social security number

The Modern Office and Business Continuity

March 7, 2019 by securewebsite

What you need to know to protect your company

The modern office requires that all components of your business environment work together harmoniously to ensure the best use of your IT infrastructure and seamless scalability as your business grows. One of the major components of the modern office is business continuity. This is an imperative piece of a solid IT plan for every company regardless of size or industry.

Business Continuity

When IT professionals discuss business continuity, they are generally referring to a proactive approach of having the right processes and procedures in place to ensure mission-critical functions continue to work properly in the face of a disaster or while a business is recovering from one. When it comes to business, there are many moving parts that still need to continue operating smoothly whether your company experiences a devastating fire or a nasty data breach.

The IT and business statistics are shocking. In the last five years, one in three organizations were hit by a virus or malware attack, according to DataCore, and more than half of companies (54%) experienced downtime that lasted more than eight hours. That’s a full day of work lost! While DataCore shows only 35 percent of outages are caused by natural disasters, 45 percent of outages are operational and another 19 percent are due to human error. These site outages can cost businesses thousands of dollars in lost revenue and restoration costs for every incident. Gartner, Inc., a global research and advisory firm, estimates that only 35 percent of small and medium businesses (SMBs) have a comprehensive business continuity plan and the financial loss for every hour of downtime can reach into the thousands even for SMBs.

Business continuity requires comprehensive planning before tragedy strikes an organization to allow them to overcome long-term challenges that would otherwise stop them in their tracks. With prior planning, business continuity ensures your entire business returns to full functionality as fast as possible following a crisis. That means everything from vital employee records and payroll to stored data access and email.

Think Cybersecurity

One of the first steps in a complete cybersecurity plan is business continuity. To start, you’ll want to ensure your business employs the best technology to combat the latest threats from ransomware and malware to other types of breaches. This means updating protections such as antivirus and firewalls, using multifactor authentication, and engaging your employees in ongoing, meaningful cybersecurity training.

Cybersecurity plans, which are typically handled internally by the chief information security officer (CISO) in larger businesses, should be designed as a living document that can expand and adjust when necessary to meet the changing needs of your business. Small to medium enterprises often don’t have a dedicated CISO so they can outsource this responsibility to organizations like ORAM Corporate Advisors.

Written Information Security Plan

As part of your business continuity plan, you’ll need a written information security plan (WISP), which also happens to be a requirement of many regulatory bodies, especially for businesses who contract or subcontract with the government and financial institutions. While government regulations vary from state to state and with the federal government, in Massachusetts this written document should contain, “certain minimum administrative, technical, and physical safeguards to protect” personal information such as names, driver’s license numbers, social security numbers, and financial account numbers. You’ll need to check with both your state and federal government to determine which regulations impact you as well as any industry-specific regulations. This is another place a CISO or third-party IT vendor can help.

Your WISP should designate an individual responsible for maintaining your IT program. This may be a business owner, CISO, or even a trusted advisor such as ORAM. It will also need to identify any reasonably foreseeable data security risks as well as protect and restrict access to electronic data that may include personal information for your employees and/or clients. This plan should also outline the oversight of third-party service providers and ensure those providers comply with local, state, federal, and industry regulations as well.

Because your business and its processes, risks, and procedures are unique, your WISP will be very specific to your organization. It cannot effectively protect you from culpability in the event of a breach or loss if it doesn’t address the particular risks of your company or if it includes practices that have not been put into practice in your business. Through coordination with your IT team and/or third-party IT vendor, you will need to identify “reasonably foreseeable risks” to ensure your WISP includes the practices your business adheres to.

In addition to IT functionality, your WISP will also address the non-technical operations that will still need to work in a disaster situation to keep your business moving forward. For example, it might address the accounting measures you have in place to keep employees and bills paid and clients invoiced if the worse should happen.

What Crisis Looks Like

Stolen laptops, lost cell phones, and an employee clicking on a phishing email that infects your entire network. These are all crisis that can and often do occur in the business world. Think of all the critical information that can be lost, stolen, or even held ransom. What do you do and who do you talk to? This is where planning ahead and having a WISP helps. It will outline how to respond to a variety of incidents.

Lost your company cell? Your WISP will inform you of who to call to wipe the lost phone and deactivate it before serious damage can be done. Did your organization experience a data breach? Your WISP will have identified a data backup plan so that nothing is completely lost. Has a virus made accessing email impossible? Your WISP will have determined if your email is stored locally, in the cloud, or both to decide how to get it up and running again fast. This thinking ahead with recommendations by your IT team or third-party vendor will help ensure you have continued access to business email which is the lifeblood of most commerce today.

Recovering from Incidents

One of the best things your WISP will do is outline policies and procedures for how to react and recover in a crisis situations. Regardless of the disaster that strikes, your WISP will point you to who to contact and how to react. Part of your WISP will address incident response and crisis management to minimize the impact when things do go awry, as they inevitably do.

Incident response and crisis management involves having the ability to maintain critical business functions during a disaster scenario. It also encompasses having plans in place for a rapid recovery from catastrophic incidents. If your business were to experience a flood, fire, or data breach today, would it be able to recover quickly and efficiently? Business continuity is all about having a plan in place that expects the unexpected and is prepared to handle it.

When it comes to IT and business continuity, the big question is, “How do you operate tomorrow?” If you don’t know the answer, it’s time to get a plan in place starting with an evaluation of the foreseeable risks your organization may face and a WISP to address them. Think of it as an insurance plan that also helps your business with regulatory compliance. When disaster strikes, your business’s IT team, CISO, or third-party IT vendor should have already given you advice. Hopefully, you have followed it. Then you know who you can call when things go wrong so they can tell you how to react to keep your business moving full-steam ahead.

If your company or organization needs assistance with risk assessment, developing a WISP, and planning for business continuity, call the trusted advisors at ORAM today at (617) 933-5060 or visit us online. Our experienced professionals are here to help and we are dedicated to partnering with small businesses to assist them in achieving success.

Personal Identity Management: What You Need to Know About Protecting Yourself Online

November 20, 2018 by securewebsite

We’ve all heard the nightmare stories. Someone had their bank account breached, their social media was spoofed, or, worse, their identity was stolen. Cleanup of such issues can wreak havoc on our credit, personal, and professional lives at a cost of billions of dollars each year in the United States alone. That’s why identity management is so imperative. Here are some facts, stats, and pointers to keep you and your family members better protected online.

Identity Management & Theft
Identity management is the digital security of your identity online. It encompasses your personally identifiable information (PII) such as your birthdate, address, and banking information. Your online identity also encompasses other information found about you online from your social media accounts including Facebook, Twitter, and Instagram to your credit card accounts. Identity management, or IdM as it is known in IT circles, authenticates the identity of a user, information about them online, and who is allowed to access or modify that information.

There are several ways that cybercriminals can steal your identity online with just a bit of your PII. Here’s just a sample of what identity theft can look like:

• Applying for credit cards or loans in your name
• Withdrawing funds from your savings or checking account
• Using health insurance to obtain medical care
• Employing your social security number to steal your tax refund
• Selling your PII on the dark web to other criminals

The Cost of Theft
Time and money are two huge costs affiliated with identity theft. Anyone who has had their identity stolen, their credit card credentials lifted, or their social media breached can tell you how much time it requires to play cleanup. According to a blog by LifeLock, the average time it takes to fix an identity theft issue is seven hours. The same online article reports that in extreme cases, people may spend up to 1,200 hours over the course of a year working to resolve such issues.

The sad truth is you may personally end up investing hundreds or even thousands of dollars to repair your good name and credit. Some of the common costs for repairing identity theft can include:

• Printing fees
• Sending documents by certified mail
• Lost time at work
• Hiring an attorney
• Gas
• Police report fees

The Emotional & Physical Toll
In addition to the time and financial costs of identity theft, there are other costs as well. The Aftermath study by the Identity Theft Resource Center found, “The emotional ramifications of identity crimes continue to leave victims negatively impacted well beyond the initial incident, impacting how they manage their daily lives in perpetuity.”

Identity theft victims interviewed for the study reported long-term feelings of anger and frustration (85.7 percent), and 83.7 percent reported that they felt violated. Another 69.4 percent said they couldn’t trust others and felt unsafe as a result of being victimized online.

The negative emotional impacts left people physically ill as well. According to The Aftermath report, 84 percent of the individuals who participated in the research said they had sleep issues as a result of the identity theft they experienced. More than 77 percent reported an increase in stress levels, 63 percent had problems concentrating, and nearly 57 percent said they experienced persistent aches, pains, headaches, and stomach issues. Another 54.5 percent reported increased fatigue and decreased energy while 50 percent of people lost interest in hobbies and activities.

The Socio-Economic Impact
The Aftermath study also looked at the socio-economic impact of identity theft as well. Nearly 30 percent of victims who participated in the research reported they had to go “to family or friends to ask for financial assistance while remediating their case. For those that could not find a way to get their other needs met, 37 percent went without whatever that need was.”

Respondents in the study reported employment and educational opportunities were also impacted. More than 30 percent of victims in the study said the incident caused problems for them at their place of employment while eight percent reported issues with school as a result of identity theft. Some victims said they lost employment opportunities, benefits, or their jobs because of what happened to them.

To make matters worse, almost 39 percent of respondents said they tapped their savings to address financial needs during remediation of their case. Some even had to dip into their retirement accounts or got into debt they otherwise would not have had.

“An alarming 42.8 percent of respondents noted that as a result of their identity theft incident, they are in debt and 40.5 percent said they could not pay their bills,” reported The Aftermath study.

New Account Fraud
When it comes to identity theft, new account fraud is the most expensive, according to an online piece by LifeLock. This occurs when someone other than you opens a new account, typically a credit card, in your name with stolen PII. The article reported that in 2011, the average cost of resolving this type of theft was $354 and 12 hours of time. Today, the number of fraudulent cases has only increased and the costs have also climbed.

Child Identity Theft
Though your children may not even be old enough to spell their own name, that doesn’t stop criminals from trying to steal their information, too. According to the 2018 Child Identity Fraud Study by Javelin Strategy and Research, more than one million children were the victims of identity fraud in 2017. The fraud of children’s identity led to $2.6 billion in total losses and more than $540 million in out-of-pocket costs to families, according to the same report.

One of the most disturbing trends found in the study by Javelin is that minors who are bullied online are at an even greater risk of identity theft. The research found that victims of online bullying are nine times more likely to be the victims of fraud than those not bullied online.

Here are some great tips to help concerned parents better protect their children’s identity online:

• Train your children to protect their identity in the digital age. For example, teach them not to share login and password information.
• Pay attention to children who may be being bullied online. Children seeking friendship online are more vulnerable to becoming victims of fraud by sharing their personal information.
• Check and freeze their credit. New account fraud is the most pervasive type of fraud against children. This is the most effective method for preventing new accounts from being opened in their name.
• Monitor their accounts. Parents and guardians must actively monitor financial accounts from child savings to credit cards. Review statements online and sign up for account alerts.
• Protect physical documents. Keep sensitive documents such as birth certificates, social security cards, and passports under lock and key.
• Take notifications seriously. If you receive a notification that someone has stolen your child’s identity or that unauthorized activity has taken place on one of their accounts, move quickly to rectify the situation.
• Ask for help. If you find your child’s accounts have been breached or their identity stolen, contact banks and credit bureaus directly. This is the quickest way to close unauthorized accounts and clear their credit history.
• Sign them up for coverage. Just as you can sign yourself and your spouse up for credit monitoring, you can sign your children up for the same protection as well.

More to Chew On
A 2017 study by Javelin Strategy gives us even more information to digest. Here are some more facts and figures from their research:

• There was a 16 percent increase in identity fraud over the previous year; a record high since Javelin began tracking the issue in 2003.
• Identity fraud increased by two million victims in the 2017 study over the 2016 study.
• That increase in identity fraud meant cybercriminals stole roughly $16 billion in 2017.
• Account takeover incidents and losses rose in the 2017 report to $2.3 billion, a 61 percent increase over the previous year.
• People on social media face a 46 percent greater risk in account takeover fraud than those who shun social media.
• Being an American puts you at higher risk. According to a 2018 Internet Security Threat Report by Symantec, more than 791 million identities were stolen in the U.S. in 2016 while France came in at a distant second place with 85 million identities stolen.

What You Can Do
To protect yourself from becoming the victim of identity theft or fraud, the first step is to protect yourself with an identity monitoring program such as ID Agent, which is what we recommend here at Oram. The program monitors the dark web for your information and notifies you if your PII is found there for sale so you can be proactive about blocking thieves. The great thing about ID agent that we love is that it also monitors social media and alerts you if someone is actively targeting you. It also monitors your credit through all three major credit bureaus to let you know of any new accounts or major changes.

Should the worst happen and you do experience an identity theft or fraud, ID Agent has certified restoration specialists that will work on your behalf to completely restore your identity, even if the issue started before you enrolled. When you enroll, you get $1 million in identity insurance to cover related restoration costs.

Here are some other things you can do on your own as well if you are victimized by cybercriminals:

• Review credit card and bank statements for unusual charges. Report any that you didn’t make.
• Notify your bank(s) and creditors. Send them a copy of your ID theft report.
• Place a fraud alert on your credit files and monitor your credit reports regularly. This requires that you contact all three of the major credit reporting firms: Equifax, Experian, and TransUnion.
• Put a credit freeze on your reports.
• Close accounts you know were not opened by you or those that have been tampered with.
• File a complaint with the Federal Trade Commission.
• Contact your local police department or the police in the area where the theft took place and file a report. Make sure you get a copy.
• Change all of your account passwords and PIN numbers. Do not reuse old ones or those from other accounts.
• Contact the social security fraud hotline and request a copy of your personal earnings and benefits statement.
• Check with your local department of motor vehicles to see about getting a new driver’s license number and license.
• Contact your utility companies so thieves can’t open a new account using a utility bill.
• Ensure you are using multifactor authentication on all of your accounts.
• Sign up for credit monitoring if you haven’t already done so.

If you need help securing your personal identity online or remediating an identity theft or fraud, Oram is here to help. Call us now at (617) 933-5060 or visit us online.