Posts

Ensure Your Team is Working from Home Safely

(Published 4/21/20)


The rush to get your employees setup and working from home is over; now is the time to take a step back and make sure your team is working effectively and that you are protecting your data and that of your customers.

Here is a simple checklist:

Give Employees Business Software

If you have MS Office licensed through an Office 365 subscription, you have the ability to install each user’s license on multiple computers and devices. Use this licensing to make sure your team does not run into version compatibility issues.  If you have an Office 365 subscription, you can also ensure employees are logged into your domain/tenant and files are automatically backed up to OneDrive or SharePoint file systems.

Give Employees Endpoint Protection

If employees are using home computers for work, the non-work activity on that machine poses a malware and ransomware risk to your business.  Even if your employee has a consumer antivirus tool in place, you should layer next-gen, advanced threat protection.  Solutions like Webroot are designed to coexist with local protections. The solution also gives you control over the security footprint of machines accessing your systems and data.

Give Employees Web Filtering / DNS Protection

Between 20% and 35% of malware attacks originate from infected websites and DNS attacks.  Adding web filtering/DNS protection allows your employees and their families to safely surf without putting your business at risk.

Properly Configure Desktop File Sync Utilities

Whether using Office 365 or G Suite, enabling a desktop sync tool gives your employees seamless access to your cloud-based files. Rather than syncing, configure the agent to serve as a mapping tool. Files cache locally while in use for performance; data remains securely in your cloud; users have easy and familiar access.

Put a Policy in Place

Make sure you have an appropriate policy in place, to protect your employees and your business. We are sharing a simple draft policy you can use and adapt to your needs.

Celebrate Data Privacy Day with a Free Workshop

Privacy RefYou may or may not know that International Data Privacy Day is January 28.  To celebrate, our strategic partner, Privacy Ref, is offering a free 2 hour workshop on Privacy Program Fundamentals.

Join us on January 25, 2017 from 1:00 to 3:00 PM EST for this valuable session.

Topics to be covered include:

  • Defining privacy
  • Foundational privacy concepts
  • Components of a privacy program
  • Privacy frameworks
  • Managing privacy risk
  • Metrics for privacy
  • Training & awareness activities

Please click here to register!


Interested in ensuring your business is protected?  Explore our Privacy Solutions, including our Privacy Assessment and Planning and our Privacy Training services.


 

4 Lessons from the Q4 Data Breach Review

Last week, our strategic partner Privacy Ref held their quarterly review of recent data breaches.  In his presentation, Ben Siegel, CIPM, identified 4 lessons learned from recent data breaches, including: Google Android; Hillary Tentler, CPA; Folsom State Prison; and the Internal Revenue Service.

#1: Unauthorized Mobile Apps Create Risk

Issue: Users can download apps from sites other than the Google Play store. These apps are not “vetted” and gain access to tokens used to control users’ accounts.

Lesson: As the threat is outside of Google’s control, you need to put systems in place to prevent unauthorized apps from access your company’s data via mobile devices.

#2: Local Data is At Risk, Too

Issue: In the burglary of an accountant’s home, three hard drives were stolen and only one was recovered during the arrest.

Lesson: Physical devices, when stolen, can result in a serious data breach; While moving 100% cloud is more secure, it may not be a practical option for your business yet. You should ensure any local data is encrypted and subject to regular backup.

#3: Internal Breaches are Still a Breach

Issue: A file including names, social security numbers, and other sensitive data was saved to a shared location accessible to anybody in the organization.

Lesson: You can protect yourself from internal breaches with solutions that use defined business rules to automatically enforce permission restrictions based on the content of your files.

#4: It is Too Easy to Email Protected Information

Issue: Employees were sending emails with personally identifiable information (PII) clearly visible, in violation of regulatory requirements.

Lesson: You should not rely on people to do the right thing all of the time — mistakes happen and can be damaging and costly. System exist that scan and encrypt emails automatically if they contain sensitive or protected information.


Do you need a privacy assessment or a privacy plan review? Are you ready to better protect your data — on premise and/or in the cloud?

Contact us to discuss your needs.


 

Third Party Apps: The Overlooked Data Risk

Privacy Button
It is easy to overlook. You see a cool app and install it on your phone. You see the prompt asking you for permissions. It is not clear what the app wants to access or why, but you want the app. You click “Grant” or “Allow” and away you go. Some third party now has access to your contacts, you schedule, and maybe even your files. 
Whether mobile apps, browser extensions, or freemium apps, your user community is installing apps and tools and granting access to your data. And while most apps are harmless and well-behaved, one rogue app can be a disaster.

Not all Apps are Trustworthy

Not every app, and not every app provider, is trustworthy.  And since most apps need access to some of your data in order to function, permissions should not be granted without some forethought. Preventing individual users from installing apps and granting permissions, however, is nearly impossible. Most small and midsize organizations have neither the money or resources to micromanage browsers and mobile devices — especially in our BYOD world.

There is a better way

Fortunately, for those of us running Google Apps and other cloud services, we have affordable solutions for monitoring and managing third party app access to your data.

Our Recommendation

If you are running Google Apps, we generally recommend BetterCloud Enterprise as our preferred solution for several reasons:

  • The Domain Health and Insight Center provides you with activity reports, alerts, and advanced reporting
  • Bettercloud includes a robust suite of Google Apps admin tools that are not available in the Google Apps Admin Console, including bulk actions, dynamic groups, and a user deprovisioning wizard
  • BetterCloud monitors and lets you manage third party app access to any data within Google Apps, and provides a trust rating to help you determine which applications pose a risk
  • BetterCloud monitors activity in Drive against business rules to ensure compliance with data privacy policies and regulations. BetterCloud will proactively modify permissions and send alerts to prevent accidental or intentional violations.

Our Offer

While there is a minimum fee for BetterCloud Enterprise, you can try BetterCloud for free for up to 30 days.  If you like what you see, we will waive the setup fees.  If not, you can keep running the Domain Health and Insight Center for free.

 

A Better Cloud Admin Solution

BetterCloud Logo
With over 200 new features add yearly, the capability of Google Apps is growing in features and capabilities. Across our customer base, we see adoption and use of these features by individuals and teams growing as well.

You want and need to understand how Google Apps is being used, and working, for your business. With more collaboration and data in the cloud, you want to ensure that documents are properly shared, with appropriate privacy and protections. At the same time, we want to keep administration simple and efficient.

We have a solution:

BetterCloud recently release a new tiered service designed to solve each of these issues, and you can try it for free.

BetterCloud Basic is a Domain Health Center for your Google Apps domain, letting you monitor activity, define alerts, and analyze usage.

BetterCloud Pro is a robust suite of administration and management tools for Google Apps that simply admin tasks with an expanded set of controls that save you time and effort.

BetterCloud Enterprise adds auditing, discovery, compliance, and data loss prevention features, giving you the ability to monitor, manage, and mitigate data permissions and exposures in real time.

 

You can try BetterCloud for free, and without obligation.  Here’s our offer:

We will …

  • Install BetterCloud Basic for free in your Google Apps domain
  • Activate a no-obligation, 30 day trial of the BetterCloud Enterprise and Pro Features
  • Over the course of the free trial, we will highlight and demonstrate key features, including running a basic data security audit report for your review

At the end of the the trial, you decide if the cost/benefit of BetterCloud Pro or Enterprise is appropriate for your domain, and we will keep you subscribed. If not, you can keep using BetterCloud Basic for free.

To keep it simple, you can request the trial with two clicks.  Click here* to open a request email, then click Send.  Our team will promptly respond and activate your free trial.


*If you purchased Google Apps directly from Google, or another partner, we can still provide the trial. We also offer license discounts and other incentives for moving your account over to us. Contact us if you are interested in the savings and/or our services.