Call Us (877) 740-5028
Call Us (877) 740-5028
BYOD (Bring Your Own Device) may allow for flexibility, ease of use and mobility when it comes to employee productivity, but there are still serious security and compliance concerns to be taken into account. CIO-Today.com reports on the simplest but often-overlooked security measures that can be taken to prevent a data breach. While different industry compliance standards, such as HIPAA or PCI, may require more stringent data security technology, the average mobile device user can take their first steps toward a more protected environment by first enabling remote wipe on their devices. CIO-Today.com reports that only 55 percent of mobile users have remote wipe enabled on their smartphones. Remote wipe is offered by default or as an application on many different types of mobile devices that you can install and configure to meet your needs. In the case of a lost or stolen device, remote wipe allows you to log into an interface, click on a button and have the option to permanently delete all data and settings currently on your device. This is key to remediation in the event of a data breach – limiting the scope of risk should be part of an incident response plan’s processes. By…
Three months ago, a data breach of the University of South Carolina’s (USC) web server resulted in the exposure of approximately 34,000 students, staff and researchers’ personal information to hackers. While USC was initially alerted on June 6 of the breach, they only recently notified the affected. The personal information includes names, addresses and Social Security numbers. Unfortunately, USC is not new to data breaches – this was the sixth and largest incident over the past six years, bringing the total of exposed records to 81,000. Three months is also an unusually long time to wait before alerting people – for healthcare organizations, if they suffer a breach of any type, they are required by the federal government to notify individuals no later than 60 days following the discovery of a breach (HHS.gov). Late or significantly delayed notification may have allowed hackers to use stolen information unnoticed for the 11 weeks. Little information is provided as USC continues their investigation in the breach; the only details mentioned in news articles state the breach came from hackers overseas. TheState.com reports on USC’s six data breaches: April 2006 – (1,400 people affected): Student information accidentally was e-mailed to as many as 1,000…
Two, 2-minute security improvements to secure your account My inbox receives between 100 and 200 work emails daily – so far, as of writing this at 4:11pm, I’m up to 155. I won’t share my personal email stats – it usually creates panic attacks for my auto-tagging, auto-sorting colleagues who make an empty inbox a daily goal (haven’t they ever heard of search?! LOL). Given the daily deluge, the juxtaposition between these two emails that both came in at 2:04pm this afternoon struck that cynically ironic chord that kicks in around mid-afternoon: Subject #1: CNN – Hack raises concern about cloud storage Subject #2: Data Breaches May Be on the Decline – Health IT Weekly Digest – August 8, 2012 The first told the particularly insidious goal of scaring the bejeebers out of what can happen if someone manages to get that first login credential and proceeds to annihilate all related, links accounts and precious cloud storage (pics, emails, tweets … you get it). Now, while I sincerely hope that the second email ends up being the true predictor of improved online security, I think the ever-increasing security entry points that mobile phones present to secure information (your files, payment info,…
The following is an excerpt from our PCI Compliant Data Center white paper, outlining only some of the PCI audited data center requirements. For a full list of the requirements, including high availability, secure network and secure server environment requirements, download our white paper today. 3.1.1.Requirements 3.1.2. PCI Audited Data Center Requirements The following PCI compliant data center requirements are essential for a multi-layered approach to security and availability of critical data and applications. If outsourcing, ensure your PCI hosting provider offers each of the following: 3.1.2.1. Third Party Independent PCI DSS Audit Report A PCI hosting provider should be willing to share a copy of their audit report under NDA to ensure they are following compliant policies and procedures. Ask your PCI hosting provider if they can provide a copy of their independent audit report detailing the controls implemented to meet the 12 PCI DSS requirements. According to the PCI Security Standards Council: For those entities that outsource storage, processing or transmission of cardholder data to third-party service providers, the Report on Compliance (ROC) must document the role of each service provider, clearly identifying which requirements apply to the assessed entity and which apply to the service provider. Be…
There’s no question that our society is embracing the technology that is in front of us. You can go back almost 25 years and in 5 year gaps, see the massive innovation and technological impact that our society is seeing on an everyday basis. In the US today, more than 50% of cell phone purchases are now smartphones, up from 21% two years ago. With this massive increase in mobile computing, security has become the focal point. However, it has seemed that security is always on the tail end of the explosion in the mobile computing sphere. This past January, a story broke out about a man who forgot his passport as he was entering customs to enter the United States from Canada. Realizing he had a scanned image of his passport on his iPad, he then proceeded to hand his iPad to the customs agent in hopes of it being enough to get him into the United States. After a few minutes of deliberation and some awkward looks, he was allowed into the United States with his scanned image of his passport in hand towards his destination. According to border officials, these types of situations are usually handled on…
As an Online Tech client, you can use OTPortal to easily monitor the backup status of any servers for which you have OTBackup. Login to OTPortal at https://customer.onlinetech.com, open the Systems tab, and check the Devices section. Here you’ll find a color-coded indicator of each server’s backup status; green for good and red for failed. Our engineers constantly monitor backup jobs, and promptly restart backups for failed jobs. A notice that a job has been restarted is normally posted to the Messages section on the Status Dashboard. To view more information for the last backup job for a given server, click the Device Detail button. The Device Detail page shows the date and time of the most recent backup job, as well as several other details regarding the server. If you would like to add OTBackup for a server that doesn’t already have it, simply click on the Upgrade button for that server. You can easily add additional RAM, CPU, disk storage, SAN space, or OTBackup for any server you have that is managed by Online Tech. Additional information about OTPortal is available in several training videos, found right on the site itself. If you have specific questions or need help, please…
If you’re an Online Tech client, you can easily monitor your monthly bandwidth usage in OTPortal, our client hosting portal. Simply login to OTPortal at https://customer.onlinetech.com and open the Systems Tab. The Bandwidth Usage section gives you a snapshot view of your bandwidth for the current month, as well as the previous few months. For a more detailed view of your usage, click the Real-time Chart button. This will open a page with an interactive graph showing your bandwidth over the past month. On this page, you can easily check your usage over a variety of time periods. For a concise listing of your bandwidth usage, you can click the History button on the Systems Tab/Bandwidth Usage section. The Bandwidth Usage History page shows a color-coded listing of your usage on a weekly basis, grouped by month. All months or weeks with a green check indicate usage below your contracted limit. Yellow warning icons indicate weeks or months with overages. If you need to add additional bandwidth to your contract, you can easily do that right in OTPortal. Simply click the Add Bandwidth button on the Systems Tab/Bandwidth Usage section. A pop-up window will appear where you can specify the…
Provided to every client at no cost, OTPortal’s feature-rich dashboard delivers self-service, on-demand access to server monitoring, management and customer support, 24 hours a day and 7 days a week. With historical records of current and past order forms, Internet bandwidth and support tickets, managing your account is a simple undertaking. As an Online Tech client, you can use OTPortal to easily see any firewall rules you have on our firewall. Login to OTPortal at https://customer.onlinetech.com, open the Systems tab, then scroll down to the Firewall Rules section. Here you’ll find a listing of your firewall rules. If you need to contact an Online Tech Support engineer regarding any of your rules, you’ll need to reference the ID and Sequence numbers. To request a change, including adding a new rule, click the Request Firewall Change button. A new window will pop-up prompting you for details on the change. Fill in any of the fields on the page, or simply describe the change you would like to have made, and an engineer will contact you for further information. Click Submit, and your request will be entered as a new support ticket in OTPortal, where you can track it on the Status…
While researching solutions to the many daily problems we face I came across an interesting and useful SQL tool. There are many conventional ways to backup and restore a Mysql database using a multitude of methods that are equally effective. The mysqldump command is a very effective tool for use in the safe backup, storage, and retrieval of Mysql data as well as the structure of the individual tables. You will first need to gain SSH or RDP access to the database server and enter the mysql console. In this console you can enter the following command; mysqldump -u [Username] -p [password] [databasename] > [backupfile.sql] This can be used to backup either a single database that you specify or all of the databases currently running under your MySQL instance. You will need a MySQL username that has administrative access in order to back up the database. The database can then be exported in any format as specified in the > [backupfile.sql] portion of the command. Most often databases are exported in a simple text format which is easy to transfer to another server and imported into an active MySQL installation. The database file can then be transferred to your backup…
Spam and Scam mail is much like telemarketing of the last twenty years in the fact that they are equally annoying, frustrating, and disruptive. The precision of automated and impersonal marketing that makes telemarketers such a pain has drifted into the electronic realm in the form of chain email, Bank transfer schemes, and other spam related messages. Most often these seemingly harmless nuisances can hide an even more devastating threat such as viruses and Trojans which can be used by hackers to gain access to your computer. In the business environment other security issues such as computer theft can threaten the most sensitive data and potentially destroy your reputation in business. Protection against these issues is possible through a few programs such as Drive encryption tools and Password vaults. Drive encryption programs such as TrueCrypt can be used to encrypt the entire contents of a hard drive or USB devices as well as part of the operating system to guard against unwanted access in the case of a theft. This program works by encrypting the contents of the drive with random data that has no detectable signature making it extremely difficult to determine what is on the drive or the…