Infinet

GDPR

Better Get Ready – The GDPR Goes Into Effect Today!

What Is It?  What Do We Need To Know?  What Should We Do?

If you don’t know what the GDPR is, and if you’re not ready for it, you’re going to get caught short because this is a legal deadline and it’s coming up fast. The General Data Protection Regulation goes into effect May 25, 2018.  It’s a privacy law that the European Union is enforcing to protect the personal data businesses collect. Even if your business is outside of the EU, you must comply.

What is the GDPR?

The GDPR affects all internet business worldwide. It’s a very complex law, so we can’t explain everything here. We’ve provided some resources below that you should check out.  Keep in mind that there are many gray areas where this law is concerned. So, you should do some research to determine how the law affects your organization’s unique situation.

The GDPR is an internet privacy law. All businesses, small or large, and even entrepreneurs who do business on the Internet with consumers located in the European Union need to be aware of how the law affects them.

It doesn’t matter if your company is inside the EU, or anywhere else in the world– If you do business with anyone in the following countries, you must comply with this new law by May 25th:

  1. Austria
  2. Belgium
  3. Bulgaria
  4. Croatia
  5. Cyprus
  6. Czech Republic
  7. Denmark
  8. Estonia
  9. Finland
  10. France
  11. Germany
  12. Greece
  13. Hungary
  14. Ireland
  15. Italy
  16. Latvia
  17. Lithuania
  18. Luxembourg
  19. Malta
  20. Netherlands
  21. Poland
  22. Portugal
  23. Romania
  24. Slovakia
  25. Slovenia
  26. Spain
  27. Sweden
  28. United Kingdom

The GDPR is a consumer data protection law. It ensures that individuals can:

  • Access their personal data.
  • Export their personal data.
  • Correct errors to their personal data.
  • Object to the processing of their personal data.
  • Erase their personal data.

The GDPR applies to the acquisition, processing, and storage of personal data – from initial gathering to final deletion of this data and every point in between. It applies specifically to personal data and anything that pertains to identifiable data such as:

  • Names
  • Email Addresses
  • Physical Addresses
  • Phone Numbers
  • Birthdate
  • Age
  • Sex
  • Race
  • ID Numbers
  • Nationality
  • Citizenship
  • Marital Status
  • Family Data
  • Health Data
  • Physical Characteristics
  • Profile Pictures
  • Occupation
  • Employment History
  • Income
  • IP Addresses
  • Cookies
  • (and more)

This could be information you collect automatically from Google, an opt-in, or other collection method online – anything that would identify an individual.

How Will The GDPR Affect My Business?

If your business has a website or an email list, you may be affected.

The GDPR affects any business relationship or transaction whether commercial or free where one or more of the entities are in the European Union. It’s not based on citizenship, rather location.  Any business within the EU must comply with the GDPR across its entire audience. If your business is in any of the 28 European Union Member States, you must comply with the law if you conduct a transaction with anyone located anywhere. If your business is located in the U.S. and you collect data about any business or person in the EU, you must comply with the GDPR.

How Should We Prepare For The GDPR?

There are three requirements you must meet before May 25th.

Controls and Notifications

  • Protect personal data using appropriate security.
  • Notify authorities of personal data breaches.
  • Obtain appropriate consents for processing data.
  • Keep records detailing data processing.

Transparent Policies

  • Provide clear notice of data collection.
  • Outline processing purposes and use cases.
  • Define data retention and deletion policies.

IT and Training

  • Train privacy personnel and employees.
  • Audit and update data policies.
  • Employ a Data Protection Officer (if required).
  • Create and manage compliant vendor contracts.

Some Examples

Before the GDPR:

Let’s say you offer a whitepaper or free video to people online. Before the GDPR, your prospect provided their information, you gave them the freebie, and the consent was assumed because they accepted your gift.  Pretty easy, right?

After the GDPR:

You can no longer assume that their consent is given if they accept your gift. Now you must specifically obtain their consent. It must be given freely, specifically, and be unambiguous. Nor can you require them to give their consent to receive the gift.

Note: This new standard applies to all of your existing lists. Beginning May 25th, you can no longer send marketing emails to anyone who hasn’t given their precise consent for you to keep their personal information.  Plus, you cannot go back and ask them for their consent. You’ll need a stand-alone system to do this.

What Can We Do To Comply With These Strict Rules?

This is important. You must do this BEFORE May 25, 2018.

Compliance/Preservation

Step 1. Segment your email mailing lists into two parts.

  • Non-EU subscribers
  • EU-based subscribers and any unknowns

You want to continue to build goodwill with your Non-EU contacts so reach out to them as you would have before.  The EU-based and unknowns you’ll need to re-engage with. Here’s what we mean:

Step 2. Reengage EU-based and Unknowns.

  • Before emailing them, add additional value and content to your website.
  • Then send them a link to your website and request their specific consent to keep their personal information.
  • Set up a system to migrate those who give consent over to it.
  • On May 24, 2018, you must delete anyone in this group who hasn’t consented.

Remember, storing and deleting their information is considered processing. That’s why you must do this BEFORE May 25th.

Breach Notification Requirements

The 2018 GDPR replaces the old Data Protection Directive of 1995. The most recent GDPR breach notification requirement was enacted in April 2016.  It set a higher compliance standard for data inventory, and a defined risk management process and mandatory notification to data protection authorities.

Breach notification is a huge endeavor and requires involvement from everyone inside an organization. In-house tech support and outsourced Technology Service Providers should have acquired a good understanding of the consequences a data breach causes and the data breach notification requirements for their organization.  They must be prepared in advance to respond to security incidents.

The Following Are Additional Steps You Should Take To Prepare Your Technology Before May 25th  

Your Technology Solutions Provider Can Help

  • Perform a through inventory of your personally identifiable information, where it’s stored–in onsite storage or in the Cloud. And determine in what geographical locations it’s housed. Don’t forget about your databases. PII is often stored in databases.
  • Perform a Gap Analysis. This is a process where you compare your organization’s IT performance to the expected requirements. It helps you understand if your technology and other resources are operating effectively. By doing this, your Technology Solution Provider (TSP) can then create an action plan to fill in the gaps. The right TSP will understand the GDPR regulations and how your IT must support your compliance efforts.
  • Develop an Action Plan. Your TSP should document a detailed action plan for how to use technology to meet the GDPR if you experience a data breach. This should include individuals’ roles and responsibilities. Conduct tabletop exercises to practice how the plan will work with specific timelines and milestones.
  • Ensure data privacy. If you don’t have a Technology Solution Provider, then you need one for this. Data protection is key for any-sized organization. Consumers have the right to have their data erased if they want. This is called “the right to be forgotten.”  This is a concept that was put into practice in the European Union in 2006, and it’s a part of the GDPR. You won’t be able to do this if their data is stolen.
  • Be sure to document and monitor everything that you do that’s related to GDPR Compliance. This includes any changes or upgrades that your TSP makes to your IT environment. You may need to demonstrate that you’ve done your due diligence when it comes to protecting citizens’ private information and that you practice “defense-in-depth” strategies where you use multiple layers of security controls when it comes to your technology.

Resources To Check Out For More Information

The European Commission’s website regarding the GDPR

Wikipedia

General Data Protection Regulation

Information from the service vendors you use:

  • Mail Chimp
          • Salesforcew
  • Google
  • Microsoft

These and other services have GDPR-centric webpages with helpful information that impacts your relationship with them, how they handle processing, and how they can help you comply with the new regulations

GDPR

Better Get Ready – The GDPR Goes Into Effect Today! Read More »

ThinkstockPhotos 533557042

DON’T GET HACKED – 10 STATS THAT WILL SURPRISE YOU & 5 WAYS TO PROTECT YOUR BUSINESS

At nearly $1 Trillion in earnings a year, hacking is now at record proportions. Your data is a valuable asset, not only to you but to criminals as well. Don’t get hacked.

Don't Get Hacked

Here’s what you need to know.

  • 1 in 3 Americans has been hacked.
  • A hacker attacks someone every 39 seconds.
  • 61% of small businesses experienced a cyber-attack within the past year.
  • The average cost of a data breach in the U.S. is $7.35 Million.
  • $5 Billion was lost due to hacking in 2017. This is more than 15 times the total losses in 2016. Most of this cost was due to data breach fines, downtime, and productivity losses.
  • 54% of breaches are caused by negligent employees who click on suspicious websites and emails.
  • 20% of businesses experienced downtime of over 100 hours due to ransomware attacks.
  • 64% of businesses paid ransoms even though paying doesn’t guarantee that data will be returned.
  • The anticipated cost of cybercrime in the next 3 years is $6 Trillion.

The pool of cybersecurity experts is shrinking. By 2021 there will be 3.5 Million jobs that can’t be filled. The demand for security experts is increasing and is outpacing the supply.

5 THINGS TO DO RIGHT NOW

Ignore Ransomware Threat Popups and Don’t Fall for Phishing Attacks.

These attacks say that your data will be encrypted so you can’t access it, but in many cases, this isn’t true; it’s just a ploy to get you to click on something harmful. Once you click on the link, then you’re in trouble. You may have to pay a ransom to get your files unlocked.

Ransomware is a type of malicious software (malware) that blocks access to a computer. It infects, locks, or takes control of a system and demands a ransom to unlock it. It’s also referred to as a crypto-virus, crypto-Trojan or crypto-worm. It then threatens that your data will be gone forever if you don’t pay using a form of anonymous online currency such as Bitcoin.

Phishing is when a scammer uses fraudulent emails, texts, or copycat websites to get you to click a link so they can steal your confidential information. Thieves are looking for information like social security numbers, account numbers, login IDs, and passwords. They use this information to rob you of your money and your identity. The odds are good that phishing will work. A campaign of 10 messages has a better than 90% chance of getting clicked on. The majority of account takeovers come from simple phishing attacks where you or someone in your organization gets tricked into releasing private credentials and information.

Use Hard-to-Guess Passwords and Two-Factor Authentication.

Use complex passwords with 9+ characters and don’t reuse passwords across your different accounts. Consider using a password manager like LastPass. For accounts that support this, two-factor authentication is an extra step worth taking to ensure the privacy of your data. It requires both your password and an additional piece of information to log in to an account. The second piece could be a code the company sends to your phone or a random number generated by an application or token. Two-factor authentication will protect your account even if your password is compromised.

Secure Wi-Fi With a Virtual Private Network (VPN).

Hackers now emulate free open Wi-Fi to steal your IDs and passwords. You can be fooled when you try to login to free Wi-Fi in airports, restaurants, and other public areas. When this happens, everything that you type is copied and archived by these criminals and used against you. Using a VPN encrypts your Internet connection and protects your privacy. When you connect to the Wi-Fi over your Virtual Private Network, no one can see the information you send, and your privacy is safeguarded at all times.

 Back Up Your Data.

Store data both onsite and offsite in a secure Enterprise-Based Cloud System. Back up your files regularly to ensure you have a duplicate of all your files and applications if your network is compromised. Traditional data backups can’t always restore all of an IT system’s data and settings. This is why you need both an onsite backup and a reliable backup via the Cloud. An enterprise-based cloud backup solution safeguards your data and ensures that it’s recoverable under any circumstance.

 Hire a Reputable Technology Solutions Provider to Help.

A reputable Technology Solutions Provider can deploy a layered security protocol with regular software patches, vulnerability management, and continuously-updated endpoint protection. They can also provide Security Awareness Training for your employees to help them recognize potential threats. With the right provider, you’ll boost your defense posture and decrease the likelihood that a data breach will take down your business.

Don’t get hacked. Contact us, and we’ll keep your data secure.

DON’T GET HACKED – 10 STATS THAT WILL SURPRISE YOU & 5 WAYS TO PROTECT YOUR BUSINESS Read More »

Memorial Day

Remember Why We Celebrate Memorial Day

When we think of Memorial Day, we have visions of parades, going to the beach, enjoying a picnic in the park, or gathering with family and friends for a barbeque. But, as most of us know, this is a special day to honor military members who made the ultimate sacrifice for our country. Many of us will be visiting the gravesites and memorials of the men and women who served and died performing military service for our country.

The History Of Memorial Day

This year, Memorial Day is on Monday, May 28th. Memorial Day was first known as Decoration Day. It originally honored only those who lost their lives while fighting in the Civil War. In the spring of 1865 at the end of the Civil War, people throughout the U.S. held tributes to fallen soldiers by decorating their graves with flowers on Decoration Day.

General John A. Logan of the Grand Army of the Republic, proclaimed that the first Decoration Day be observed each year on May 30th.  On the first Decoration Day, General James Garfield made a speech at Arlington National Cemetery where 5,000 attendees decorated the graves of the more than 20,000 soldiers from both the Union and Confederacy. It was during this time that the federal government established the first national cemeteries.

Americans in the northern states followed suit with their own commemorative events, and by 1890 each recognized Decoration Day an official state holiday. Southern states honored their dead on separate days.

After World War I, the holiday evolved to commemorate American military members who died in all wars. In 1966, the federal government declared Waterloo, New York as the official birthplace of Memorial Day. They chose this city because, on May 5, 1866, Waterloo closed businesses so residents had a day where they could decorate the graves of soldiers.

However, a number of other cities claim to be the birthplace of Memorial Day. These include:

  • Columbus, Mississippi
  • Richmond, Virginia
  • Macon, Georgia
  • Carbondale, Illinois
  • Boalsburg, Pennsylvania

In 1968, the U.S. Congress passed the Uniform Monday Holiday Act, which established Memorial Day as the last Monday in May. It went into effect in 1971 and Memorial Day has been designated a federal holiday ever since.

In the year 2000, President Clinton signed the “National Moment of Remembrance Act,” which designates 3:00 p.m. local time on each Memorial Day as the National Moment of Remembrance.

Today, cities and towns across America hold Memorial Day parades each year along with military personnel and members of veterans’ organizations. Some of the largest parades take place in Washington, D.C., New York, and Chicago.

What Will You Be Doing On Memorial Day?

When Congress made Memorial Day into a mandatory three-day weekend with the National Holiday Act of 1971, it, unfortunately, caused some to think of it as a vacation weekend and to be distracted from the spirit and meaning of the day.

Some people confuse Memorial Day with Veterans Day. Veterans Day is a commemoration of all the individuals who have served or are currently serving in the nation’s armed forces.

Memorial Day was specifically enacted to honor those who died while serving the country. Because we also think of it as a “beginning of summer” celebration, this can tend to minimize the true meaning of Memorial Day.

Because of this, Hawaii Senator Daniel Inouye, a World War II veteran, introduced a Congressional measure to return Memorial Day to May 30 in 1987. He continued to do so every year until his death in 2012. In 1999, he wrote:

“Mr. President, in our effort to accommodate many Americans by making the last Monday in May, Memorial Day, we have lost sight of the significance of this day to our nation. Instead of using Memorial Day as a time to honor and reflect on the sacrifices made by Americans in combat, many Americans use the day as a celebration of the beginning of summer.” 3

Honoring Our Fallen Military Members

Without the sacrifice of the men and women in our Armed Forces, we wouldn’t enjoy the freedoms we have today. Even if you’re having fun celebrating this Memorial Day holiday, we should all take a moment to remember them.

Civil War – Approximately 620,000 Americans died. The Union lost almost 365,000 troops and the Confederacy about 260,000. More than half of these deaths were caused by disease.

World War I – 116,516 Americans died, more than half from disease.

World War II – 405,399 Americans died.

Korean War – 36,574 Americans died.

Vietnam Conflict – 58,220 Americans died.

Operation Desert Shield/Desert Storm – 383 service members died.

Operation Iraqi Freedom – 4,411 service members died.

Operation New Dawn – 73 service members died.

Operation Enduring Freedom – 2,346 service members died.

Operation Freedom’s Sentinel – 48 service members have died as of May 2018.

Operation Inherent Resolve – 61 service members have died as of May 2018. 1

A national moment of remembrance occurs at 3:00 p.m. local time on Memorial Day. Please join us in taking the time to remember and thank all of our fallen military members.

  1. https://www.cnn.com/2013/05/23/us/memorial-day-fast-facts/index.html
  2. https://www.history.com/topics/holidays/memorial-day-history
  3. http://people.com/celebrity/why-happy-memorial-day-is-inappropriate/

Memorial Day

Remember Why We Celebrate Memorial Day Read More »

ThinkstockPhotos 538661656

Technological Challenges Faced by Accounting Firms

Changes in technology come with a variety of challenges. First, there is the need to change and adapt to the new advancements. There are always financial costs associated with this process. The effects of technology are often widespread. Some people are concerned that new products and programs will put them out of work. The new developments in robotics are a good example. Many workers are concerned that their jobs will be taken over by robots in the future.

Accounting Firms Technology

If the past is any indication, this will not happen. What usually occurs is that the human workers do see a shift in the type of work they do, but they rarely are put out of work completely. Often, technological changes are a good thing. They make everyone’s job easier and remove all those boring, redundant tasks that no one wanted to do in the first place.

Technology in the accounting sector

The world of accounting has attracted numerous technological discoveries. These new programs reduce the error margin which leads to a more reliable outcome. Accounting programs can perform most tasks much easier than human beings and with more accuracy. This saves time and money for both the accountant and their customer. In the past, errors in financial reports or tax returns could cause quite a bit of trouble for everyone involved. With a good accounting program and someone to input the correct data, these errors are greatly reduced.

Stiff competition

Technology has increased the competition for accounting firms. Before the adoption of technology, accounting firms depended mostly on the skills of the employees of the firms. This meant, therefore, that competition was shaped by the accuracy and expertise of the workers in a firm. The credentials of an accounting firm’s employees went a long way in attracting a clientele.

In the world today, however, competition among accounting firms is shaped by technology. The first question that today’s client wants to know is which accounting software do you use. Everyone has a favorite accounting software and some people have a distinct dislike of certain programs. The one thing that software developers have learned over the years is to make all software as user friendly as possible. Accounting programs that require a genius to figure out don’t last very long. Everyone is searching for something they can learn quickly.

Increases in accounting fees

Modern accounting firms have raised their fees over the years, but so have all the other professions. Just try finding a lawyer who will work for $100 per hour. This was once a huge amount of money but today’s attorney’s charge an average of $300 per hour. Technology hasn’t made their fees any cheaper but it does make the job of billing clients much simpler.

The increase in accounting fees is attributable to a wide range of factors. The software purchase, maintenance, and renewal of licenses can be a big initial expense. Of course, with each new program that is released, that expensive software you just purchased may become obsolete overnight. For this reason, many accounting professionals choose monthly subscriptions. This concept allows an accounting firm to get the most advanced software on the market. The monthly subscription fee includes regular updates. This means that your software will never be obsolete. Usually, regular maintenance and support is included in your monthly charge as well. Many websites include training for your employees.

Most accountants will say that they enjoy and appreciate this type of convenience. They can focus on working with their customers. They don’t even have to think about whether their software is working okay and contains the latest changes in tax law. Everything works like it’s supposed to and if you have a problem, simply call the vendor and they will fix things straightaway.

Accounting programs do everything from reconciling bank statements to sending invoices to customers. Though these programs will never replace humans, they make their work much easier. They give the accountant time to find ways to help their clients save money.

Filing taxes

This task has always been stressful for individuals and business owners alike. There’s just no getting around paying your taxes though. Benjamin Franklin said that nothing in this life is certain except for death and taxes. Whether you own a small business or work for an employer, doing your taxes on time and correctly each year is imperative. If accounting software didn’t do anything except our taxes, it would be well worth it.

A good accounting program can help you keep track of your expenses throughout the year. You no longer need a shoebox for all those receipts. When it’s time to file your taxes, you can import all that data into the tax filing software and save yourself lots of time. Many people are still not comfortable doing their own taxes and since IRS penalties are often severe, it may be best to hire a good accountant to do them for you. Tax time is the busiest time of year for accountants.

Final thoughts

For accountants, technology has overall been very positive. The role of accountants has changed because of reliable software programs like Xero. Your accountant has the time to talk to you about saving money on your tax return, investing in new property, and ways to save on supplies. The role of the accountant has changed some due to technological advancements, but the changes have all been good.

Technological Challenges Faced by Accounting Firms Read More »

Office 365 GDPR Compliance

Office 365 GDPR Compliance Manager

Compliance Manager

Introduced by Microsoft, Compliance Manager is a data tracking system designed to ensure companies adhere to General Data Protection Regulations (GDPR). Organizations can sign up for paid Compliance Manager or subscribe to a free Compliance Manager via Microsoft tools such as Microsoft Azure, Dynamic 365 or Microsoft Cloud Services. Microsoft recently released the long-awaited office 365 GDPR Compliance Manager with a few upgrades. Professionals are eagerly trying it out and giving their opinions about this exciting new product. The compliance management tool is expected to attain general availability on different platforms in the course of 2018. Here’s a sneak peek at the basic attributes of this highly anticipated GDPR data protection compliance tool.

Relevance of the new Office 365 GDPR Compliance Manager

Microsoft finally unveiled their much-awaited General Data Protection Regulation program that experts have been so excited about. Shortly after, they announced its features in a blog post and details of the new features to help users get started. Most users do look forward to new office products, but this one has been designed to make compliance to the new GDPR regulations much easier. That makes it a valuable tool that every business needs. Most business owners confess that they don’t know enough about the new GDPR rules and they are not ready for the May 25 deadline.

One key attribute of the new Office 365 is that it will include the compliance manager which was first previewed in November 2017. To date, the compliance manager is available on Azure, Dynamics 365, and Office 365 Business. Plans are also underway to have it available for Enterprise Customers via public clouds in the near future.

So what’s all the fuss about the new Office 365 GDPR Compliance Manager?

Customers have complained about difficult-to-understand compliance challenges and the GDPR is admittedly a complex document. Microsoft has attempted to take some of the complexity and mystery out of these regulations so that business owners can comply without having to hire outside help.

The most common challenge has been the lack of in-house employees who understand how to prepare and fulfill these new regulations. Office 365 GDPR Compliance Manager is tailored to ensure end-to-end regulation compliance. It also effectively empowers your business to manage the three key components of compliance. As your business uses this product, it will continuously provide you with a risk assessment and score that can alert you if you aren’t in full compliance in some areas.

Advanced GDPR Compliance

Microsoft’s Compliance Manager was developed to track an organization’s IT systems in specific regard to the requirements of international standards for data protection. One major issue has been that many company owners have simply not taken steps to be ready for the May 25 deadline, when all web sites who do business with European companies must adhere to EU’s General Data Protection Regulation (GDPR).

To help with this problem, Microsoft has unveiled a special GDPR template which will effectively detect and categorize personal information in your data base relevant to GDPR. This is important because many companies are still somewhat careless with their customer’s personal data. According to GDPR, companies failing to provide adequate protection for customer data could face penalties of up to €20 million.

The Compliance Manager has two features that customers will use to scan and assess data risk:

  1. Compliance Score- Users are now able to assess data risk on an interactive dashboard on the new Microsoft 365 GDPR.
  2. Azure Information Protection Scanner- This feature identifies, classifies, labels and effectively protects both on-premises and hybrid user data. It periodically scans sensitive data on emails and attachments based on the organization’s policies.

New Admin Role of Compliance Manager

Along with these two outstanding updates to Microsoft Compliance Manager is a unified labelling tweak on the admin dashboard. Microsoft cited protection of documents as the main reason for unified labeling, which it denotes as information protection administration. In the past, security admins and global admins could access the systems as separate entities to the Azure data protection service. With the new Compliance Manager, the option of additional management access permission is missing on the Azure portal and PowerShell unifying security and global admin roles.

With this new set up, the compliance manager ensures consistency in the labeling of information for easy protection of data records. However, the unified admin labeling role is still on a preview phase. At the moment, it allows the admin to apply a data protection setting which differentiates security functions from general global admin functions on a single interface in line with GDPR. Microsoft’s compliance manager is now available for customers on a paid program and or a trial option for users of Microsoft cloud services.

The Future of Data Compliance

The number of customers and companies worried about cyber theft is growing. Consequently, there’s a rising need for tools that can help protect customer data. The GDPR attempts to do this. As long as data stays scattered across an organization’s systems, there’s a greater risk that it will be stolen or compromised in some way. Compliance with GDPR guidelines seeks to eliminate many of these risks. Though it will constitute a huge challenge for most website owners, the alternative is unacceptable. Hopefully, the new Office 365 GDPR Compliance Manager can take some of the confusion and apprehension out of the equation.

Office 365 GDPR Compliance

Office 365 GDPR Compliance Manager Read More »

Talk to our Team