PCMatic Support Poor at Best, when you have an issue they have no user forum, no real knowledge base to query, no on-line chat, nor a tech support phone number.
We tried the Pro version of PCMatic and found it an interesting solution to the protection arena.
When we had a problem with another program and added to the white list. That did not make any difference. That we found strange. Let me explain.
PCMatic Support should implement polices on Patch Management, version control, and service desk support.
We could install the other program (DriverSupport.com) and add it to the white list. All went well until a reboot was required. PCMatic just REMOVED the whitelisted program. We sent 3 help requests that respond with ROBOTIC canned answers that do not answer the question of how to get around the issue.
There is NO link to a follow-up area, there is NO phone number listed of who I can talk to, and there is NO user forum where I can ask if another user has solved the problem. The only solution that I have is to request a refund.
This is the WORST customer service we have seen yet in the virus protection arena. PcMactic prides itself as being all U.S. made and suppported. They might as well be in India, at least there someone will talk to you.
AVOID THIS PRODUCT IT IS NOT WORTH THE TIME TO MAKE IT WORK. They should spend more on technical support and less on TV ads
Top 10 Security Management rules are defined in Janco’s Security Manual Template.
Top 10 Reputation Management Rules are defined in detail in Janco’s Security Manual Template.
Without constant vigilance, your company is vulnerable to attack. The first step to take is to assess your current security stance, then make a plan to increase security with proper best practices and technologies.
Top ten commandments of security management for CSOs, CIOs, and IT Managers
Limit access to information to those who need to have it. People can’t misuse information that they don’t have.
Conduct frequent and deep security audits. Identify who has access to what – and how their actions could weaken the protection of valuable data/information.
Set limits to information access. Do not exclude all information from access – data exclusion locks down access. Limits set authorizations so specific people can do specific things under specific circumstances.
Limit administrative rights to as few individuals as possible. Very few individuals need them to do their jobs.
Ignore organizational hierarchy when setting access capabilities. Access and authorization should be based upon responsibilities, not position.
Make Security Invisible. Minimize extra commands, screens, pop-ups for employees; if an action is allowed, just let it happen.
Analyze Security End back doors. Compliance logs reveal threat patterns, and show how security steps are hurting productivity.
Monitor information access and updates. User-initiated application information updates can invite vulnerabilities.
Educate everyone on security policies and procedures. The more that people know about the rules the better
Make security best practices the watch word for everyone. IT and the general workforce must address the constantly changing nature of security breaches.
Security Manual Template
Security Policies and Procedures Manual for the Internet and Information Technology is over over 230 pages in length. All versions of the Security Manual template include both the Business & IT Impact Questionnaire and the Threat & Vulnerability Assessment Tool (both were redesigned to address GDPR, CaCPA, ISO, Sarbanes Oxley and CobiT compliance).
GDPR Compliance is at risk with 3rd Party providers
GDPR Compliance Management is more complex with the increased use of 3rd Party providers
Security and GDPR Compliance risks from third parties are on the rise. A security compliance study found that 56 percent of companies admitted to a security incident caused by a third party.
With GDPR now in place, security of third-party vendors and consultants is more important than ever. Their security failure will impact your company and could result in a breach of your data.
So how do you approach third-party security in a GDPR world? The first step is to know who your vendors are and other outsiders with access to your network. These tiers are based on the level and volume of data they have access to, determining which are the most critical. Companies need to know who has any access to their data and get an accurate understanding of exactly what information they can access, why, and how often. With this information in hand, you can then develop an accurate response plan.
GDPR compliance plans should also take into consideration all of your third-party vendors. Thus, when establishing a dedicated Data Privacy Officer (DPO), that person will help the company meet GDPR requirements and should keep tabs on third-party practices and data systems as they affect your business. Lunetta added:
To support the DPO with additional expertise on making decisions such as, “We need X solution to address Y compliance/security requirement,” it’s imperative for IT security teams to conduct regular self-assessments for uncovering gaps and determining options for remediating them.
Some tips for ensuring that your third parties are staying in GDPR compliance:
Address cybersecurity governance because while it’s one thing to invest in security solutions that help address personal data protection, it’s another to use them in a manner that is also GDPR-compliant.
Access Policy Governance – Having robust access controls isn’t good enough to comply with GDPR. Instead, you also need a set of policies that can be defined, implemented and enforced around how your enterprise controls access to personal data.
Pay attention to privileged. Users, such as systems administrators, can circumvent standard controls inside of an application or a database. Identify those users, establish governance controls, and implement enforcement mechanisms through technology solutions such as network access control.
Compliance Mandates come from multiple sources. How companies are impacted by them varies by size of company and the markets they serve.
Compliance Mandates impact every company that does business on the Internet. Few companies are impacted by all of the mandates. In the U.S. the most impactful is the CaCPA inacted by Califorinia and the GDPR from the EU
The EU has implemented a single privacy and compliance mandate. In the U.S. that is not the case as of yet. The U.S. Congress has talked about it but, as of yet, there is no consensus on what that legislation will look like. Until that occurs the various states, and California in particular, will set the rules.
The standards for user privacy and control drove the released of an update to its Security Manual Template which identifies mandated user rights and enterprise responsibilities related to privacy protection. Janco reviewed in detail the California Consumer Privacy Act of 2018 (CaCPA) and generated a detail list of user rights and business responsibilities that are mandated. The CaCPA requirements are very complex and significant resources will have to be allocated for organizations to comply with these new mandates. These mandates will impact all organizations that have an Internet presence in the U.S. and California in particular. The compliance deadline is January 1, 2020.
Compliance Management is one of the top concerns of CIOs and other C-Level exeutives.
Compliance Management Kit was just released. All of the components of the kit were just updated to meet privacy and security madatesdue to GDPR for the EU and CaCPA for the state of California.
The kit comes in 3 versions: Silver, Gold, and Platinum. Each can be acquired with either 1 year or 2 years of update service. Janco feels mandates will continue to be added due to this high volume of cyber-attacks and privacy issues that are of concern to individuals and corporations.
First, he Silver version of the kit comes with the Compliance Management White Paper, a self-scoring Security Audit, a PCI Audit Program, and 31 key Job Descriptions including Chief Security Officer (CSO). Second, the Gold version of the kit come with all of that plus two full policies. The policies are the Record Classification and Management Policy and a Privacy Compliance Policy with a detail implementation work plan. The detail wok plan can be utilized right out of the box to ensure that privacy and security are implemented fully within the enterprise. And third, the Platinum version of the kit comes with everything in the first two, plus Janco’s Security Manual Template.
Record Classification, Management, Retention, and Destruction Policy Updated
Record Classification was just added to the Data Management Policy. The purpose of the addition was to reduce the sensitive data footprint to meet the most recent rigorous compliance standards,
Record Classification, Management, Retention, and Disposition Policy can be acquired separately or with the CIO IT Infrastructure Policy Bundle.
Most other data classification tools don’t go the extra mile. Their technology only looks for specific terms in your documents; it doesn’t provide the intelligence you need to secure the personal information of your customers or employees. Janco’s Record Classification, Management. Retention and Disposition Poicy provides visibility into where sensitive files are, what content is inside, who can access the files and who actually uses them.
Included with the policy is a crisp definition of data classification.
The foundation of any good record management program is developing a consistent records classification system across the organization.
While there are many record classification systems, one recommended best practice is a three-tier classification based on business function, record class, and record type.
The first step toward developing a records classification system is taking an inventory or a comprehensive and accurate listing of locations and contents of all records within the organization.
The second step is grouping the records in the inventory according to business functions, record class, and record type:
Common business functions include operations, finance, legal, marketing, human resources, and others.
The top-level business functions are broken down into record classes. For instance, two record classes of record-function accounting are accounts payable and accounts receivable.
Record types are a further subdivision of record classes. For instance, the accounts payable record class can be further broken down into accounts payable aging reports, accounts payable distribution reports, cash disbursement reports, and other categories.
IoT Challenges are varied and unique to the capture of real-time data
IoT Challenges – IoT is more than internet enabled sensors and analytics. It is a way to get real-time information. There is a very good chance that the IoT device can be remotely controlled, monitored, updated and maintained using remote management tools, sensors and predictive analytics that continually collect device data that can identify problems before they happen.
Granted most of these devices are not critical in life or death situations. However, there can be property loss when a device fails, does not have the current BIOS or software, or is used in an inappropriate manner. In addition the implications on data storage in order to meet the mandated records management requirements have not been understood to their fullest.
Add that to the fact that typically IoT data is proprietary and enterprise confidential, security is a major concern.
What is HIPAA and how can an enerprise comply with the mandated requirements
What is HIPAA Privacy Rule – provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of personal health information needed for patient care and other important purposes.
There also is a HIPAA Security Rule – It specifies a series of administrative, physical, and technical safeguards for covered entities to use to assure the confidentiality, integrity, and availability of electronic protected health information. This places unique challenges to the Business Continuity and Disaster Recovery Planning processes.
What is HIPAA and how does it impact overall Compliance Management?
Federal and state government regulations (see state compliance requirements) can be a big problem for today’s organizations. There are more than 100 such regulations in the U.S. alone, and that number continues to grow. These are in addition to industry-specific mandates. They are all designed to safeguard the confidentiality, integrity, and availability of electronic data from information security breaches. So, what are the consequences if your organization fails to comply? Heavy fines and legal action. In short, it’s serious.
CIOs Management Focus Janco conducted a survey of C-Level executives to get a clear understanding of what CIOs are focusing their management talents
AnyConnect Windows 10 An example of a best practice for patch management and version control. An issue arose after an update by a major vendor and how to implement a best practice to have a solution in place for a critical application.
This tool kit has been updated to meet all of the EU’s GDPR mandated requirement. In addition, it now reflects all of the requirements of the newly enacted California Privacy Act and contains the Privacy Compliance Policy with its associated electronic forms and job descriptions.
Cyber Currency Hacker Target as the population of Blockchain applications expands.In the last year there was a boom in malicious cryptocurrency mining. That is where cyber attackers secretly hijack the processing power of computers, servers and even IoT devices and use it to mine for cryptocurrency. While it is not very lucrative in the short term, it is stealthy and can be sustained over a long period of time. Typically it is taking very little from each PC, most users don’t even know their machine’s processor is being used to line someone else’s pockets.
Ransomware a much more aggressive approach: pay up, or risk having your files permanently locked.
Both cryptojacking and ransomware continue to be widespread threats, other attackers are quietly deploy a potentially much more damaging threat: trojan malware.
Trojan malware sneaks onto your PC by disguising itself as something else, often hidden in a malicious attachment that’s distributed with a phishing email.
Trojan attacks range from those using commodity malware, with phishing emails spammed out in bulk in the hope of scooping up victims for the purposes of stealing their login credentials, banking information or other private information. Other attacks are far more precise, targeting organisations or even individuals to gain access to specific data or information: this can be for creating a persistence presence on their network for espionage, stealing data and selling it, or loading other malware onto the system.