Need Reliable Computer Support & IT Services? (703) 493-1796
Need Reliable Computer Support & IT Services? Call NOVA Computer Solutions at (703) 493-1796
New Data Breach Laws Mean More Trouble When You Get Hacked
The recent surge in cyber theft and hacking has everyone worried. With each new cyber breach, consumers realize just how vulnerable we all are. After the Equifax hack of September 2017, state legislatures began proposing new laws that would tighten data security. For those working with an MSP, the burden often falls on them to […]
New Data Breach Laws Mean More Trouble When You Get Hacked
BYDaniel De Steno|March 23, 2018|Business IT Articles, News, and Tips
The recent surge in cyber theft and hacking has everyone worried. With each new cyber breach, consumers realize just how vulnerable we all are. After the Equifax hack of September 2017, state legislatures began proposing new laws that would tighten data security.
For those working with an MSP, the burden often falls on them to increase security so that breaches simply don’t take place. Though this concept is good in theory, MSP’s sometimes struggle to find the right balance between convenience and stronger security for cyberspace.
New Proposed Legislation
The American Bankers Association believes that during 2018, at least half of all states will develop tougher data breach laws for the financial services industry. One of these bills receiving more attention originates in New York, the home of many prominent financial institutions. Experts believe the new bills being developed for New York could become a model for other financial providers. These bills could even affect federal laws.
The new legislation will be designed to stop the onslaught of huge, expensive data breaches, such as JP Morgan Chase, Sony Pictures, and Equifax. Many believe this type of legislation is way overdue.
The bill being developed by legislatures in New York is called the “Stop Hacks and Improve Data Security Act” (SHIELD Act). It will require that any organization that handles financial or sensitive information produce clear examples of their safeguards. It would also require all banks, credit reporting agencies, brokerages and insurance providers to develop better security measures. In addition, the new laws will apply to anyone who deals with the personal financial information of consumers.
The bill will contain phrases like “clear examples of safeguards” that force organizations to provide proof of their security measures. Many experts believe these “safeguards” might include all administrative, technical and physical security measures taken by any company that deals with the private information of New Yorkers.
Though MSPs are already gearing up to offer higher levels of data security to their customers, the problem of data security falls back on each financial services company. Consumers are outraged when corporations the size of JP Morgan Chase and Equifax don’t take data security seriously enough. This outrage can spawn expensive lawsuits.
Keys to Success
Though MSPs will begin offering more robust data security plans, it’s important to remember that the burden falls back on each business. In this day and age, you simply can’t rely on a third-party vendor; the stakes are too high. Your company could be sued by anyone who loses their personal and banking info to hackers. For this reason, most businesses have a small team of IT pros on premises that communicate regularly with their MSP.
Your own IT department should be fully engaged with your MSP. They should understand exactly what security measures have been put in place and how this system is protecting your data. They should be involved in program upgrades. They can also work inside your business to organize monthly security briefings for employees.
Consider Hiring Security Experts
Though most MSP’s offer a comprehensive group of security services to help protect your data from intrusion, many top banking, and financial institutions are going one step further. They are hiring security experts whose only job is to ensure that all data is safe and secure from hackers. Companies that specialize in providing data security plans follow a strict regimen of protocols. They conduct regular security risk assessments. Their team will come out to your company on a regular basis to train employees. And this is so important to your overall security plan working.
Risky employee behavior is responsible for over half the data breaches. Every day in companies all over the world, employees make mistakes that could spell disaster. They commonly share passwords, ignore prompts to install patches, click on suspicious links in emails, and use weak passwords. Employees need better training in order to know and remember to utilize all company data breach policies.
Are You Doing Enough to Stop Hackers?
Though many MSP’s are fully up to date on the policies and procedures for greater cybersecurity protection, it’s important to decide for yourself whether their security measures are strong enough. If your company handles the financial information or healthcare information of others, basic data security programs may not be enough.
Ransomware attacks are on the rise. Cyber thieves break into your system and hold your data hostage until you pay the ransom. Many company owners are not sure whether their data is safe from these attacks. The days when anti-virus programs and firewalls were adequate to protect data are over. Your company will require the highest level of protection in order to remain safe. Remember that cybercriminals never rest. They’re always on the lookout for new ways to steal names, addresses, and banking information.
The Revolution in Technology
Today’s cloud technology allows everyone to take their work with them wherever they go. In addition, consumers can access that information on a laptop, phone, or iPad. Though all these new advancements in technology are fun and convenient, they do present a unique challenge for security experts. Regular security risk assessments can determine whether your employees are leaving important data right out in the open for criminals to find.
HIPAA guidelines require that a normal SRA include a basic inventory of where and how sensitive data is being used. These assessments are available for financial institutions as well. They are a great way to get the big picture about how sensitive data is transmitted, stored and accessed, whether using email, text messages or mobile devices. Most security experts believe that a comprehensive Security Risk Assessment is a great place to start.
Better Documentation
Lastly, good solid documentation of all security policies is required. All employees should know and understand the security policies and procedures used by their employer. Each software upgrade should be documented. Any events that might affect your organization’s data security should be documented as well. Any time an employee is terminated, your company should have a very specific procedure that it follows to avoid an angry employee from stealing data.
Changing the Way We Do Business
The new cybersecurity laws may change the way we all do business each day. Though some of these laws will be cumbersome and inconvenient, the alternative is much worse. It’s important to remember that the new cybersecurity legislation is meant to protect us from hackers and data loss. Consumers want to go back to feeling safe again when they do business online. And that’s the goal of these new laws.
Whether you decide to select security experts who have the skills and tools to address all types of data breaches or continue on with your MSP, the game has to change in order to stop hacking and cyber crimes. Each employee should feel personally responsible for doing their best to protect data. Your MSP and IT department must work together to build the strongest fortress possible for your sensitive information.
Schedule you free consultation by filling out the form below.
NOVA-MAINTAIN Program Terms and Conditions
This Agreement was entered between NOVA Computer Solutions L.L.C. referred to as “NOVA” and the above referenced client also referred to as “Client”. The parties agree to abide by the terms and conditions as set forth in this agreement.
Period of the Agreement: This Agreement is effective as of the contract effective date and remains in effect for 36 months. The contract is renewed automatically after the initial 36 months on a 12 month basis. Upon termination there shall be no refund or credits allowed.
System Maintenance Services: Professional services include, but are not limited to time spent – either at Client or NOVA’s site. (a) Exclusions: Unless so specified, the Covered System does not include any cabling, or any wiring external to the Covered System, telecommunications devices (including modems), peripheral equipment, software. In no event shall the Covered System include removable magnetic or optical media, ink ribbons, toner cartridges, paper or other supplies, expendables or services.
System Maintenance Services: NOVA shall perform Virtual Maintenance Services at least once per month. If client experiences a Major Alarms the client will notify NOVA by telephone. Client shall cooperate with NOVA’s reasonable requests for assistance to determine the cause of the reported problem and whether an on-site Maintenance Service visit is required. NOVA may assist Client with additional services outside the scope of the Maintenance Services. This assistance will be billed at NOVA’s prevailing hourly rate.
Fees: The monthly Fee shall be invoiced in full at the beginning of every month. Any other amounts due hereunder, including the applicable Surcharge Rate or any reimbursable out-of-pocket costs, shall be invoiced monthly as well. The rate for additional time needed per month for System Maintenance Services will depend on the package you select. No Travel Cost Within in 25 Miles of Primary Support Office, Discounted Rate for over 25 miles.
Certain Client Responsibilities: Client shall ensure that: (I) all software and hardware is installed and operated according to applicable manufacturer specifications; (ii) all upgrades and releases have been properly installed; (iii) a uninterrupted and suitable power supply and other environmental conditions have been implemented and maintained; (iv) suitable surge protection devices have been implemented; (v) no other equipment or software having an adverse impact on the system have been introduced; (vi) no repair attempts or other changes have been made other than by or with the express approval of NOVA or the applicable manufacturer, (vii) the systems haven’t been mishandled, neglected, abused, damaged by fire, lightning or water, or otherwise subjected to unusual electrical or physical stress (viii) Client periodically makes and stores in a safe place archival copies of all software and all valuable data. (a) Failure to Comply. NOVA may refuse to provide Service or may treat any such work as Other Billable Maintenance Service at NOVA’s prevailing hourly rate.
Cancellation Policy: NOVA or Customer may cancel this contract for any reason with 90 days written notification.
Limited Warranty: Client must notify NOVA of any dissatisfaction, problems, or concerns within 3 days of the date the services were provided. Client will grant NOVA a reasonable amount of time to resolve problem to Client’s satisfaction. NOVA represents and warrants that it will use its best efforts to perform Maintenance Services in a competent and workmanlike manner.
Limitation of Liability: NOVA shall have no liability or responsibility to Client or any other person or entity with respect to any liability, loss, or damage caused directly or indirectly by a manufacturer or third party equipment or programs sold or provided by a manufacturer or third party. This includes, but not limited to, any interruption of service, loss of business or anticipatory profits, or consequential damages resulting from the use or operation of the equipment. NOVA shall not be liable for any loss of data at any time, under any circumstances. Client is responsible for backing up all its data before NOVA performs any service.
Late Charges, Collections and Attorneys’ Fees: Client will be charged $40.00 for each returned check. Client will be responsible for all attorney fees and costs incurred and collection fees. Any late payment shall be subject to any costs of collection, reasonable legal fees and shall bear interest at the rate of eighteen (18) percent per month or fraction thereof until paid. Client shall pay amounts invoiced under the terms of this Agreement within seven (7) days after receipt of invoice. In any dispute, action, arbitration, bankruptcy, probate, or administrative or judicial proceedings, or any settlement thereof, NOVA shall be entitled to recover attorney’s fees and costs.
Fee Increases: This contract has an automatic 5% increase yearly and NOVA reserves the right to revise fees at any time. NOVA will provide the Client of the updated fee’s, other than the automatic yearly increase, fifteen (15) days prior to the next month’s invoice.
I / We have read and understand the Terms and Conditions above and agree to be bound by them by digitally accepting the attached quote for services.
Free Dark Web Scan to Reveal Your Leaked Passwords