Beware!! Google Docs Phishing Scam

If you recently received an email asking you to open a Google Docs, and you don’t know the sender, don’t open it! Chances are, this is a phishing email designed to have you click on a link and gain access to your information.

The email looks similar to a true Google invitation, but there are key differences.

The bogus email does not provide the name of the shared document and lacks the Google Docs icon.

The real email includes the name of the document, with the Google Docs icon .

Google is aware of this issue and issued a statement Wednesday saying, “We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.”

We all face the grueling task of trying to manage our email. While email is a very convenient mode of communication and most of it is genuine, knowing the signs of phishing emails will prevent you from unleashing a disaster.

When in doubt, don’t click! Contact your IT administrator. And remember, legitimate organizations will never ask you to disclose personal data via email.

For more information, please see “Recommended Practices – Part 4: Email Use” in the November 2014 edition of Bryley Information and Tips (BITs).

Read this case study about a particularly vicious attack that Bryley remediated.

Bryley Systems specializes in protecting you from malware. Contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here for you.

Interested in more security news? 

Sign up for our monthly newsletter to receive the latest cybersecurity updates right in your inbox!

Newsletter Signup

5 Steps to Avoid Ransomware

Coffee in hand, you’re preparing to read through your new emails as you start your day. You anticipate a productive day today. Yesterday you stayed 3 hours late to complete your big presentation, 2 days ahead of schedule, and you’re basking in the glow of the satisfaction of a difficult job well done and being ready early. How often does that happen?

You have Outlook open and are starting to review the newest emails when all of a sudden, a window pops up with bold text:

!!! IMPORTANT INFORMATION !!!

All of your files are encrypted with RSA-2048 and AES-128 ciphers.

Huh?!?! What does this mean?

It means your day has taken a turn for the worse… You have just been notified that the Locky Ransomware has just completed its work on your system by encrypting all of your files (rendering them useless) and is now demanding payment from you to get your files back. Depending on the sophistication of the Locky variant, it will ask you for anything between 1-15 Bitcoins (Bitcoins are trading for $1,205.00 at this time). This may depend on what it perceives the value of the stolen files to be. Server infections typically demand larger sums. Instructions are included on how to make payment with the guarantee that if payment is made, you will receive a key to unlock your precious files.

What can you do? Your mind is racing. How can this happen?!?! Your heart rate is increasing rapidly! Put down that coffee… take a few deep breaths. This represents anything from an irritating interruption to a disaster of epic proportions. What you have done up to this point will determine the impact of this event.

If you have good backups, this represents a minor inconvenience. If you don’t have backups at all … you will have to decide if you’re going to count your losses and move forward or consider paying the Ransom. After all, there is honor among thieves … or is there???

How can you avoid being in this situation?

There are several things that can be done before you are in this situation to “reduce your surface of vulnerability” and to recover without great loss.

    1. Backup your data.
      Good backups cure many woes. You may not use your backups for months or even years, but when the need arises, you want to be sure you can recover to a point where you can feel whole again.
    2. Purchase Advanced AntiVirus and AntiMalware and keep it up to date.
      Many of todays Advanced AntiVirus/AntiMalware programs will monitor your system for behavior that looks like ransomware at work and shut it down before it gets too far. Some will not.
    3. Do not open attachments or click on links in the email from unknown sources.
      If you need to open attachments, scan them for malware first. Many people are fooled by Human Engineered emails that “look” legitimate but have attachments or links that are masked in some clever way.
    4. Limit user access to data they need.
      Although this doesn’t help with avoidance, it will certainly help to minimize the impact if it happens. If everyone has access to everything, that means if one person becomes infected, they have the capability to cause encryption of ALL data they can see.
    5. Train your staff on proper Business Security Best Practices and to be aware and vigilant. If your data is important to your business, it needs to be handled as such.

 

 

 

There are other “Best Practices” that can be employed to safeguard your data and business. Take a proactive approach and avoid the reactive. In the long run, the reactive approach will cost much more in time, money, and grief. Give Bryley Systems a call (844.449.8770) to discuss what you can do to improve your overall security, efficiency, and cost … and enjoy that coffee!

Data Theft – What Happens When an Employee Leaves your Company?

Let’s start with the premise that company data belongs to the company, not to the employee.

When an employee leaves a company, whether voluntarily or involuntarily, it is quite common for sensitive and confidential data to disappear.

While most employees will leave their jobs voluntarily, there are always involuntary terminations such as a reduction in workforce, or, a termination based upon poor performance reviews. The problem from a security standpoint is that it is very common for these folks to take sensitive and confidential data with them, perhaps accidentally, but perhaps intentionally.

Just stop for a moment to consider all of the data that your employees have access to: various types of intellectual property, price lists, customer and key account information, financial data, sensitive HR material, marketing plans, sales data, competitive intelligence, product and manufacturing plans, databases, software programs. All of which belong to the employer.

As a business owner, you may be asking yourself why people would take data with them.

Accidental. In a world filled with so many devices, cloud storage, mobile apps, and cloud applications, a departing employee may leave with a lot of corporate data and not even remember or realize that they still have it in their possession. Since so many employees work from home, corporate data will often end up on a personal laptop, desktop, USB stick, phone, or in a shared file.

Entitlement. An employee who has worked on key client relationships or perhaps is leaving an organization that is struggling financially, won’t always feel like the data belongs to the organization. In fact, these people may think that they’re justified in taking the data with them, and that it really belongs to them. This issue is most common and kept common by the mere fact that corporate data protection policies aren’t always strictly enforced, especially in smaller organizations.

Malicious Intent. Some employees may be angry because of a layoff or other involuntary termination. Others may not have gained a promotion they felt they deserved. Some may have a personal dispute with upper management or with their supervisor. Then there are those who feel they will have a lot to gain by bringing this information to their next employer. While this may be less common, it will likely prove to be the most destructive scenario.

What are the consequences of an employee leaving with proprietary information? Whether it’s by mistake, or maliciously, the worst case scenario is that it has the potential to put an organization out of business.

The best way to protect your organization is to be proactive by establishing and enforcing a set of best practices.

  • Organizations must maintain complete, ongoing visibility into sensitive data wherever such data is stored.
  • All sensitive and confidential data should be encrypted.
  • Email should be archived.
  • Require appropriate authentication for sensitive data. Creating policies that will alert or require approval will keep data safe.
  • Limit and manage employee access by department, role, and function. Limit access only to content that is needed to get the job done. For example, an IT person does not need unlimited access to HR files, nor does a financial person necessarily need complete access to the CRM system.
  • Ensure a proper backup and recovery policy. All data should be backed up to a central or accessible location. A recovery plan should be in place should an employee maliciously change or delete data.
  • Develop a policy for the proper use of email and company-owned devices. Employees should be trained on these policies and asked to sign an acknowledgement form.
  • Train management properly so that when an employee leaves, the exit process is handled professionally to prevent both inadvertent and malicious loss of data.
  • Do not allow employees to install their own applications, mobile apps, etc. as this will open up the organization to malware and ransomware. The IT department should always handle the installation of applications.
  • Develop a policy around BYOD (Bring Your Own Device) to ensure that personal devices are properly secured.

You can protect your organization to minimize, if not eliminate, the threat of sensitive and confidential information theft. Create corporate policies focused on appropriate employee management of data. Establish processes designed to control employee use of data. Deploy technology solutions that will keep corporate data safe.

If you’re ready to protect your organization, it pays to work with a Managed IT Services/Managed Cloud Services company, like Bryley Systems, to ensure that you’re taking the right steps. Bryley will recommend solutions to eliminate weak links in your security chain, and help you develop an organization-wide policy to help prevent data loss.

Please contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here to help.

The Value of an MSP Relationship

IT professionals working for an organization are seeing the value of a Managed IT Service Provider (MSP) relationship as more positive than ever before. In fact, most organizations who use MSPs typically maintain an IT staff of their own to work together with their MSP.

There are numerous advantages of having a valued MSP.

One-Time Events are Less Costly and Stressful. Upgrades or installations are often frus­trating because the organization has to go to great expense to send people to training and oftentimes, it is training they’ll only use once. MSPs who have already performed those installations or upgrades can of­ten be swapped into place to execute those tasks which in the long run, saves your organization both time and money.

You are Less Likely to be Short-Handed. Whenever an assigned MSP professional is out for any reason, they are replaced by an equally skilled colleague who has been briefed and trained on your organization’s IT environment. Substitutes can quickly fill in the way you expect them to.

Reliability and Accountability. No longer will a single individual be held responsible for any specific situation. The MSP will own the obligation to resolve any issue quickly and thoroughly. Your regular IT staff can also easily be backfilled in the event of an emergency situation which will reduce stress and the likelihood that a project may not be completed in the event of a regular staff member being ill or having an emergency.

Broader Selection of Skills. Sometimes getting certain IT tasks accomplished requires skills that none of the IT personnel assigned to the company have. In these cases, the MSP can temporar­ily replace assigned personnel with others who do have those needed skills, therefore relieving the pressure to engage a “specialist” to get unusual tasks handled.

Increased Agility. New technologies can be deployed and the value of that technology is appreciated much more rapidly because there is little to no learning curve for employees. When the MSP can fill in the gaps between standard operating procedures and emerging new needs.

Focus on Growth. Often, when compa­nies are growing quickly, they are challenged to find and acquire qualified IT employees to accommodate that growth. This often results in rushing and settling for less-than-ideal candidates. Bringing in additional MSP resources shifts that daunting task to a partner who is far better equipped and qualified to provide the right people with the right skills to keep the company growing.

Technology Decisions Become Independent of HR Issues. Suddenly your organization is free to make major revisions to their chosen platforms without regard for the need to terminate a lot of employees. Instead, you can simply require the MSP to furnish people with the new skill sets.

The supplemental role of your MSP can make many tasks easier when it comes to tactical line employees and their functions.

What happens when something goes wrong near the top of the or­ganization?

For example, what would happen if an executive suddenly left the company? Maybe it’s the CIO who suddenly resigns to go work for a competitor. Or, perhaps the CTO stole valuable customer data and was fired. Scenarios like these examples can leave a gaping hole at the top of an organiza­tion. Who would fill that gap? How quickly can a new CTO or CIO be re­cruited and hired? How long would it take for them to understand the current state of your corporate IT?

A senior engineer at your MSP who has been working with you on your infrastructure can easily and readily step in. They already have a working knowledge of your tech­nology environment, having probably participated in designing much of it. They have the proper skills and experience, along with the full support of the entire MSP team.

In several cases, MSP specialists have been called upon to take con­trol of an IT environment, change all the passwords, lock the offend­ing executive out of all systems and help to escort them out of the company. Usually this senior MSP replacement executive will remain in place until a viable replacement is found, recruited, hired, and trained.

Every employer wants to do their best for the employees that do their best to promote the organization’s growth and success. For those who have thought about bringing in an MSP to reduce IT costs, this has often been a primary concern.

Many high-value employees who were becoming bored in their daily maintenance and support routines have been given new opportuni­ties which have enabled them to make dramatically greater contribu­tions to the company, thus also furthering their own careers.

The role of the MSP in today’s progressive organization is supplemental, and complementary. No longer are MSPs considered vendors who provide ‘bodies’ to perform tasks.

Bryley Systems prides itself on being a truly valued partner to our clients, who engage us to work side-by-side with them and their people to grow their organizations.

Bryley Systems has 30 years of experience taking the worry off of our clients’ shoulders and effectively managing IT environments at a predictable cost. For more information about Bryley’s full array of Managed IT Services, please contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here for you. 

Sources and References:
https://www.nytimes.com
https://www.researchgate.net
https://www.bsminfo.com
http://www.toptechnews.comhttps://www.cnet.com

Bryley Receives Prestigious Channel Partners 360° Award!

April 11, 2017 — Bryley Systems is pleased to announce that it has been honored by Channel Partners, with the 2017 Channel Partners 360° Business Value Award.  We are one of only 25 technology-oriented companies worldwide to receive this award, which is one of the most sought-after in the industry.

This award honors service providers that are taking a holistic approach to technology solutions and creating business value for their clients and have a well-rounded portfolio.  Channel Partners started “as a simple idea to reward partners of all sizes for creating business value for their customers through telecom, IT, and cloud solutions…” and “rewards channel partners – agents, VARs, dealers, system integrators, MSPs and consultants – of all sizes for innovation, solutions-orientation and customer focus.”

Bryley’s President, Gavin Livingstone and co-owner, Cathy Livingstone, were on hand to accept the award stating “Bryley Systems works toward continuous improvement; we strive to manage, optimize, and secure our client’s information technology, which brings substantial business benefit and value to their organizations. Our team-focused, best-practices-oriented approach, coupled with high-value/low-risk service options, enables us to provide our clients with Dependable IT at a Predictable Cost™.

We thank Channel Partners for this prestigious Channel Partners 360° award!”

Award recipients were honored at a ceremony on April 11 at the Channel Partners Conference & Expo in Las Vegas.

Securing your tablet and smartphone

Think for a moment about how much of your life is on a tablet or smartphone. Personal information such as texts, emails, apps, photos, passwords, financial information, as well as work related information.

As time and technology move forward, tablets and smartphones become an item we cannot seem to live without. These devices have become a necessity in the workplace, especially for those people who travel frequently – you can even translate signage abroad or do videoconferencing. They’re convenient, easier to carry, have built-in cameras, thousands of handy apps, and even offer GPS technology. There’s no doubting the convenience these devices offer – but, here are a few things to be aware of whether you use these devices for personal use, work, or both.

Now, with all this great technology comes the risk should your device(s) be stolen or lost. Losing your smartphone can be very stressful, and costly. With this in mind, there are some relatively easy steps you should take to secure your devices so that the door is not left wide open for a hacker or thief to steal your valuable information.

  1. Set a passcode/password. A passcode is a basic multi-digit code. Without a passcode, anyone who has your device in hand can access everything. Many of the newer devices also offer an option to use a longer alphanumeric password. Immediately after you have set your passcode or password, you should turn on the auto-lock function and set it to as short a time frame as possible. Usually 2 – 5 minutes is recommended. It will save a little bit of battery life, and by shortening the window, it’s much less likely that someone will stumble upon it while it’s still powered on.
  2. Be App-Savvy. Installing apps from Amazon Appstore, Microsoft’s Windows Store, Apple iTunes, or Google Play is much safer. Bad Apps can be loaded with Malware which can infect your device and steal your information. Be leery of third party app stores as they often host malicious apps, and are usually disguised as more “popular” real apps.
  3. Read the app permissions instead of blindly accepting the terms and conditions. Is there a reason a game wants access to your camera, microphone, and contacts?
  4. Update the Software. Updates to your mobile OS and any apps on your tablet or smartphone often include security fixes and should be downloaded as soon as they are available.
  5. Beware of Public Wi-Fi. Always use caution when browsing the Web on a public Wi-Fi. Since your traffic is public, it can be captured.
  6. Don’t be Gullible. Immediately delete suspicious text messages from people you don’t know, don’t click on any embedded web links or call any unknown phone numbers. Scammers and spammers are increasingly targeting smartphone users, be it through text messages, emails or even phone calls pretending to be someone they’re not. This could lead to them locking your device and extorting money from you to unlock it (“ransomware”).
  7. Enable Remote Location and Wiping. Preventing someone else from gathering your sensitive data is the most important task you have. One piece of good news is that the percentage of smartphone theft has decreased over the past few years thanks to the increased number of “kill switches” that make it harder to wipe and resell them. If your device is lost or stolen, tracking apps can tell you the location of your device. These types of apps can also let you wipe your sensitive or business data remotely. A remote wipe is similar to a factory reset; it erases all the data on a smartphone or tablet.
  8. Consider Antivirus. For those of you who are Android users, it’s highly recommended to protect your mobile data with security software. Not only do these apps protect your device from viruses and other malware, but it will lock down your privacy settings, scan apps and files for threats, and some solutions can snap a photo of someone attempting to log into your stolen phone via the front-facing camera, and send the image to you.
  9. Data Backups. Backing up data on your smartphone or tablet is relatively simple and it is something that should be done in the event the device is stolen, lost, or simply stops working. By using automatic online backups stored in the cloud or backing up data by syncing your device to your PC or office network are good options to help secure your device.

Regardless of which smartphone you use, it’s critical to prevent your personal (and professional) information from falling into the wrong hands. Even if your device isn’t lost or stolen, your data could still be accessible by a remote thief if not properly protected. No system or protective measure is completely foolproof, but the steps outlined above will make your device much safer.

IF you Recognize these Signs, THEN it’s Time to Outsource your IT

It’s Time to Outsource your IT!

Do you Recognize these Signs?

Small business owners have to keep their budgets tight. It’s a fact of life. In today’s competitive world, decisions become difficult when it comes to hiring specialized positions – especially within IT departments.

IT is such an important topic because of the critical need to keeping your organization running efficiently and safely. There are technical challenges to overcome. For example, have you determined what hardware and software best fits your business needs? How will you manage all of this internally? Are you prepared to handle a data security breach?

When it comes IT support, it may seem advantageous to hire an IT Manager or CTO internally to maintain tight control over these functions. However, keeping these functions in-house may not be the best option for your budget.

According to recent research by CompTIA (the IT Industry Association), the most proactive approach is turning to a managed IT service provider. By doing so, your costs can be reduced by nearly 50%. Since managed IT service providers offer certified engineers with a wide range of capabilities, studies show that they will outperform your in-house team at a lower overall cost. Discovering this after an issue arises could put your organization at greater risk.

Take a look at our tips on when it may be time to begin outsourcing your IT:

  1. Staying Focused on Your Priorities. By outsourcing your IT you will be less likely to be sidetracked putting out fires. You can focus on priorities such as supporting your customers without having to deal with interruptions like trouble-shooting software, hardware, network, or user issues. There are major issues that can occur such as a breach to your firewall which threatens data, or your VPN failing, or disruptions in your VoIP phone service. Ask yourself, are you really prepared to handle these issues? And why would you want to? Offloading your IT support and leaving it in the hands of ‘experts’ will save you time, money, and frustration.
  2. Cost Management. Keeping an office running efficiently and safely with just one full-time computer expert on your staff is nearly impossible. The average help desk or systems admin personnel expenses can quickly add up to big dollars especially when you have to keep certifications current and training up-to-date. The main reason to outsource IT is to lower your costs by only paying for what you need, when you need it.
  3. The Need For Reliable IT Experts. The world of technology is always changing. If you don’t currently have the proper IT resources available, the symptoms of an IT problem may be bandaged but never addressed at the root. This leaves your technology in a break-fix cycle that is never ending. Having an outsourced IT provider will give you peace of mind and expert guidance. Your dedicated Managed IT Services Provider will understand your environment, make appropriate recommendations, and manage your infrastructure to avoid frustration, lost time and wasteful spending.
  4. Offloading Security Worries. There are many areas of IT security that challenge business owners. There is spam filtering, virus scanning, firewall management, data backup, and more. These tasks can be overwhelming and deciding what to do first can be confusing. By putting all of this in the hands of a managed IT service provider, they will have the time, talent, and resources to handle it. They will have the familiarity with the best tools available, and the experience to prioritize the tasks for you. Shifting the burden to meet standards and security requirements for your organization will allow you to sleep at night.

Bryley Systems has 30 years of experience taking the worry off of our clients’ shoulders and effectively managing IT environments at a predictable cost. For more information about about Bryley’s full array of Managed IT Services, please contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here for you.

Meet Your “Typical” Hacker – Know Thine Enemy

Imagine sitting in your chair watching TV after a long day in the office, you look up and there’s a stranger rummaging through your refrigerator… a little disconcerting at best! You would likely stand up and ask: “Who are you and how did you get into my house?” You would likely call the Police. This is very serious. When someone invades your home you are angry, scared, and possibly indignant.

The scenario described above can happen with your computer and network without you even knowing someone is there. Who are these people and what are they doing on your computer and network?

There are different tiers of hackers who might invade your home or business computers and network without your knowledge or consent. Who are they are they? Let’s have a look.

There is not a single “typical” type of hacker, but rather 4 types or variants of hackers who might invade your computer and your network at home or work:

  • Kiddie Hacker
  • Corporate Hacker
  • Military Hacker
  • Criminal Hacker

Their motives and methods vary but often result in similar consequences:

  • Stolen personal or confidential information
  • Disruption of the operation of your computer or network
  • Kidnapping your files and folders for ransom

Kiddie Hackers

The name sounds innocent, but the problems caused by these hackers can be debilitating or at the very least, time consuming and disruptive. This type of hacker can be the kids next door who are bored of playing video games and are just curious as to how far they can go if they attempt to walk into your computing environment. It can be your nosey neighbors who have familiarity with computers to the extent that they look for the easily available tools to penetrate your defenses (if you have them). These hackers look for the local Wireless Networks that neglected to impose security and show up as unprotected. Some go even further in their determination to invade and the results are the same. See Bryley’s IT Security Checklist for more information on how to protect your home and organization.

Corporate Hackers

These hackers are motivated and capable. They want to get information about your company or disrupt your business operations. They are usually professional IT people who have clear motives and directives. These hackers are concerned about being caught and in most cases take extreme measures to hide their activities.

Military Hackers

These are the patriots of their respective nations who are on the job 24×7 targeting other countries to find and potentially expose government intelligence and the vulnerabilities of their targets. Although they target national agencies, they will, in the process, uncover many unsuspecting individual users who might lead them to their objectives, so they are very opportunistic and aggressive. They have the tools, the time, and the determination to break into anything or anywhere they can to find their openings. This activity is common to around the world and includes players such as: US Military/Government, UK, France, Germany, Russia, China, Japan and many others. These hackers are also concerned about being caught and in most cases take extreme measures to hide their activities as well.

Criminal Hackers

DANGER. These are the truly bad guys. There are many organized criminal groups around the world who engage in hacking for profit. They are remorseless, determined, and capable. They enlist operatives who want to make a quick dollar, provide them with the tools of the trade, and take a percentage for making them capable of performing their work. This group is growing rapidly as is evidenced in the sharp rise of Ransomware and DDoS (Distributed Denial of Service) Attacks. These people are performing many of the tactics that the Military Hackers employ. They just recently stole tools used by one of our national security agencies to infiltrate computers and networks and have made them available for sale on the Internet. These are the guys who send you that email with the attachment that when opened, will encrypt every file it can find on your computer or network, and then demand payment for allowing you to regain access to your files. These are the guys who initiated the DDoS attack recently that disabled the credit card verification ability of much of the country. There is one organization suspected of being capable of targeting a victim with up to 100Gb of Internet traffic, which can completely disable the Internet access for the victim. These are the guys who seed the Internet with their specifically designed software that makes innocent users’ computers part of a BOTNET for the distribution of SPAM or a component in a DDoS attack. These are the guys who likely invaded the DNC computers this past election.

The conclusion you can reach here is that the bad guys are out there working 24×7 to invade your computer or network for a variety of reasons. You must be aware that the danger exists from a variety of sources and if you don’t exercise due diligence, they will gladly give you the motivation to do so after you’ve been violated. Unfortunately, it’s not a matter of whether you will experience an attack; it’s a matter of when. No one is completely immune, but you can protect yourself to minimize your surface of vulnerability. In most cases, these hackers want the low lying fruit. If there is a barking dog at the door when they knock, they will likely be motivated to check the house next door.

Ask Bryley how you can reduce your surface of vulnerability in your business. It can mean the difference between an inconvenient disruption and an unmitigated disaster. Call us at 844.449.8770 or email us at ITExperts@bryley.com. We look forward to hearing from you.

Why Is Data Loss So Serious?

Data Loss Can Completely Cripple Business Operations. In the event of extreme data loss such as the loss of an entire database, even temporarily, it is not uncommon for the impacted business processes to fail at multiple levels. The organization may be rendered helpless, unable to fulfill orders and struggling to update employee records. Producing financial reports and providing customer services may also be impossible.

This occurs because technology is the backbone of most business operations and most of these operations are connected through a central IT system. Therefore, any disruption to the IT system can affect other business areas such as phone systems and manufacturing processes. As a result, employees may be idled for prolonged periods of time while the lost data is being recovered. Productivity will suffer.

The Impact of Data Loss on Sales. Organizations can suffer significant harm when data loss makes it impossible to interact with customers, often resulting in lost sales. Since email is the primary channel of communication between organizations and their customers, if your email system were to go down, how difficult would it be for you to conduct business as usual? Any disruption in your communication with leads, prospects, or clients can translate into lost business. For instance, should you fail to submit a proposal or bid on time, the result would potentially be a major loss of projected revenue.

The same applies when a data breach is directed at a call center or CRM provider. This is particularly true for small businesses that rely on independent call centers for customer support assistance and Customer Relationship Management (CRM) providers for managing customer relationships. In a worst-case scenario, the harm resulting from an attack on either of these two might be enough to force a small organization into bankruptcy.

Data Loss Resulting from Theft. Data loss can also take the form of data theft where a hacker breaks into a computer or network and steals critical private business information. Business plans, product designs, and a variety of other mission-critical information can disappear. The economic impact of information theft is difficult to measure because the extent of the harm caused may only manifest itself over a long period of time.

Data theft often results in lawsuits, breaches of contracts, regulatory compliance failures, and loss of business.

Lawsuits and hefty fines typically go hand-in-hand when a company experiences data theft. As an example, if personal information such as names, addresses and financial account numbers are accessed by hackers, then organizations may find themselves embroiled in lengthy legal court battles.

Data thefts can also result in contract breaches and a variety of fines and lawsuits. Shareholders, for example, can sue an organization for failure to perform duties outlined in a contract. Customers can sue companies for direct and collateral damages resulting from a data theft that caused an order to be delayed or lost.

Regulatory Compliance Failures. In 2007, the State of Massachusetts Legislature passed 201 CMR 17.00, a comprehensive set of regulations addressing data breaches. Under these laws are a set of regulations that affect any business that collects and retains personal information of its customers. For the purpose of these regulations, “personal information” includes names, social security numbers, driver’s license numbers or financial account numbers, including credit or debit card numbers.

The regulations took effect January 1, 2010, and mandate that personal information – a combination of a name along with a Social Security number, bank account number, or credit card number – be encrypted when stored on portable devices, or transmitted wirelessly or on public networks. Additionally, the regulations call on organizations to utilize up-to-date firewall protection that creates an electronic gatekeeper between the data and the outside world and only permits authorized users to access or transmit data, according to preset rules.

Loss of business isn’t uncommon after data loss incidents especially if the loss was a result of a preventable event such as a security breach. Customers may feel that the company didn’t take adequate measures to safeguard their information and may therefore choose to discontinue doing business with the organization for fear of a similar event recurring in the future.

Data loss or theft can strike any organization. The wise choice is to be proactive by deploying an up-to-date and secure data backup system.

The main takeaway from these costly consequences of data loss is that businesses bear a huge responsibility for protecting the data they own. Failure to do so means facing serious operational and legal ramifications.

If you’re ready to get serious about protecting your business data, select a talented Managed IT Services/Managed Cloud Services company, like Bryley Systems, to help you double-check your IT infrastructure, recommend solutions to eliminate weak links in your security chain, and help you develop an organization-wide policy to help prevent data loss. Please contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here to help.