Your critical data. A different angle

Your critical data. A different angle

EVER EXPERIENCED THE UPPERCUT KNOCKOUT BLOW?

An uppercut to the chin in boxing is the most devastating knockout blow. You don’t see it coming and it hits you so hard in a place you are most vulnerable… the next thing you know is you are down and out! When you finally get back on your feet, you are totally confused, you are wobbling, you are trying everything to just stay on your feet. Most times you never recover and eventually lose that fight. This is a real-life perspective for us to compare with our Cybersecurity and Business Continuity decisions. Can you prepare for that “uppercut to the chin”?

THEORY VS REALITY

Can you relate? There is the theory, and then there is reality. The reality of the effect a Cybersecurity network breach or loss of your data has on your business is quite similar to the uppercut. In a natural disaster such as a hurricane, if you are the last-minute type person, you typically have less than 3-4 business days to prepare and no time to prepare in an earthquake. You may have very good insurance policies but will they help you within the first 2-3 months of your devastation? Your teams will be so focused on their own personal family issues and the attention you will need on the critical business resources will not get the type of priority you want due to all the circumstances “outside” of your control. Are you ready for this?

A CHANGE IN THE WAY OF THINKING … DO YOU NEED ELECTRICITY TO RUN YOUR BUSINESS?

Do you even think about the electricity as optional for your business … one way or another, your business needs energy to operate and be successful. Energy is the fuel that keeps the moving parts moving and allows for the ongoing business process each day. You just don’t question it … well, the next most important asset in your business is your people and your data … without the people, you have no business and without the data, you will have no people and no business. It’s just this simple.

IMPLEMENTING THE NEW CYBER SECURE POSTURE … WHO DO YOU DEPEND ON FOR THIS?

In the same way, the insurance policy won’t bail you out in the first moments of your catastrophe. A network breach will have you stunned and thinking “what do I do next, who will do it, and how do I restore the data to get back to normal as fast as possible?” The answer to this is developing a Cybersecurity posture in advance and developing company policies around it so you are ready for that uppercut you don’t see coming. IslandNet can help you with our team of professionals. We have basic solutions for Cybersecurity and Business Continuity from as low as US$500 per month and we can develop the roadmap your company desperately needs to be ready for the new digital economy. Don’t get caught with the surprise uppercut that knocks you out and keeps you down … call us!

HOW TO FIND MORE INFORMATION ON ISLANDNET BUSINESS CONTINUITY AND CYBERSECURITY SERVICES?

At IslandNet, we are available from 8am-9pm M-F and 10am-5pm on Saturday and Sunday. More details on our services can also be found on our website www.islandnetjm.com where we also accommodate live chat Q&A during business hours and we can also be reached at 876-606-0000, or via email to sales@islandnetjm.com … we welcome your questions.

 

Your Customer Data …be careful with it!

Your Customer Data …be careful with it!

HOW DOES THE NEW DATA PROTECTION ACT AFFECT MY BUSINESS?

The revised and recently passed Data Protection Act, 2020 provides Jamaica with the regulatory authority to create and monitor data sharing and data storage standards (under the purview of newly appointed Information Commissioner).  This legislation will provide increased privacy protection for ALL Jamaicans and will improve our technological image to international investors. 

The new legislation will also require identified companies to complete an annual Data Impact Assessment (DIA).  Island Networks can serve as your Virtual Data Protection Officer (VDPO) and already has cybersecurity solutions that will provide your organization with a detailed history and assessment of your IT infrastructure. As details of the DIA requirements become clearer, Island Networks will be able to include this assessment as part of your managed IT service package.

WHAT TYPE OF DATA WILL BE CONSIDERED ‘SENSITIVE’ PERSONAL DATA

As stated in the Act, the following data types are all classified as ‘sensitive’:  Genetic or biometric data, racial or ethnic origin or affiliation, political opinions, philosophical beliefs, religious beliefs, membership in any trade union, physical or mental health conditions, sex life, and any documented proceedings related to any alleged criminal offences by data subject.  Additionally, biometric data can include: finger/toe prints, photographs, retina 

scans, eye color, blood type, signature, and voice.  As is evident, the health care community will be one of the KEY industry segments with plenty of work to do! All physician offices, labs, clinics, surgery centers, hospitals and health insurance providers will need to take steps to secure their operations and learn how to improve their data security. Any practitioner considering more telehealth applications needs to ensure that by adopting these technologies they are not exposing their patients to unnecessary threats.

WHAT HAPPENS IF MY ORGANIZATION DOES NOT COMPLY WITH THE NEW ACT

The penalties for non-compliance will vary based on the types of data, and level of breach.  A data controller that willfully releases sensitive data that is ‘likely to cause substantial damage or distress’ can serve up to 10 years jail time if indicted. Other offences carry fines that range from 2M-10M and carry 2-5 years jail time. The Government of Jamaica’s aim is to provide ongoing direction and support so that organizations are not caught off guard and are able to fully comply, regardless of size and budget.

HOW COMMON ARE DATA BREACHES?

Data breaches are unfortunately more common than most realize. Jamaican companies have historically NOT been required to report data beaches like their US counterparts. 

Under this new act, companies will be required to report on the breach within 72 hours of becoming aware of the contravention or breach to the Information Commissioner. Breaches not reported will hold a stiffer penalty for the offending organization.

HOW DO I KNOW IF I’VE BEEN BREACHED?

Unfortunately many times they go completely undetected…Sometimes companies only find out once the damage has been done and they are notified by the person(s) whom were affected.  Every company should have a proactive methodology to monitor network data traffic and use techniques like pattern recognition to flag any unusual activity. Hackers may explore network entry points for days or weeks before the real attack begins…Island Networks Level 4 security operations center in Kingston provides companies with the peace of mind to have continual ‘eyes’ on your network.

HOW DO I GET MORE INFO ON ISLANDNET CYBERSECURITY – VIRTUAL DATA PROTECTION OFFICER SERVICES?

Call IslandNet at 876-606-0000 or email sales@islandnetjm.com during business hours. We will be ready to help you understand the right path to take. The final details and rules regarding implementation of the Data Protection Act will be based on regulations that are yet to be released.

CyberSecurity and Health Care

CyberSecurity and Health Care

THE THREAT LANDSCAPE

The threat landscape is growing at a fast pace and evolving daily. You don’t want to be one of those businesses that “wished” you did something BUT now suffering the consequences. It will be an extremely painful experience! If your healthcare facility is connected to the world-wide-web in “some” capacity, you are susceptible to cyber-attacks. In 2017, The “Wanna-Cry” ransom-ware made headlines in the United Kingdom by simply exploiting a standard Microsoft Windows computer desktop vulnerability which led to the cancellation of 20,000 appointments at the Montpellier medical centre and the exploitation of a simple email “phishing” attack on the staff email containing the virus. This crippled the facility and cost millions to resolve, not to mention the extreme damage to their reputation. Today, the vast amount of machines and devices that are utilized inside and outside the healthcare facility and ARE connected to the local network and/or the Internet in order to properly function and work for the healthcare provider…has dramatically increased. This number will continue to grow and you must embrace this reality. The next reality is you must embrace a working strategy to protect the entire environment.

PROACTIVE CYBERSECURITY

The typical IT department for a healthcare provider is focused on keeping desktops, payment systems, and important medical machines working and delivering services. A proactive strategy is one that is constantly monitoring, detecting, responding, and reporting in-depth on the vulnerable areas on the healthcare network. As our clients trusted security advisor, we are always assessing your environment and making ongoing recommendations on how best to improve you network security posture. Security now goes far beyond the traditional appliance… it now involves people, processes and procedures. This is not done by the typical healthcare IT department simply because they don’t have the relevant personnel, capital expense budget, and of course the professional expertise in Cyber Security. The trade-off to this is a reactive approach to Cyber Security, which can only be stated as THE APPROACH to avoid.

THE REAL COST OF CYBERSECURITY

Of course, there is a real cost to this type of implementation but we must all begin to see CyberSecurity as a utility monthly expense, just like we see paying our electricity, water, and monthly critical services. Everything in your environment is being connected to the internet and our world has dramatically changed before our eyes. IslandNet has designed its CyberSecurity services to be an operating expense to your business and our team of professionals fill the voids that your IT team needs help with. The options you have in being reactive to your issues, will ultimately cost you significantly more. Call us.

WHAT ROLE I PLAY AT ISLANDNET

As the Network Security Manager, my role encompasses the management of all network security at IslandNet and the development and design of all CyberSecurity implementations for our customers. This is done carefully while working with a strong group of Cyber Professionals to include our incredible Chief Information Security Officer who develops policy and Cyber Posture for all our customers. I look forward to working with your team and taking your healthcare facility to new heights.

HOW TO FIND MORE INFORMATION ON ISLANDNET CYBERSECURITY SERVICE

Although today we have eighty percent (80%) of our workforce operating remotely during the Covid-19 Pandemic, we are available from 8am-9pm M-F and 10am-5pm on Saturday and Sunday. More details on our services can also be found on our website www.islandnetjm.com) where we also accommodate live chat Q&A during business hours and we can also be reached at 876-606-0000, or via email to sales@islandnetjm.com …. we welcome your questions.

The Strength of our weakest links in Cybersecurity: Human Behaviour

The Strength of our weakest links in Cybersecurity: Human Behaviour

Even during this time of the Corona pandemic, one might hear of the various cyber attacks happening within organizations in Jamaica, primarily ransomware attacks. You might also have heard that Zoom had to fix an issue where approximately 500 thousand accounts were given away for free on the Dark Web due to the use of weak popular passwords. Just think about how that could have affected your meeting conversations and online classroom sessions. “Who is that person logged on to our session?”

Users of various systems and tools owned by your organization need to be aware of the DOs and DONTs of Cybersecurity, and one effective way to accomplish this is through implementing company-wide annual Cybersecurity Awareness Training program along with governing security policies and methodologies to track compliance and achievement of the program.

IslandNet cybersecurity services can help you to implement a cybersecurity awareness program quickly and effectively.  Ask us how! Email us at: cybersecurity@islandnetjm.com

CyberSecurity and Health Care

Is the network firewall good enough for my business?

One of the biggest misconceptions about security appliances is that they are all the same. Just because a device has the word security does not mean it is secure enough for your organization. Firewalls may look alike, but they are not the same.

Managers need to ask themselves what real value they are getting from their security appliance. Do you have full visibility of traffic traversing your firewall? Are you scanning data between different internal networks for malicious attacks? What level of protection do you have against zero-day attacks? With the lack of technical resource, are you able to automate the process in the event of an attack? And do you have the technical expertise to ensure your device is configured optimally?

The attack surface is growing every day and the organization needs a solution that will provide value and peace of mind, without breaking the bank.

Security failures that can occur from remote work

Security failures that can occur from remote work

COVID-19 has revolutionized the way we work. Approximately 40% of the world’s workforce is now working from home. Which means, they are ONLINE. Unfortunately, the only way to 100% guarantee that a user will never succumb to an attack is by disconnecting, but that is not a feasible option.

The next best thing is training our users by providing awareness and ensuring the tools they are using will provide the protection that is needed. Whether they are using company devices or their own, users are susceptible to malicious attacks.

We must ensure that level of protection is extended to our remote workers through various ways. Such as, multiple authentication methods for Virtual Private Network (VPN) connectivity, screening and monitoring company VPN traffic, and having proper anti-malware software installed. Also important is monitoring other methods of access to the network such as Remote Desk Protocol (RDP) and Public access to internal resources.

Without these mechanisms in place, your users are vulnerable to phishing attacks for personal data, or spyware installed for spying on user’s activity which may eventually lead to a ransomware attack that may render a resource unavailable until the ransom is paid. Let us be proactive in our approach, a step ahead in the game.