Posts

The top 4 things that take you out of compliance

As the leader of an evolving organization, you’re expected to keep employee and customer data as secure as possible. However, aging technology and processes sometimes result in disconnects and even mistakes that interfere with regulatory compliance requirements. For example, the financial industry is rife with examples of tax and recordkeeping violations, and the penalties can range from hundreds to thousands of dollars.

So, what are common mistakes that cause otherwise responsible organizations in various fields to fall out of compliance when they make the move to new solutions? The following are some examples that you should avoid to minimize your risk of missing compliance requirements.

1. Forgetting about GDPR

General Data Protection Regulations (GDPR) went into effect in May 2018, and while they primarily affect European companies, they also affect American companies that collect, maintain or process personal data for people living in the European Union. If your business has no dealings whatsoever with folks in the EU, that’s one thing, but in today’s global economy, it’s best to be ready if you decide to expand at some point in the future.

Regardless, these regulations are a good standard to strive for. They require that businesses be aware of the types of data they collect, keep on top of security breaches and follow a clear, transparent consent process, among other things. For example, as an article in CSO explains, “Opting for a mailing list does not give the small-business owner the ability to use a customer’s data for something else unless this is outlined. Individuals should also know how to withdraw from your database at any time.”

Regardless, these regulations are a good standard to strive for. They require that businesses be aware of the types of data they collect, stay ahead of security breaches and follow a clear, transparent consent process, among other things. For example, as an article in CSO explains, “Opting in for a mailing list does not give the small-business owner the ability to use a customer’s data for something else unless this is outlined. Individuals should also know how to withdraw from your database at any time.”

It’s a good idea to keep GDPR in mind as you move to the cloud.

2. Not checking out third parties thoroughly

It’s likely that your business is partnering with at least one vendor to implement and improve cloud solutions. Perhaps a managed services provider is handling this for you, or maybe your business uses an offsite data center. In both cases, it’s still your responsibility to ensure that vendors and other subcontractors follow these guidelines to protect data and maintain the same level of security.

3. Allowing BYOD without a tight policy

Bring your own device (BYOD) policies are popular in many businesses, but they can backfire if the policies don’t follow a strict set of security protocols. For example, it’s necessary to have data encryption and strong password requirements to address any security issues with apps or software. Make sure you have an adequate BYOD policy in place when moving to the cloud or allowing employees to use their own cell phones, tablets and computers.

4. Collecting unnecessary information

Many customers don’t think twice about turning over personal data such as Social Security numbers, even for something as simple as a fishing license. However, as a general rule, if certain pieces of customer data aren’t needed, don’t collect them. If you do have a good reason for collecting the data that you do, explain your rationale to customers and share how you’ll use their data.

Aside from not having a disaster recovery plan or not providing adequate training for your employees, you should be able to meet compliance requirements if you avoid the four mistakes discussed here.

If you need help navigating the ever-changing landscape, you can always contact us. After all, shoring up your environment to meet compliance is vital to your success. Being aware of the security benefits that cloud computing offers will inform the steps you take to keep your company’s data as secure as possible.

3 things you need to do before implementing your BYOD plan

Deciding on, and then implementing a BYOD program can be a huge challenge. It may even seem like an intimidating and impossible task. While most businesses are attracted to the cost-efficiency of a BYOD program, there are certain things that must be done to ensure the plan is successful.

Understanding BYOD

BYOD (which you likely already know stands for “Bring Your Own Device“) is something that is becoming more and more common in businesses today. This type of program allows your employees to bring their own, personal mobile devices and use them for work-related purposes. This is in lieu of the company providing them with laptops, smartphones or other mobile devices.

If you are thinking about implementing the BYOD program, but you don’t know where to begin, here’s our short list of what you’ll need.

1

Establish a security policy for all devices

Before you allow your employees the freedom to access your company’s resources from any device, you need to ensure there are stringent security guidelines in place.

Most users are resistant to complex passwords and lock screens simply because they are inconvenient. However, an unsecured device can leave your business’s sensitive data prone to an attack.

To ensure everything is safeguarded, you need to make sure that your BYOD includes the following security guidelines:

  • Set the minimum required security controls for all devices, which includes password requirements and data encryption.
  • Determine where the data from a BYOD device is going to be stored.
  • Determine if your IT department can remotely wipe devices if it is lost, an employee is terminated, there’s a policy breach, disaster situation, or some other issue.
  • Are your employees going to be required to install a mobile device security application, or are workers going to have the ability to choose their own security solutions that meet set criteria?

The strictness of the guidelines that you set will depend on your industry.

Put protections in place against any legal liability

When you introduce devices owned by your employee in your workplace, then it may lead to legal issues. As a result, you need to implement policies that help you avoid problems. Some things to consider include:

  • Rights: What legal rights do your employees and the organization have? Know what these are to create the proper privacy requirements and regulatory requirements.
  • Responsibilities: Do employees who are using a device with a corporate app or data have the responsibility of providing protection for the device? What happens if no steps are taken to protect it?
  • Liability: Will the company be held liable if an action on its part results in private data loss? What liability lies with the employee?
  • Privacy: What are the steps your business is going to take to protect employee privacy?

3

Define specific and concise user guidelines

By creating acceptable use policies, it’s possible to prevent malware and viruses from getting into the system via unsecured apps or websites.

It’s a good idea to talk about the following questions with your IT team or your managed service provider to set up your acceptable use policies. These questions include:

  • What applications can an employee access from their personal devices? Make sure that you clearly outline the types of apps that are allowed and the ones that aren’t allowed.
  • What websites need to be banned while the employee’s device is connected to the business network?
  • What type of company-owned assets will employees be allowed to access on their personal electronic devices? Contracts, documents, calendars, emails, etc.?
  • What type of policies are going to be implemented to keep employees from transmitting or storing illicit materials or from engaging in unrelated activities on their devices?

A tip from companies that have implemented BYOD policies in the past is that if you block the “time wasting” sites such as YouTube and Facebook, it may seem somewhat controlling to workers. As long as employees continue to perform well, there’s no need to implement these types of restrictions.

The best way for you to successfully get your employees excited and on board with your bring your own device program is by working to create a trusting environment. If you implement excessive restrictions, then it may make your workers feel like you are actually infringing on their personal freedoms. Rather than doing this, take the time to let them know about the realities of a BYOD program, and give them the ability and opportunity to use this new freedom responsibly.

Implementing BYOD at your business: now you know

If you are planning to implement a BYOD policy for your business, then using the tips and information here can be extremely beneficial. After all, this type of policy can be extremely beneficial for your company, a well as your employees.

Devices icon

Keep in mind, you may have to tweak and alter your BYOD policy as you move forward. This is fine, just be willing to measure the success of the plans you have made to determine if changes are needed. By doing this, you will be prepared to ensure your employees have the best possible plan in place and that your company and your workers are reaping all the possible benefits that are offered by the bring your own device policy.

3 ways a BYOD policy for your business will make your life easier

In an effort to stay current, many companies (even the US government) are moving their solutions and tools to the cloud. Everything is interconnected via the internet, so it doesn’t matter whether the staff is in the building or not.

There are countless benefits to this change, but migrating to the cloud has its own potenial problems. Here is one of the most basic one. How do you handle employees working from their own devices? Do you provide employees with company devices? Or do you just let them use their own if they want to?

While there are benefits to both approaches, a solid BYOD (Bring Your Own Device) policy can make the whole thing a lot easier on you. Especially if you lead a smaller company with limited capital.  You get the assurance of good cybersecurity practices, and your employees get the flexibility they want.

If you BYOD policy is well planned.

Who doesn’t want lower overhead?

You can’t zero-out your IT budget. Not unless you want your staff to ditch all technology. (We don’t recommend that.) But there are ways to bring your tech-based overhead down.

Like utilizing BYOD.

Providing a device for every employee has a steep upfront cost, especially for an SMB or startup just getting on its feet. Even a cheap laptop will run in the hundreds-of-dollars. More specialized equipment, like Apple products for your design team, will cost even more.

We recommend providing equipment that’s essential to your staff to do their jobs. But if you already do that and they want to use their own tablet or laptop, as well, that benefits you—without an additional cost.

Factor in the increase in productivity, and it’s an automatic win for you.

Speedier training

Think about this: if you could get a boost in productivity with no investment of time or money, would you?

That’s what you get with a BYOD policy.

When your staff is empowered to bring in their own device, they’ll be working on equipment they already know and like.

No training. No expense. No lost time. You’ve preemptively checked off one item on their training itinerary.

Better equipment

People tend to update their personal equipment more often than their employers do. (And many businesses tend to hang onto their equipment much longer than they should). Newer equipment means tech tools that operate faster with fewer breakdowns and repairs.

Most people replace their personal devices when it’s convenient or when a newer device comes out, regardless of the performance of their current device. Businesses tend to replace their equipment when the old device breaks down, which could mean that it ends up being years out of date.

Long story short—most of the time a BYOD policy will mean your employees have greater access to newer equipment.

The policy itself

BYOD, in general, brings several benefits to the table. But without a written policy the practice can cause more trouble than it’s worth.

Here are several areas worth covering in the policy.

  • Acceptable use
  • What devices qualify for use
  • Whether the in-house IT department will perform repairs on personal devices or not
  • Whether the company will reimburse/subsidize for the use/repair of personal devices

And most importantly . . .

  • Security policies

The biggest downside to BYOD is the potential security risk. Since your IT team doesn’t directly manage these devices, you have limited control over what the user is or isn’t doing with them.

Your security policy should definitely include requirements for anti-virus and firewall use. Perhaps the IT team can give it a once-over as part of the employee’s onboarding process, or check in every so often to make sure the device is functioning properly.

A required best-practices training course could also be a good means of keeping the device safe for use on your network. And you should absolutely train employees to understand the inherent risks of using public Wi-Fi. Sure, it’s free, but it may not always keep your company data safe.

Nothing matters as much as security.

A BYOD policy has a lot of benefits—for your business and your employees. Just make sure you think through all the potential pitfalls.Do your research and draft a policy keeps your company data safe. And if you need some input from some experts in the field, don’t hesitate to give your managed IT services provider a call.

Business Mobility Tips for Bad Weather

Across the country the last few days, the cold weather has been devastating. Raleigh-Durham had its coldest day in 130 years. They call this one the “bomb cyclone” because of the sudden and extreme drop in temperature. Weather like this is uncommon in the South, but in the Northeast, it’s somewhat expected. This past October, 80,000 Maine customers lost electricity. With this kind of weather, businesses everywhere must prepare their staff for mobility. Here are our mobility tips for keeping downtime to a minimum and keeping your staff productive and collaborative even when the office is inaccessible.

Ensure You Have the Right Tools

As most business owners already know, the wrong tools can slow your growth (or bring it to a halt). The same goes with productivity and collaboration tools. An essential component of running a smooth process is first and foremost getting your team all on the same software. This could be Office 365 or G Suite for Business or whatever makes sense for your company. Every member of your staff should be well-educated on the tools of the office, so there are no hiccups when employees are on their own.

Communication is key. Audio and video conferencing tools should be thoroughly researched and available so your staff can continue with meetings and brainstorming sessions that yield productive results.

Tied into this, you may want to explore a BYOD (Bring Your Own Device) program. The key here is to ensure your security protocols are maximized, even when employees use their own iPhones or laptops.

Automate Whenever Possible

We haven’t quite made it to the land of artificial intelligence. However, that doesn’t mean we can’t improve our businesses with automation and with machine learning. When bad weather strikes, the fewer manual tasks your staff has to perform, the smoother your company will run. Assessing your workflow and automating whenever possible can yield incredible results – and that’s not restricted to bomb cyclones or any other bad weather days.

To properly automated, you need to fully understand the complexity of your processes. Gather your staff together and start charting out how products are released, how distribution and channeling is tasked out, and how information is shared. The simpler you can make these, the more effective your business will run when your team is unexpectedly scattered.

Get as Much in the Cloud as You Can

The cloud is the new business powerhouse. In fact, Gartner predicts that by 2020 cloud deployment of software solutions will be the default option. This shouldn’t be a surprise because the enterprise-level security you get in the cloud, combined with the ideal mobility, gives you many advantages over the old model of server storage in the basement.

When bad weather hits, on-premise data storage can be tricky at best and devastating at worst. By migrating to the cloud, you give your team secure access wherever they are. This gives you and your employees the best chance of limiting downtime and keeping productivity high and heading toward your goals.

Get Your BDR Plan in Shape with EaseTech

One of the main factors in combating bad weather is preparation. For businesses, this lies in your backup and disaster recovery plan. The plan itself is a living document that should detail the procedures and processes for getting back to business when the worst happens. Your BDR plan will give tasks to each employee, so there is never a question as to how the business will continue.

So, when you’re prepared for the worst, you can expect the best results.

Related: How to Build a Disaster Recovery Plan for Accounting Firms