Tag Archives: security

What Do You Know About GDPR?

Posted on by
Reply

I recently attended a lecture by a former FBI special agent on the topic of cybersecurity. Sounds cool, right? (It was!)

I’ve been paying close attention to the topic that is now top of mind for many since last summer, when I wrote this story for BizVoice® on fraud and cybersecurity issues, including what businesses should be doing to help prevent potential cyberattacks.

While I sat in a small room with 20 or so people who seemed genuinely surprised by much of what the former agent was saying, not much of it came as news to me (and I’m not bragging – I just went through my shocked phase last year when researching my story). But one thing I’d never heard before was something known as GDPR, an acronym for General Data Protection Regulation.

GDPR was passed in the European Union (EU) and takes effect in late May. It expands the rights of individuals under the regulation with regard to data privacy and places new burdens on companies or businesses that handle private data. And you might be thinking, “I’m in Indiana, not the EU.” And that’s true, this regulation primarily impacts users in the EU. But it also impacts any businesses or organizations that operate in the EU.

Indianapolis-based DemandJump recently posted a blog focusing on GDPR and how it impacts companies here in the United States, with links and a video to help others learn more about the potential impact:

From an internet user standpoint, this policy only affects those people located within the jurisdiction of the EU. However, companies that do business in the EU – regardless of where they are located – must also abide by the same rules, which has left many in the global technology industry reeling to meet these strict privacy standards by the May 25th deadline.

The GDPR is one of the first major legislative acts of its kind, but it certainly won’t be the last. The question is not whether the United States and others will pass a similar bill, but when.

At DemandJump, we have always believed in and respected the privacy of internet users, and we hold ourselves accountable for individuals’ rights to privacy and security. We also understand there is some sensitivity around data right now, and, well … we love data.

The truth is, data can be an amazing asset when used and handled responsibly, helping to automate, expand, speed up, and generally improve the world we live in. But those improvements should not come at the risk of individuals’ privacy.

Luckily for everyone, they don’t need to.

What is Data Privacy?

Check out this video from our very own Brad Wilson, Director of Engineering and Data Protection Officer at DemandJump about data privacy and GDPR.

In the context of GDPR – and the broader discussion about data privacy – the main goal is to put control over personal data back into the hands of individuals. This means that if any individual does not want to be recognized or known by a data consumer, they have the ability to instruct any system to “forget me”. This would trigger a string of technical actions which would anonymize their information, making it very difficult for any person, business or technology system to identify that person individually.

Fundamentally, this movement is not so much about restricting the usage of personal data as it is about giving control back to individuals. It’s about companies being open and transparent about what personal data they have on individuals, and about the way they handle that data.

For 10+ years there has been a lot of fuzziness and disparate regulation around data privacy and transparency. The EU is saying “no more”, and it’s highly likely that other regulatory bodies will follow suit.

Cybersecurity and data privacy experts will come together for the Indiana Chamber’s inaugural Cybersecurity Conference (in partnership with the Indiana attorney general’s office) on May 1-2. There’s still time to register for the two-day conference held in downtown Indianapolis, with focuses on responding to litigation following a data breach, vendor management, lessons from the defense industry and much more.

Social Connection at What Cost?

Posted on by
Reply

It’s been fun, guys.

Digging our heads into the sand and enjoying our social media. Happily sharing gifs, memes, videos, photos with one another, connecting with friends (or frenemies) from high school and posting political opinions that will change exactly no one’s mind.

On some level, we probably all knew that Facebook was tracking our every “like” and “share” online. And yet, the reality of that fact has come crashing down on us over the past few weeks as privacy scandals at Facebook are making headlines.

Understandably, there’s a #DeleteFacebook campaign ongoing. And yet, I haven’t deleted my Facebook account, with no plans to do so. What about you?

While I’m not planning to leave Facebook, I have identified recently with a scene from NBC’s “Parks and Recreation,” where privacy-conscious Ron Swanson is alerted that web site cookies exist and that Google Maps has a photo of his house:

(He’s throwing his computer in the dumpster, FYI.)

But that’s not a solution. Maybe for some it is, but not for me and probably many others working in today’s world, who need to utilize and understand technology and social connection.

However, we can – and should – all do a better job of understanding just what we’re agreeing to when downloading new apps and sharing on social media. Instead of an “ignorance is bliss” outlook, take a thorough look through your privacy settings and advertising settings and be very specific about what information you want to share with each platform or app.

If you are interested in downloading the full archive of what data Facebook contains about you, this article from Inc. includes an easy five-step process:

How to Get Your Data

In typical Facebook fashion, it’s easy to get this data, but only if you know exactly where to look. That’s what I’m here for.

  1. Click this link. You’re looking for facebook.com/settings. If for some strange reason that doesn’t work, on desktop, you want to click the little upside-down triangle in the upper right-hand corner, then drop down and click “Settings.”
  2. Click where it says “Download Archive.” You will likely have to reenter your password. Facebook will need about 10 or 15 minutes to compile your data and will send you a link via email to get your information.
  3. Check your email spam folder; the message Facebook sent me wasn’t readily visible in my inbox. The subject should read “Your Facebook download is ready.” Click the link in your email and you’ll be sent back to Facebook again–and probably have to enter your password once more. (This is a good thing; there’s a lot of personal information in the files they’re sending you.)
  4. Click the “Download Archive” button on this second screen, and you’ll download a .zip file that should be called: “facebook-YOURUSERNAME.zip.” Extract the files by clicking on the .zip file in most cases, and you’ll wind up with a series of folders. There should be a file called simply “index.html.”
  5. Click on that, and the archive should open in your browser.

I’m going to download my Facebook data – mainly to see what it contains and how accurate some of it is. I joined Facebook when I was a sophomore in college, back in 2005. So, I’ll have 13 years of data to comb through and I’m assuming it’s going to be as embarrassing as when I read back through my diary from junior high.

Cheers to the Network Security Administrators

Posted on by
Reply

Here’s a little tip – don’t check your work email on your mobile phone while riding in an airport shuttle on the way back to your car from vacation.

Don’t quickly open any emails saying you had a recent sign-in attempt and need to remedy your information.

Don’t click the link! DON’T do it.

I did it.

Yep, it was me. The person who studied and learned about fraud, email phishing, social engineering (and a lot of other terrifying cybersecurity issues) for a 1,200-plus word story for BizVoice® magazine last year. The person who has warned everyone about these issues since learning all those terrifying things. The one who pays close attention when data breaches are discussed in the media.

It was me. I did it. Ugh.

Thankfully, I realized what I’d done nearly immediately. I clicked on the link, but I didn’t enter any information and I quickly alerted our network guardian angel administrator, Jeff. Then I panicked all the way home from my relaxing vacation.

But Jeff let me know he was keeping an eye on it, and that I hadn’t broken everything (I was sure I had). Such a relief I have rarely felt in my adult life.

After a self-admonishing mea culpa when I returned to the office, I was again put at ease upon being reminded that this happens more regularly than I realized and that it’s a very easy thing to fall for.

That is NOT an excuse for complacency, of course. Think before you click! Make sure you know your company’s security protocols, think critically about the email address the email is coming from (does your security administrator typically handle anything related to Microsoft? Then Microsoft is probably not emailing you directly!). Just pay attention.

I was reminded firsthand that our information technology and network security administrators are on the front lines of keeping our dumb mistakes at bay.

Thank goodness for that.

If you’ve got a great networking security team supporting your workplace, thank them when you get the chance. You probably don’t always know or understand what they do, but when things get dicey, you’ll really appreciate their expertise.

(If you don’t have a network security team, you’re risking a lot. Check out that BizVoice story I mentioned above for more about the pitfalls of not being covered by good security measures.)

Screening Data Center Providers: Discerning a Provider that Won’t Let You Down

Posted on by
Reply

data-center-colocation

For companies looking to quickly expand their data center capabilities without building out their own facilities, outsourcing is increasingly a favored, no-brainer option. While outsourcing options abound, pinpointing the one that best fulfills your company’s needs and long-term goals without wasting resources requires careful consideration of numerous factors.

Choosing a data center provider based purely on budget and short-term wins would be a costly mistake you’re guaranteed to regret when the apparent savings bite back in technology misfires, unreliable performance and extended downtime. Save yourself the headache and dollars by screening potential providers with the following criteria—key attributes of a data center that won’t let you down.

1. Certifications
Data centers are generally evaluated by the Uptime Institute and classified based on the performance of their infrastructure, uptime and other factors that determine reliability. With each Tier level, I through IV, the data center’s infrastructure costs and operational complexities increase, according to Uptime. Also, Tier IV centers are required to demonstrate a higher level of uptime. Uptime Institute recommends that companies analyze their business applications and needs when making a decision on data center providers.

2. Compliance
It’s critical that a data center provider keeps you in compliance with regulations specific to your industry. Many companies face audits, including SSAE 16, NFPA, TIA-942, HIPAA, FISMA, FDA, PCI/DSS and Sarbanes-Oxley. It is imperative that the data center provider you choose possesses expertise with regard to these audits.

3. Data Center Location
One of the most critical factors of a reliable data center provider is location. Access it to determine the history of natural disasters in the area, including tornadoes, hurricanes, earthquakes and floods. Other factors that can influence the data center’s resilience and ability to bounce back from crisis scenarios include proximity to other businesses and first responders, like police officers and firefighters.

4. Facility
The data center building should feature state-of-the-art equipment, cooling and updated infrastructure, including structural reinforcements. It also should be well guarded by security officials.

5. Redundant Power/Cooling
A quality data center includes quality generators, uninterruptible power supplies, power delivery, utilities and cooling infrastructure systems. When screening providers, ask specific questions about Service Level Agreements (especially about uptime); electrical and cooling; redundancy power architecture; backup systems; monitoring; and transformers.

Since 2001, Lifeline Data Centers has earned a reputation as a leader in data center compliance, uptime, and innovation—including a notable recognition as one of the 20 most promising data center providers in 2016 by CIOReview, citing Lifeline’s 99.999% uptime, multi-layered security systems, highly compliant processes, and “superior and compliant” workspace. The company is also currently undergoing the arduous task of becoming FedRAMP-authorized—the highest level of clearance to house government and military data.

Find out if Lifeline is the provider you’ve been searching for. Visit lifelinedatacenters.com. Also read the Chamber’s recent BizVoice magazine feature on the company.

Want to learn why EMP shielding, FedRAMP certification, and Rated-4 data centers matter to your business? Download Lifeline’s infographic series on EMP, FedRAMP, and Rated-4! Read online.