[avia_codeblock_placeholder uid="0"]
GLBA Compliance
The tech world is full of rules and regulations and the long acronyms that go along with them: PIPEDA, HIPAA, GDPR, and so many more. Depending on the industry you’re in, some of these compliance laws will have a big impact on the way you do business.
If you’re in the finance industry, GLBA compliance is one you need to have a good understanding of so you can stay on top of your company’s security.
[avia_codeblock_placeholder uid="1"]
Understanding GLBA Compliance
The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999, is a US law that requires financial institutions to protect the privacy of customer information.
Who Needs to Be GLBA Compliant?
The law applies to companies that offer financial products and services to consumers, including banks, credit unions, mortgage lenders, and investment firms.
These institutions must take steps to ensure the security and confidentiality of customer information, protect against unauthorized access to customer information, and provide customers with notice of their privacy rights.
Expert GLBA Compliance Services for Your Financial Firm
Being compliant with GLBA is important because a single breach can have a devastating impact on your company’s finances and reputation. Cybercriminals choose targets that will result in maximum impact and profits. As a financial company, you are a prime target.
Even the most reputable companies aren’t completely safe: In 2019, a hacker stole 100 million credit card applications and over 140,000 Social Security numbers from Capital One. While your company may not be as big of a target as a national bank, your data is just as valuable.
One of the most important aspects of protecting your firm is having a robust cybersecurity program in place. This should include measures to protect your network and data, as well as protocols for responding to incidents.
Additionally, your firm should have a compliance program in place to ensure you are meeting all the requirements of the various regulations that apply to you. This can be a complex and time-consuming process, but it is essential to protecting your business.
An experienced managed service provider like ISG can help you with both cybersecurity and compliance, providing the expertise and resources you need to keep your business safe.
How to Comply with GLBA
There are three main areas that financial institutions need to focus on to be GLBA compliant:
Ensure the Security of Customer Information
You need to have physical, technical, and administrative safeguards in place to protect customer information from unauthorized access, use, or disclosure. This includes ensuring that your data is stored securely, both physically and electronically.
Protect Against Unauthorized Access to Customer Information
You must take steps to prevent unauthorized access to customer information, both internally and externally. This includes ensuring that only employees who need access to customer information have it, and that all access is properly logged and monitored.
Provide Customers with Notice of Their Privacy Rights
You must provide customers with a notice of their privacy rights, which must be easily accessible and clearly written. This notice must explain the types of information you collect, how you use it, and the steps you take to protect it.
Get Financial Compliance Services from ISG Today
Keeping up with all the compliance requirements for financial institutions can be a full-time job. That’s where ISG Technology comes in. We’re experts in GLBA compliance and can help your company meet all the requirements, including:
- Conducting a risk assessment
- Implementing security controls
- Creating an incident response plan
- Training employees on security procedures
Reach out to us today to learn more about our services and how we can help you protect your business.
Get IT insights from ISG Technology*
How Your IT Provider Can Help You Transform Capex into Opex
Wondering how your business can protect its bottom line during these difficult economic times? Here are 4 ways your IT provider can be a great asset in helping you transform capex into opex:
A Brief Review of Capex vs Opex
Capex, or capital expenditure, refers to any major purchases a company makes that the company will use in the foreseeable future. They are physical goods or services that a company uses for over a year. Examples of capex include fixed assets such as equipment, vehicles, and building expansions.
Opex, or operational expenditures, on the other hand, are the company’s day-to-day expenses that are needed for the company to keep business running. These include costs such as rent, salaries, and utilities.
Opex is generally preferred by companies over capex for several reasons. One well-known advantage of opex is that it is fully tax-deductible in the tax year in which it is incurred. Therefore, moving from capex to opex will reduce the income tax of the company, since income tax is levied on the company’s net income.
1. Outsourced IT (and Cloud Computing) Saves You Money
With a reliable Managed Service Provider, your business can save money in large upfront investments that go towards procuring hardware or servers yourself.
This is especially the case if you work with a provider who can help you take advantage of server-less solutions such as cloud computing, which saves your business money in hardware and physical equipment (capex items). You can also reduce overall energy costs with cloud solutions.
With many outsourced IT services, you also don’t have to worry about associated considerations such as storage space, cooling systems, and more. This is a significant money-saving hack that has led several traditional IT departments to switch from capex to opex spending by outsourcing their IT.
2. You Only Pay for What You Need
Your company will now be free to use a more efficient pay-as-you-go model. This gives your business more flexibility to control costs, especially if your business needs to scale IT infrastructure up or down over time.
You can also select certain services to outsource, such as project management or network security, allowing you to only pay for the services you need. If you choose to invest in consulting or network assessment services, for example, your IT provider can perform evaluations to determine which of your digital assets is wasting money and help you instead only keep necessary equipment. Remember that equipment will continue to depreciate in value even when it is not being used, so this capex to opex spending strategy can greatly benefit your business.
Another example might be a retail company that uses its maximum IT infrastructure workload only once a year during the Christmas holiday season, wasting huge amounts of money by buying maximum-output IT infrastructure. Instead, obtaining managed IT services that can ramp up output for the company’s peak season and return output to a lower level for the rest of the year would ensure that the business saves more money.
3. Your Provider Paves the Way for Valuable Company Growth
Your IT provider can also help you transform capex into opex by strategizing for long-term growth. With IT goals that align with your business goals, your company not only runs more efficiently but also finds more unique opportunities to use innovative technology to replace capex spending with opex.
This capex to opex strategy helps you transform your IT infrastructure into a profit center rather than a cost center, freeing up capital that would otherwise have been locked up in a capex investment such as unnecessary equipment. This freed capital can then be used to fund other projects and add value to your business.
Furthermore, a Managed Service Provider monitors your IT infrastructure proactively and round-the-clock. This proactive approach steers your company away from the less efficient break-fix method of IT support and instead allows you to impede inefficiencies or security risks before they cause downtime. This ultimately saves your company valuable time and money, which in turn can be funneled into company growth.
4. IT Providers Help You Maximize Your Technology Investments
Currently, with information technology advancing rapidly, various companies are finding it more and more difficult to predict their IT infrastructure needs. This is where Managed Service Providers can be particularly valuable.
Their years of expertise combined with a large network of vendors in hardware procurement, cybersecurity, and software allow your company to be able to afford the most updated versions of technology. Because of their long-standing partnerships, many MSPs are able to provide software and hardware at a much cheaper price than the standard going rate. They also negotiate your licenses to ensure your IT doesn’t get tied up into stringent or undesirable contracts that increase capex spending.
Shifting your IT investments from a capex to an opex model has several advantages that add quantifiable value to your business. Give your business more opportunities to grow and outrun your competition by spending less time on maintaining and fixing IT infrastructure yourself and outsourcing your IT instead. You’ll also reap the benefits of fully optimized IT systems that are tailored to suit your company’s ever-changing IT needs and future-proof your business.
To learn more about ISG Technology’s managed services for businesses and the advantages they can add to your company, contact us today.
5 Ways To Dramatically Cut Down IT Costs Right Now
With the spread of COVID-19 changing the way workforces operate, many businesses are experiencing significant financial challenges. As a business owner, you understand it’s essential to cut costs where you can to see this pandemic through, especially for those who are working remotely or had to limit their service offerings.
If you find yourself searching for opportunities to reduce your spending, there are several ways to reduce IT costs without putting your business at risk. Instead of cutting corners on important technology provisions such as cybersecurity, you can use these 5 tips to save money and even increase efficiency in the process:
1. Get Rid of Unnecessary Subscription Software
If your employees are working remote or if you’ve had to downsize, take a look at what subscription software you’re currently paying for and evaluate whether it’s truly necessary. There may be an opportunity to get rid of subscription software that your employees aren’t using while working remotely.
Even if you plan to use the software again once you go back to the office, don’t hesitate to call your provider and renegotiate. Subscription-based services don’t want to lose you as a customer and will often offer you a deal or consider pausing your account until you are back onsite.
Take the time also to re-evaluate your per-user agreements. Your team may have had to eliminate certain positions during the COVID-19 pandemic, and you don’t want to keep paying for per-user software/equipment for those who are no longer working for you.
2. Consolidate Software Alternatives
It’s wise to consider ways your remote workforce could benefit from a software consolidation. For example, remote tools such as Microsoft Teams can be a great way to store all your applications in one platform, rather than pay for several separate program subscriptions. Take inventory to see which applications your team is still currently using and what alternatives may be available.
Though you may require different provisions for your various departments—such as specific software for your design team—it’s beneficial to try to universalize software across departments. Using the same software will ensure that everyone can collaborate and work together seamlessly while also saving you money by eliminating underutilized software.
3. Switch to Hosted Voice Phone Systems
Office phone systems can be expensive, and if you have employees working from home, traditional PBX systems become virtually useless. Telecommunication solutions such as VoIP (Voice over Internet Protocol) can save you a lot of money in the long run while also serving as an ideal solution for remote workforces.
Of the many benefits hosted voice systems have to offer—including enhanced conferencing, voicemail, and video features—perhaps the most important is that they reduce costs significantly. To illustrate, a system for 12 users costs an average of $800 on VoIP, while you can expect to pay about $2,500 for a landline with the same amount of users.
While you can always call your landline provider and let them know you’re considering switching to VoIP to see if they’ll offer you a discount, you’ll likely find that switching to VoIP is more beneficial in the long run. The lack of onsite wiring and hardware makes this cloud-based phone a simple, secure solution for remote workforces at a fraction of the cost of traditional phones.
4. Stop Leasing Onsite Printers
Some companies lease printers for every department, which can cost them hundreds of dollars per month.
As a lessee, you end up paying more than market value for your printers, whose services you may not even need while your workforce is remote. In addition to paying more for the actual cost of the printer, many businesses overpay for maintenance plans.
Now that you’re remote, there’s no need to continue leasing these printers. Even if you do plan to go back to the office eventually, buying printers outright is still much more cost-effective for businesses.
5. Invest in Strategic IT Outsourcing
It may be time to look beyond company walls for help when it comes to managing your IT in the most cost-effective way.
To help out their IT teams that are spread thin and overworked, many businesses are turning to managed IT services. Outsourced IT allows your IT team to take the mundane IT tasks off their plate and turn them over to an outside expert while they focus on more strategic, mission-critical initiatives. This, in turn, reduces overall downtime and allows you to better align your technology with your business goals.
Managed Service Providers can save you money not only on a month-to-month basis with their cost-effective service fees, but they also save you money by eliminating costs associated with overlooked zero-day vulnerabilities, unused equipment, and more.
Another benefit to managed IT services is that they offer a team with a diverse set of specialties. With support around the clock—including comprehensive cybersecurity—outsourcing your IT also allows you and your employees to focus on the core functions of your business so you can meet and exceed your goals quicker. And as every business owner knows, higher productivity rates equal higher profits.
In sum, there are several ways to better manage your IT budget and cut costs without reducing the quality of your IT provisions. In fact, in many ways, these cost-effective IT solutions are more advantageous for businesses than their higher-cost alternatives. Examining your business needs and considering these solutions is a great way to ensure your business survives not only the current pandemic but future challenges, as well.
Video: Office 2007 End-Of-Life
It’s important to ensure your business is protected, which is now more difficult without security updates, new features, bug fixes or other updates. Upgrading is easy and will keep you well protected.
ISG Technology has multiple solutions for your business to limit disruption and deliver the latest features and benefits from Microsoft Office. Contact us today to upgrade without any interruption to your business.
For more information, visit these links:
Support is Ending for Office 2007
Support is Ending for Mac 2011
Get Our eBook: Find Safety & Security In Office365
Video: ISG Security – Put Trust On Your Side
Just as quickly as new technologies are developed to secure the information your organization is responsible for, cybercriminals are discovering new ways to get in. And to do it, they’re exploiting one thing – trust.
When you put ISG Technology to work for you, you don’t just put industry leading security experts on your team, you put security at the top of your priority list. You put the concern that someone might be selling you a short-sighted solution to the wayside. You put trust back where it belongs – on your side.
Get Our Whitepaper: 5 Things You Probably Trust, and How They Affect The Security Of Your Business
Lessons learned from the Bangladesh Bank hack
Years ago, bank robberies were a very physical affair. Criminals donned ski masks and shot automatic weapons in the air, shouting for tellers to step away from the silent alarm buttons. That said, it would appear thieves have decided that this is just a little too much work. Hacking banks in order to steal money allows for the same reward without having to deal with a hostage negotiator.
In fact, the most recent cyberattack levied against Bangladesh Bank shows just how lucrative these schemes can be. The hackers involved in this scenario made away with around $81 million, which is more loot than any ski-masked thug could ever carry away. However, perhaps the most interesting part of this whole debacle is that this is nowhere near what the culprits originally intended to get. Investigators have discovered that the original plan was to take close to $1 billion when all was said and done, according to Ars Technica.
Unfortunately for the individuals involved, a simple typo wrecked what could have been the biggest criminal act of all time. A transaction meant for the Shalika Foundation was spelled as “Fandation,” which tipped employees off that something was afoot. Regardless, this is still a massive undertaking that demands intense review.
“Bangladesh Bank isn’t completely free of blame.”
How did they get in?
To understand how this whole scheme began, it’s important to comprehend how Bangladesh Bank sends and receives funds. Institutions like this rely on SWIFT software, which basically creates a private network between a large number of financial organizations. This lets them send money to each other without having to worry about hackers – or so the banks thought.
Gaining access to the transactions within this network was basically impossible, unless someone were to be able to compromise a bank’s internal IT systems. This is exactly what the criminals did.
However, Bangladesh Bank isn’t completely free of blame here. The only reason that hackers were able to gain entry was because the financial institution was relying on old second-hand switches that cost about $10 each. Considering how much was at stake, pinching pennies in such a crucial department seems incredibly irresponsible in hindsight. What’s more, the bank didn’t even have a firewall set up to keep intruders out.
Once hackers bypassed this low level of security, they were given free rein to do as they pleased. Accessing Bangladesh Bank’s network allowed them to move on to SWIFT, as the cheap switches didn’t keep these two separate. However, the really interesting part of this whole criminal act was how they took the money without anyone noticing.
Why weren’t they discovered sooner?
In order to make off with the cash, the criminals had to access a piece of software called Alliance Access. This is used to send money, which allowed the hackers to increase transactions in order to make a profit. However, Alliance Access also records transactions. This was a big problem for the thieves, as they couldn’t make money if someone knew they were stealing it.
To fix this, the hackers simply inserted malware that disrupted the software’s ability to properly regulate the money that was being moved. On top of that, this malicious code also modified confirmation messages about the transactions. This allowed the criminals to continue to operate in obscurity, racking up millions of dollars without anyone being the wiser. In fact, they would have gotten close to $1 billion if one of these altered reports didn’t have a spelling error.
The hackers could have made so much more money if they’d checked their spelling.However, understanding so much about how Bangladesh Bank’s system worked has pointed investigators to the notion that this was an inside job. In fact, The Hill reported that “people familiar with the matter” know that a major suspect is a person who works at the bank. No one has been named yet, but getting an employee in on the job certainly makes sense.
Network assessments are a must
Regardless of whether or not this turns out to be an inside job, the fact still remains that Bangladesh Bank was incredibly vulnerable to a hack like this. Relying on cheap network switches is bad enough, but not having any sort of firewall is a major hazard that modern institutions simply cannot allow.
This is why every company should consider receiving a network assessment from ISG Technology. Our skilled experts know how to spot glaring vulnerabilities such as these, and can suggest fixes to ensure the security of private data.
White Paper: Tech For Community Banks
Register to receive the ISG white paper
In the face of regulatory changes and cybersecurity threats, IT plays a more critical role than ever for community banks. This free report will teach you how to not just survive, but how to thrive, with technology as a main driver. Topics covered include:
- Key trends in regulation and market forces driving change
- How video conferencing can improve the client experience
- The latest developments in cybersecurity and what you need to prepare
- Disaster Recovery and Business Continuity: are you ready?