We love questions! Here are some of the most common questions we get from our clients.
Does being HIPAA or PCI DSS compliant mean I’m protected if I ever have a security breach?
No. Compliance with HIPAA, PCI, or any other standard just means you’re following their guidance. However, the onus for protecting your customer’s data still rests entirely on your shoulders. That’s why it’s so vital to ensure that compliance is only part of your overall data security strategy.
Are malware and virus protection applications enough to keep my systems secure?
Off-the-shelf malware and virus protection can be good enough for home and some small business systems. However, the more sensitive data you keep, the more your business becomes a target for hackers and data thieves. In fact, small and midsized businesses may be even more vulnerable because hackers know these systems are usually less protected than systems managed by larger businesses.
I keep hearing people say employees are the biggest threat to system security. What can I do to ensure my people don’t unknowingly compromise our customer’s data?
Unfortunately, the rumors are true. From phishing schemes to inadvertently downloaded malware, most hackers get in through the employees of a company. Worse yet, security studies also show that roughly 10% of the time, the data theft incident originates within the organization.
As they say, the best defense is a good offense. The first step is to assess your risk. E.g., How sensitive is your data? How confident are you in every single employees’ ability to follow the proper procedures, e.g., implement software patches or not open email links from unknown sources? Do you have other vulnerabilities such as unsecured access to your physical premises? We can help you complete an assessment and come up with a plan that fits your needs.
What’s the difference between “backup” and “disaster recovery”?
Traditional “backup and restore” makes a copy of your data to a physical device such as a tape drive or disk that is then stored offsite for security reasons. Most organizations that deploy this method do it once a day – if at all. (How easy is it to skip a day in your office?) Even when backups are done, they are rarely tested. (How confident are you that your tape or disk isn’t worn out?) But, let’s assume that everything backs up correctly, and your systems go down and need to be restored. Someone still has to retrieve the device from the offsite facility before you can get your data back.
“Disaster Recovery” refers to the replication of your data to a device in the cloud. Replication can happen several times a day, minimizing data loss. (You set the targets.) Recovery time is also much quicker as your data is immediately accessible. You can even mirror your systems in the cloud — at a fraction of the price of mirroring them in your data center — to virtually eliminate downtime. Plus, we can automate the testing of your replication so you know your data and applications will be there when you need them.
Are public clouds secure?
A public cloud can be far more secure than storing data and applications on site. The reasons for that are twofold: First, many companies offering public cloud solutions, such as Microsoft and Amazon, also offer a number of built-in security features. Second, these companies spend billions of dollars on security and have full-time security experts on staff, folks who focus on nothing but where the next threat is coming from and how to prevent it.
Can a public cloud be HIPAA or PCI DSS compliant?
There was a time when cloud computing was automatically considered non-compliant, but these days, public clouds are seen by many as more conducive to compliance than on-premises implementations. Even our own federal government (arguably the largest holder of private data in this hemisphere) is taking a “Cloud First” attitude when it comes to new systems and applications.
That’s not to say that a cloud deployment is automatically compliant. You still need to ensure the proper data handling procedures are followed.
Will I save money if I use outsourced IT services?
Possibly. However, the first services our customers engage us for are often services they are not able to do very well in-house, e.g., security or disaster recovery. We might not save them money up front, but we can certainly save them time and money should something happen.
That said, we understand that most organizations don’t have an unlimited pool of funds, even for their most important priorities. We always work with our customers to ensure that our proposals meet their unique needs and their budget requirements.
Why is being licensed by the state of New York to install security cameras such a big deal?
The reason you install security cameras is to capture evidence. When these security cameras are installed by unlicensed companies, there is a chance that the evidence will be deemed inadmissible in court.
Why should I work with an IT company to install other systems such as phones or security systems?
StoredTech is not just a computer and network company. As StoredTech evolved as a company, we found that customers needed a business infrastructure specialist who also understood the demands of their IT systems and especially their networks. We’ve been called in to resolve many “network issues” encountered by customers, only to discover that someone installed a security or phone system on the same network and in turn, it overwhelmed their bandwidth. So, over the years StoredTech added on the expertise to not only handle computer and networking, but also phone and security systems to create a fully integrated environment for our customers.