How to Ensure Cyber Insurance is a Good Value

Posted on: June 29th, 2020 by jiml | No Comments

According to a recent study, 34% of businesses now carry Cyber Security Insurance. This percentage continues to rise year to year as the cyber security risks also continue to rise.  According to a 2020 survey posted on statstica.com the number one threat to businesses is a cyber incident.  Cyber incidents exceeded changing markets, pandemics, climate change, new technology and all other threats as the leading threat to businesses today.

Are your cyber security defenses up to date? Many businesses who answer this question negatively, turn to cyber security insurance to mitigate the risk.  The logic is that if the business is not properly protected, at least they can rely on the insurance in case of a breach or other cyber security incident.  This is flawed thinking. Many cyber security policies have exclusions so that “due care” is required for payment.  Some high-profile examples of businesses not receiving the payout the expected include Sony and PF Chang’s. Sony went through an extensive legal battle to settle what their cyber security policy would actually cover.  PF Chang’s was left holding the bag for a PCI compliance penalty because a stipulation in their policy required being properly up to date with regulatory compliance. (Click here for other examples in a NY Times article)

We can’t forget that insurance companies are for-profit businesses.  Their business model is to pay-out as little as they can as is the case with all insurance models. The exclusions section of your Cyber Security Policy will be an important section to review and understand. For some the price of a cyber security policy could go a long ways toward actually securing the network. That is a decision point for businesses. Is a cyber security policy actually money well spent? Would bolstering your defenses actually be a wiser choice?

How do you make sure you get paid on a claim?  Your business will need to show “due care” as mentioned above. Due care means documentation. As a business you need to be able to show documentation of what you have put in place for cyber security and what your future plans are as well. Couple that with a good policy that has reasonable exclusions and you increase would chances of receiving a payout.

Colden Company is pleased to announce our partnership with Kaseya and Chubb InsuranceOur program combines a cyber security insurance policy with our cyber security program.  Enrollment in the program allows your business to progress toward due care while getting an affordable cyber security policy that covers your business properly. The combination of the two in one program dramatically increases your chances of receiving a payout in the event of a breach, giving you the confidence that your policy will be there for you should you need it.  Of course, following the cyber security program will also decrease the chances that you will have an incident in the first place with better security in place.

If you are interested in discussing this program with us, please reach out to us at (888) 600-4560 or email us at info@coldencompany.com.

Windows 10 May Update is Here

Posted on: May 28th, 2020 by jiml | No Comments

Microsoft releases a major release to Windows 10 twice per year. They patch monthly (or on demand for high priority security threats) but the major releases come in the spring and fall. As a reminder, Microsoft is not planning a Windows 11.  Windows 10 is the long-term release and Microsoft will be deprecating older versions on a schedule.  Microsoft was kind enough to extend the most recent deprecation due to COVID-19, allowing users more time to update to a supported version.  Click here to see the version levels and end of support dates.

So what is in this release of Windows 10? One important improvement that will be transparent to users but will likely have the most impact on your day-to-day work is memory usage improvement in Microsoft Edge.  Microsoft is decoupling updates to their new chromium-based Edge browser in general but Microsoft is touting a significant improvement in memory usage with this release.  That frees up more memory for other applications and is a welcome improvement.

Next, would you believe Microsoft has made improvement to Notepad?  Notepad has remained unchanged for nearly thirty years but this release will see some improvements.  Now you will see an asterisk in the title bar when you have unsaved changes, and they added a nice quick text zooming feature as well.

Cortana will also show some improvements in this release.  Upon upgrading to this May release, users will be able to type natural language in the Cortana search bar and receive answers in many cases.  Examples would be “Am I free at 3:00?” and Cortana will check your calendar. This can be a productivity gain for many.

Finally, you may read about the improved security by being able to go password-less and use a PIN or biometric authentication method.  There are a couple key points here.  This feature is dependent on having the appropriate hardware and also you must be using a Microsoft account for login, not a domain login like many businesses will have.

Want to hear more? Give Colden Company a call at (888) 600-4560 or email us at info@coldencompany.com and let our team assist.

Maintaining Regulatory Compliance

Posted on: April 23rd, 2020 by jiml | No Comments

A part of doing business is complying with regulations. Regulations come from various places, primarily governments but also from industries. The major credit card providers teamed up to create the Payment Card Industry Data Security Standards (PCI DSS) as an example of an industry-led regulation. On the government side there are many. Most of you are familiar with HIPAA to protect health information, and each state has its own laws on the books to protect consumer data now that Alabama joined the ranks in 2018. There are a myriad of other regulations out there making it difficult for the average business to keep up.

What is the process for maintaining compliance? The first step is to have someone within your organization responsible for compliance. Some organizations are large enough or in an industry that supports a full-time compliance manager. Many organizations do not have the means or need for this. This is typical in the SMB market. Those SMBs should still appoint someone to take the lead. Think about partnering with an expert to help guide you through the compliance process. If your appointed person or team does not have the time to stay current with the regulations, this will be key.

Step two is to understand which regulations your organization needs to comply with. Are credit cards processed and therefore should PCI DSS be complied with? Does your organization do work with the Federal government and need to comply with NIST 800-171 or perhaps the European Union and need to comply with GDPR? Do you know your state PII (Personally Identifiable Information) statute? Knowing exactly what your regulatory requirements are is a must. Not knowing the law is not an excuse for non-compliance. (if it were, I would never get a speeding ticket!)

Now that you have identified the regulations your organization needs to comply with, the process for compliance is the same regardless of the regulation. Assess-Mitigate-Maintain.

Assess: Evaluate where you are currently versus the regulation requirements. (Think gap analysis)

Mitigate: Address the short-comings or gaps to meet the standards of the regulation.

Maintain: Develop a plan to maintain compliance going forward.

You cannot be complaint without documentation. Colden Company has programs in place to help businesses with PCI Compliance, HIPAA and we also have a program to meet the NIST Cyber Security Framework (CSF) and provide the necessary documentation. NIST CSF is an excellent framework to follow since many state PII regulations are loosely based on that framework. If your organization does business in several states, following the NIST CSF is a great place to start for compliance. It will meet most states regulations and show that your organization is taking steps to willfully comply.

Would you like to discuss your specific requirements? Give Colden Company a call at (888) 600-4560 or email us at info@coldencompany.com and let our team of experts put you on a path to compliance.

Effective Remote Worker Programs

Posted on: March 30th, 2020 by jiml | No Comments

First and foremost, we hope everyone is safe and coping with the current state of affairs. Colden Company is a service-based organization and we are here to help in any way we can.

One of the most common requests we have received recently, to no one’s surprise, is to assist in setting up remote worker plans as stay-at-home directives have come down from various state and local governments. If your organization doesn’t have a policy in place, don’t worry, you are not alone. Most businesses are in a position of developing their plan on the fly as circumstances have changed. Those that did have plans in place, did not envision the scale and scope of this COVID-19 challenge and were forced to modify their plans anyway. Let us share what we have learned from our time helping many businesses around the United States set up their remote worker programs.

  1. Start with developing your policy.  Appoint someone or a team to oversee this process and determine who will need remote access, what resources these users will need access to, and how will they get that remote access.  Will they use personal computers? Will they be taking company computers offsite? If you are a business that has compliance requirements, security cannot be an afterthought.  Do you have data exfiltration policies in place to protect sensitive data? If you are allowing personal computer to connect to your network remotely, can you ensure:
    • Supported operating system that is patched to current levels.
    • Reputable anti-virus with active scanning
    • Hardware or software firewall enabled
    • Secure wireless
    • Strong passwords
  2. Determine the right technology. Most people assume setting up a VPN will suffice for remote access.  That is not always the case. It is important that you understand your application requirements.  Some applications do not perform under the limited bandwidth conditions that VPN provides.  A different solution may be necessary for those situations, such as Remote Desktop.
  3. Determine communications methods. How flexible is your phone system? Most VoIP systems offer flexibility to move phones or use FindMe, FollowMe technology to route calls as you need. There are also software solutions like Microsoft Teams that can provide video conferencing and computer-based phone calls to facilitate communications.

Communication will be a primary key to success. Let employees know what the expectations will be, follow through and assist those that need reassurance.  Have regular meetings with team members and keep it positive.  Challenging times can bring out the best in us all.  We can do this!

If you have any questions about this or want to get started on your policies, please feel free to reach out to us at (888) 600-4560 by phone, or info@coldencompany.com via email.

Pandemic Response Plans

Posted on: February 24th, 2020 by jiml | No Comments

Often times current events spark businesses to consider scenarios they had not put much thought into previously.  Y2K, as an example, forced many businesses to upgrade their system to handle the changing of the century.  Ransomware in the news helped to raise awareness of the issues with data security and having proper backups.  At other times an episode of gun violence may lead businesses to develop an active shooter response plan. The headlines over the last month may be doing the same.  The coronavirus is front page news because of its prolific ability to spread without physical contact.  The combination of being easily spread and a much higher fatality rate than seasonal flu viruses have people on edge.  (2% compared to 0.1% for the flu) It is a situation worth monitoring and preparing for.

There have been other pandemics in the past, from the Avian Flu, to SARS which also raised awareness.  I recall the Avian Flu prompting us here at Colden Company to develop a response plan should the situation spiral out of control.  Does your business have a recently updated contingency plan?  Is a pandemic included in your disaster recovery plans?

If the above answer is “yes”, congratulations.  You are in the minority of businesses that are prepared for such a situation.  If your answer was “no”, perhaps it is time to put some time and effort into a plan.  As with all disaster recovery planning, it is never an urgent issue until the disaster is upon you.  Human nature suggests we put off tasks that do not have a looming deadline and rarely does a disaster announce it will be arriving on a particular date and time. Never-the-less, good managers see the value in preparing before the disaster strikes.

Colden Company is certified by the Disaster Recovery Institute as Certified Business Continuity Planners. We can assist your business in preparing a reasonable response to a threat like coronavirus. After-all we are used to knocking out viruses. (pardon the pun) In the words of one of our favorite Americans Ben Franklin “An ounce of prevention is worth a pound of cure”.

Give us a call at (888) 600-4560 or email us at info@coldencompany.com to find out how our experts can assist your business in being prepared for whatever comes your way.

Keeping Up With Security

Posted on: February 24th, 2020 by jiml | No Comments

It is 2020. Wow.  It seems like just yesterday we were preparing for Y2K.  The cyber world is a very different place than it was twenty years ago.  In 2000, there were 361 million Internet users.  Today there are well over four billion. Some of those four billion are bad actors, creating viruses and malware. I bet your data security is not the same as it was twenty years ago.  What if we framed that differently and asked if your defenses are different than they were three or four years ago? Do you have the same answer?  The security threats have changed dramatically over that time, from sophisticated ransomware threats, to malware that mines for bitcoin for the bad guys. Your defenses have to keep up with the new threats.

Ransomware continues to be a real threat.  According to a recent study by Datto, there is a very large gap between how the threat of ransomware is perceived by businesses versus those working in the technology field. 89% of Managed Services Providers feel Ransomware is a significant threat to small and medium sized businesses, while only 28% of small and medium sized businesses perceive Ransomware as a significant threat. The folks that deal with security are much more concerned about it, perhaps the business world should take note and ensure they are protected against this threat.

Also changing is the need for compliance. Many states have recently expanded their laws regarding the protection of private data.  California, New York among others have updated their laws to provide better protection of private data ….and increased fines for businesses that do not take the proper precautions. As of 2018, all fifty states have something on the books for protecting personal identifiable information.  Do you know your state’s regulation?  Are you meeting the standards?  Are you aware of the fines?

In a changing world, staying current with the cyber world AND the regulations and compliance issues that affect your business are important.  Studies have repeatedly shown that businesses that keep up with technology outperform those that do not.  How do you stack up? Do you know? Here at Colden Company, we can provide an assessment of where your business stands and recommend measures to safeguard against today’s threats.

If you have any questions about this or want to get an early release of the browser, please feel free to reach out to us at (888) 600-4560 by phone, or info@coldencompany.com via email.

A New Edge Browser in Windows 10

Posted on: December 30th, 2019 by jiml | No Comments

Starting January 15th, 2020 Microsoft will begin rolling out a new version of their Edge browser.  This is a substantial change from the current browser in that it is Chromium based and de-coupled from Windows updates. Chromium is an open-source browser that is used as a base for many other browsers.  The most of obvious of these is Google’s Chrome browser but also others you may have heard of like the Opera browser installed on many Apple products. Google deserves the credit for Chromium as it released is code for Chrome to the open source community back in 2008.

Microsoft is handling the deployment in a staggered release and will handle updating your shortcuts, menu pins etc. to the new version of Edge. Microsoft is aiming for better web compatibility with the new Edge browser and should reduce the number of sites that work in Chrome but not properly in Edge. The important point here, is Microsoft is rolling this out whether users are ready for it or want it.  It is coming regardless.

Microsoft is decoupling the browser from the operating system, meaning it can update the browser more frequently and on demand.  Much like the Chrome browser updates itself behind the scenes, the new Edge browser will do the same with feature releases coming every six weeks.  Security patches will come as needed. The icon will look different and is shown below so you will know where to look for your new Edge browser:

Also note that Windows 7 will be end of life this month on January 14th.  If you are still running Windows 7, there will be no more support or security patching available from Microsoft.  We recommend upgrading to Windows 10.

If you have any questions about this or want to get an early release of the browser, please feel free to reach out to us at (888) 600-4560 by phone, or info@coldencompany.com via email.

New York State SHIELD Act is Here

Posted on: November 26th, 2019 by jiml | No Comments

In August, New York State signed into law the SHIELD Act or the “Stop Hacks and Improve Electronic Data Security” Act. This is an enhancement to New York States previous law and has several keys points that anyone doing business in New York should take note of. This law goes into effect on March 21, 2020 with a notable exception noted below.

Expanded jurisdiction:  The SHIELD Act now pertains to any business, inside New York or outside of New York that stores private information on New York residents. This is an expansion of the jurisdiction from the previous statute.

Expanded definition of private data: New York has expanded the definition of private data to include biometric data and any combination of username, email address and access codes that could lead to the compromise of electronic accounts.  Interestingly, New York did not take the additional step of covering DNA as some other states have.

Increased reporting requirements: In past, HIPAA covered organization could get by with reporting a suspected breach to the Department of Human Services.  The SHIELD Act requires the New York State Attorney General also be notified of a data breach. In addition, the definition of a breach has been expanded to viewed data, not just downloaded data as was previously the case. This part of the act goes into effect October 23, 2019 before the remainder of the Act. Fines for non-compliance have increased as well.

As a business, you have a responsibility to know and comply with this law. Not knowing the law is never an excuse for violation.  The act requires businesses to comply in three different areas:  Administrative, Technical and Physical. While the individual safeguards are too numerous to put in this post, Colden Company can assist your business within each area of the Act and set your company on a path to compliance. Please feel free to reach out to us at (888) 600-4560 by phone, or info@coldencompany.com via email.


The Windows 10 November Release is Coming

Posted on: October 25th, 2019 by jiml | No Comments

Microsoft releases two major updates to Windows 10 each year.  The second one for the calendar year 2019 is set for release. (version 1909) As with most releases you may notice your disk space fluctuate as Microsoft is pushing down the release in advance of deployment. Also, as with other Windows 10 releases you can defer them for a period of time.

This release contains many fixes and updates, most of which will not affect your day to day use of the computer. For example, Microsoft has made some underlying security improvements and made some power efficiency improvements for certain hardware. This update is expected to contain fewer updates than a typical semi-annual release and install more quickly consequently. 

One new feature is the ability to create reminders right from the Calendar flyout on the task bar (lower right corner). You can pick your date and time and location for reminders.  See figure 1 below for a visual:

The start menu will now show you expanded items if you hover over an icon in the menu. Previously you need to click on it to see the contents.

There are also several improvements to notifications. It is now more clear to discern action pane notifications and banner notifications.  You can disable sound for all notification rather than app by app.

Click here for a nice article that summarizes some of the key customer facing improvements in more detail.

NOTE:  As a reminder, if you are running Windows 7, that operating system will reach end of life on January 14, 2020. That means Microsoft will no longer support or patch the operating system.  This makes Windows 7 a security concern after the end of life date and we advise users to upgrade to Windows 10.

If you have any questions or concerns, please feel free to reach out to us at (888) 600-4560 by phone, or info@coldencompany.com via email.


PowerPoint Tips and Tricks

Posted on: September 26th, 2019 by jiml | No Comments

Microsoft PowerPoint has been a staple for presenters for many years.  PowerPoint was first released in 1987, acquired by Microsoft shortly thereafter (for $14 million, imagine what it would sell for today!)  and has been going strong ever since. There has been quite a bit of functionality added over the years, yet many just use the basic feature set of the product.  Let’s take a look at some of the nice features available as well as some basic principles for PowerPoint newbies.

Our first recommendation is to start in Word, not PowerPoint.  When I am designing a new presentation, I put ideas down in a Word document so I can easily shuffle ideas around until I have a general workflow for the presentation. Then move to PowerPoint once you have a solid foundation.

A few more tips for beginners:  Limit the number of words on your slides. You should have the major talking points but leave the details for your presentation of the material. Too much text on a slide can be difficult to read as a viewer and makes the main points of your slide more difficult to grasp.  Next, limit the amount of animations and clip art.  As someone who enjoyed cheesy clip art for many years, it pains me to admit that stock photography is much more professional looking than cartoon art.  Find good photos to embed in your presentation instead. (Charts and graphs are good; try chart animations!) Better yet, try one of the PowerPoint templates which will give you a consistent look and feel to your slides right out of the gate.

Finally, practice, practice, practice.  Speak slowly and record yourself so you can hear how you sound and hear your tendencies (do I say “um” too much?).  Also be mindful of the time you are allotted and make sure you are leaving time for questions. If you are given 30 minutes to present, have 25 good minutes of material and be prepared with sample questions if no one asks any.  Anticipate questions the audience might ask and have prepared answers.

Now, let’s focus on the product itself.  Microsoft is continually adding features to its Office365 products, PowerPoint included.  Did you know that you can change the extension of your PowerPoint file to .ppsx and it will open straight into presentation mode?  Do this for your established presentations to save you a step.

Want to jump to a particular slide?  Instead of hitting the back arrow multiple times, simply type the slide number you want to move to while in presentation mode and PowerPoint will automatically move you to that slide.

PowerPoint allows you to copy images straight from your browser into PowerPoint.  No need to save the image to your desktop first, then import into PowerPoint.  For images, try Smart Art.  These are great graphics that can be used for a variety of purposes and have a professional feel. Go to the Insert tab and look for Smart Art and give it a try. Did you also know you can ungroup Smart Art? Right-click the entire SmartArt graphic, click Group, and then click Ungroup. On the same tab, there is an option to insert video.  This is a handy feature as well. Many times, video clips can be very large. You can compress video to make it more presentable by clicking on the File tab and Multi-Media.  Didn’t save your changes and closed out?  Go to the File tab and look for “Recover Unsaved Files”.

Have you ever brought your PowerPoint presentation to a different computer and had trouble presenting it?  It was likely due to the new computer not having the font set you used.  You can embed the fonts into the PowerPoint presentation by choosing Options and Save Options.  Check the box to Embed Fonts. You can confidently move your presentation from computer to computer afterward.

Finally, there are some nice integrations with PowerPoint. Microsoft Forms can let you put forms, quizzes etc. into PowerPoint and third-party tools like Poll Everywhere let you embed polling questions into your PowerPoint to get more audience engagement.

In summary, PowerPoint is an old staple, but there are plenty of new tricks to keep your presentations fresh and engaging.