need a little “Best Practices Training”.
It happens to the best of us, flying through an email when WHAM!, out of nowhere you’ve clicked on a nefarious party’s link. You’re instantly famous throughout the IT department, and all the other teams, as the scramble begins to unwind the damage. Then you because the sacrificial lamb in a months’ worth of company team meetings as a “here’s what not to do.”
It’s best just to know.
Our Managed IT Team will complete a full expert assessment on the risks and gaps in your data security and network management processes then curate a solution that may include;
- Network Monitoring & Security Assessments
- Backup Recovery & Business Continuity
- Endpoint Security
- vCIO Services
- Custom IT Project Work
- Help Desk & Desktop Support
- Cyber Insurance
Settle doubt and empower your business with a cybersecurity partner that your business can scale with from 2023 into the cyber dangers of the future.