The Conficker Virus and Security Programs/Laws for Massachusetts Businesses.

How the Conficker virus and other such viruses can have a detrimental effect on your business should your company information ever be breached or hacked into.
 
March 30, 2009 - PRLog -- Current Security Threat:  Conficker Virus.  The Conficker virus is the latest super virus to spread around the Internet. Conficker has already spread to 10 million PC’s, and there may be up to 350 million vulnerable computers out there.

The virus features a sophisticated method of cracking administrator passwords, making it difficult to remove, and also copies itself to USB drives so that it can spread even when the online flaw is plugged.

Its primary effect has been to prevent people from installing Windows updates and anti-virus software that could potentially thwart malware. However, Conficker's has the ability to launch a second stage, downloading additional code that could hijack computers completely, allowing it to steal sensitive personal and business information, such as bank accounts, credit card numbers, passwords, database information etc.  

Security Overview:  
Massachusetts adopted regulations on Sept. 22, 2008, that will require businesses, wherever located, that store or use information about Massachusetts residents, to implement comprehensive information security programs by January 1, 2010.  Compliance with this new law, referred to as 201 CMR 17, needs to be met by persons who own, license, store or maintain personal information about a resident of the Commonwealth of Massachusetts. This regulation establishes minimum standards to be met in connection with the safeguarding of personal information contained in both paper and electronic records.

What is considered personal information:
If you store a Massachusetts resident last name and first name on computer or on paper AND also store any of the following information, this is considered “personal information” and the new law is applicable to you business.  
1.   Social Security number
2.   Driver's License number
3.   Financial Account number (credit card, debit card)
4.   Access code that would allow you to access that person financial information


Requirements and Blue LAN Group, Inc.’s  recommendations:
•   Designate one employee to design, implement and coordinate the maintenance of the comprehensive information security program;
•   Identify and assess internal and external risks to the security, confidentiality, and/or integrity of any electronic, paper or other records containing personal information in each relevant area of the business’s operations
•   Develop a security policy for employees who telecommute that take into account whether and how such employees should be allowed to keep, access and transport data containing personal information.
•   Consider implementing disciplinary measures for violations of the comprehensive information security program rules.
•   Prevent terminated employees from accessing records containing personal information by immediately terminating their physical and electronic access to such records, including deactivating their passwords and user names.
•   Take all reasonable steps to verify that third-party service providers with access to personal information have the capacity to protect such personal information, including (i) selecting and retaining service providers that are capable of maintaining safeguards for personal information; and (ii) contractually requiring service providers to maintain such safeguards. Prior to permitting third-party service providers access to personal information, the person permitting such access shall obtain from the third-party service provider a written certification that such service provider has a written, comprehensive information security program that is in compliance with the provisions of these regulations.
•   Collect the minimum amount of personal information necessary to accomplish the legitimate purpose for which it was collected; retain such information for the minimum time necessary to accomplish such purpose; and permit access to the smallest number of persons who are reasonably required to know such information in order to accomplish such purpose.
•   Inventory all paper, electronic and other records, computing systems, and storage media, including laptops and portable devices used to store personal information, to identify those records containing personal information.
•   Regularly monitor and audit employee access to personal information in order to ensure that the comprehensive information security program is operating in a manner reasonably calculated to prevent unauthorized access to or unauthorized use of personal information.
•   Review the scope of the security measures at least annually or whenever there is a material change in business practices that may reasonably implicate the security or integrity of records containing personal information.
•   Document all responsive actions taken in connection with any incident involving a breach of security and document all post-incident review of events and actions taken, if any, to make changes in business practices relating to protection of personal information.
•   To the extent technically feasible, all personal information stored on laptops or other portable devices must be encrypted, as must all records and files transmitted across public networks (including email) or wirelessly, to the extent technically feasible. Encryption here means the transformation of data through the use of an algorithmic process, or an alternative method at least as secure, into a form in which meaning cannot be assigned without the use of a confidential process or key, unless further defined by regulation by the Office of Consumer Affairs and Business Regulation.

# # #

Blue LAN Group, Inc. is a full service IT consulting company that provides support to small/medium size businesses, non-profits and schools.
End
Source: » Follow
Email:***@bluelangroup.com Email Verified
Zip:02360
Tags:Security, Conficker, Virus, Internet, Hacked, Id Theft, Computer, Desktop, Protection, Business
Industry:Computers, Internet, Security
Location:Plymouth - Massachusetts - United States
Account Email Address Verified     Disclaimer     Report Abuse
Page Updated Last on: Mar 30, 2009
Blue LAN Group, Inc. News
Trending
Most Viewed
Daily News



Like PRLog?
9K2K1K
Click to Share