Your Average Website
Say you go to a company’s website and are interested in learning more about a service. You fill out an Internet form with your name, and often your address, your email address, and your phone number. When you hit submit on the form, you have entrusted a business with your personally identifiable information; and, most of these companies don’t just use it to reach out to you about the product or service you were interested in.

This information is valuable
The information you provide is bundled with the countless other people’s PII and sold to marketing agencies for sound profits. The company that you provided that information to looks at it as their right, as you have willingly provided it. But what happens if that company gets hacked? All of the information you’ve provided to that company is now publicly available to whomever wants to purchase it. So, who is responsible? Bad news, in most places in the U.S. there is absolutely no recourse for the consumer if presented with this situation. It’s not like they can turn back time.

It isn’t only willing participation that strips you of your data, either. Almost everything you do on the Internet--whether it be messaging, streaming media, shopping, or simply surfing the web--leaves a data trail right back to you. This goes for everyone. When each person that uses the Internet has a trail, and on that trail is all of their most personal information, it stands to reason that there would be people on the other side of this attempting to circumvent that data stream into their possession because they know they can profit from it. Data shapes the story of an individual online. A person that knows where to look can find out about people’s most intimate relationships, their financial situation, their political beliefs, just about anything they want to know. That is why it is important to have an idea about how to protect yourself online.

Protection
The first thing you have to understand about data protection is simple: you have value. Your name has value, your address and phone number have value, hell, your sexual preference and your favorite food has value. Everything about you has some kind of value to everyone looking to get their hands on it. But all that data has the most value to you. It may not seem like it, but nearly every company that deals in PII, while not clamoring to pay users for their data, do spend a lot of capital getting that information. Think about all the sales that got you to buy something. Think about all the discounts offered to get you to fill out that form. Think about the investment in website-connected software.

Knowing the value of your data should be the first sign that you need to protect it. That’s why we’ve put together these seven tips to help you protect your PII:

• Make up creative security questions - Many accounts will want you to come up with a security question that only you would know the answer to. Unfortunately, people tend to use situations that other people could guess. You have to understand that hackers are sometimes fantastically crafty and outwitting them takes some consideration. By picking a question and answer that can’t be researched, you and you alone will have outside access to your accounts.
• Read Apps Terms of Service - We know, we know, this suggestion is one of pure tedium. You don’t have to know every word of the Terms of Service agreements you agree to, but you should know what kind of data collection policy the app or service has before agreeing to give them access to your data.
• Watch out for Phishing Scams - Knowing how to decipher when you are getting scammed is important. A phishing scam can come over social media, instant messaging, or most frequently, email. If you get an email from an organization that typically won’t send you an email for that purpose, you should confirm the legitimacy before you click on anything.
• Monitor your financial activity - Today there are several services dedicated to helping people manage their finances more effectively. Finding one that you trust and provides you access to credit reports is very useful.
• Use strong passwords - Passwords that are over twelve characters and feature symbols, numbers, and a mix of upper and lowercase letters are the most effective.
• Don’t connect to public Wi-Fi (if you can help it) - We know that it is tempting to not use your data up, but you are opening yourself up to a lot of uncomfortable problems by accepting the user agreement on any publicly available Wi-Fi connection.
• Be cautious when completing online forms - Is the webpage secure? Is their contact information readily available; address, phone? Are the questions they are asking relevant to what you're signing up for? What is their privacy policy? Take a moment and do your research before you submit.

If you would like more advice about keeping your PII safe, return to our blog regularly, or contact the IT professionals at Patriot Tech Services Inc. at 877-874-4629 today.

The United States’ National Institute of Standards and Technology has issued new password recommendations and standards for government officials, and everyone can stand to benefit from at least considering the recommendations--even in the business sector. Some of these might seem a bit odd compared to what professionals typically say about passwords but bear with us. Keep in mind, these recommended practices are new and not supported on all sites and login accounts. Here are just a few of them:

• Make the Passwords User-Friendly: Above all else, under the regulations of NIST, passwords should be user-friendly and place the burden on the verifier whenever possible. NakedSecurity explains this further by elaborating that forcing best practices upon users doesn’t always help: “Much research has gone into the efficacy of many of our so-called “best practices” and it turns out they don’t help enough to be worth the pain they cause.”
• Use a Minimum of 8 Characters: NIST’s new guidelines suggest that all passwords have a bare minimum of eight characters. This can include spaces, ASCII characters, and even emojis. The maximum number of characters is also indicated at 64.
• Cross-check poor password choices: NIST recommends that users stay away from well-known or common passwords, like “password,” “thisisapassword,” etc.

As for some of the things to avoid using, here are some to consider:

• Composition rules aren’t great: Stop trying to tell your employees what to use in their passwords. Instead, encourage users to use passphrases that are long and alphanumeric in nature.
• Ditch password hints: This is one you might not have heard of. NIST asks that password hints be removed, as anyone trying to break into an account can use their knowledge of the target to overcome this barrier and change a password (or find out the current one). The same can be said for knowledge-based authentication involving questions about the user’s personal life.
• No more password expiration: This goes back to the “user-friendly” aspect of passwords mentioned earlier. The only time passwords should be reset is if they are forgotten, phished, or stolen.

Overall, NIST wants to try and help make passwords less of a pain for users while still maintaining a similar level of security. What are your thoughts on some of these new standards? Let us know in the comments.

1. Compliance Concerns
The first cause for concern is whether or not the data is being stored securely, as well as whether it’s being sent to and from your backup solution properly. Industries that deal with compliance and government mandates will affect how your business deals with data backup and disaster recovery. If your organization doesn’t suffer from data loss, it certainly will suffer from the fines that non-compliance can bring with it.

It doesn’t matter if you manage your own solution in-house or you work with a vendor. Data security will always be an important part of data backup. Even a small business can benefit from avoiding these risks and compliance regulatory fines. While some small businesses might be limited in terms of IT resources, outsourcing alleviates this issue considerably while minimizing risk.

2. Costs and Scalability
Your business’ specific needs, as well as the costs associated with them, will be instrumental to ensuring the success of your disaster recovery system. Before selecting your provider, be sure to keep these additional charges in mind, as some might charge you for just a simple copy of your backed-up data. A backup solution should never be assumed exclusive to just major disasters like a ransomware attack or a fire, as even everyday occurrences like a hardware failure or a small-scale data loss incident could be enough to cause more than just a little annoyance. Any strategy implemented must also be documented in a way that is easy to read and implement.

3. Lack of Management or Testing
If there’s one thing worse than suffering from a disaster, it’s suffering from a disaster and having a data backup system that doesn’t work properly. In many cases, this will be your business’ responsibility, but what if a disaster strikes when you’re not in the office to react to it? A comprehensive data plan that accounts for this is critical, and you need to have both a copy of your data in the office as well as in the cloud for easy deployment. Of course, none of this matters if your data backup system doesn’t work, so test it once in a while to make sure that it will actually help in the event of a disaster. For reference, you should do it as often as you might do a fire drill, or even more frequently.

How We Can Help
The best part of working with a managed service provider for all of your business’ data backup needs is that all of the above can be handled by our professional staff. To learn more about how we can help you prevent and react to data loss incidents, reach out to Patriot Tech Services Inc. at 877-874-4629.