Over the last several months, Centrend has been conducting compliance audits and participating in various panel discussions and has plans to lead workshops on compliance with the new Mass personal information protection laws. We have experienced a definite change in the mood of our clients with regard to the new regulations. With only six months to the deadline, business leaders are now focusing more serious attention on the new law than ever before. Whether the concerns be administrative or technical, organizations are now forming task forces, action plans and executing the next steps toward compliance.

Centrend Regulatory Compliance for Information Protection workshops will be announced soon.

***

-Bill

***
Bill Bowman
Senior Technology Advisor
Centrend, Inc.
508-347-9550 x135

We are told by the Commonwealth of Massachusetts that there will be no more extensions. Whether you are ready or not, in less than six months from now, you will be required by Massachusetts law to take very specific and proactive steps to secure all forms of personal information you collect about Massachusetts residents, whether they may be customers, employees or contractors.

The Office of Consumer Affairs and Business Regulations has extended the deadline for the last time for new regulations (201 CMR 17.00) which become effective January 1, 2010. The regulations mandate that everyone take more responsibility for the active protection of personal data.

It’s now a matter of who is going to be ready and who is not, and what’s the next step for your organization?

-Bill

***
Bill Bowman
Senior Technology Advisor
Centrend, Inc.
508-347-9550 x135

Recently, I prepared my company’s Quickbooks file and sent it off to McClaren & Associates, my CPA firm.

Because the file was over 30 megabytes, the best way to get it to them was to burn it on a CD and drop it in the mail. Before I burned the file to the CD however, I had encrypted the data file with PGP Desktop to form a Self Decrypting Archive. This means that the data itself becomes scrambled, and no one in the world (including even most major governments!!) will be able to unscramble it unless they have the “key”. When my CPA’s office received the CD, they would enter a password (the “key”), that we previously agreed to verbally, and would then be able to unscramble and save the file into a format Quickbooks will understand. This method of data protection is far beyond merely password protecting the opening of a file, and is extremely secure.

Now for the lesson: What are the chances, but wouldn’t you know it got lost in the mail and never made it to their office!?! This is a true story. Thankfully, I had the file encrypted.

Remember folks, this was my entire accounting system file and had all my customers, vendors and employees information in it. Much of this data, such as credit card numbers, bank account numbers, social security numbers, and other personnel data is deemed personal information and controlled by Mass CMR 201 CH17 is contained in the file!

Wouldn’t you cringe if this happened to you and the file you sent was NOT encrypted?

Remember, even though a Quickbooks file may be password protected it can still be opened by anyone by simply accessing Google.com and searching for a Password Cracker for Quickbooks. Also, even if the password is not determined, the personal information could easily be extracted by even a novice hacker.

Fortunately, all my customers, vendors, and employees can REST EASY. How safe are you keeping your stakeholder’s data? Do you have CDs or USB drives or even tape backups lying around unencrypted?

For more information, contact Bill Bowman or me about a free network security risk assessment and CMR 201 CH17 compliance assessment to help you keep your customers, vendors and employees data safe and sound.
-Paul

***
Paul LaFlamme
President & CEO
Centrend, Inc.
508-347-9550 (LiveCall:508-347-9550) x115

The ‘Conficker’ virus, also known as ‘Downadup’, is a Trojan virus which was first detected in November, 2008, and is particularly difficult for officials to deal with because of its sophistication. The good news is that all of Centrend’s IT program clients are safe and protected from the attack. As the newest version of the virus, known as the ‘Conficker C’ variant, propogates itself, we are prepared to deal with the outbreak for those who are not currently Centrend clients.

The ‘Conficker B’ version of the virus spread rapidly and by February had infected an estimated 12 million Windows PCs world-wide. So, there is potential for an even more widespread infection with the latest variant that has already infected an unknown number of PCs, and is expected to change its activity on April first. Conficker has the ability to create its own peer to peer network, so it communicates from one PC to another across many kinds of connectivity or through portable media, such as USB drives and CD-ROMs. Anyone who has questions or is unsure about whether or not their PC is infected or vulnerable to the Conficker virus should contact Centrend for assistance.

- Bill

***
Bill Bowman
Senior Technology Advisor
Centrend, Inc
508-347-9550 x 135

Technology Results within a CEO’s Timeframe

Does your organization have a policy in place regarding unsolicited commercial e-mail? Let’s think about the underlying principles your e-mail policy should be based upon.

The act of sending an Email message without the prior consent of the recipient is considered offensive. The sender of any Email message must have a prior established relationship with the recipient (they should at least know who you are), or the recipient’s express permission to be included on your e-mail list (maybe they don’t know who you are, but for some reason, they don’t mind getting e-mail from you).

Always ask permission to add a contact to your e-mail list. Allow the recipients of your e-mail to safely remove themselves from your list. Immediately remove anyone from your list who asks to be removed, and remove them without question.

-Bill

***

Bill Bowman
Senior Technology Advisor
Centrend, Inc.
508-347-9550 x135