We are told by the Commonwealth of Massachusetts that there will be no more extensions. Whether you are ready or not, in less than six months from now, you will be required by Massachusetts law to take very specific and proactive steps to secure all forms of personal information you collect about Massachusetts residents, whether they may be customers, employees or contractors.

The Office of Consumer Affairs and Business Regulations has extended the deadline for the last time for new regulations (201 CMR 17.00) which become effective January 1, 2010. The regulations mandate that everyone take more responsibility for the active protection of personal data.

It’s now a matter of who is going to be ready and who is not, and what’s the next step for your organization?

-Bill

***
Bill Bowman
Senior Technology Advisor
Centrend, Inc.
508-347-9550 x135

Recently, I prepared my company’s Quickbooks file and sent it off to McClaren & Associates, my CPA firm.

Because the file was over 30 megabytes, the best way to get it to them was to burn it on a CD and drop it in the mail. Before I burned the file to the CD however, I had encrypted the data file with PGP Desktop to form a Self Decrypting Archive. This means that the data itself becomes scrambled, and no one in the world (including even most major governments!!) will be able to unscramble it unless they have the “key”. When my CPA’s office received the CD, they would enter a password (the “key”), that we previously agreed to verbally, and would then be able to unscramble and save the file into a format Quickbooks will understand. This method of data protection is far beyond merely password protecting the opening of a file, and is extremely secure.

Now for the lesson: What are the chances, but wouldn’t you know it got lost in the mail and never made it to their office!?! This is a true story. Thankfully, I had the file encrypted.

Remember folks, this was my entire accounting system file and had all my customers, vendors and employees information in it. Much of this data, such as credit card numbers, bank account numbers, social security numbers, and other personnel data is deemed personal information and controlled by MA 201 CMR 17.00 is contained in the file!

Wouldn’t you cringe if this happened to you and the file you sent was NOT encrypted?

Remember, even though a Quickbooks file may be password protected it can still be opened by anyone by simply accessing Google.com and searching for a Password Cracker for Quickbooks. Also, even if the password is not determined, the personal information could easily be extracted by even a novice hacker.

Fortunately, all my customers, vendors, and employees can REST EASY. How safe are you keeping your stakeholder’s data? Do you have CDs or USB drives or even tape backups lying around unencrypted?

For more information, contact Bill Bowman or me about a free network security risk assessment and MA 201 CMR 17.00 compliance assessment to help you keep your customers, vendors and employees data safe and sound.
-Paul

***
Paul LaFlamme
President & CEO
Centrend, Inc.
508-347-9550 (LiveCall:508-347-9550) x115

The ‘Conficker’ virus, also known as ‘Downadup’, is a Trojan virus which was first detected in November, 2008, and is particularly difficult for officials to deal with because of its sophistication. The good news is that all of Centrend’s IT program clients are safe and protected from the attack. As the newest version of the virus, known as the ‘Conficker C’ variant, propogates itself, we are prepared to deal with the outbreak for those who are not currently Centrend clients.

The ‘Conficker B’ version of the virus spread rapidly and by February had infected an estimated 12 million Windows PCs world-wide. So, there is potential for an even more widespread infection with the latest variant that has already infected an unknown number of PCs, and is expected to change its activity on April first. Conficker has the ability to create its own peer to peer network, so it communicates from one PC to another across many kinds of connectivity or through portable media, such as USB drives and CD-ROMs. Anyone who has questions or is unsure about whether or not their PC is infected or vulnerable to the Conficker virus should contact Centrend for assistance.

- Bill

***
Bill Bowman
Senior Technology Advisor
Centrend, Inc
508-347-9550 x 135

Technology Results within a CEO’s Timeframe

Does your organization have a policy in place regarding unsolicited commercial e-mail? Let’s think about the underlying principles your e-mail policy should be based upon.

The act of sending an Email message without the prior consent of the recipient is considered offensive. The sender of any Email message must have a prior established relationship with the recipient (they should at least know who you are), or the recipient’s express permission to be included on your e-mail list (maybe they don’t know who you are, but for some reason, they don’t mind getting e-mail from you).

Always ask permission to add a contact to your e-mail list. Allow the recipients of your e-mail to safely remove themselves from your list. Immediately remove anyone from your list who asks to be removed, and remove them without question.

-Bill

***

Bill Bowman
Senior Technology Advisor
Centrend, Inc.
508-347-9550 x135

Is your website current with your latest products and services, company news and press releases? If you’re like most organizations, you’re going to reluctantly admit that not only isn’t the site up to date, but you’re often embarrassed by it.

You had a vision of having a great web site…what went wrong? Most often the problem is due to one of these reasons:

1. Original site was non professionally designed – (the son of a neighbor who just completed an HTML class for example)
2. There was never an action plan to keep the site up to date
3. Those responsible for contributing content “pass the buck” and don’t provide your developer with the materials
4. You provide your web developer and web maintenance provider with materials but the information doesn’t get posted timely
5. The nature of your business requires that your site changes often and you literally can’t keep up with the changes.

In recent years, and thanks to some wonderful open-source solutions, it’s never been more cost effective to create a web site that you (and your staff) can maintain yourself! With minimal training and with little more knowledge than using a word processing program such as Microsoft Word, you’ll be able to make immediate changes to your site in REALTIME.

In recent years, Centrend has been building Content Management Systems for customers to solve the problem of keeping their site up to date and helping them realize these benefits:

• - In smaller companies, owners or operations managers maintain the site directly. Owners love the ability to make immediate changes to their site.
• - In larger organizations, responsibility for maintaining the web site is handed down to department managers. Owners and business managers can then hold each department accountable for their area of the site.
• - The CMS systems work great for internal only sites too such as company intranets and project management and tracking-oriented sites.
• - Because Content is so easily added, you end up with a larger website which adds value for your visitors and makes you site more useful for search engines as well.

Please contact me if I can be of any help getting your web site strategy back on track!

-Paul
***
Paul LaFlamme
President & CEO