Maintaining Regulatory Compliance

Posted on: April 23rd, 2020 by jiml | No Comments

A part of doing business is complying with regulations. Regulations come from various places, primarily governments but also from industries. The major credit card providers teamed up to create the Payment Card Industry Data Security Standards (PCI DSS) as an example of an industry-led regulation. On the government side there are many. Most of you are familiar with HIPAA to protect health information, and each state has its own laws on the books to protect consumer data now that Alabama joined the ranks in 2018. There are a myriad of other regulations out there making it difficult for the average business to keep up.

What is the process for maintaining compliance? The first step is to have someone within your organization responsible for compliance. Some organizations are large enough or in an industry that supports a full-time compliance manager. Many organizations do not have the means or need for this. This is typical in the SMB market. Those SMBs should still appoint someone to take the lead. Think about partnering with an expert to help guide you through the compliance process. If your appointed person or team does not have the time to stay current with the regulations, this will be key.

Step two is to understand which regulations your organization needs to comply with. Are credit cards processed and therefore should PCI DSS be complied with? Does your organization do work with the Federal government and need to comply with NIST 800-171 or perhaps the European Union and need to comply with GDPR? Do you know your state PII (Personally Identifiable Information) statute? Knowing exactly what your regulatory requirements are is a must. Not knowing the law is not an excuse for non-compliance. (if it were, I would never get a speeding ticket!)

Now that you have identified the regulations your organization needs to comply with, the process for compliance is the same regardless of the regulation. Assess-Mitigate-Maintain.

Assess: Evaluate where you are currently versus the regulation requirements. (Think gap analysis)

Mitigate: Address the short-comings or gaps to meet the standards of the regulation.

Maintain: Develop a plan to maintain compliance going forward.

You cannot be complaint without documentation. Colden Company has programs in place to help businesses with PCI Compliance, HIPAA and we also have a program to meet the NIST Cyber Security Framework (CSF) and provide the necessary documentation. NIST CSF is an excellent framework to follow since many state PII regulations are loosely based on that framework. If your organization does business in several states, following the NIST CSF is a great place to start for compliance. It will meet most states regulations and show that your organization is taking steps to willfully comply.

Would you like to discuss your specific requirements? Give Colden Company a call at (888) 600-4560 or email us at info@coldencompany.com and let our team of experts put you on a path to compliance.

Tweet

Effective Remote Worker Programs

Posted on: March 30th, 2020 by jiml | No Comments

First and foremost, we hope everyone is safe and coping with the current state of affairs. Colden Company is a service-based organization and we are here to help in any way we can.

One of the most common requests we have received recently, to no one’s surprise, is to assist in setting up remote worker plans as stay-at-home directives have come down from various state and local governments. If your organization doesn’t have a policy in place, don’t worry, you are not alone. Most businesses are in a position of developing their plan on the fly as circumstances have changed. Those that did have plans in place, did not envision the scale and scope of this COVID-19 challenge and were forced to modify their plans anyway. Let us share what we have learned from our time helping many businesses around the United States set up their remote worker programs.

  1. Start with developing your policy.  Appoint someone or a team to oversee this process and determine who will need remote access, what resources these users will need access to, and how will they get that remote access.  Will they use personal computers? Will they be taking company computers offsite? If you are a business that has compliance requirements, security cannot be an afterthought.  Do you have data exfiltration policies in place to protect sensitive data? If you are allowing personal computer to connect to your network remotely, can you ensure:
    • Supported operating system that is patched to current levels.
    • Reputable anti-virus with active scanning
    • Hardware or software firewall enabled
    • Secure wireless
    • Strong passwords
  2. Determine the right technology. Most people assume setting up a VPN will suffice for remote access.  That is not always the case. It is important that you understand your application requirements.  Some applications do not perform under the limited bandwidth conditions that VPN provides.  A different solution may be necessary for those situations, such as Remote Desktop.
  3. Determine communications methods. How flexible is your phone system? Most VoIP systems offer flexibility to move phones or use FindMe, FollowMe technology to route calls as you need. There are also software solutions like Microsoft Teams that can provide video conferencing and computer-based phone calls to facilitate communications.

Communication will be a primary key to success. Let employees know what the expectations will be, follow through and assist those that need reassurance.  Have regular meetings with team members and keep it positive.  Challenging times can bring out the best in us all.  We can do this!

If you have any questions about this or want to get started on your policies, please feel free to reach out to us at (888) 600-4560 by phone, or info@coldencompany.com via email.

Tweet

Pandemic Response Plans

Posted on: February 24th, 2020 by jiml | No Comments

Often times current events spark businesses to consider scenarios they had not put much thought into previously.  Y2K, as an example, forced many businesses to upgrade their system to handle the changing of the century.  Ransomware in the news helped to raise awareness of the issues with data security and having proper backups.  At other times an episode of gun violence may lead businesses to develop an active shooter response plan. The headlines over the last month may be doing the same.  The coronavirus is front page news because of its prolific ability to spread without physical contact.  The combination of being easily spread and a much higher fatality rate than seasonal flu viruses have people on edge.  (2% compared to 0.1% for the flu) It is a situation worth monitoring and preparing for.

There have been other pandemics in the past, from the Avian Flu, to SARS which also raised awareness.  I recall the Avian Flu prompting us here at Colden Company to develop a response plan should the situation spiral out of control.  Does your business have a recently updated contingency plan?  Is a pandemic included in your disaster recovery plans?

If the above answer is “yes”, congratulations.  You are in the minority of businesses that are prepared for such a situation.  If your answer was “no”, perhaps it is time to put some time and effort into a plan.  As with all disaster recovery planning, it is never an urgent issue until the disaster is upon you.  Human nature suggests we put off tasks that do not have a looming deadline and rarely does a disaster announce it will be arriving on a particular date and time. Never-the-less, good managers see the value in preparing before the disaster strikes.

Colden Company is certified by the Disaster Recovery Institute as Certified Business Continuity Planners. We can assist your business in preparing a reasonable response to a threat like coronavirus. After-all we are used to knocking out viruses. (pardon the pun) In the words of one of our favorite Americans Ben Franklin “An ounce of prevention is worth a pound of cure”.

Give us a call at (888) 600-4560 or email us at info@coldencompany.com to find out how our experts can assist your business in being prepared for whatever comes your way.

Tweet

Keeping Up With Security

Posted on: February 24th, 2020 by jiml | No Comments

It is 2020. Wow.  It seems like just yesterday we were preparing for Y2K.  The cyber world is a very different place than it was twenty years ago.  In 2000, there were 361 million Internet users.  Today there are well over four billion. Some of those four billion are bad actors, creating viruses and malware. I bet your data security is not the same as it was twenty years ago.  What if we framed that differently and asked if your defenses are different than they were three or four years ago? Do you have the same answer?  The security threats have changed dramatically over that time, from sophisticated ransomware threats, to malware that mines for bitcoin for the bad guys. Your defenses have to keep up with the new threats.

Ransomware continues to be a real threat.  According to a recent study by Datto, there is a very large gap between how the threat of ransomware is perceived by businesses versus those working in the technology field. 89% of Managed Services Providers feel Ransomware is a significant threat to small and medium sized businesses, while only 28% of small and medium sized businesses perceive Ransomware as a significant threat. The folks that deal with security are much more concerned about it, perhaps the business world should take note and ensure they are protected against this threat.

Also changing is the need for compliance. Many states have recently expanded their laws regarding the protection of private data.  California, New York among others have updated their laws to provide better protection of private data ….and increased fines for businesses that do not take the proper precautions. As of 2018, all fifty states have something on the books for protecting personal identifiable information.  Do you know your state’s regulation?  Are you meeting the standards?  Are you aware of the fines?

In a changing world, staying current with the cyber world AND the regulations and compliance issues that affect your business are important.  Studies have repeatedly shown that businesses that keep up with technology outperform those that do not.  How do you stack up? Do you know? Here at Colden Company, we can provide an assessment of where your business stands and recommend measures to safeguard against today’s threats.

If you have any questions about this or want to get an early release of the browser, please feel free to reach out to us at (888) 600-4560 by phone, or info@coldencompany.com via email.

Tweet

A New Edge Browser in Windows 10

Posted on: December 30th, 2019 by jiml | No Comments

Starting January 15th, 2020 Microsoft will begin rolling out a new version of their Edge browser.  This is a substantial change from the current browser in that it is Chromium based and de-coupled from Windows updates. Chromium is an open-source browser that is used as a base for many other browsers.  The most of obvious of these is Google’s Chrome browser but also others you may have heard of like the Opera browser installed on many Apple products. Google deserves the credit for Chromium as it released is code for Chrome to the open source community back in 2008.

Microsoft is handling the deployment in a staggered release and will handle updating your shortcuts, menu pins etc. to the new version of Edge. Microsoft is aiming for better web compatibility with the new Edge browser and should reduce the number of sites that work in Chrome but not properly in Edge. The important point here, is Microsoft is rolling this out whether users are ready for it or want it.  It is coming regardless.

Microsoft is decoupling the browser from the operating system, meaning it can update the browser more frequently and on demand.  Much like the Chrome browser updates itself behind the scenes, the new Edge browser will do the same with feature releases coming every six weeks.  Security patches will come as needed. The icon will look different and is shown below so you will know where to look for your new Edge browser:

Also note that Windows 7 will be end of life this month on January 14th.  If you are still running Windows 7, there will be no more support or security patching available from Microsoft.  We recommend upgrading to Windows 10.

If you have any questions about this or want to get an early release of the browser, please feel free to reach out to us at (888) 600-4560 by phone, or info@coldencompany.com via email.

New York State SHIELD Act is Here

Posted on: November 26th, 2019 by jiml | No Comments

In August, New York State signed into law the SHIELD Act or the “Stop Hacks and Improve Electronic Data Security” Act. This is an enhancement to New York States previous law and has several keys points that anyone doing business in New York should take note of. This law goes into effect on March 21, 2020 with a notable exception noted below.

Expanded jurisdiction:  The SHIELD Act now pertains to any business, inside New York or outside of New York that stores private information on New York residents. This is an expansion of the jurisdiction from the previous statute.

Expanded definition of private data: New York has expanded the definition of private data to include biometric data and any combination of username, email address and access codes that could lead to the compromise of electronic accounts.  Interestingly, New York did not take the additional step of covering DNA as some other states have.

Increased reporting requirements: In past, HIPAA covered organization could get by with reporting a suspected breach to the Department of Human Services.  The SHIELD Act requires the New York State Attorney General also be notified of a data breach. In addition, the definition of a breach has been expanded to viewed data, not just downloaded data as was previously the case. This part of the act goes into effect October 23, 2019 before the remainder of the Act. Fines for non-compliance have increased as well.

As a business, you have a responsibility to know and comply with this law. Not knowing the law is never an excuse for violation.  The act requires businesses to comply in three different areas:  Administrative, Technical and Physical. While the individual safeguards are too numerous to put in this post, Colden Company can assist your business within each area of the Act and set your company on a path to compliance. Please feel free to reach out to us at (888) 600-4560 by phone, or info@coldencompany.com via email.


The Windows 10 November Release is Coming

Posted on: October 25th, 2019 by jiml | No Comments

Microsoft releases two major updates to Windows 10 each year.  The second one for the calendar year 2019 is set for release. (version 1909) As with most releases you may notice your disk space fluctuate as Microsoft is pushing down the release in advance of deployment. Also, as with other Windows 10 releases you can defer them for a period of time.

This release contains many fixes and updates, most of which will not affect your day to day use of the computer. For example, Microsoft has made some underlying security improvements and made some power efficiency improvements for certain hardware. This update is expected to contain fewer updates than a typical semi-annual release and install more quickly consequently. 

One new feature is the ability to create reminders right from the Calendar flyout on the task bar (lower right corner). You can pick your date and time and location for reminders.  See figure 1 below for a visual:

The start menu will now show you expanded items if you hover over an icon in the menu. Previously you need to click on it to see the contents.

There are also several improvements to notifications. It is now more clear to discern action pane notifications and banner notifications.  You can disable sound for all notification rather than app by app.

Click here for a nice article that summarizes some of the key customer facing improvements in more detail.

NOTE:  As a reminder, if you are running Windows 7, that operating system will reach end of life on January 14, 2020. That means Microsoft will no longer support or patch the operating system.  This makes Windows 7 a security concern after the end of life date and we advise users to upgrade to Windows 10.

If you have any questions or concerns, please feel free to reach out to us at (888) 600-4560 by phone, or info@coldencompany.com via email.


PowerPoint Tips and Tricks

Posted on: September 26th, 2019 by jiml | No Comments

Microsoft PowerPoint has been a staple for presenters for many years.  PowerPoint was first released in 1987, acquired by Microsoft shortly thereafter (for $14 million, imagine what it would sell for today!)  and has been going strong ever since. There has been quite a bit of functionality added over the years, yet many just use the basic feature set of the product.  Let’s take a look at some of the nice features available as well as some basic principles for PowerPoint newbies.

Our first recommendation is to start in Word, not PowerPoint.  When I am designing a new presentation, I put ideas down in a Word document so I can easily shuffle ideas around until I have a general workflow for the presentation. Then move to PowerPoint once you have a solid foundation.

A few more tips for beginners:  Limit the number of words on your slides. You should have the major talking points but leave the details for your presentation of the material. Too much text on a slide can be difficult to read as a viewer and makes the main points of your slide more difficult to grasp.  Next, limit the amount of animations and clip art.  As someone who enjoyed cheesy clip art for many years, it pains me to admit that stock photography is much more professional looking than cartoon art.  Find good photos to embed in your presentation instead. (Charts and graphs are good; try chart animations!) Better yet, try one of the PowerPoint templates which will give you a consistent look and feel to your slides right out of the gate.

Finally, practice, practice, practice.  Speak slowly and record yourself so you can hear how you sound and hear your tendencies (do I say “um” too much?).  Also be mindful of the time you are allotted and make sure you are leaving time for questions. If you are given 30 minutes to present, have 25 good minutes of material and be prepared with sample questions if no one asks any.  Anticipate questions the audience might ask and have prepared answers.

Now, let’s focus on the product itself.  Microsoft is continually adding features to its Office365 products, PowerPoint included.  Did you know that you can change the extension of your PowerPoint file to .ppsx and it will open straight into presentation mode?  Do this for your established presentations to save you a step.

Want to jump to a particular slide?  Instead of hitting the back arrow multiple times, simply type the slide number you want to move to while in presentation mode and PowerPoint will automatically move you to that slide.

PowerPoint allows you to copy images straight from your browser into PowerPoint.  No need to save the image to your desktop first, then import into PowerPoint.  For images, try Smart Art.  These are great graphics that can be used for a variety of purposes and have a professional feel. Go to the Insert tab and look for Smart Art and give it a try. Did you also know you can ungroup Smart Art? Right-click the entire SmartArt graphic, click Group, and then click Ungroup. On the same tab, there is an option to insert video.  This is a handy feature as well. Many times, video clips can be very large. You can compress video to make it more presentable by clicking on the File tab and Multi-Media.  Didn’t save your changes and closed out?  Go to the File tab and look for “Recover Unsaved Files”.

Have you ever brought your PowerPoint presentation to a different computer and had trouble presenting it?  It was likely due to the new computer not having the font set you used.  You can embed the fonts into the PowerPoint presentation by choosing Options and Save Options.  Check the box to Embed Fonts. You can confidently move your presentation from computer to computer afterward.

Finally, there are some nice integrations with PowerPoint. Microsoft Forms can let you put forms, quizzes etc. into PowerPoint and third-party tools like Poll Everywhere let you embed polling questions into your PowerPoint to get more audience engagement.

In summary, PowerPoint is an old staple, but there are plenty of new tricks to keep your presentations fresh and engaging. 


Staying Connected in a Connected World

Posted on: August 29th, 2019 by jiml | No Comments

More and more business is being conducted in the cloud. According to a study by Gartner, worldwide cloud services are projected to grow at 17.5% this year. That is aggressive growth and there are not many indicators that this trend will reverse any time soon. Cloud services have many benefits, such as the reduction in capital infrastructure investments, less time to maintain cloud systems and of course, high availability.  Most cloud solutions offer guaranteed uptime and access from different types of devices, whether it be a traditional computer, tablet or smart phone.  The critical component to accessing business information in the cloud becomes the connection.  If your Internet connection is down, so is access to your information.  Having redundancy or a backup plan for your connection is now an important consideration for those companies dependent on the cloud.

Introducing the DNA Edge router from Datto!  This appliance sits at the edge of your network and between your business and the Internet. The device has advanced firewall capabilities built in, content filtering options and other traditional firewall necessities.  In addition, the DNA has 4G LTE failover capability.  If your primary internet connection fails, the device detects this and automatically fails over to a cellular based connection to keep your business operational. The device offers a choice of AT&T or Verizon for cellular plans.  The device comes with bundled services, meaning there is no overage charges for data regardless of how much you use.  There is no carrier contract required either.  It is all handled for you, making this an easy to maintain solution as well as providing your business with the continuous connectivity needed in today’s connected world.

Losing connectivity to your cloud applications hampers productivity!  Don’t let it happen to your business. Contact us today to hear more about your organization’s options for highly available connectivity. We can be reached by phone at (888) 600-4560 or via email at info@coldencompany.com.


Disaster Recovery Planning is Important

Posted on: July 29th, 2019 by jiml | No Comments

Everyone is busy.  In today’s world people are busy even when they are retired.  Business goes to those who hustle, and each business is focused on beating their competitors. Long-term success is not gained by hustle alone.  It is gained by thoughtful planning and follow through. The time is takes to do this type of planning takes away time from the immediate hustle that we are all participating in, but in the end wins out.

Disaster recovery planning is such an activity.  In the words of the great Benjamin Franklin “Failure to plan is planning to fail”.  Disasters can and do happen.  They can take on different forms including natural disasters (which is a minority), user error (statistically the highest percentage), personnel loss and increasingly, a security incident.

More so today than ever, your security defenses are linked with your disaster recovery plans. A ransomware infection, as an example, is both a security incident and a disaster.  The two cannot be thought of separately anymore.

The planning that goes into having a good security response plan and a good disaster recovery plan is the type of work that seemingly takes you away from the hustle that is part of your day to day grind. It is difficult to carve out the time to evaluate your business’ preparedness, but it is absolutely vital.

When I am trying to make the case to an organization that making time for disaster recovery planning is not only necessary but going to make them more successful in the long run, I often refer to Stephen Covey’s “7 Habits of Highly Effective People”. In his book, Covey takes about the four quadrants where people spend their time as outlined in the graphic below:

Figure 1: Stephen Covey’s Time Management Matrix

Most people spend their time in quadrants one and three.  These are activities that have urgency (both important and not important).  Of course, people will spend time on urgent and important activities, which are emergencies and disasters, but Covey argues that truly effective people spend the bulk of their time in quadrant two.  By planning, you avoid those disasters that pull you into quadrant one and effective people delegate the non-important and spend their time on the important.  Disaster Recovery planning is a perfect example of an important but not (yet) urgent activity that Covey is speaking about. If you don’t put the time into preparation and planning, and a disaster hits, you are in for a difficult, quadrant one day.

How confident are you in your disaster recovery and security response plans?   What are you working on today? Are you working in quadrant two as effective people do? Give us a call at (888) 600-4560 or email us at info@coldencompany.com to discuss your plans.