Important GDPR Information for NJ

I recently spoke to Melanie Willoughby, Executive Director of the New Jersey Business Action Center. This is a state run organization to help businesses in NJ.

She was kind enough to send the following information to help with any questions.

 

On our team it would be Bill and for the U.S. DOC it would be North and South offices all info below.

South is anyone in Hunterdon, Mercer, Middlesex Counties and below.

 

Mr. William E. SPEAR

International Business Advocate

NJ Business Action Center

Trenton, NJ 08625-0820 USA

P:  609-777-4125 F: 609-292-5509

william.spear@sos.nj.gov

 

 

NORTH:

Susan Widmer, Director

U.S. Commercial Service, Northern New Jersey

U.S. Department of Commerce | International Trade Administration

Susan.Widmer@trade.gov

Tel: 973-645-4682 ext. 216

www.export.gov      www.njdec.org

 

SOUTH:

Janice C. Barlow

Sr. International Trade Specialist

U.S. Department of Commerce/U.S. Commercial Service

997 Lenox Drive, Building 3 – Suite 111

Lawrenceville, NJ 08628

tel: 609-896-2731

www.export.gov/newjersey

 

They seem eager to get answers.

 

Jim Mahlmann

COO

NetCetra LLC

Working with European Client? The GDPR is going to affect you.

 

The GDPR was approved and adopted by the EU Parliament in April 2016. The regulation will take effect after a two-year transition period and, unlike a Directive it does not require any enabling legislation to be passed by government; meaning it will be in force May 25 2018.

The first question we are asked is:

Does this apply to me?

The GDPR not only applies to organizations located within the EU but it will also apply to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.

Penalties if you are not complaint will reach 4% of your global business.

What it covers:

Any information related to a natural person or ‘Data Subject’ that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.

If this applies to you then please visit, https://www.eugdpr.org/eugdpr.org.html. Google has already sent message to many businesses. Everyone is trying to get the word out to be sure they are compliant.

 

Jim Mahlmann

COO

NetCetra LLC

Cyber Security & Big Data Analytics

Cyber Security & Big Data Analytics

I recently attended a symposium on “New Strategies for Encryption and Protection against Data Breaches”. The keynote speaker was: Steve Lutinski, Director, Cyber Security Services, Verizon Enterprise Solutions. Steve introduced Verizon’s DBIR Report (Data Breach Investigation Report) for 2017. You may view it here: https://www.verizonenterprise.com/verizon-insights-lab/dbir/.

Some of the points that were brought out by Steve were based on mid to large size companies but the same points remain for all size businesses.

  • It takes 208 days for a company to discover a data breach.
  • 82% of bad actors (data hackers) hack in in minutes.

The three most vulnerable areas according to the report are:

  • Education

Who – 71% External Hackers (data mining)

What – 56% Personal

Why – 45% Money (Intellectual Property)

How – 67% Breaches

 

  • Health Care

Who – 32% *External Hackers

What – 69% Medical Records

Why – 64% Financial

How – 81% Breaches

*Most breaches are from internal people – 68%

 

  • Public Sector

Ransom Wear Attacks Are #1 among All Industries

2015 – 1000 Attacks

2017 – 8000+ Attacks

26% of all Security Incidents Were DOS Attacks

 

Human error is still the number one cause for hackers breaching web sites, mail servers and data bases. Verizon is going to be pushing two step verification for every level.

Google and Google Chrome is going to start to block http in the next several months. Certificates for https will be mandatory in order to be found in the Google searches.

EU Compliance Evolves. General Data Protection Regulation (GDPR) proposed by the European Commission will strengthen and unify data protection for individuals within the European Union (EU), whilst addressing the export of personal data outside the EU. This will effect American companies within the next 100 days.

Verizon is recommending that when possible even in local communities, IT personnel should, PREPARE – be PROACTIVE – PARTNER with fellow companies and professionals.

Jim Mahlmann

COO

NetCetra LLC

What Do You Know About Your Domain Name?

A company’s domain name remains one of the major unseen issues facing a lot of businesses on line. I am still amazed how many businesses are not truly in control of their domain names. They think that they are because their web site comes up and that they see the domain they picked a few years ago. But who actually owns the domain name and who gets emailed when it is time to be renewed? This is such a big problem that it has actually developed into a cottage industry. The most common issue happens when the web designer is given permission to register the domain name. Most businesses do not understand it, don’t want to understand it and just let the designer handle it. Most of the time, they get it right but not all the time. The more inexperienced designers put their own information in the registration and figure they will change it after they finish designing the site or do not even know how to do it correctly. So, the site is completed and it is up and running. A few years later it goes down because the email address associated with the site is not businesses and but the designer, who either is not in business anymore, changed their email address or does not respond to that email address. It happens all the time.
The owner of a domain name should have:
• The name of the registrant company it was registered with
• A user and password to get into the control panel of that company
The minimum a business should have is a current breakout of the “Whois” information. This information shows:
• The Registering Company
• When it was purchased
• When it expires
• The Registrant (owner of the domain)
• The Administrative Contact (controller of the domain name, 1st. level)
• The Technical Contact (controller of the domain name, 2nd. Level)
• Domain Name Servers Addresses (Where the site is hosted)
The contact information should have current addresses, phone numbers and email addresses. Most registrations companies send out “review info” notices every two years. This is where the problem generally occurs. When it is wrong, that is when email notifications, for review and 45 days before domain name expirations, are sent out. If they are not responded to in a timely manner they are then picked up by companies that will sell it back to you at very high rates. Generally this happens when the site goes down and the business cannot figure out who has control of the domain name. Again, this is a common problem.
The best way to avoid this situation is to be involved in the sign up of your domain name. If you already have a domain name then go to internic.com and go to their link, “whois” and look up your domain name. It will give you the name of the registering company. Go to registering company and go to their web site “whois”. At that point, if you do not agreed results, call that company’s support phone number. They will walk you through the procedure to reclaim your domain name. Do not wait till your site goes down. Also, make sure to privatize your domain name in the “whois” so you are not overwhelmed with sales calls and emails.
NetCetra is a little different than most web design, hosting and marketing companies. We handle domain registration through Open SRS. So, we control the entire process. Our clients can contact us to fix any issue with their domain name.
All this information is very helpful when companies receive fake notices that their domain name is expiring and they include an invoice which is a total fraud.
Know Your Domain Name
Jim Mahlmann
COO
NetCetra LLC

National Cyber Security Awareness Month

Based on our support logs from clients regarding their email and web site access support requests, every month should be Nation Cyber Security Awareness Month. Some folks still don’t understand that you cannot use simple passwords anymore. Most good programs will not allow you to do that. They are now asking you to include upper case as well as lower case letters, numbers and symbols.

Here are some quick tips:

  • Use a password generator – There are very good free programs that will add good passwords and store them for you
  • Change your password regularly – Many programs are now requiring this. Another good reason to getting a password program.
  • Do not Keep Using the same few passwords
  • Do not write passwords down in a file
  • Do not let browsers keep your passwords – This is a very easy hack for experienced tech people
  • Be very careful with secret questions – Do not pick easy questions then you are asking for trouble.
  • Do not use public terminals – a major mistake this where spying is always happening
  • Always shut your browsers when left idle. Shut down your PC when not active.

This may seem like an inconvenience but avoiding that first major hack is pretty important and can be very costly.

Jim Mahlmann

NetCetra LLC

Should a Small Business Have Cyber Insurance?

I am asked this question almost every week. It is really small business data breach insurance. All the publicity regarding hacked servers in the news media has spooked a lot of people. It seems just about everyone in this day and age uses the internet to promote their business and or products and services. That alone will not require any insurance. But if you are collecting client information and storing it on a PC or server in your office that has a vulnerability issues written all over it.

You might think that most data breaches are caused by hackers or malicious attacks. But more than half of data breaches are caused by system glitches and human error.

  • An employee mistakenly sends a batch of personnel files to the wrong email address.
  • A credit card company calls to inform you that credit cards used at your business were compromised through your point of sale system.
  • While on business travel you lose your cell phone, which has sensitive customer information stored in your email’s Inbox.

Data that is maintained in a cloud environment is somewhat safer. You are relying on that vendor to have the correct security. Once again, this should not be taken for grant it. You should be discussing the software you have or are about to invest in with an internet specialist or your IT professional.

Here are some of issues that you must consider if a breach occurs:

  • Breach notification to customers
  • Credit card monitoring services
  • Costs to retain a public relations consultant to help restore your reputation
  • Consulting and forensic fees to identify and resolve the cause of a data breach
  • Defense and settlement costs if you are sued for alleged failure to prevent unauthorized access to, or use of, personal information

You can probably get a get an “add on” to your business liability policy that will cover the above actions.

So my answer to the questions regarding a small business needing Cyber Insurance is most likely “yes” if you fit into the above description. If you are having a vendor handle one of these areas for you, I would discuss their plan of action for stopping problems and if a breach does happen what is their response.

It is only going to get more complicated and your business is going to more involved with data type tools and software.

Jim Mahlmann

COO

NetCetra LLC

The Dark Side of the Internet

I was amazed how many people never heard of the dark side of the internet when asked by a State of NJ Security officer at a recent seminar for small businesses on internet security. Going there is not advised but being aware of it and what it is is imperative. It is interesting to hear what people say or think when you mention this area of the internet. It is not dark but it is pretty scary to see what can be purchased and done there. I am especially talking to parents with kids in high school and beyond. The danger does not seem to disturb them the same way, so surfing around seems OK to them.

All it requires to get there is to go to torproject.org.  It looks innocent enough. According to the home page everyone uses it. It was started by our government a few years ago to help people in suppressed countries view what the rest of the world saw on the internet. The problem is it not only hides those people but it hides terrorists, drug dealers, gun smugglers and pedophiles to name a few. Buying ransom wear to attack some business is a snap. Buy it there for $3 or 4 and you can even get someone, for part of the proceeds, who will set up the product to try and infest whoever you are after. They even have a rating system for every different malware that is offered. Comments about how good the software is, with rating system.

Would like to know where to buy a semiautomatic weapon? Not a problem. How about a great deal on legal and or illegal drugs. Paying too much for a prescription? They have the deals. They showed us one site that sold pot and guns. The main reason they cannot bust these sites very easily is the fact that they are up and then gone in a few days. Shipping is never a problem. Everything is shipped by the regulars like; UPS, Fed Ex and US Mail. Things are just packed in regular consumer boxes. Maybe a few boxes of laundry detergent that contain a broken down weapon are delivered to a person’s door.

We saw one search engine result that had 234 pedophile web sites available.

Dark, no, Scary, yes.

One thing that people use who go on this level of the internet is a flash drive with the programming and bit coin wallet on it. This way it is plugged in and no one knows you are using it. Nothing visible on your computer and they showed us a variety of flash drives that did not look like flash drives. One looked like a chap stick.

The US government started it and continues to support it as well as other countries and individuals. Be alert.

Cyber Security

There are two excellent events happening in the next few weeks that I strongly recommend you attend one of them  or send someone in your office. One wrong move could cost you thousands of dollars and or loss of data as well as the man hours or cost that were put in to develop your work.

1) Cyber Security & Big Data Analytics Symposium  by SBA- $40.00

Friday, March 31, 2017 – William Paterson College, Wayne, NJ 9:30 to 2:30 PM

 

2) Cybersecurity Summit – NJBIA -$129 Member $149 Non-Member

Friday, April 21, 2017 – APA Hotel Woodbridge, NJ 8:30 AM – 1:00 PM

Is your web site under attack?

Of course it is. Most web sites are under attack by many different forms of spiders and bots. You should maintain a good relationship with your provider. Check all your monitor specs either directly or question support to discover if there are any weaknesses. Forms are a favorite target to spam through. Make sure you have a Captura button or some kind of human interaction required.
If you are using a WordPress site, make sure you have one good security plug-in like WP All in One set up and running correctly. ALWAYS update your plugins to the latest versions. Some are for security and some are for better performance.
Always remove email addresses and their mailbox if you have not used them in a while. This is a favorite way for spammers to send tons of spam out and then your good email address will be black listed if it is the same domain name.
Some people will use FTP permissions to make changes. When dormant for too long be sure to remove or make the password very difficult.
These are all the basic things you need to monitor regularly to protect your site, business and reputation as well as your fellow internet users.