Monthly Archives

May 2021

teams vs zoom vs meet

Microsoft Teams vs. Zoom vs. Google Meet

By | Technology

Video conferencing is more important than ever before as businesses of all sizes across the world have embraced this technology. Organizations can quickly communicate with each other through video conferencing without the need for long travel days. Teams can work together more efficiently and effectively without being in the same room.

There are countless options to consider when choosing a video conferencing software solution. Choosing the correct option for your business will help you grow your business. Any issues with your video conferencing software can ruin a potential sale or make you look unprofessional. In order to narrow these options down, businesses should consider their needs by comparing some similar video conference software qualities.

 

Factors To Consider

Number Of Participants

Most small and medium-sized businesses will only have a handful of people on a video conference call at one time. Larger businesses may have hundreds or even thousands of video call participants, which makes the audience limit significant. Many video conferencing software have a limit to the number of people allowed in one call.

 

Security

Just as with other forms of communication, your organization needs to ensure that your video conferencing solution is secure and encrypted. Any security breaches can result in the loss of valuable data and customer trust. Some businesses were subject to ‘Zoom Bombs,’ where pranksters would infiltrate private company Zoom meetings.

 

Ease Of Use

Some employees will be using video conferencing software for the first time. Organizations should consider how easy the software is to learn and use. Simple mistakes, such as sharing the wrong screen, can make your team look unprepared for an important meeting.

 

Pricing

As with any software solution, the price can be a significant barrier to adoption. The organization must be able to afford the video conferencing application for every user that needs it. Some businesses are able to get by using the free version of these applications, but others will need the premium versions.

 

Microsoft Teams

Number Of Participants

The Microsoft Teams free version offers the highest number of meeting participants as compared to Google Meet and Zoom with up to 300. Participants can see up to 49 other users on the screen at one time. The paid version of Microsoft Teams allows businesses to host webinars. Up to 10,000 users can attend the webinar for a period of four hours.

 

Security

Microsoft Teams has a relatively robust level of security. This software solution automatically encrypts all meetings in order to keep data safe. However, If you want enterprise-level security, then you are going to have to pay for it. Microsoft offers multiple two-factor authentication packages in order to increase security levels.

 

Ease Of Use

Microsoft Teams has a feature that allows users to collaborate with other users on Office documents. Teams allow users to keep track of all of their messages with other users and search through them, which is more efficient than searching through emails. Organizations that are already working with other Microsoft 365 apps will likely find Microsoft Teams the best solution.

 

Pricing

Microsoft Teams is free for businesses that already have a Microsoft 365 subscription. Microsoft 365 subscriptions start at $5 per user. Businesses can access the free version of Microsoft Teams, which allows users to host a meeting with up to 300 participants.

 

Google Meet

Number of Participants

The free version of Google Meet has a limit of 100 participants for 60 minutes. While the paid version of Google Meet can handle up to 250 users per meeting and up to 100,000 viewers within a domain.

 

Security

Google Meet may be the best of these three when it comes to security. This solution offers multiple two-factor verification options and creates a unique encryption key for every meeting. Google Meet also meets the Internet Engineering Task Force’s standards for Secure Real-time Transport Protocol and Datagram Transport Layer Security.

 

Ease Of Use

In order to use Google Meet, users have to have a Google account. This could be a barrier to some users. The software itself is relatively easy to use and even has automatic live captioning powered with Google Speech. Similar to Microsoft Teams, if your business already works with G-suite products, then Google Meet will probably be the solution that is easiest to integrate with.

 

Pricing

Google Meet is currently priced from $6 to $18 per user depending on the plan. Depending on the size of the business, this could be an affordable option. Google Meet also has a free version that small businesses can take advantage of.

 

Zoom

Number of Participants

The free version of Zoom allows users to host a meeting of up to 100 participants for 40 minutes. The business version of Zoom allows meetings of anywhere between 300 and 1,000 participants. Zoom premium has a webinar feature that allows users to host a webinar with up to 3,000 users.

 

Security

One of the big concerns about Zoom is that they do not have a robust security solution as compared to Teams and Meet. Hackers were able to get into private Zoom meetings in the beginning of the pandemic to cause havoc. Zoom has been able to address those security issues since then. Zoom now offers end-to-end encryption for all meetings.

 

Ease Of Use

Zoom is arguably the most popular video conferencing software application. Zoom is exceptionally easy to use, even for a user who has never used video conferencing software before. Zoom has the capability to run on almost any operating system or device. Even below-average Android devices have no issue video conferencing with Zoom.

 

Pricing

Zoom pricing starts off at $15 per host. That price can quickly add up if your business involves many one-on-one meetings. Many small businesses can utilize the free version of Zoom, as their meetings will typically last less than an hour and involve less than 100 participants.

 

BACS Can Help You Choose The Best Video Conferencing Solution

Are you still unsure which video conferencing software to use? BACS can help your organization analyze and decide which software will best suit your needs. Our team will work closely with your organization to understand your business and deliver a solution that makes your life easier. Reach out to BACS today to learn more about all video conferencing software solutions. Our team is more than happy to answer any questions you may have about video conferencing software.

construction-company-cybersecurity

Everything Your Construction Company Needs For Cybersecurity

By | Data Protection, Security

As a construction company, you may be surprised to learn that hackers are increasingly targeting the construction industry. One study performed by security vendor Sophos found that out of 203 construction companies, 68% had suffered a cybersecurity attack in the past year. There was even one instance where hackers were able to take control of a crane remotely. 

Some construction companies may not be interested in cybersecurity, as they want to focus mostly on what they do best. Many owners may downplay potential cybersecurity threats, but they should be paying attention to these threats. Even if your construction company does not want to actively focus on cybersecurity, there are a few reasons why you should care about cybersecurity. There are also some cybersecurity essentials that you need to have in order to properly protect your business. 

 

Why Should A Construction Company Care About Cybersecurity?

Cybersecurity is important no matter what industry you are operating in. There are a few reasons that your construction company should care about cybersecurity. The most important reason may be data. 

 

Data

Your organization is responsible for all of the valuable information and data that it holds onto. Hackers want this information and will do nearly anything in their power to gain access to it. Your company has to do everything in its power to prevent this from happening. The loss of competitive data, such as bidding strategies, can hamper your ability to do business. 

A hacker could gain access to valuable blueprints and designs, which could compromise an entire project. A hacking breach can result in the loss of trust between your company and a fantastic customer. You could lose valuable customers if you suffer a hacking incident. Hacking incidents can also make government contracts harder to win against a competitor who has not had similar issues. 

 

Downtime

Hackers can create serious headaches for any organization. One way that they can cause huge problems is by taking down machines, systems, and computers in an organization. Once a hacker gains access to your network, they can take systems offline and bring your entire company to a screeching halt. 

This can lead to multiple hours where employees cannot properly perform their work. If this happens multiple times each year, it can lead to millions of dollars in lost productivity. No organization wants to lose countless hours to get machines back up and running from a hacking incident. 

Now that we understand the importance of cybersecurity for construction companies, let’s discuss how your company can mitigate these risks. 

 

4 CyberSecurity Essentials For Construction Companies

Every construction company should at least have these basic cybersecurity essentials, which will give your business a comfortable level of security and protection. 

 

Firewall Protection

One of the most basic essentials that any company should employ is a firewall. A firewall is a network security system that monitors that incoming and outgoing internet traffic that can protect your construction company. The newest firewalls bring together a combination of security measures in order to keep your construction company safe. 

Firewalls can help prevent hackers from stealing valuable data and keep your systems free from any viruses. Most incoming potential threats will be blocked when it is detected by the firewall. Overall, a firewall should improve your cybersecurity outlook and prevent potential data loss. 

 

Email Security

Email has become one of the primary methods for communication for nearly all businesses. Ensuring that this line of communication is secure is key to any cybersecurity strategy. Having a dedicated email security software solution can help your company stay safe and build trust with customers. 

Email security solutions can scan outgoing and incoming emails to identify any potential threats and alert users to these threats. Two factor authentication can also help ensure that you are sending potentially sensitive documents to the right party. Email security will help keep your data safe, if employees are properly trained and educated. 

 

Education

Phishing scams are one of the most common ways that hackers utilize that enable them to breach an organization. Even the most educated, senior employees could fall for a sophisticated hacking scam. Consistent and thorough education will help employees make the right decisions when performing their daily activities and encountering phishing scams. 

Organizations should ensure that employees are educated about the latest phishing scams that are likely to impact safety. Employees that are educated on phishing can identify them and forward them to the appropriate team member. Your company can alert other employees to the scam to keep the hackers out of your organization. 

 

Backup and Recovery

Even the most robust cybersecurity strategies can fail at times, which is where backup and recovery comes into play. According to some estimates, more than 50% of all small and medium businesses do not have adequate back and recovery strategies in place. That is precisely why construction companies need to have backup and recovery systems in place for when something does go wrong. 

A proper backup and recovery system will ensure that your data will still be accessible if the worst happens. Construction companies can selectively choose which critical data will be backed up in a separate medium. You can rest easy at night knowing that your data has been backed up, if anything disastrous happens. 

All of these initiatives are not easy and require a certain level of knowledge. Most construction companies do not have the necessary expertise to ensure that these essentials are taken care of. Cybersecurity companies can help construction companies fill these knowledge gaps. BACS regularly works with construction companies in order to help them with cybersecurity projects. 

 

BACS Can Help You Construct Your Cybersecurity Defense

BACS has helped plenty of construction companies develop a customized cybersecurity defense strategy that can help your company fend off any potential hackers. Our team will work closely with your key leaders to understand your business and give you everything that you need. Your business can use our expertise to keep your data safe and secure. 

Reach out today to learn more about all of the offerings that BACS has. Our team is more than happy to answer any questions that you may have regarding cybersecurity. We can develop a customized cybersecurity solution for your construction company. Your team can focus on building your next project, instead of building your cybersecurity defense. 

 

Safe Harbor laws

Safe Harbor laws: Mitigating the impact of a data breach

By | Data Protection, Security

Today’s cybercriminals have become increasingly more sophisticated in their ability to exploit weaknesses in security defenses. When a data breach does occur, the biggest losers, of course, are businesses who must explain the impact to stakeholders and shoulder the cost of recovery.

To help minimize damage resulting from a data breach, most states have enacted Safe Harbor (Against Data Breach) laws, which are often linked to existing IT governance and security frameworks such as the National Institute of Standards and Technology (NIST). To be eligible, however, Safe Harbor rules require businesses to implement best practice security protocols and procedures as part of a clear, well-defined data security framework.

 

Safe Harbor advantages

The goal of safe harbor laws is to impel businesses to take proactive measures to protect sensitive and confidential data. When a data breach occurs, a notification requirement is triggered where the business must notify the compromised parties regarding the details of the breach. Depending on the jurisdiction, some laws may also require the business to notify credit bureaus and local government agencies.

Safe harbor laws provide businesses with two distinct benefits. First, they can help ease the level of scrutiny from regulators and reduce fines and penalties for data breach violations. The rationale is that if a business is following sound security practices, why should they be punished to the same degree as an organization that has invested little into data protection and security?

Second, the law provides a natural incentive for businesses to voluntarily improve their cybersecurity practices, which is a benefit for the marketplace overall.  What’s more, implementing robust security measures is a smart business strategy, particularly in light of today’s escalating cybersecurity threats.

 

Reaping the benefits of data encryption

Many safe harbor laws include a provision that rewards organizations that have implemented sound data encryption technology, allowing them to classify a data breach as an “incident” rather than a “breach.” The advantage of this classification is that it can exempt companies from the expense and (potential reputational harm) of having to comply with breach notification requirements.

While encryption offers an effective way to reduce risk, not all encryption will get you off the hook from notification. To fully protect your business and achieve safe harbor status, you must employ robust, role-based encryption and implement effective encryption key management techniques, including the protocols and procedures of how keys are generated, distributed, stored, and replaced.

Avoiding a breach altogether is always the better option, even if notification is not required. Understanding your current security posture and building an effective data security framework is more than managing a checklist of tools and policies. It requires a holistic approach that takes into consideration your unique data protection and access needs, regulatory and market pressures, and long-term business goals.

The good news is that with the right mix of technology, engineering know-how, and smart policies, building a solid data breach defense is possible.

 

Building a solid security foundation

While implementing the right technology, like strong access controls and user authentication methods, is important, it’s not the whole solution. The users who interface with IT systems must also be educated and instructed in how to perform their tasks. And, the policies and procedures that define the actions must be properly designed and consistently enforced.

Additional proactive measures can provide an extra layer as part of a comprehensive security strategy.

 

  • Create a culture in which people talk about data protection and security, and make security a clear priority. Teach users about secure online practices such as how to recognize potential threats and phishing attempts. Check their security awareness with in-house hacking checks and interactive security activities.
  • Simplify and streamline security with solutions that consolidate authentication, encryption and advanced threat protection into a single security suite. Compared with point tools, these integrated systems require a fraction of the IT resources required to maintain effective threat protection.
  • Deploy updated anti-malware to help prevent malicious software such as ransomware and viruses from sneaking into your network, and make sure your anti-malware software is consistently updated with the latest definitions
  • Define policies and procedures. Usage policies define what behaviors are and aren’t acceptable. Work with your internal team to define and implement policies and practices based on your usage preferences and requirements or mandates specific to your particular market.
  • Keep patches current―make sure your practices include automated patching to help enforce policies and keep systems up to date and enforced with the latest software patching.
  • Make backups of all your data and software on a storage device that is not attached to your network or computer. Confirm that all your backups are operating properly and test them on a regular basis to make sure they will perform when you need them.

 

Without a clearly defined plan and ongoing commitment to effective data protection and oversight, your organization may fail to meet the standards needed to reap the benefits of Safe Harbor protection.

Some important points to keep in mind:

  • Safe Harbor statutes can help minimize costs and potential reputational damage arising from data breach lawsuits.
  • Cybersecurity insurance can help ease the cost of recovery from a data breach incident.
  • Following data security best practices is the best way to leverage the benefits of Safe Harbor laws.
  • Building your security strategy around a framework like NIST can help ensure alignment with current security practices and techniques.

 

Combining technology with the right expertise

As cybersecurity becomes increasingly more complex, many organizations lack the resources and knowledge they need to create an effective strategy. That’s why you need a trusted security expert who not only understands the latest security trends, but can accurately define your business requirements and implement a plan that aligns with your current and long term needs

Safeguarding your vital IT infrastructure is not just a security concern; it is a fundamental business issue. It requires an intelligent investment in resources to meet an increasingly complex threat landscape. Ultimately, the cost of recovering from a breach will always be more exorbitant than any expenses incurred in safeguarding data with the right expertise and technology.

 

 

CCPA Privacy Act

What California Businesses Should Know About the CCPA

By | Data Protection, Security

The California Consumer Privacy Act (CCPA), which became effective January 1, 2020, grew out of a need to protect the privacy of consumer data at a time when data breaches involving the personal information of consumers are becoming commonplace. The state of California has the most data breaches and the most data records exposed (1700) in the U.S. That’s according to findings by Comparitech of data breaches between 2005 and 2020. During this time, California had a total of almost 5.6 billion records. It makes sense that the state would be the first in the U.S. to adopt strict regulations to protect the privacy of consumer’s personal information. Are you a California business wondering how the CCPA affects your operation? You should view the CCPA privacy rights as outlined in their entirety on the State of California Department of Justice website. The website provides all the information you need to determine if the CCPA applies to your business, what actions the business must take, and the penalties if the business does not obtain compliance.

The following are nine key takeaways from the CCPA for California businesses:

  1. The CCPA grants consumers specific rights regarding their personal information.
  2. The CCPA includes definitions of consumer and personal information.
  3. The CCPA impacts specific businesses.
  4. Businesses impacted by the CCPA have responsibilities regarding the personal information of consumers.
  5. Some personal information is excluded from the CCPA.
  6. The CCPA includes requirements for selling the personal information of children.
  7. Non-Compliance of the CCPA is enforced by the Attorney General.
  8. Consumers have legal recourse for business non-compliance of the CCPA.
  9. A security breach could become more costly.

1. The CCPA grants consumers specific rights regarding their personal information.

The CCPA grants consumers the following four rights regarding their personal information:

  • The right to know what personal information about them is collected, the purpose of collecting the information, and the reason collecting the information is necessary.
  • The right to request the deletion of their personal information collected by a business or service provider.
  • The right to opt-out of the sale of their personal
  • The right to not be discriminated against because they choose to opt-of sharing their personal information.

2. The CCPA includes definitions of consumer and personal information.

The two key concepts addressed in the CCPA are “consumer” and “personal information.” These terms are defined by the CCPA:

  • The CCPA defines a consumer as a natural person who resides in California, even if the person is temporarily outside of the state.
  • The CCPA defines “personal information” as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household such as a real name, alias, postal address, unique personal identifier, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.” The CCPA includes a long list of categories by which personal information can be identifiable.

3. The CCPA impacts specific businesses.

There are three questions that businesses can ask themselves to determine if the CCPA applies to their business:

  • Is your business a for-profit business that conducts business in the state of California?
  • Is your gross annual revenue more than $25 million?
  • Does your business “buy, receive, or sell the personal information of 50,000 or more California residents, households, or devices”?
  • Does your business “derive 50% or more of their annual revenue from selling California residents’ personal information”?

If your business answers “yes” to any of the above questions, the CCPA applies to your business.

4. Businesses impacted by the CCPA have responsibilities regarding the personal information of consumers.

Businesses that are impacted by the CCPA must do the following:

  • Advise consumers that they collect personal information.
  • Inform consumers of the types of personal information they collect.
  • Inform consumers of their purpose for collecting personal information.
  • Reveal any third-party businesses to which personal information is distributed.
  • Provide a method for consumers to submit a request to access their personal data.
  • Provide consumers an opt-out option to selling their personal information. If a consumer later chooses to opt-in, the business must make the request and confirm their opt-in. The CCPA allows businesses to offer consumers who have not opted-out, a financial incentive.
  • Include a privacy policy on their website that includes the information stated above.

5. Some personal information is excluded from the CCPA.

The CCPA references the following exclusions:

  • Medical information that is governed by the Confidentiality of Medical Information Act (CMIA) or health information that is protected by the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 are not covered by the CCPA.
  • While employers are required to inform employees and potential employees about the personal information they collect and its purposes, the personal data collected and stored as part of being an employee, an employee’s emergency contact, or personal information used in processes for benefits is not protected by the CCPA.
  • Any aspect of the CCPA that prevents an impacted business from complying with other federal, state, or local laws is excluded.
  • Information that is available to the public is not covered by the CCPA.

6. The CCPA includes requirements for selling the personal information of children.

The U.S. federal government enacted the Children’s Online Privacy Protection Act (COPPA) in 1998 for the purpose of protecting the online privacy of children. The CCPA includes the following requirements of impacted businesses that extends that protection by giving parents and teenagers additional control over the personal data of minors:

  • Impacted businesses are prohibited from selling the personal information of consumers that are younger than 16 years old without prior authorization from a parent, legal guardian, or the minor consumer (when the consumer is age 13 or over).
  • The consent to sell personal information of minors must be verifiable using “reasonable methods” that are in line with the recommended methods stated in the CCPA. An impacted business must have knowledge that a consumer is under the age of 16.

7. Non-Compliance of the CCPA is enforced by the Attorney General.

The CCPA is enforced by the California attorney general. The attorney general has the right to bring a civil action against an organization that has been informed that they are not in compliance of the law and have not come into compliance within 30 days of being notified of the noncompliance. Violators of the CCPA may be hit with fines of up to $2500 for each violation and up to $7500 for each intentional violation.

An impacted business that chooses not to inquire about a consumer’s age is considered “willful disregard” of the CCPA and may result in a non-compliance violation.

8. Consumers have legal recourse for business non-compliance of the CCPA.

If a consumer’s personal information is involved in a data breach, the CCPA allows the consumer to bring suit against the organization.

There are three checks for this to apply:

  • The personal information must be a combination of the consumer’s first and last name and one of the items outlined by the CCPA.
  • The personal information must have been stolen, accessed without authorization, or disclosed.
  • The personal information must have been in nonencrypted and nonredacted form.

9. A security breach could become more costly.

The average cost of a data breach will likely increase with the CCPA in force. According to a report by IBM, the average cost of a data breach is $3.86 million. Since 2003, California law has required organizations and state agencies to report data security breaches involving the unencrypted personal information of any California resident by an unauthorized person. Under the CCPA, an impacted business is required to pay a maximum of $750 for each data breach incident.

Next Steps

According to a report by the global computer security software company McAfee, only 31% of organizations in the U.S. have a plan to prevent IT security incidents. While the CCPA does not require that impacted businesses implement specific security methods, it’s a good plan for these businesses to take steps to obtain compliance.

The following are general steps that can help you obtain compliance with the CCPA:

  • Review the CCPA in its entirety and stay informed of any updates.
  • Understand the personal information of consumers that your business collects and stores.
  • Create or update your privacy policy to include the information required by the CCPA.

If you’re not sure where your business stands regarding the CCPA or need assistance obtaining compliance, BACS can help. BACS is a firm that provides IT security solutions. Compliance is one of the core areas of expertise of the firm. The professional staff has expertise in analyzing the security needs of organizations and developing a comprehensive and strategic plan that includes adherence to applicable regulations.