Identity theft is the fastest growing financial crime in America, affecting 10 million people a year and costing the economy $50 billion. Businesses need to take measures to protect themselves, their customers and their employees. It is much more difficult for a business to recover from this kind of theft, and they are a much more lucrative target with less risk but less protection than consumers.

The government advices us to “deter, detect and defend.” But what does that mean? Please reference the Lomasne rule — “Never write if you can speak; never speak if you can nod; never nod if you can wink”-which has been updated to include:”never put it in email.” Be careful what your employees say during office phone conversations. Avoid giving identifying or financial information over the computer or only on secure pages. Monitor all monthly statements. Check your credit reports regularly.

On a practical level, protect all passwords and personal identification numbers. Sensitive information should be kept behind locked doors and in locked file cabinets and on the Internet through passwords, or other mechanisms like bioidentity devices. Use shredders for all unneeded documents and trash that might include personal information or identities, even unopened solicitations.

Be on the lookout for “phishing.” How it works: recipients will get what appears to be a valid email from a legitimate company, asking for an account number and the related password. The explanation used is that the recipient’s records are being updated or that there is a new security measure in place that requires confirming the requested information. This “fishing” for information has been used to obtain stolen identities to commit identity crimes, with a single act of phishing generating hundreds of thousands of stolen identities.

Just because the email contains authentic trademarks, logos, language and even the urls does not mean it’s authentic. Often, the email contains links to pages that are programmed to look like those on the company’s actual site, and only a discerning eye can tell that the pages are not “real.” One of the clues is bad grammar and poor spelling. Most large institutions are paying someone to proof these materials-a spammer is not!

Next Issue: Protecting Mobile data

Uptodata is brought to you by New England Network Group.
Find helpful materials on CMR17 compliance at http://nengroup.com/

Small and medium sized businesses in Massachusetts are paying close attention to the personal information in their workplaces in light of the passage of CMR 17, which aims to protect consumers from data theft. The law goes in to effect in March of 2010, and establishesa standard set of regulations for businesses to protect and store Massachusetts residents’ personal information. NENGroup has a series of checklists and discovery forms to help small business owners through this process. But there are benefits to strong network security beyond compliance with the new law.

We depend on internet connectivity today for transactions, data processing, and information delivery. In a survey of 7,300 business and technology executives worldwide from a variety of industries, including government, health care, financial services and retail by CIO magazine, the large majority admitted they fear attacks from social networking sites. Many of us have received that email purporting to be from Facebook, but actually leading to a virus. But blocking social networking is out of the question for many of these companies as many businesses use these sites for marketing.

According to CIO, “only 23 percent said their security efforts now include provisions to defend Web 2.0 technologies and control what can be posted on social networking sites. One positive sign: Every year, more companies dedicate staff to monitoring how employees use online assets-57 percent this year compared to 50 percent last year and 40 percent in 2006. Thirty-six percent of respondents monitor what employees are posting to external blogs and social networking sites.

To prevent sensitive information from escaping, 65 percent of companies use Web content filters to keep data behind the firewall, and 62 percent make sure they are using the most secure version of whichever browser they choose. Forty percent said that when they evaluate security products, support and compatibility for Web 2.0 is essential. ”

There is no technology available that can change employee behavior, and that is what will really make the difference. Educating companies and their teams about the perils and pitfalls of personal computer use can really make a difference.

Next issue: Identity theft: Are you responsible?
Uptodata is brought to you by New England Network Group.
Find helpful materials on CMR17 compliance at www.nengroup.com.

————–
Important Message!
NENG will sponsor a seminar on how small- and medium-sized businesses can reach compliance with Massachusetts’ new data privacy act, CMR17.
IT IS 99.99% CERTAIN YOU WILL NEED TO COMPLY!
The session will be led by Warren Atlas, a partner in the law firm Atlas and Atlas PC. Attorney Atlas specializes in labor-management relations and employment law, and is recognized as an expert on the new law, scheduled to go into effect on March 1, 2010. Robert O’Keefe, NENG’s Director of Sales Engineering, will add his in- depth knowledge of critical technology compliance to the presentation.

WHAT: CMR 17 Compliance Seminar
WHEN: Thursday, February 18, 2010, 8 AM
WHERE: Burlington Marriott
One Burlington Mall Road
Burlington, Massachusetts 01803 USA
Phone: 1-781-229-6565
RSVP or questions: NENG (781) 362 -1199

Do you have any employees? 
Do you receive payments from individuals, whether check or credit card? 
Do you need to send out 1099s? 

If you  answered yes to any or all of these questions, then you have personal information in your possession, and therefore must bring your business into compliance.

Massachusetts has recently revised the 201 CMR 17 law, and there is much good news for businesses:

• The  effective date for 201 CMR 17 is now March 1, 2010
• The application of the regulations to those that “own or license” personal information about Massachusetts residents versus their service providers has been more clearly described.
• The Regulations now take a “risk-based” approach that allows a business to take into account their size, scope, amount of resources, nature and quantity of data collected or stored, and the need for security, in determining how to implement the requirements.
• The definition of encryption is now technologically neutral, and all computer security system requirements only need be applied “to the extent technically feasible.” According to the Massachusetts Office of Consumer Affairs and Business Regulation, this means “that if there is a reasonable means through technology to accomplish a required result, then that reasonable means must be used.”
• Businesses must “take reasonable steps to select and retain” third-party service providers capable of maintaining security measures consistent with the Regulations, and bind them by contract to implement and maintain them.

These changes are going to make 201 CMR 17 compliance easier.  However the deadline is now less than six months away.  Businesses may want to start the hard work that needs to be done now. 

• Write a 201 CMR 17 Comprehensive Information Security Program, with the aid of an attorney.  We have provided a model for you to follow. 
• Implement a strong password policy.  Passwords need to be impossible to guess and should include letters, both upper and lower case, numbers and symbols.
• Secure Email so that personal information can not be sent out on the Internet unless it is encrypted.
• Encrypt laptops and other portable devices in a method that doesn’t interfere with a user’s ability to read and create documents.
• Have a system to maintain up to date security patches, antivirus, malware, and firewalls for all computer equipment.

Then ask who what why when where:

• WHO:  Choose a point person.  Having a designated driver will make the complicated process more efficient and more effective.  And make sure they have the resources needed to get the job done. 
• WHAT:  What are the potential risks?  Identify any foreseeable risks to Personal Information and come up with a plan to eliminate or reduce those risks
• WHY:  Educate and Train all employees about the importance of protecting Personal Information and Computer Network Security
• WHERE:  Identify where Personal Information comes from, where it is stored, how it is utilized– and by whom.
• HOW:   How are you going to get this done?  Decide if internal resources are enough or is an outside network firm needed to create a reasonable secure network
• WHEN:  Now is the time to start tackling these tasks.  We have compiled a check list to help you through the process. 

There are a number of resources available to help small businesses with their questions and concerns on this law that aims to protect them, their customers and their employees.  The Massachusetts Office of Consumer Affairs and Business Regulation created these regulations and can be helpful. 

We have put together several documents to view or download, including a 201 CMR 17 compliance checklist; a sample 201 CMR 17 Comprehensive Information Security Program to help you understand the type of document that needs to be created;   a 201 CMR 17 Personal Information Discovery Form to help you and your team determine where and in what form personal information may exist; and a copy of the 201 CMR 17 Regulations.
 
Please call me at 781 362 1199 or toll free at 800 696 2309.  Or you can email me at rokeefe@nengroup.com.  I will be happy to set up an appointment to guide you through this process. 

For more information:

NENGroup 201 CMR 17 Compliance Page
NENGroup 201 CMR 17 Press Release

The 201 CMR 17 personal data protection law outlines stringent new rules for companies to develop and implement computer security safeguards, including setting up a comprehensive written information security plan, protecting against anticipated threats to the security of personal information, and developing policies to regulate employees’ ability to access records outside work.

Regardless of their size, all Massachusetts companies and businesses that compile or maintain personal information records, including employee data, are subject to 201 CMR 17’s regulations. Many local companies may find themselves ill-equipped to internally implement the required security strategies.

Fortunately, (NENGroup), as one of the leading full-service IT companies in the Boston area, can help local companies meet the regulations set forth by the new personal data protection law. As part of their IT solutions services, NENGroup offers comprehensive computer security services, including secure user authentication protocols, secure access control measures, encryption tactics and firewall protection. Companies can enjoy peace of mind knowing NENGroup will set up a system that provides the utmost protection for their customers’ personal information as well as adheres to the new state law.

Though Massachusetts companies have until March 2010 to comply with the 201 CMR 17, new regulations also require businesses to complete internal and external security risk assessments prior to the effective date. In light of this, NENGroup encourages companies to reach out to one of their skilled IT specialists as soon as possible.

NENgroup can be reached at: govirtual@nengroup.com or (800) 696-2309. More information available at: http://nengroup.com or http://nengroup.com/the-basics/products-and-services/ma-201-cmr-17/.

About NENGroup:

New England Network Group, Inc. (NENGroup) has been a full-service managed IT service provider to hundreds of New England area businesses for nearly 15 years. NENGroup’s technical expertise, passionate customer service, highly trained staff, industry certifications, responsiveness, business savvy and ability to think outside-the-box provides their customers with the Technical Peace of Mind that permits them to keep their minds on their businesses, instead of on their computer equipment.

Are you ready for swine flu? The Federal government has offered guidance to businesses on how to prevent the spread of the H1N1 virus and how to prepare for a major outbreak. They stressed the importance of allowing employees who exhibit flu symptoms to go home and stay home until at least 24 hours after their fevers subside. They also said that businesses should consider eliminating policies requiring a doctor’s note to justify a sick day and that employers should be prepared to operate with fewer people.

Public health agency recommendations for dealing with swine flu include not only staying home from work, but keeping children home from school FOR SEVEN DAYS at the first sign of flu-like symptoms.

Will you be able to give your team the flexibility to take care of their first priorities while keeping an eye on yours?

Yes. If you Think Outside the Box.

Think Outside the Box IT allows a “work from anywhere” office environment. It also has many other benefits, including saving thousands on your equipment costs—no more new servers. Low monthly hosting fees include almost a full T-1 of bandwidth. Save hundreds and even thousands of dollars on power costs as you no longer need dedicated air conditioning to keep your servers cool. Be secure with full disaster recovery; put your operations in a carrier class data center with full redundant power, internet and state of the art security. And virtual servers are Green Technology, and will reduce your carbon footprint and make you a more environmentally friendly company–all with no changes to your current IT providers!

I am not only the president and CEO of New England Network Group (NENGroup), I am a satisfied customer of Think Outside the Box IT. I can attest to its value and security. After losing power and having my office flood after the recent biblical rains, I was able to operate uninterrupted, thanks to the virtual servers.

I would love the opportunity to tell you more about Think Outside the Box IT, and to offer your first month free. Please call me at 781.362.1169, or email me at sducharme@nengroup.com to learn more and to take advantage of our one month free offer.

- Sarah Byrne Ducharme

New England Network Group, Inc. (NENGroup), one of the leading full service IT companies in the Boston area, announces the launch of its redesigned Web site www.nengroup.com. The site was first unveiled during the New England XPO trade show on May 19, 2009 and showcases several new products and services that will enable businesses to reduce their operating costs and energy footprint.

Featured on the Web site is Think Outside the Box IT, a service that eliminates the need for businesses to have servers on site. Specifically, Think Outside the Box IT™ provides businesses with the ability to work from anywhere as well as built-in disaster recovery. Virtual servers are housed in “Ft. Knox-style” Data Centers that have complete Internet redundancy with multiple carriers, fully redundant power back up with generators and above industry standard temperature control.

The redesigned Web site also features information about NENGroup’s strategic advising services. Through these services NENGroup acts as a company’s CIO, analyzing plans and implementing best-practice integrated IT solutions strategy for success. By demonstrating how companies can use their computer network as a means to generate greater profits, NENGroup makes businesses more efficient and effective.

Additionally, the Web site offers in-depth information regarding all of NENGroup’s services and IT solutions, including system upgrades, moves, training and installations.

About NENGroup:

New England Network Group, Inc. (NENGroup) has been a full-service managed IT service provider to hundreds of New England area businesses for nearly 15 years. Long known for its excellent service and attention to detail, companies turn to NENGroup for a variety of services, including disaster prevention and recovery, data security, managed services, as well as flat fee VOIP. NENGroup’s technical expertise, passionate customer service, highly trained staff, industry certifications, responsiveness, business savvy and ability to think outside-the-box provides their customers with the Technical Peace of Mind® that permits them to keep their minds on their businesses, instead of on their computer equipment.

 New England Network Group (NENGroup) will be in booth #245 at the New England XPO for Business trade show on May 19, 2009. 

 We will be showcasing Think Outside the Box IT, a program  that completely eliminates the need for businesses to have servers on site, reduces operating  costs, and reduces energy footprints.  Think Outside the Box IT ™ provides businesses with the ability to work from anywhere as well as built-in disaster recovery, as virtual servers are housed in Ft. Knox-style Data Centers that include complete Internet redundancy with multiple carriers, fully redundant power back up with generators, and the best temperature control available anywhere.

“During a power outage in our office last week, I was able to take care of all of our clients, and stay connected with our engineering team, through the virtual servers,” said NENGroup CEO Sarah Ducharme.  “I am a walking testimonial for Think Outside the Box IT.”

Please visit NENGroup at Booth #245 at the New England XPO for Business 2009 to be held at the Boston Convention & Exhibition Center, 415 Summer St., (South) Boston, MA.  For more information, visit www.nengroup.com, or call us at 781.362.1199.  New England Network Group is located at 83 Cambridge Street in Burlington, MA.