Politics aside, it is big news that Hillary Clinton and certain State Department personnel responsible for information technology (IT) security are in hot water – for allegedly enabling and/or failing to prevent the proliferation of sensitive government e-mails through an unsecured server. Without proper security, e-mails and other electronic records are vulnerable to hackers, viruses, physical disasters, and data theft – which could result in serious financial, legal, and operational issues for businesses and other entities.
New Jersey and New York businesses should be aware of risks of unsecured email server
As an IT managed services firm responsible for clients predominantly in the New Jersey and New York areas, we hope your business does not have its own “Hillarys” and the concomitant risks associated with unsecured servers. More broadly, we are concerned about the security of our clients’ overall IT equipment, software, networks, data, and processes.
In fairness, it should be noted that the Presidential and Federal Records Act Amendments of 2014, which clarified the responsibilities of Federal government officials when using non-government e-mail systems, was not signed into law until after Clinton’s tenure as Secretary of State. Also, several officials in the Bush Administration, as well as former Secretaries of State from both parties, have been criticized for using personal e-mail accounts in association with White House communications. The various legal, judgmental, and operational issues associated Hillary Clinton’s electronic records are complex, requiring an analysis of all the facts. Consequently, we maintain our non-partisan stance and leave those issues to be figured out and resolved by the appropriate government officials.
The issue of IT security
However, the issue of IT security remains a major one for both large and small businesses. A recent prominent example was the hacking of up to 80 million records of personally identifiable information at insurance company Anthem Inc. PII (Personally Identifiable Information) is much more valuable to a hacker than someone’s medical record, opening the potential for a massive identity fraud. A few months ago, Anchorage Community Health Services agreed to settle potential violations of the HIPAA Security Rule, paying fines of $150,000 and adopting corrective actions associated with electronic protected health information (ePHI) vulnerabilities to hacking, theft, malware, and other risks. According to a National Small Business Association survey, 44% of small businesses have been attacked, with costs averaging $8,700 per incident.
We believe the sophistication and prevalence of computer hacking will increase over time. This will require ongoing improvements in small business security measures, designed to reduce vulnerabilities and avert increasingly adroit hackers.
Many times small businesses are at increased risk versus larger companies, as owners are often hesitant to invest the necessary time and money into adequate IT security measures.
Given the significant financial and operational risks associated with cybercrime, along with increased awareness, we believe small business owners will be allocating more resources to protecting their businesses in 2015 and beyond.
We continue to promote best business practices when it comes to protecting and securing your data and ensuring business continuity with proactive implementation of best-in-class Cloud-based network security solutions and services. Backup methods of the past (such as tape, disk, and NAS (Network-attached Storage) device) backups alone are no longer sufficient, as your business data is getting more vulnerable to internal and external dangers.
In summary, don’t empower the “Hillarys” to put your business at risk. Key protection actions items include things such as hiring computer security consultants, installing firewalls and antivirus software, securing e-mail and credit card information, anti-phishing practices, tightening up password procedures, and implementing ongoing system and network monitoring, management, and reporting activities.
If your business does not use a secured server, or if you feel what you have now may be inadequate, the time is now to take control. If you are not sure where to start – let’s start with a conversation.