Is Your Web Site Ready for Browser Security Changes?

Posted on: March 23rd, 2018 by jiml | No Comments

Did you know that starting in July 2018 with the release of Google Chrome 68, Google will be marking all web sites that connect via HTTP as insecure ? Google is pushing companies to create secure connections to their web sites by using HTTPS. HTTPS differs from HTTP in that it uses encryption to create a secure connection from the user to the web site rather than a clear text connection that a traditional HTTP connection would create. Many of you are likely familiar with HTTPS from going to banking sites or retail sites that want to protect the communication from the customer to the web site.

Other browsers are also moving in the same direction. Mozilla has committed to doing the same in future releases of Firefox.

Is your company web site ready for this? If not, when potential customers attempt to visit your web site they will be see a message that the site is not secure which can turn away potential business.

What do I need to do?

In order to allow users to connect to your web site using a secure connection (HTTPS), your website will need a security certificate. The proper installation of a security certificate on your web host will ensure a secure connection to your site visitors. Please note that installing a certificate does not secure the web site itself, only the connection. The backend files are not any more protected after a security certificate is installed as before.

Upon completion of the certificate install, there might be some changes needed to your web site code to ensure your pages are using HTTPS by default. Consult your web developer for this.

The good news is that the move to HTTPS has already gained momentum. Over half of the sites on the Internet are already using HTTPS. The end result will be a more secure Internet for all of us.

Need assistance? Call us at 888-600-4560, email us, or visit us on Facebook or Twitter.







New Ransomware Threats and How to Defend Against It

Posted on: February 23rd, 2018 by jiml | No Comments

In what should not be a surprise to anyone reading this, 2017 surveys have shown that ransomware attacks against businesses like yours increased in 2017 over 2016. (4.3 times as many to be exact) The hackers behind these attacks have been so successful in monetizing their attacks that they have tremendous resources at their disposal to hone their craft. The end results are attacks that are more sophisticated and more destructive. If you are unsure what ransomware is, please see our video.

2017 saw attacks like WannaCry that did not use the traditional methods of infecting computers. Email attachments and links are still the most common method of contracting ransomware, but we are seeing different threat vectors targeting businesses. In the case of WannaCry, it attacked vulnerabilities in the Windows operating system. Users did not need to click on a bad attachment or go to a bad web site to be infected. They simply had to be targeted and not have installed the patches that Microsoft provided for the vulnerability.

2018 has seen a rise in ransomcloud viruses which attack cloud services like Microsoft Office 365, a popular email platform. Users would receive an email appearing to be from Microsoft and prompt the user for credentials. Once provided, all of the users’ email would be encrypted and unreadable without the decryption key, which the hackers held for ransom.

We, of course, encourage users to never, never, never (you get the point) pay the ransom. Paying the ransom perpetuates the cycle by giving the bad people more resources to put toward their scams. Once you have contracted a ransomware virus, restoring from backup is the best way to recover your data. Cleaning the infection out of your system should of course be the first step in remediation, followed by restore. For ransomcloud viruses affecting Office 365 it is important to note that businesses have options. There are reliable and cost-effective solutions for providing comprehensive backups to your Office 365 (or Google’s G Suite) data. Having this extra layer of protection can come in handy for other reasons in addition to malware as well. Want to recover an email from two months ago? How are you going to do that? With our solution, a simple phone call or email gets the process started. Too much business is conducted via email in today’s world to leave your email recovery to chance.

To hear more, call us at 888-600-4560, email us, or visit us on Facebook or Twitter.







Putting Meltdown and Spectre in Perspective

Posted on: January 30th, 2018 by billp | No Comments

There’s recently been a lot of media attention around two vulnerabilities in computer chips. The vulnerabilities, given the ominous titles “Meltdown” and “Spectre,” exist in nearly all microprocessors made since 1995 — meaning they are found in nearly every popular business computer, home computer, and other devices such as smartphones and tablets.

One of the biggest challenges with cybersecurity is putting perspective to the severity of issues. Bugs and vulnerabilities that receive logos, names, and headlines usually result in a big – and often out-of-proportion – reaction. There’s no arguing the fact that these vulnerabilities are significant and should not be taken lightly. But, before you start to panic, the situation sounds a lot worse than it is. There is always a balance of “probability and exploitability” that businesses should consider in determining how likely they are to fall victim any cybersecurity vulnerability.

What are Meltdown and Spectre?

Both Meltdown and Spectre are hardware vulnerabilities in computer chips (microprocessors) that allow a non-privileged user to access information on the computer that they shouldn’t be able to access. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to access secrets stored in the memory of other running programs, which might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages, and even business-critical documents. This is a particularly big problem for cloud services like Microsoft Azure and Amazon Web Services, where multiple “tenants” use the same physical hardware.

Meltdown and Spectre require a high degree of sophistication, time, and luck for hackers to be able to exploit. These vulnerabilities have been around for 20 years and are something that both researchers and government agencies have been aware of for at least six months, yet we haven’t heard of any active exploits in the wild.

How Do I Protect Myself?

This is where things get complicated…

All major hardware and software vendors have released patches that address Meltdown and Spectre in the weeks since the disclosure of the vulnerabilities. In the case of Microsoft, its patches for Windows require that your antivirus software to updated to ensure Meltdown/Spectre updates won’t crash your computer (users of Colden Company’s Managed Antivirus are compatible with Microsoft’s updates). Intel released – and then retracted – updates to its microcode (software that runs the processor), and Microsoft then released an emergency update to fix the problems that Intel’s buggy updates caused.

The updates can be more impactful on computers (particularly servers) running older Intel processors and/or certain workloads, where updating to mitigate Meltdown/Spectre has the potential to reduce performance between 5% and 30%. The performance impact is very dependant on what software is running on the computer. Microsoft attempted to add some clarity to the potential performance impacts in a recent blog post.

To get back to the question of how you protect yourself and your business, Colden Company recommends patching – and not panicking – as reliable patches are made available from hardware and software vendors.  Ask yourself how quickly you can reliably apply known-good and tested patches from reliable vendors, especially on critical systems.

Use the following steps to guide you down a good path to mitigating Meltdown and Spectre.

  1. Update antivirus software to ensure Meltdown/Spectre patches from Microsoft aren’t blocked.
  2. Update operating systems with relevant patches.
  3. Update hypervisor hosts, guest OSes, and cloud instances.
  4. Update system BIOS / firmware.
  5. Update web browsers where applicable.
  6. Check for updates to other applications and peripherals.

If even the above steps seem daunting, our best recommendation is to partner with experts at Colden Company to help ensure your business is protected.

Conclusion

The scope of this issue is huge. According to a survey of 500 IT professionals by IT organization Spiceworks, 70% of businesses report they continue patching despite the guidance from Intel to stop. 46% of companies have reported performance degradation, 26% are dealing with system “hangs” and freezes, and 22% are experiencing issues with computers not rebooting properly after the patches are installed. Costs from the mitigation effort also mounting for some companies. 29% of companies with more than 1,000 employees said they expect to spend more than 80 hours addressing the flaws, and 18% said they expected to spend more than $50,000.

While exploiting either Meltdown or Spectre requires a high level of sophistication, it’s still early days, and incidents that take advantage of Meltdown and Spectre will be inevitable. Laptop and desktop workstations are at the greatest risk, so make sure that you’re current with Microsoft patches as they’re released. You should be diligent about patching all systems and mobile devices. Work with your cloud providers and business partners to ensure they have a mitigation plan. Don’t worry, don’t panic, but be diligent and be sure to install patches as soon as they become available for your specific operating systems and devices.

This is a complicated topic and can quickly become overwhelming. Give the experts at Colden Company a call and let us help you protect your business against these and other cybersecurity risks. Call us at 888-600-4560, email us, or visit us on Facebook or Twitter.







Happy New Year!

Posted on: December 29th, 2017 by jiml | No Comments

What will 2018 hold for your business? What challenges are you facing? Most business start off the new year with a sense of renewed optimism and determination and we hope your business is no exception. Now that the holidays have passed, we can tackle some projects we have been meaning to undertake to improve our business. If you even a casual reader of our blog you have heard the phrase “If you are running your business the same way you were three or four years ago, you are not staying the same, you are falling behind”. Statistically speaking business that embrace technology solutions outpace their competitors that do not. Top employees are more likely to remain with businesses that have better technology. The trick, of course, is to implement the right technology, not just add technology for the sake of technology. Technology chosen or implemented poorly can actually add expense, not decrease it.

One area of improvement that is often overlooked is reducing risk. How well protected are your business assets? Is your business keeping up with the increased level of cyber threats that exist? Your company data and assets have value. Any compromise of that data or asset come with an associated cost. If you are concerned about that, this is another area where technology may be of help. The above saying about if you are running your business the same way, is also apt when thinking about cyber security and risk to your business. The threats are not the same as they were three or four years ago, so why are your defenses? Risk management is a business function. IT should not be driving the conversation, business leaders should be. Unfortunately, today, we see too many business leaders that are not taking the risks seriously enough which results in the statistics we see about business failures after a hack, businesses paying ransom to hackers to get their data back and other similar headlines we see in the news.

As a business leader, do you know what the risk level is to your business? If you do, then you are ahead of the curve. If you do not, then you likely do not have the appropriate awareness programs in place or allocated the proper time to this significant issue. Many business leaders underestimate the risks and consequences of a cyber attack to their business and therefore do not take enough precautionary steps to prevent them. That mistake can cost a business leader his job. (See Equifax among others) As Stephen Covey adeptly points out in his 7 Habits of Highly Effective People, we tend to focus on the urgent/non-important issues over important/non-urgent issues. This flaw in human nature causes us to put important events like planning on the back burner to tend to picking out the company Christmas cards because it has a deadline associated with it. Effective people do not do this. Effective business leaders are able to delegate non-important work and spend a majority of their time on important but perhaps not urgent work. (Covey calls that quadrant II in his time management matrix). Certainly, risk management falls into this category. It is important work.

The trouble comes when the cyber breach happens before the planning is done. Now we have a costly emergency, or a quadrant I activity in the Covey time management matrix. At this point the non-urgent planning to manage and mitigate risk is pushed to the forefront as response to an actual threat that requires an urgent response. Effective business leaders do not allow situations to get to that point because they have done the preparation in advance.

Would Stephen Covey say you are an effective business leader? Are you running your business the same way you were three or four years ago? Colden Company is here to help. Give the experts at Colden Company a call and let us help analyze the risk to your business. Call us at (888) 600-4560 or email us, or visit us on Facebook or Twitter.







Holiday Electronics Shopping

Posted on: November 29th, 2017 by jiml | No Comments

The holidays are upon us and one question we often get about electronics is what we recommend in terms of a tablet, laptop or all-in-one (AIO) unit. The answer, of course, is the unhelpful “it depends”. We unfortunately answer a question with a question and ask, “what do you need this unit to do?”. That answer can help lead us in the right direction.

For example, if you need the computer to work seamlessly with your office domain and office programs, we may steer you away from an iPad. In general, they do not integrate as nicely into a corporate network and use network resources. Many out there are rabid Apple fans and want to have their Apple devices so there are ways to make them work in an office environment as long as you are prepared for the expense of making that happen. For web browsing and email, iPads are great.

Microsoft touts their Surface tablet as the tablet that can replace your laptop. As a Surface owner, I can tell you there is a lot to like about Microsoft’s foray into the hardware space. Most Surfaces (think Pro) will run a full version of Windows, meaning you can install all the apps you can load on your laptop on your tablet. If you don’t mind a smaller keyboard, it seems to be a functional unit that can act as a tablet as well as a laptop. One note to be aware of: they break more frequently than you might expect. So much so that Consumer Reports pulled their recommendation of the Surface tablets. They have a high failure rate as I can personally attest to with my personal unit. I love it when it is not doubling as a brick.

For regular laptops we often are asked about the latest Black Friday deals at Best Buy. These may be a great choice for home use. Keep in mind that the box stores are selling you consumer grade electronics with consumer grade operating systems. This matters for a business shopper. Home Edition operating systems will not join a corporate domain which give access to company resources. You will need to Pro or Enterprise versions for that. In addition, the quality of the components in a business grade laptop are considerable better than what you get in a consumer grade laptop. The business grade laptops have been proven to last longer and have fewer problems. We do not recommend consumer grade laptops for business.

Finally, all-in-one (AIO) units have their place in business. These units have the computer and monitor together which is a great space saver for situations where space is a concern. Retail comes to mind. Keep in mind with AIO units will not have the expandability that regular desktops have and often a shorter shelf-life as they are not upgradable. Check here for concerns with AIO units.

Enjoy the holiday season and please feel free to reach out to us with questions. We are here to help. Give the experts at Colden Company a call at (888) 600-4560 or email us, or visit us on Facebook or Twitter.







National Cyber Security Awareness Month

Posted on: October 28th, 2017 by jiml | No Comments

October was National Cyber Security Awareness Month. Here at Colden Company we are trying to do our part to raise awareness through webinars, social media posts, and other communications. We often say here at Colden Company “If you are running your business the same way you were three or four years ago, you are not staying the same, you are falling behind.” This saying was originally intended to apply to technology because technology is continually advancing; if your business is not taking advantage of it, your competition likely is. The saying is also particularly appropriate for data security. The threats facing your business are not staying the same; they have increased in both number and complexity over the years. We do not think anyone reading this would disagree with that point. In conjunction, your defenses should also be improving to combat the increasing threats. If you are using the same defenses you were three or four years ago, you are not staying the same, you are falling behind the data security curve and, most importantly, exposing your business to more risk.

Raising awareness to cyber security concerns is a worthwhile exercise. However, it seems like we are running the risk of desensitizing people to the risk by continual bombardment of this breach and that vulnerability that appear on the nightly news. Not all vulnerabilities are equal in size and scale and some judgment needs to be used to inform the public of the risks. Having said that, the risks are real. Cyber criminals have, unfortunately, been wildly successful with certain hacking campaigns like ransomware, which has lined their pockets with millions of dollars (and in some cases tens of millions) which they are using to perfect their craft. Hacking is a business and it is big business – make no mistake about it.

As a business, you may read about the latest breach and think to yourself “Here we go again. I can’t stop it so why worry about it.” We understand that sentiment. The question we would pose is “If you could stop a data breach at your business, would you?”. It’s true that there are many different threat vectors that hackers can use to attack your business. Why not spend time and effort blocking the most common ones? There are things you can do without breaking the bank to further protect your business. Incremental improvement may just save the day and prevent a breach.

When a hacker probes your business for a vulnerability and your business is protected from it, do you know? In most cases, the answer is no. Hackers use sophisticated programs to probe networks and attack the ones that are vulnerable and leave the ones that are not. This makes proving return on investment (ROI) for security a much more difficult number to show. How do you show ROI on something that did not occur? We can only do so, by citing the costs of breaches that have occurred.

Hacking attempts and breach attempts happen on a much more regular basis than you may believe. It is almost a certainty that your business was targeted at some point in the last year. The frequency with which this type of activity occurs would surprise most. We see more of this because it is our business to protect our customer’s critical data and we have tools in place to monitor and report on certain types of attacks. Unfortunately, the business that have with the best security measures in place are often the ones who had a security breach or had some type of security scare. It is analogous to buying the home security system after the break-in; you don’t want to go through that experience again, so you prepare.

So, in closing, I ask you to do this. Tomorrow morning when you wake up, pretend you just got a phone call from a staff member who told you there has been a data breach at your business and data has been compromised or lost. What would you do? How would you feel? If you would like to avoid that feeling, take the time to improve your data security to keep pace with the increasing threats. After all, if you are staying the same, you are falling behind.

Give our certified security experts at Colden Company a call at (888) 600-4560 or email us, or visit us on Facebook or Twitter.







Top Ten Myths of PCI Compliance

Posted on: September 27th, 2017 by jiml | No Comments

Hackers WANT your credit card data. They WANT your customer’s credit card data. They will try hard to get it. They will NOT stop. These are unfortunate truths.

In 2006, MasterCard, Visa, JCB, American Express, and Discover established the PCI Security Standards Council, a 3rd party entity, to manage the Payment Card Industry security standards and to promote the standard’s implementation by all companies (i.e. merchants) that accept credit/debit cards including all:
Retail merchants: Any business that operates in a storefront location, where the customers’ debit and credit cards are physically swiped through the payment terminal.
Internet merchants: Any business being run online. It allows businesses to collect and process credit and debit card information from their e-commerce website.
MOTO (mail or telephone order) merchants: Any business that operates by taking payments via the telephone and/or direct mail

Even if you process one credit card per year, your business must be PCI compliant. If you process through a third party, that does not absolve your business from PCI compliance. Many businesses do not take this seriously….until a breach occurs. As many of you know already, the credit card companies and banks have made a concerted effort to shift liability for the massive amount of credit card fraud taking place from their business to yours. If your business is not using chip readers, you are at risk. If your business is not PCI compliant, you are at risk.

PCI Compliance is not solved through a single vendor or product. There are many requirements and some of them are business process related and some are technology related. Below is a list of the top ten myths surrounding PCI requirements from the PCI Security Standards Council.

Top Ten Myths of PCI Compliance

1. One product will make us compliant.
2. Outsourcing card processing makes us compliant.
3. PCI DDS compliance is an IT project.
4. PCI DSS will make us secure.
5. PCI DDS is unreasonable, requiring too much effort and expense.
6. PCI DDS require us to hire a Qualified Security Assessor.
7. We don’t take enough credit cards to necessitate compliance.
8. We completed a SAQ so we’re compliant.
9. PCI DDS makes us store card holder data.
10. PCI DDS is too hard.
Source: www.pcisecuritystandards.org

Is your business PCI compliant? Are you aware of the penalties for being out of compliance? Given the current data security climate, have you given this enough attention? If you answered “no” to any of the above questions, give Colden Company a call at (888) 600-4560 or email us, or visit us on Facebook or Twitter.







Why and How to Secure Mobile Devices

Posted on: August 29th, 2017 by jiml | No Comments

As more business processes are either pushed to or accessed on mobile devices (phones, tablets, laptops, etc.), organizations need to be able to secure both the device itself and the data which the device accesses. Colden Company’s Mobile Device Management (MDM) service provides affordable protection for the most common security scenarios.

Physical Security

Since these devices leave the office and may be left intentionally in vehicles, homes and hotel rooms, unintentionally in locations like restaurants or stores, or completely misplaced or stolen, the first concern is to be able to locate the device. With the MDM agent installed on the device, it will periodically check in with its physical location which can be tracked on a map allowing for retrieval.

Protection From Unauthorized Access

The agent can configure the device with a screen lock passcode (and change it) and remotely lock the device. The data on the device can be encrypted and, if there is a concern that the device’s security has been compromised, the entire device can be remotely wiped.

Protection From Malware

While the overall risk of malware is reduced on iOS (Apple) and Android phones and tablets compared to desktop and laptop computers, it is still a very real concern that needs to be addressed. Even though users have permissions to do things like configure the device settings, connect to wireless networks, and add or remove apps, while they are actually using an app on the device, they are not doing so using those permissions. After apps are installed, what they can do is limited to the permissions they were given at installation. For example, it is not possible to run an executable program from a web browser or email app in the same way that a user can on a PC. While running those apps, the user is not acting as an administrator of the device.

So the most critical level of protection against malware is to ensure that the apps are installed from a trusted source that verifies they do not contain malware. For iOS, the Apple App Store screens all apps offered through the store. For Android devices, the Google Play store has less oversight on what apps are offered, but the Play Protect Service on each device does a background check of each installed app to detect harmful apps. This check is especially important since, unlike Apple devices, it is possible to install apps to Android devices from locations other than Google Play. It’s worth noting that all reports of Android malware to date have come from installing compromised or malicious apps from the Google Play store or from a third party source.
MDM addresses this issue through policies that allow only specific apps to be installed, identify specific apps that cannot be installed, require that specific apps be installed and, for Android devices, disable the ability to install apps from any location other than Google Play. Actively managing what apps can and cannot be installed is the most effective protection from malware.

Monitoring Compliance

Mobile users generally have administrative privileges on their devices. In order to ensure protection is active, the MDM agent is enabled with policies and rules that define how the device is to be configured and what actions to take if that configuration is changed (non-compliance). It monitors the device continuously for any configuration changes, compares them to the policies for the device and takes action when the device falls out of compliance. As a minimum, non-compliance will generate an alert and an administrative email which can also be sent to the user. For example, if a lock screen passcode is a required policy item and the user disables the passcode, an alert gets triggered with an associated email message. The administrator then has the option of re-enabling the passcode, changing it or locking the device. For a more security conscious approach, non-compliant devices can be denied access to company resources until the device is back in compliance.

Every survey indicates that employees will continue to use mobile devices more frequently than they do today. The trend is not about to reverse. As a business, you need to be thinking about how you can best manage and secure those devices and the data they access. Give us a call at (888) 600-4560 or email us, or visit us on Facebook or Twitter.







Time to Change Your Password …or Is It?

Posted on: July 28th, 2017 by jiml | No Comments

The National Institute for Standards in Technology (NIST) released new guidelines for strong passwords. Past recommendations included having long passwords that mix in upper and lower-case characters, special characters and changing that password on a regular basis. This was a difficult proposition for many users who did not user any type of password manager. A person in today’s digital world needs to have so many passwords that it is nearly impossible to keep up strong passwords. The emergence of password management software like LastPass and KeePass helped alleviate some of those problems.

Not all passwords need to be created equally. For example, which account would be preferred a strong password on – your bank account or your Shutterfly account? Your email account or your magazine subscription account? For certain accounts, a strong password is imperative. There is just too much at risk if your account is compromised. Strong passwords are those that can help protect your account from the myriad of programs that hackers use to try and break into your account. Consider using a password checker to verify the password strength. Click here for one from LastPass.

Another example where passwords do not need to be created equally are accounts that you need to log into regularly vs. accounts you do not. As an example, Colden Company creates passwords for encryption keys for our customers for backup accounts. We use a program to randomly generate a 48-character password. An example might be “#$DfhlutyST^54*^&##Jllos)1^CHJuek*7SL,ko&^d5SKkw”. How would you like to have to type that in every day? It would not be feasible. But it is feasible for an account that is setup, used for backup but rarely needed to type in. It is very strong and long for protecting vital data.

Strong passwords are important to prevent hacking of your account, but equally important is to have a system of creating unique, strong password for your various accounts. The strongest password in the world is no help when Yahoo is hacked and your password is stolen. What many people fail to consider is that they may be using that same password for different services. As an example, you may not be that concerned if your Yahoo account is hacked but what if you are using those same credentials at your bank? Now is that a concern? The difficulty in maintaining and changing strong passwords so frequently presents a problem leading many people to reuse the same username/password combination at various sites. When one of those is compromised, they are all at risk.

This leads us back to the NIST password recommendations. In this year’s publication, NIST is loosening the complexity and duration standards. In other words, they don’t feel it is necessary to change your password every 90 days any more. It is more important to have a strong password with adequate length. The password length is an area where they have strengthened the recommendations. An example of long password is “Owl Eagle Horse Cow”. Here we have a twenty-character password (including spaces) that is easy to remember, lacks the complexity of special characters and has adequate length to protect against randomly generated password checkers. Now, in our opinion, it won’t be long before hackers adjust their practices as they always do, so we, at Colden, still recommend mixing in a special character or two for added protection.

Finally, there is the option for multi-factor authentication. Colden uses two-factor authentication (2FA) for any customer information. This means that a simple username and password combination does not get access to the information. A secondary and different authentication must be used, in our case a random number generator that is generated from Google Authenticator that changes every 30 seconds. These are tied to our accounts so we are notified of access attempts and means that even if our login and password credentials are stolen, hackers will not be able to access any customer information. Businesses should consider deploying this type of security for critical applications.

Is your business keeping up with changing guidelines? Give us a call at (888) 600-4560 or email us, or visit us on Facebook or Twitter.







Company Policy Updates

Posted on: June 27th, 2017 by jiml | No Comments

It is important for any business, regardless of size, to have properly documented policies. These policies provide protection for the employees as well as the business itself. Just like with technology, it is important to keep up with the changing times. All too often business develop a handbook and it sits around collecting dust over the years. These handbooks should be regularly reviewed and updated.

In terms of IT policies, technology is continually changing as are the threats that businesses face. Having strong Internet Acceptable Use policies and ensuring new employees sign off as having read and understood the policies is a great first step to protecting your critical business data. How your employees access and protect your data on mobile devices also should be addressed. This is a good example of a policy that did not make it into many handbooks five years ago but is important today. These policies should clearly define consequences for failure to comply with company policies.

In the disaster recovery arena, one of the areas that has been getting a lot of attention is having an Active Shooter policy. According to a 2016 study by Everbridge, active shooter situations were the number one threat that concerned businesses thought they should be preparing for. Employees should know how to react and what to do in these situations. Of course, the safety of the employee is always the first priority. Notifying police should occur once safe and finally notifying other employees. This last statement comes with some questions. How do you best do that? There are Emergency Notification Systems (ENS) which can provide text alerts to all employees in such an event that may be lifesaving. These systems are worth consideration when developing your policy.

Is your business keeping its IT policies and company handbook up to date? If not, give us a call at (888) 600-4560 or email us, or visit us on Facebook or Twitter.