10 point DR power checklist

10 point DR power checklist defined in Janco DR/BC Template

10 point DR power checklist — After an event that disrupts a network, availability of power to recover and run the network often is critical.  Below is a 10 item check list of what to consider in your disaster recovery – business continuity plan.

  1. Electricity, water, broken wires do not mix.  Before anything else validate that the power source and power distribution systems are dry and functional before power is turned on.
  2. Understand the minimum power requirements to be operational.   Have a clear understanding of a facility’s critical loads.
  3. Have an adequate fuel supply to operate backup power sources. Make smart fuel and technology choices, considering things such as if natural gas pipeline service were to be disrupted in your community. Make sure that you have sufficient fuel storage capacity onsite for an extended outage.
  4. Set reasonable response times for standby generator.  Frequent outages of a few seconds, a few minutes, or more, can have significant cost implications for businesses. While some other generators take up to two minutes to engage, diesel-powered generators are uniquely able to provide full load power within 10 seconds of a grid outage.
  5. Maintain your equipment and test it operations. Standby generators should be exercised periodically to ensure they will operate as designed in the event of an outage.
  6. Understand your environment and geography.  Even the best generators won’t work underwater when subjected to extreme flooding.  Check unit location for protection from flooding and ensure you use the proper gauge extension cord.
  7. Set up generators in an “open environment”. Use generators or other gasoline or charcoal-burning devices such as heaters in an open area or outside near an open window. Carbon monoxide fumes can build up and poison people.
  8. Quarterly review your load.  Know when there are any new demands or critical circuits to protect.  If you’ve added new computers or other power-hungry devices, consider updating switchgear.
  9. Meet all mandated compliance requirements. Make sure you have the proper permits and records on operations.
  10. Optionally contract for a rental power source.  Consider a rental generator power for use in the event of an extended outage.

Order Disaster Plan TemplateOrder Disaster Plan TemplateDisaster Plan Sample

Top 10 WYOD Best Practices

Top 10 WYOD Best Practices expand beyond BYOD

Tio 10 WYOD Best Practices - Policy
WYOD Policy that address all of the issues generated by this technology.

Top 10 WYOD Best Practices – Employees bringing their own smartphones into the workplace started the BYOD trend requiring enterprises to deal with the serious security implications that come from these devices. The decision for employees to wear their own device (WYOD), such as an apple watch that can link to your Wi-Fi; capture audio, video and data; store; and transmit poses similar problems for IT departments.  Employees and individuals outside of the enterprise can use these devices, sometimes discretely, to access and share business content.

This puts corporate data and infrastructure at risk, and reinforces the need for IT managers to focus on securing the content, rather than the device that’s in use. Wearable devices simply add another level of access and security concern to what we’ve already seen with the BYOD trend.

Here are top 10 best practices for WYOD:

  1. Have a strategy for how, when and why WYOD devices can be used
  2. Implement an acceptable use policy
  3. Identify the connectivity options that are available to both internal and external users
  4. Approved devices should be easily connected to the available secure access points
  5. Define a management process for the WYOD devices
  6. Plan for the activity WYOD devices will add to the network
  7. Make collaboration tools a priority
  8. Secure the end points and isolate sensitive/confidential information and locations
  9. Be prepared for little to no advance notice on upgrades
  10. Formalize your 7 x 24 support

For more information on this go to WYOD Policy.

Top 10 tips improve social networking security

Top 10 tips and best practices to improve social networking security

Top 10 tips improve social networking security – These best practices will improve social networking security and protect the enterprise’s social networking reputation.

  1. Educate employees – Educating employees of best practices can help improve the overall security of the business. Awareness through seminars, workshops, and other programs help educate how attackers use social media to target a brand via individual employees.
  2. Have employees use different passwords for different system – Encourage users to have multiple unique passwords. This can be support by implementing a cloud based password management system.
  3. Mandate strong passwords – Make it a requirement to have unique strong passwords.
  4. Have employees change passwords regularly – One every three or four months communicate with employees to tell them it is time to change their passwords.
  5. Do not share accounts – For social accounts that represent the enterprise only have one user per each and the linking e-mail account should be one that is in the enterprise domain and will remain with the enterprise in case the employee leaves or is terminated
  6. Implement two factor authentication – Many of the larger social networks provide two-factor authentication, commonly in the form of a code sent to their smartphone or email each time a new device or browser attempts to login to the account.
  7. Educate employees to NOT open email attachments or go to links where the originator is not known – Stress the practices of carefully reviewing URL links before clicking to make sure the company and site name are spelled correctly. Cybercriminals will often blast out links that are very similar to a real address adding, subtracting or rewording parts to differentiate them.
  8. Utilize antivirus and security software – . No matter how careful a user is, there’s always the risk of accidentally engaging with a malicious link – and just one unfortunate click can lead to months of recovery time.
  9. Don’t friend people you do not know – Companies should encourage employees to thoroughly vet a friend request before hitting “accept”. They should check to see if other colleagues are also connected to the account. If the account seems suspicious or you don’t know the individual, ignore or report the user, and refrain from clicking on any links they may have sent.
  10. Validate and verify – just because it is on the Internet does not make it true.

Order Policy Download Selected Pages

Walmart denies hack occurred

14,600 emails addresses and passwords posted – Walmart denies hack occurred

Walmart denies hack occurred
Incident Communication Plan

Walmart denies hack occurred after email address and passwords were posted.   – Over 14,600 email addresses and plain-text passwords associated with Sam’s Club’s online store were dumped on Pastebin, a text sharing site. Walmart denied a hack occurred.

The title of the password dump said that the accounts listed belonged to the retail giant. The company which has over 650 locations across the US and tens of millions of members.

Walmart said “.. looked into this issue and there is no indication of a breach of our systems. It is most likely a result of one of the past breaches of other companies’ systems. Because customers often use the same usernames and passwords on various sites, bad actors will typically test the credentials they obtain across many popular sites. Unfortunately, this is an industry-wide issue,” said a Walmart spokesperson.

Order PolicySample Policy

That is no way to inspire confidence in the security of an enterprise’s website.

To survive an incident such as a business interruption, security breach, or a product recall, organizations need more than a successful communication strategy – they need an incident communication plan.

The overall objectives of a incident communications plan should be established at the outset. The objectives should be agreed upon, well understood, and publicized. For example, will the primary objective of the communications plan be for communications only to employees, and only during a disaster? Or is the intent to advise customers of interruptions to service? Or is it for investors and stockholders? Or regulatory agencies? Or is it some combination of these?

New York Security Compliance

New York Security Compliance Mandates added

New York Security Compliance – The State of New York announced a series of new rules strengthening cybersecurity requirements for financial firms. This is the latest in a series of announcement aimed at protecting clients, consumers and financial entities from the “ever-growing threat of cyber-attacks.

New York Security ComplianceThe Governor of New York said, “New York, the financial capital of the world, is leading the nation in taking decisive action to protect consumers and our financial system from … state-sponsored organizations, global terrorist networks, and other criminal enterprises.” Even if your firm isn’t directly subject to these new regulations, it’s safe to assume that this approach will be rapidly adopted by similar regulatory bodies domestically and around the world.

The current draft calls for the “encryption of all nonpublic information held or transmitted”, but because they tie it tightly to access control, acceptable usage policy, and data retention. Simple encryption won’t be enough to comply with the New York mandates.

To comply with New York Security Compliance mandates CFOs, CIOs, and CSOs, and firms should:

  • Implement more dynamic ways to protect data. Enterprises will need to deploy more dynamic forms of data protection that extend beyond their current systems. When the requirement for encryption and data-loss protection spans not just records and managed systems, but anywhere data can travel, traditional means of encryption and monitoring are scale able. Organizations will need to enforce granular limitations on access privileges, implement new audit systems to document data governance, and be able to remotely apply data disposition and destruction rules.
  • Tie access control and privilege management to identity. In a complex technology ecosystem, it’s no longer feasible to define access and privilege at the system, device, or perimeter. Identity is the one attribute that crosses on-premises, cloud, and un-managed services, and provides a consistent way to set, audit, and control access to confidential information. Ultimately, encryption, access controls, and data-in-use protections must persist independent of the kinds of data protected, where it’s stored, or how it’s shared.
  • Prioritize solutions to balance simplicity and security. Too often, risk and security teams have simply added new solutions to their portfolio in response to regulations and enforcement. Unfortunately, this has often created a complex, hard-to-navigate forest of tools, hurdles, and collaboration dead-ends for employees. The downside of that is it creates incentives for otherwise well-intentioned people to avoid following policy, increasing the risk of a material breach.
  • Make audit a primary concern. In the past, the requirement for an audit trail on data access was seen as an add-on. In the worst case, it was an afterthought, something built last as a reaction to risk and compliance needs. But, by thinking differently about this rich trove of data, you can improve your visibility into data use and your ability to identify dangerous behavior in advance. In many cases, you will be able to proactively stop data loss before it happens. With a strategy that protects data directly, by deploying identity-driven access controls and dynamic permissions, you can use the data from each user interaction to build a better picture of where data is traveling, and to whom.
  • Take a more dynamic approach to data protection. Adhere to mandates and be ready to tell any auditor about your enterprises ability to protect the confidentiality, integrity, and availability of your enterprise’s information.

Order Security ManualDownload Selected Pages

10 Point Checklist DR Power Requirements

10 Point Checklist DR Power Requirements

10 point checklist DR power requirements in Janco’s Disaster Recovery Business Continuity template.  The checklist addresses the issues associated with power after an event disrupts availability. It is:

  1. Electricity, water, broken wires do not mix.  Before anything else, validate that the power source and power distribution systems are dry and functional before power is turned on.10 Point Checklist DR Power Requirements
  2. Understand the minimum power requirements to be operational.   Have a clear understanding of a facility’s critical loads.
  3. Have an adequate fuel supply to operate backup power sources. Make smart fuel and technology choices, considering things such as if natural gas pipeline service were to be disrupted in your community. Make sure that you have sufficient fuel storage capacity on-site for an extended outage.
  4. Set reasonable response times for standby generator.  Frequent outages of a few seconds, a few minutes, or more, can have significant cost implications for businesses. While some other generators take up to two minutes to engage, diesel-powered generators are uniquely able to provide full load power within 10 seconds of a grid outage.
  5. Maintain your equipment and test it operations. Standby generators should be exercised periodically to ensure they will operate as designed in the event of an outage.
  6. Understand your environment and geography.  Even the best generators won’t work underwater when subjected to extreme flooding.  Check unit location for protection from flooding and ensure you use the proper gauge extension cord.
  7. Set up generators in an “open environment”. Use generators or other gasoline or charcoal-burning devices such as heaters in an open area or outside near an open window. Carbon monoxide fumes can build up and poison people.
  8. Quarterly review your load.  Know when there are any new demands or critical circuits to protect.  If you’ve added new computers or other power-hungry devices, consider updating switchgear.
  9. Meet all mandated compliance requirements. Make sure you have the proper permits and records on operations.
  10. Optionally contract for a rental power source.  Consider a rental generator power for use in the event of an extended outage.
Order Disaster Plan TemplateOrder Disaster Plan TemplateDisaster Plan Sample

10 step security

10 step security for third party access to enterprise systems

10 Setps for security in cloud Security plan10 step security for 3rd party access to enterprise systems are a must with the increased use of internet processing and use by day to day business operations.

Security and compliance are key to maintaining control of sensitive and confidential information. All of the product offerings of Janco are geared towards proving tools to help C-Level executives and top IT professionals maintain the privacy of its users and enterprise data.

Order Security ManualDownload Selected Pages

  1. Create an asset inventory and tracking to reduce the risk of network-connected assets being out of compliance with policy.
  2. Understand the cloud-based environment where all users are considered remote, and apply controls similar to how they have historically provided access to third parties.
  3. Make changes in how the organization manages and controls these various user-types by incorporating concepts such as zero-trust, network abstraction, extended identity validation and full-session recording to effectively reduce the overall risk and isolate any potential impact caused by third parties or remote user actions.
  4. Define a plan which meets the requirements for external contractors, employees, and B2B entities.
  5. Coordinate third party access plan in conjunction with their business units and develop a solid communications plan.
  6. Create rules for access using the appropriate level of controls commensurate with their given risk profiles, to include: isolation/segmentation, encryption, and federation integrations.
  7. Establish access points and rules for data availability to third parties
  8. Invest in ways to authenticate third-party users beyond simple username and password.
  9. Define metrics which address compliance variances and risks, and build an end-to-end security and risk view for the entire enterprise.
  10. Create a reporting system which track access, access violations, downloads and total usage. This should be real-time and have assigned individuals monitor and report and deviations.

Order Cloud Outsourcing TemplateDownload Selected Pages

Top 10 Wearable Issues

Top 10 Wearable Issues

Top 10 Wearable Issues – Over 33% of all organizations surveyed by Janco have revealed they have more than 5,000 connected devices. Add to that, Cisco predicts there will be more than 600 million wearable devices in use by 2020.

These facts present a set of challenges for CIOs and IT enterprises of all sizes.

  1. Easy physical access to Data
  2. Records management, retention, and destruction
  3. Business continuity is significantly more complex
  4. Photos, Videos and Audio can be captured without anyone knowing it
  5. Instant access to outside Wi-Fi and cellular systems facilitates rapid dissemination
  6. Insecure wireless connectivity
  7. Lack of encryption
  8. Lack of formal policies with limited regulation or compliance –
  9. Software and Firmware version control
  10. Current MDM Policies Don’t Cover Wearables

Read On…

Top 10 Wearable Issues Download Selected Pages

Top 10 Security Predictions

Top 10 Security Predictions

Top 10 Security Predictions – Many organizations fail to realize the benefits of security information management due to the often exhaustive financial and human resource costs of implementing and maintaining the software. However, Janco’s’ Security Manual Template – the industry standard – provides the infrastructure tools to manage security, make smarter security decisions and respond faster to security incidents and compliance requests within days of implementation.

Top 10 Security Predictions from Janco Associates are:

  1. Over the next several years almost all of vulnerabilities exploited by hackers will continue to be ones known by security and IT professionals for at least one year.

    Top 10 Security Predictions
    Top 10 Security Predictions
  2. Robotics will take over many security operations. China will lead the way with 30-40K students training in universities with this technology. US will lag for several years.
  3. Shadow IT will be responsible for over one third of attacks experienced by enterprises.
  4. The need to prevent data breaches from public clouds will drive many organizations to develop data security governance programs.
  5. Over the long term enterprises engaged in application development will secure applications by adopting application security self-testing, self-diagnosing and self-protection technologies.
  6. Future cloud-based providers will include network firewall, secure web gateway (SWG) and web application firewall (WAF) platforms in their offerings.
  7. Identity as a service (IDaaS) implementations the focus of several new companies.
  8. Use of passwords and tokens in will drop 55%, due to the introduction of bio-metrics.
  9. A majority of IoT device manufacturers will not be able to address threats from weak authentication practices.
  10. More than 25% of identified enterprise attacks will involve IoT.

Order Security ManualDownload Selected Pages

10 best practices electronic meetings

10 best practices electronic meetings

10 best practices electronic meetings
Travel Off-Site Meeting Policy

10 best practices electronic meetings have been identified by Janco Associates, Inc.  They are:

  1. Have an agenda that is available to all attendees before the meeting
  2. Have a process to validate that the devices in use by users will work with the electronic meeting application
  3. Test the meeting technology with all attendees well in advance of the meeting
  4. Have a specific start time
  5. Be aware of time zones that meeting attendees will be in
  6. Have a dress code including background for meeting attendees to follow
  7. Send electronic invitation which require a confirmation and put the meeting in the electronic calendars of all attendees
  8. Have a common secure location where share documents are available to all attendees
  9. Record the meeting and comments for others to review if they are not able to attend
  10. After the meeting send a summary of the meeting including next steps, tasks assigned, and when the next follow-up meeting will take place.

Order PolicyDownload Selected Pages

Top 10 Technology Travel Tips – International

Top 10 Technology Travel Tips – International

Travel, Electronic, and Off-Site Meeting Policy
Top 10 Travel Tips

Top 10 Technology Travel Tips – When people traveling, especially internationally, not only is technology at risk but also sensitive personal and work information.  Below are 10 tips taken from Janco’s Travel, Electronic, and Off-Site Meeting Policy.

  1. If it’s not necessary, don’t travel with a computer or tablet.
  2. Whenever possible, arrange to use loaner laptops and handheld devices while traveling.
  3. If you are bringing a laptop with you, make sure you have the proper plug adapter.
  4. Install a host-based firewall, and configure it to deny all inbound connections.
  5. Disable file, printer sharing, and Bluetooth. Apply full disk encryption, picking a long, complex password
  6. Update all software immediately before travel.
  7. Always clear out browser cache before you leave.
  8. Backup your computer
  9. If you are bringing private data, not on a computer, copy the data onto an encrypted USB memory device
  10. Change the password for your accounts email, Gmail, Facebook, etc.
    1. Utilize complex passwords – Assume the workstation or medium will be lost or stolen.
    2. Memorize the password, or keep it in a secure location on your person.
    3. Password protect the login, and require the password after screen-saver.
    4. NEVER set browser to remember passwords.

Order Policy Download Selected Pages

10 Security Assessment Questions

10 Security Assessment Questions

Security Assessment and Compliance Management
Security Assessment and Compliance Management

Security Assessment Questions

  1. To stop a breach tomorrow, what does the enterprise need to differently today?
  2. Does the enterprise know if the company has been breached? How does it know?
  3. What assets are being protecting, what are they being protected from (i.e., theft, destruction, compromise), and who are they being protected them from (i.e. cybercriminals or insiders)?
  4. What risks does the enterprise face if it is breached (i.e., financial loss, reputation, regulatory fines, loss of competitive advantage)?
  5. Does the enterprise’s IT security implementation match the enterprise’s business-centric security policies?
  6. Are formal written policies, technical controls or both in place? Are they being followed?
  7. What is the enterprise’s security strategy for IoT?
  8. What is the enterprise’s security strategy for BYOD and “anywhere, anytime, any device” mobility?
  9. Does the enterprise have an incident response plan in place?
  10. What is the enterprise’s remediation process? Can the enterprise recover lost data and prevent a similar attack from happening again?

Security Compliance – Comprehensive, Detailed and Customizable for Your Business

The Security Compliance Policy and Audit Program bundle provides all the essential sections of a complete security manual and walks you through the creation of each step. Detailed language addressing more than a dozen security topics is included in 220 plus page Microsoft Word document, which you can modify as much or as little as you need to fit your business requirements. The template includes sections on critical topics like:

  • Risk analysis – Threat and Vulnerability Assessment via Electronic Forms
  • Staff member roles
  • Physical security
  • Electronic Communication (email / SmartPhones)
  • Blogs and Personal Web Sites
  • Facility design, construction and operations
  • Media and documentation
  • Data and software security
  • Network security
  • Internet and IT contingency planning
  • Insurance
  • Outsourced services
  • Waiver procedures
  • Incident reporting procedures
  • Access control guidelines
  • PCI DSS Audit Program as a separate document

Order Download Selected Pages

Top 10 Cloud SLA Best Practices identified by GAO

Top 10 Cloud SLA Best Practices identified by GAO

Cloud SLA Best Practices
Cloud SLA Best Practices

Top 10 Cloud SLA Best Practices are:

  1. Define SLA roles and responsibilities for the enterprise and cloud providers. These definitions should include,the persons responsible for oversight of the contract, audit, performance management, maintenance, and security.
  2. Define key terms. Include definitions for dates and performance. Define the performance measures of the cloud service, including who is responsible for measuring performance. These measures would include: the availability of the cloud service; the number of users that can access the cloud at any given time; and the response time for processing a customer transaction.
  3. Define specific identifiable metrics for performance by the cloud provider. Include who is responsible for measuring performance. Examples of such measures would include:
    SLA Best Practices
    SLA Best Practices
    • Level of service (e.g., service availability—duration the service is to be available to the enterprise).
    • Capacity and capability of cloud service (e.g., maximum number of users that can access the cloud at one time and ability of provider to expand services to more users).
    • Response time (e.g., how quickly cloud service provider systems process a transaction entered by the customer, response time for responding to service outages).
  4. Specify how and when the enterprise has access to its own data and networks. This includes how data and networks are to be managed and maintained throughout the duration of the SLA and transitioned back to the enterprise in case of exit/termination of service.
  5. Specify specific SLA infrastructure and requirements methodology:
    • How the cloud service provider will monitor performance and report results to the enterprise.
    • When and how the enterprise, via an audit, is to confirm performance of the cloud service provider.
  6. SLA DRP and Security for Cloud
    SLA DRP and Security for Cloud

    Provide for disaster recovery and continuity of operations planning and testing. Include how and when the cloud service provider is to report such failures and outages to the enterprise. In addition, how the provider will re-mediate such situations and mitigate the risks of such problems from recurring.

  7. Describe any applicable exception criteria when the cloud provider’s performance measures do not apply (e.g., during scheduled maintenance or updates).
  8. Specify metrics the cloud provider must meet in order to show it is meeting the enterprise’s security performance requirements for protecting data (e.g., clearly define who has access to the data and the protections in place to protect the enterprises’s data). Specify the security performance requirements that the service provider is to meet. This would include describing security performance metrics for protecting data, such as data reliability, data preservation, and data privacy. Clearly define the access rights of the cloud service provider and the enterprise as well as their respective responsibilities for securing the data, applications, and processes to meet all mandated requirements. Describe what would constitute a breach of security and how and when the service provider is to notify the enterprise when the requirements are not being met.
  9. Specify performance requirements and attributes defining how and when the cloud service provider is to notify the enterprise when security requirements are not being met (e.g., when there is a data breach).
  10. Specify a range of enforceable consequences, such as penalties, for non-compliance with SLA performance measures. Identify how such enforcement mechanisms would be imposed or exercised by the enterprise.

Documentation Security Compliance

Documentation is a key part of security compliance — here’s how to do it right

Compliance Management
Compliance Management – Documentation

Documentation Security Compliance – Maintaining security compliance is a multifaceted responsibility. It’s not enough to simply implement the required controls and enforce security policies. In order to remain fully compliant, businesses must thoroughly document their compliance efforts as well. Maintaining formal, written documentation of all compliance-related activities is a requirement of many regulatory guidelines, but all too often, it’s treated as an afterthought.

Order Compliance Kit

In many cases, compliance documentation is inadequate due to varying responsibilities. In many organizations, compliance efforts spread across departments and different individuals are responsible for various aspects of the security plan. As a result, documentation tends to be inconsistent at best, with varying standards and levels of detail. Unfortunately, such an approach to compliance can land your company in hot water should it ever be selected for a compliance audit.

Specific security compliance documentation standards vary by regulation (HIPAA has different requirements than PCI DSS, for instance) but there are some general best practices that you can follow to ensure that your compliance documentation is up-to-date and meets the requirements put forth for your organization.

Select the Right Manager

Security Documentation Job Descriptions Bundle
Security Documentation Job Descriptions

Even with a dedicated compliance department, many companies struggle with documentation. Regulatory requirements tend to be highly technical, and require writers with the technical expertise to develop them thoroughly and accurately. When the wrong individuals are tasked with creating compliance documentation, there is the potential for errors and omissions. If professional technical communicators are unavailable, establish specific standards for the creation of documentation for staff to follow, or consider outsourcing the project.

Understand the Requirements

The first step to managing compliance documentation is understanding what is required of your company and developing a consistent means of recording the necessary information. In general, this means:

  • Describing the specific requirement and how it relates to your business
  • Outlining the specific controls in place to meet that requirement
  • Listing the name and contact information for the person in charge of implementing the control
  • Designating the date that the control/documentation needs to be reviewed and/or updated

Many organizations implement a content management system specifically for the purpose of maintaining security compliance documentation. Doing so allows for information to be accessed and updated online in real time, without relying on paper copies. An efficient CMS allows for additional information to be imported as well; for instance, when you invest in a Cisco video conference system from KBZ, the information from training sessions completed by employees can be seamlessly added to the CMS, keeping records up-to-date.

Conduct Regular Audits

Security Audit Program
Security Audit Program

Compliance documentation is an ongoing process, and IT needs to schedule annual documentation reviews as part of their compliance activities. Ideally, reviews should not be conducted by those who have responsibility for specific security controls, but by other individuals who have knowledge of the controls and can identify gaps or other potential issues that need to be addressed when necessary. The annual documentation review should be focused on identifying required changes, as well as comparing the existing documentation to current regulations to ensure full compliance.

The best time to conduct documentation audits is in conjunction with your scheduled risk assessments. Most security regulations require regular risk assessments, with controls put in place in relation to the results of the assessment. Including a documentation review as a part of that process allows you to identify areas that need improvement or change, as well as activities that need to be added to your security controls.

Focus on the User

Finally, the most effective compliance documentation is user-focused, both in terms of employees who may need to access the information and regulators who will be auditing your efforts. While a focus on the technical aspects of the documentation is necessary, you also want to ensure that the documentation is usable. This means keeping it user-focused, easily accessible, and accurate. Nothing is more frustrating than attempting to find documentation that is hopelessly out-of-date or incorrect, so being user-friendly means committing to maintaining the most current documentation possible.

Failing to correctly maintain your security compliance documentation puts your company at risk for failing an audit, which could result in costly fines and other sanctions. A scattershot and disorganized approach to documenting your efforts is not adequate for anyone’s needs, and could leave your company vulnerable to security breaches in addition to regulatory infractions. By taking the time to develop a comprehensive and thorough approach to compliance documentation, you’ll save time and money in the long run.

10 Tips to protect your personal information

10 Tips to protect your personal information

10 tip to protect personal information
Protecting Personal Information

10 Tips to protect your personal information – According to the Identity Theft Resource Center, it takes 600 hours to restore your identity after a theft has taken place. The FTC’s new online resource aims to streamline the process of reporting identity theft to the FTC, IRS, credit bureaus, and to state and local officials.

ID theft happens when criminals use your personal information to file for a tax refund with the IRS or process a credit application to purchase an item or withdraw funds from the victims account(s). Victims usually learn of the crime after having their tax returns rejected because their impostors beat them to it, check bounce, or the victim receives dunning notices. N

  1. Monitor credit reports – By law, you are entitled to a free copy of your credit report from the major bureaus: Equifax, Experian, Trans Union, and Innovis.
  2. Never provide personal information over public Wi-Fi or a network that’s not password protected.
  3. Password protections – the longer the better. Try disguising familiar phrases using a cipher.
  4. Don’t use the same password on all accounts and change them up frequently. The more variation, the better.
  5. Never store passwords on your computer. If you need to do it digitally, use an external hard drive or USB and disconnect it from the computer when you are finished.
  6. Watch out for phishing emails – Throw up an immediate red flag if you receive any email asking to confirm passwords, bank account numbers, or Social Security Numbers. This includes any type of electronic communication, such as text messages and social media channels.
  7. If you do receive a suspicious-sounding email, contact your service provider directly to verify its authenticity. If your bank is requesting updated information, log onto your online banking account and update it there (instead of clicking on the link in the email). If your account does not show need for an update, you’ll know the email was a scam.
  8. Take physical precautions – Do not carry your Social Security card with you or write it down on checks. Only give out your SSN if it is an absolute necessity. When filling in forms for organizations, hospitals, clinics, and other companies, leave the area asking for your SSN blank.
  9. Shred bills, credit offers, and expired credit cards to prevent dumpster divers from getting your personal info.
  10. Layer your cyber-security – Layer defenses with a firewall, antivirus, and anti-malware that includes anti-spyware.

Order Security Manual Download Selected Pages