Posts Tagged ‘data protection’

New York State SHIELD Act is Here

Posted on: November 26th, 2019 by jiml | No Comments

In August, New York State signed into law the SHIELD Act or the “Stop Hacks and Improve Electronic Data Security” Act. This is an enhancement to New York States previous law and has several keys points that anyone doing business in New York should take note of. This law goes into effect on March 21, 2020 with a notable exception noted below.

Expanded jurisdiction:  The SHIELD Act now pertains to any business, inside New York or outside of New York that stores private information on New York residents. This is an expansion of the jurisdiction from the previous statute.

Expanded definition of private data: New York has expanded the definition of private data to include biometric data and any combination of username, email address and access codes that could lead to the compromise of electronic accounts.  Interestingly, New York did not take the additional step of covering DNA as some other states have.

Increased reporting requirements: In past, HIPAA covered organization could get by with reporting a suspected breach to the Department of Human Services.  The SHIELD Act requires the New York State Attorney General also be notified of a data breach. In addition, the definition of a breach has been expanded to viewed data, not just downloaded data as was previously the case. This part of the act goes into effect October 23, 2019 before the remainder of the Act. Fines for non-compliance have increased as well.

As a business, you have a responsibility to know and comply with this law. Not knowing the law is never an excuse for violation.  The act requires businesses to comply in three different areas:  Administrative, Technical and Physical. While the individual safeguards are too numerous to put in this post, Colden Company can assist your business within each area of the Act and set your company on a path to compliance. Please feel free to reach out to us at (888) 600-4560 by phone, or via email.

Have Private Information on Your Network? Learn How to Avoid Fines!

Posted on: February 23rd, 2017 by jiml | No Comments

Businesses have a responsibility to protect “private” information that belong to employees and customers. Social security numbers, credit card numbers, and health information are among the information that falls under these legal protections. If you are storing this type of information and your network is breached, your business has a legal responsibility to report that to the appropriate authority.

The nightly news is filled with example of corporations receiving large fines for breaches, such as AT&T’s $25 million fine and Morgan Stanley’s $1 million fine. What is lesser known is that small business is far more often the victim of breaches and those small businesses are subject to fines, and the cost of credit monitoring for each person whose information was breached. With the massive increase in malware, the threat of a data breach is higher than ever. How do you avoid being the victim and avoid those costly fines?

Cybersecurity is a topic we could blog on all year and still not cover every angle. For the purposes of this discussion, we will focus on a proactive measure that your business can take which is to identify your areas of risk. That identification process is accomplished by scanning computers for the type of information that your business has a legal obligation to protect. Our scans find and report on the location of that data so remediation can take place. With this information, a decision can be made to either discard the private data if not needed or protect that data if needed.

The scan results have often been startling to the business owner. We have found information that would have led to as much as six figure fines. Don’t get taken by surprise, let Colden Company help you avoid the fines! Contact us today at (888) 600-4560, email us, or visit us on Facebook or Twitter.

Cyber Security Viewed Through the Prism of Home Security

Posted on: June 30th, 2014 by jiml | No Comments

The pervasiveness of todays’ information security threats requires constant attention. It is important to your business that it is getting that attention. Many businesses leaders take their chances by ignoring the threat, too busy with other tasks. Others absolve themselves from responsibility by outsourcing the issue to their local IT firm or in house IT staff. This is a mistake. The security of the businesses data is the responsibility of the business leaders. It is important to be educated on the threats and what can be done to provide protection.

Home security can offer many analogies to help make sense of the jargon that often makes cyber security so confusing. Let’s start with anti-virus. When their anti-virus engine pops up an alert, we often hear from users saying “Why do I have a virus on my machine? I have anti-virus.” The analogy to home security is blaming your alarm system for going off when an intruder breaks into your home. Anti-virus works like the alarm system. Its job is to detect threats; it cannot stop those threats from trying to attack you. As important as the alarm system is, you can see that it should not be the only line of defense. After all, it is detecting the breach after it occurs. This is why we recommend a layered approach to information security.

Another layer might be putting a fence around your home, or in cyber security having a firewall in place. That fence can help prevent attackers from getting to your home and valuables much in the same manner a firewall will keep hackers away from your data. If your fence is completely impenetrable, then you will be stuck in your house and never able to leave your yard (not very practical). Our solution may be to put a gate at the front of the house so we can exit the fence and conduct our daily business. In the same manner, firewalls must have open ports (think doors or gates) to allow your daily business to be performed. Hackers are not unaware of this and will look to those common places to have an open gate to attack your business. We need more layers.

One tactic we might take is to put signs out front of our residence stating “BEWARE OF DOG” or “Protected by ADT” for example. We may also want to educate the kids in the house not to answer the door or give out your home address to strangers. This is akin to having good information security policies in your business, which is an often overlooked aspect of security. It is important to have those policies in writing and to review them periodically and make sure your employees understand and abide by them.

We might also consider taking some of our valuables to the bank to be stored in a safety deposit box. By doing so, we are transferring the responsibility for protection to the bank and away from your home. This is analogous to implementing a cloud service to store critical data for you. Even if your business is compromised, your data will be safely stored with a cloud vendor. You can see the importance of vetting the bank or cloud vendor and ensuring the security practices they use are sufficient for your data.

Next, we may want to take proactive steps to ensure that our kids are not affiliating with the boy down the street who was just released from juvenile detention for grand theft. You may not only instruct your kids to hang out with other kids instead but also take the measure of blocking the phone number so prevent your son or daughter from succumbing to the urge to communicate with a bad apple. In cyber security, this is much the same as implementing a content filtering solution. Content filtering allows the business to set rules for what web traffic is acceptable and what is not. We find many businesses are reluctant to implement content filtering out of fear of upsetting employees who enjoy the perk of being able to update their Facebook status from work. I ask those decision makers if they would feel the same way if that policy led to a security breach that cost the business money. Work computers are meant to provide benefit to the business. To appease those in the above scenario, many content filtering solutions can offer windows of time, perhaps lunch hour, when restrictions are relaxed. Lastly, one of the additional benefits to content filtering is preventing users from accidentally going to web sites that may be infected or inappropriate. In many cases, users are not trying to contract viruses, but mistakenly click on a link or go to a site that is not what they intended. Content filtering can help prevent those accidental security threats.

Finally, if you are living in a dangerous neighborhood, you might consider installing cameras to watch over your home and monitor activity. Managed services can provide that same service. Many businesses are completely unaware that they are being targeted by hackers. It is safe to assume that, at some point in time, your business has been targeted. Monitoring and managed services provide detection so that you are aware of the attempted breaches and can respond accordingly. As a managed service provider we see these attempted hacks much more frequently than you may realize. This type of protection is valuable if you are living in a dangerous neighborhood. Rest assured, in terms of the cyber world, you are indeed living in a very dangerous neighborhood.

Need to review your cyber security? Contact us at Colden Company at (888) 600-4560, at or see us on Facebook or Twitter (@coldenco) as well.