 |
SharePoint Seminar: Unlock the Power of Collaboration |
Top |
Join IND and Microsoft to learn how to optimize your organization's power of collaboration. This workshop will demonstrate different ways for your company to utilize SharePoint to further build teamwork and maximize the time and energy needed to complete any project. We will also be demonstrating how to integrate SharePoint with Enterprise Management Server to further advance your collaborative power.
SPACE IS LIMITED TO 20 ATTENDEES SO REGISTER TODAY!
Date : Wednesday, June 13, 2007
Time : 12:30 PM - 3:30 PM
Location : The Park Avenue Club, Florham Park, NJ
More Information & Registration
 |
Identity Theft: How to Protect Your Company, Customers and Employees from Identity Theft in the Workplace |
Top |
” Given the cost of a security breach – losing your customers’ trust and perhaps even defending yourself against a lawsuit – safeguarding personal information is just plain good business.” FTC – Protecting Personal Information: A Guide for Business
On January 1, 2006, The New Jersey Identity Theft Prevention Act (NJITPA) took effect. This Act requires businesses operating in New Jersey to safeguard personal information related to any individual, including customers and employees. The NJITPA defines "Business as a sole proprietorship, partnership, corporation, association, or other entity, however organized and whether or not organized to operate at a profit, including a financial institution organized, chartered, or holding a license or authorization certificate under the law of this State.” The term “personal information” is broadly defined, including, but not limited to, first and last name, driver’s license number, date of birth, social security number, employee id number, medical information, account numbers, images, and signatures. This Act is one of the toughest laws in the nation.
The Act requires that companies “take all reasonable measures to protect against unauthorized access to or use of personal information.” Reasonable measures include how you dispose of information, for example, the NJITPA states you can dispose of information, “by shredding, erasing, or otherwise modifying the personal information in those records to make it unreadable, undecipherable or non-reconstructable through generally available means.”
You must also create a policy addressing protecting personal information against unauthorized access and educate your employees on the new policy.
If your company suffers an information breach the NJITPA specifies who must be notified, how and when the notifications may be delayed. Additionally, your company’s exposure could include lawsuits and civil penalties up to $3,000.00.
How could a breach affect your Customer or Employee?
There are five types of identity theft:
• Financial/Credit
• Division of Motor Vehicle (DMV)
• Social Security Number (SSN)
• Medical Information
• Character/Criminal
The personal impact of identity theft to your customer or employee, due to a breach at your company can be manifested in several ways. This is why you should be concerned as an employer or business owner. What is your liability when…?
• Your client was implicated in an international investigation of child-pornography due to their credit card information being used and it was stolen from your office or sold by your employee.
• Your client has been suspended from her job due to an investigation by her employer, the Board of Education, for prostitution charges acquired in her name, yet it was not her.
• Your employee receives a notice from the IRS that he owes $5,000.00 in income tax for a job he held, or really his Social Security Number held, in Florida and he has never worked outside of New Jersey.
• Your client is visited by the Division of Youth and Family Services (DYFS) to remove her four children from her home because she recently gave birth to a child that was addicted to drugs and your client had her last child four years ago. Someone had used your client's medical information instead of her own.
• Your employee is arrested in front of her neighbors and family because of a warrant for her arrest for non-appearance in court due to traffic and moving violations in towns where she has never driven. Someone had used her driver’s license information instead of her own.
How will the requirement for you to report a breach to your clients and employees affect your company’s reputation? How will addressing the above personal impact of identity theft affect your bottom-line? These are not easy questions to answer.
Steps you can take to protect yourself:
The recent growth in identity theft gives new meaning to the word “pandemic”. But how does a company protect itself, its customers and its employees? Ben Franklin put it best when he said, “An ounce of prevention is worth a pound of cure.” Be proactive. Put policies and procedures in place now to avoid disasters tomorrow.
Specific steps your company can take:
• Securely store and destroy personal information - Lock it, encrypt it, limit access to it and shred it. Prevention is the key.
• Train your employees on your new and/or updated policies and procedures and educate them on Identity Theft– Employees who handle personal information should understand how to do so confidentially and know what they should do personally to protect themselves.
• Define a process in case of a breach - Most companies experience breaches due to four factors: incompetence, equipment loss, hackers and rogue employees. No process is 100% effective, so plan for a breach. Define how you will notify your customers, address consumer losses, determine what data or personal information was breached, address the media and deal with legal issues.
• Make Identity Theft Protection available to your employees (and customers, if applicable) – Providing an appropriate identity theft service can potentially reduce your company’s liabilities against actual losses suffered and lawsuits from those affected. Look for services that are proactive with credit monitoring and help your employees and clients before, during and after an identity theft incident and provides access to an attorney for consultation, letter writing and assistance with false arrests. Also look for a service that helps your employees or clients restore their credit histories to their original state. Some companies provide the information to do this and some companies provide a professional to do the work on behalf of the victim.
• Understand the data security and breach notification policies of your vendors and suppliers - Recently, several accounting firms have lost their clients’ customer and employee personal information. Ask for their policies in writing.
• Perform an internal audit - Review and update your company’s policies and procedures governing confidentiality, privacy, background checks, data access, document access, retention and destruction. Only retain the “personal information” that you need for both customers and employees. Additionally, store them in the appropriate place, e.g., should you keep employees job applications containing sensitive personal information with their Attendance Sheets?
• Appoint an Information Security Officer – Although not required for all the new laws, it is a good idea to have a person appointed who is responsible for your company’s compliance to the laws. They can also assist with the above-mentioned activities.
• Continually, investigate ways to minimize a breach and your company’s potential liability in the event of a breach.
Identity Theft is a crime that is evolving every day. It is a formidable challenge to law enforcement and businesses. Understand what you must do to comply with the new laws and protect your business, employees, customers and reputation.
Article contributed by:
Veronica A. Jenkins
Independent Associate for Pre-Paid Legal Services, Inc.
vjenkins@prepaidlegal.com
908-685-7117
www.veronicajenkins.idtforbusiness.com
 |
How Complex Does a Password Need to Be? |
Top |
The answer to a question about password complexity depends on the possible characters that comprise the password, and how many characters the password contains. If you only use the 26 characters of the English alphabet and your password is only 2 characters long, then you have only 676 (26 to the power of 2) possible passwords. A password-cracking computer program can guess any password of this length that you create from two letters in a fraction of a second.
If you choose your password from both lowercase and uppercase characters, numbers, the ten number keys, and the 32 special characters on your keyboard, such as the comma and the asterisk, then the number of distinct passwords increases to 9,216 (96 to the power of 2), which is still a low number. However, if you make sure that the password consists of at least 7 characters, then the number of possible combinations increases to over 75 trillion, or to be exact -- 75,144,747,810,816 (96 to the power of 7). It would take a hacker over 2,300 years to try every possible combination if the password-cracking program tried 1,000 possible passwords every second.
Using a very powerful computer that tried one million passwords every second, it would still take 2.3 years. If you change your password every month or two, the password will most likely be different by the time the hacker has cracked it.
Wikipedia.org has the following to say about Strong Passwords:
Examples of stronger passwords include:
t3wahSetyeT4 - not a dictionary word, has both alpha and numeric characters
4pRte!ai@3 - not a dictionary word, has both cases of alpha, plus numeric, and punctuation characters
#3kLfN2x - same as preceding
MoOoOfIn245679 - long, with both alpha cases and numeric characters
Convert_100£ to Euros! - Phrases can be long, memorable and contain an extended symbol to increase its strength.
These passwords are longer and use combinations of lower and upper case letters, digits, and symbols. The longer and the wider the variety of symbol choices, the more intensive the password cracking effort or well matched the Rainbow table must be to defeat the password; assuming that suitable password hashing and protection methods are in place.
Further, not using a single word makes password cracking word lists a less effective form of direct brute force attack. Note: some systems do not allow symbols like #, @ and ! in passwords and they may be hard to find on different keyboards. In such cases, adding another letter or number or two may offer equivalent security.
The above examples, having been published in this article as password examples, are no longer good choices; examples from publicly-accessible discussions about passwords are obviously good candidates for inclusion in a dictionary to be used for a dictionary attack. However, beware that even "strong" passwords (by this limited criterion), and especially human-chosen passwords, are not equivalent to a strong encryption key, and should not be used as such, if for no other reason than that they contain no unprintable characters. Passphrases and password-authenticated key agreement methods have been used to address this limitation.
Microsoft Windows Servers include tools and options that can help enforce a password policy within your company. The team at IND can assist you in determining the right password policy and implementing automated settings to ensure your environment and users are secure.
 |
Exchange Server 2007 Offers Business Continuity |
Top |
Microsoft Exchange Server 2007 provides out-of-the-box high availability, disaster recovery, and clustering capabilities. Continuous Replication ensures data is backed up and recoveries can be made in minutes, even between geographically separate sites.
Continuous Replication comes in two flavors, providing the flexibility for organizations to deploy just the availability they need.
• Local Continuous Replication utilizes log file shipping to create a second copy of the database attached to a single server. In the case Local Continuous Replication of data corruption or storage failure, switching to the copy of the database takes minutes to recover instead of potentially hours to restore from backups.
• Cluster Continuous Replication runs within an active/passive Microsoft Cluster Server to maintain an always up-to-date copy of the database on the passive node. Providing symmetric fail over and fail back, this configuration provides complete service and data redundancy, allowing you to automatically recover from disasters with minimal impact to your users.
With Continuous Replication, further backups can be made from the second copy of the database, reducing the load on the production database. The traditional Single Copy Cluster solution is still available in Exchange Server 2007, offering service-level availability in a cluster without requiring a second copy of the database. For server roles outside the Mailbox role, Network Load Balancing improves server role scalability as well as provides a level of redundancy to ease maintenance and protect against disasters.
|
|
Summarize an Outlook Contact's Activities |
Top |
On an Outlook contact record, the Activities tab reveals a summary of every Outlook item you've associated with that person. When you click the Activities tab, Outlook starts a search for all items linked with your contact. If you have a large collection of Outlook items, the search can take some time. If you're sure you want to find something specific, such as an e-mail message, click the scroll-down button (triangle) next to the word Show and choose the type of item you want. Outlook looks only at the kind of items you've specified, and your search will go faster.
|
|
