The new Massachusetts data security regulations, 201 CMR 17.00, are set to become effective May 1, 2009. Are you ready? Here’s the downside: The Office of Consumer Affairs and Business Regulations has estimated that it will cost the average small business operating in Massachusetts approximately $3,000 to get into compliance.
After some initial study, we believe that it will cost many small businesses much less.
Let’s also consider the upside to compliance. Protecting the personal information of millions of Massachusetts residents with a consistent set of industry accepted policies and procedures across the board for all persons responsible for handling the data. Now, you know that every business you engage with already does everything possible to protect your personal identity, right?
Senior Technology Advisor
Errors, delays and inefficiency have no place when conducting your business, mainly because the competition will be better, operate more efficiently and deliver faster for less. Strangely, their seems to be a split approach on decisions about technology, information and computer systems. Successful business leaders I’ve worked with are making their technology decisions as an essential component of a profit center, assigning accountability, and investing accordingly. There are many other executives, very bright, but who have a different focus. This could be you.
When it comes to staffing or production, you have no tolerance for ineffectiveness, delays or insubordination. But, maybe you are advised on how to keep things running by someone who knows something about computers, and this works well enough. Place you in front of your computer keyboard, and you’ll either fight back or you’ll find a way to “work around” any problem.
Do you continuously attempt to work with issues that you know can negatively impact your business performance?
Yes, there are those who will simply not tolerate interruptions, slow-downs and ineffectiveness from their technology solutions, because they have made a commitment to technology performance. But, the majority of business leaders have come to expect that their information system efficiency will decline and “glitches” are a part of business. It just seems to be expected…and acceptable! These executives operate with a technology cost-center, watch as their systems depreciate over time until a new solution investment is mandatory, and a new cycle begins.
Often an objection to the proposed cost of an IT staff member, or the investment in an IT outsourcing firm like Centrend, freezes the organization, and keeps it from achieving top performance. But, consider this: when IT investments are planned properly to achieve specific results, it’s easy to justify the predictable costs of maintenance, troubleshooting and repair of technology purchases. So, when IT plans are thoughtfully aligned with the business plan, you’re working with the information system, and not fighting with it.
Senior Technology Advisor
According to Governer Duval Patrick’s report on the source of information resulting in identity theft, 75% of stolen data was not encrypted and/or not password protected. This finding is one of the main reasons for the Commonwealth’s new Identify Theft Prevention Regulations I’ve been blogging about in recent months. Even though the date has been pushed out till May, 2009, many of our clients have begun initiatives to achieve compliance well ahead of the deadline.
By starting your password protection and encryption project now, you’ll have more time to completely evaluate where password protection is insufficient, and where data encryption will be necessary. Once data is collected about what information exists where, and who has access to it, stategic decisions can be made that will minimize the negative effects poorly implemented security initiatives have on an organization.
As an alternative to conducting a detailed analysis of what data exists where and who needs access to it (though Centrend believes this is a good business practice even for all data sets, not just those covered by this regulation) it is also possible to encrypt and password protect everything. You will still need to practice due dillegence to take care that users have access only to the information that they need, but it does save the some work if all data everywhere is password protected or encrypted.
Some of the negative consequences of poorly implemented security you’ll want to avoid are:
- Users are too constricted in what they can get to
- It’s difficult or even impossible to recover from lost passwords
- Encryption deployed on weak platforms can slow the flow of information to a crawl
- Data that should be protected by passwords and/or encryption is missed while data that is not considered PI (private information) is not secured
The result of these negative consequences is quite severe. At best, users will experience lower productivity because of “password roadblocks” and at worst, confidential information becoming exposed in the form of a data security breach. When a data protection initiative is ineffective or incomplete, not only is your data still vulnerable, but the poor strategy makes it harder for everyone to get their jobs done.
The consequences of a bad implementation of security best practices is severe and does not have to be your experience. Contact me for a free consultation on how Centrend can help you protect your company’s private information without crippling your team’s ability to get their job done.
Why would an organization replace perfectly good CRT monitors with new LCD Monitors? Good question.
We find that most organizations migrate gradually as the older monitors become troublesome, workstations are being added or existing ones are upgraded with newer PCs.
In any event, upgrading your old CRT Monitor to a new LCD monitor will result in saving power.
Old CRTs (Cathode Ray Tube) require more than twice the energy than an LCD screen… even if you take advantage of power control options, while the CRT “sleeps” it will use nearly twice the amount of energy that an LCD (Liquid Crystal Display) would use in “sleep” mode.
While the bottom line cost of ownership of an LCD monitor is lower than that of a CRT over its lifetime (longer life, lower power consumption), other benefits from an LCD monitor include better contrast ratios (good for word processing and reading print online), less eyestrain, a smaller footprint, lighter weight and less heat generated.
Watch out: if you are upgrading your monitor, make sure your PC’s graphics card is suited to the new device. Changing from a CRT to an LCD, and even going from one size LCD to another size LCD can require a different graphics interface.
Do you have a technology plan for reducing energy use? We’d love to hear about it. If you have any questions or comments about this or any other IT subject, please do not hesitate to contact Centrend.
Senior Technology Advisor
In recent days, I’ve been helping a friend of mine with an irksome problem on his laptop. The problem sounds like a browser hijack. A browser hijack has the symptom of changing the web page you are trying to get to either from a search bar or from trying to directly type the address into the browser. For example, you type in www.google.com and you end up on some other page. It’s often a NOT VERY NICE PAGE, if you know what I mean.
I had him update and run his McAfee software to try to find and clean the problem but it turned up nothing. I then had him download a free program called Super Antispyware which can often find things that many of the mainstream virus and spyware cleaners can’t. It found a few minor things, but still, the problem persisted.
I told him to let me meet up with him and work on the machine for a couple hours and I can take care of the problem. He plans to have me do that but because the problem doesn’t occur all the time, it’s more of a nuisance that he can live with in the short term until it’s a less busy time for him and he can surrender the machine for a couple hours.
His million-dollar question was, “How at risk is my data (and my customers personal information) to keep using the machine like it is?” Note: he’s in the mortgage business and has a lot of sensitive, personal information conveyed to him on a regular basis. I told him his risks can be quite high.
The worms, spyware and viruses that are around nowadays are very tricky. They have the potential to watch for patterns in the flow of information in your computer to identify anything that looks like a bank account number or social security number. When it sees something like that, it begins a capture script and sends the forthcoming information to a server (or bank of servers) that are waiting to receive, process, and distribute it to crackers and thieves. Often these servers are out of the country and because of international laws, it’s nearly impossible to find and stop these criminals.
Do you have “mysterious occurrences” happening your computer? Don’t take a chance with it.
Send us a message and we’ll take a look.
President & CEO