All Posts By

James Berger

managed6 - Bacsit

3 Reasons Your IT Infrastructure Is Failing Your Business

By | managed It services

Your IT infrastructure is holding your business back. 

Organizations often ignore their IT infrastructure. Some companies do not keep their IT infrastructure up to date as their business grows. Similar to other infrastructure, such as roads and bridges, IT infrastructure requires continuous maintenance and upgrades in order to properly support your business processes and activities. 

Ignoring IT infrastructure can cause a number of issues within your business. Competitors can take advantage of this misstep and leave organizations with aging infrastructure behind. When a business is beginning to expand their IT infrastructure, there are many costly mistakes that can be made. Companies should consult an expert in IT infrastructure, such as BACS, to ensure your infrastructure can keep up with the demands of your business. Still, building up your IT Infrastructure can sound like an expense that your business doesn’t want to take on. However, listen to James, CIO of BACS, discuss how small to medium businesses are leveraging tech that was once only available to enterprise level businesses and how they are able to afford the latest technology that will scale and expand their business:

 

 

How Your IT Infrastructure Is Failing Your Business

Outdated and non-optimized IT infrastructure will prevent your business from growing and can cause significant process and performance issues. Some companies may be tempted to patch problems whenever they come up, but over time your IT infrastructure will eventually fail. There are multiple reasons why your company should continually invest in your IT infrastructure. 

  • Increased Downtime

One of the most obvious signs that your IT infrastructure is failing your business is when you begin to see increases in both the length and number of instances of downtime. IT downtime occurs when your network or applications unexpectedly fail, while your business is operating. There are multiple reasons and factors that can cause your IT infrastructure to crash. 

Depending on your business model, any downtime can cause serious business implications. Employees may not be able to perform their daily tasks. Customers may become frustrated, if they cannot access your applications or services. If your business relies on online revenue, you can quickly lose out on customer orders. 

Some organizations can lose millions of dollars each hour that their IT infrastructure is down. According to Gartner, the average cost of IT downtime is $5,600 each minute. Those costs can quickly add up over time. Organizations can avoid IT downtime by ensuring that their infrastructure can handle their daily business operations. 

  • Preventing Full Optimization

IT infrastructures can hold an organization back from reaching its full potential. New technologies and applications may require updated IT infrastructure in order to properly function. Attempting to overload the infrastructure may lead to a host of issues. For example, a company with an outdated IT infrastructure will have to deal with more problems when they move their operations to the cloud. 

Investing in IT infrastructure will allow your organization to create better products and services for your customers. Older IT infrastructure can hamper your team’s ability to keep up with the competition. Employees can be more productive when the proper IT infrastructure is in place. They will be able to access company resources and applications from anywhere in the world with an internet connection.  

Improper IT infrastructure can also lead to more data breaches. About 63% of small and medium sized businesses experienced a data breach in 2019. This number is only going to continue increasing, as cybersecurity attacks are becoming more sophisticated. Investing in IT infrastructure can help prevent data breaches. 

  • Rising Costs

Companies may be unaware of all of the money they are wasting by refusing to upgrade their IT infrastructure. The costs of keeping older IT infrastructure in place can quickly add up. Executives may be hesitant to spend significant capital upfront to upgrade their IT infrastructure, but in the long run most companies will save money. 

The scaling costs of the cloud are evident in startups that attempt to scale rapidly. One startup was in the video encoding and streaming space. Early on in their journey, their team did not properly invest in their IT infrastructure. The company was using Amazon Web Services and spending over $300,000 a month on their cloud infrastructure and services. This model was not sustainable in the long term. 

The startup worked with an IT infrastructure company in order to set up their own infrastructure. Their costs dropped from $300,000 a month to $100,000 a month. Currently, the company spends about $250,000 a month on their IT infrastructure and bandwidth. The Amazon Web Services bill for similar infrastructure and bandwidth would have been over $1,000,000 per month. If the company had properly set up at least some IT infrastructure, they could have avoided their skyrocketing costs altogether.

Most companies do not have the capabilities to reduce their monthly IT infrastructure bill by hundreds of thousands of dollars each month. This is exactly why some companies outsource this task. BACS can help your organization properly address your IT infrastructure issues.

Related: Managed IT Services vs. Traditional IT Support: What’s The Difference? 

 

Update Your IT Infrastructure With BACS

Updating and optimizing your IT infrastructure is not a straightforward, easy task. You may not have the right skill sets and knowledge in your organization to properly update your IT infrastructure. Thankfully, BACS is here to help you develop a customized IT infrastructure solution that meets your unique business needs. Your team can focus on growing your business, instead of spending countless hours attempting to put proper IT infrastructure in place. 

Reach out today to learn more about how BACS can improve your IT infrastructure. Your business can take full advantage of an improved IT infrastructure to take your business to the next level. Our experienced team is more than happy to answer any questions you may have regarding IT infrastructure. 

 

Contact Us for a FREE IT Assessment

bacs managed it services california

Managed IT Services For Bay Area Businesses That Want To Grow

By | managed It services

Are you aware that the advantages of managed IT services go beyond offloading your IT tasks and saving money?

 

These two benefits are significant when considering managed IT services. However, to succeed in the Bay Area marketplace, businesses like yours must implement an IT strategy that also provides a competitive advantage. Managed IT services can help your business achieve that goal by facilitating business growth. The following are five benefits of managed IT services that contribute to business growth:

Scalable IT Services

A challenge many Bay Area businesses face is scaling up technology systems to support growth. Implementing increasingly advanced tools and infrastructure while managing daily IT tasks requires resources and expertise that is a luxury for most organizations. Partnering with a managed IT services firm should allow you to expand your services as your business grows. When you partner with a managed IT services firm, you should work closely with them to develop a Service Level Agreement (SLA) that can be modified as your organization’s technology needs change. Managed IT services firms usually offer two basic service options: a full-service option and an a la carte option.

Full-Service Option

This comprehensive option allows you to delegate a large percentage of your IT services to a managed IT services firm.  

A comprehensive option will typically include the following services:

If your business doesn’t yet have an IT strategy, the full-service option usually includes consulting that you could use to develop a strategic IT plan.

Related: Why You Need An IT Strategy

 

Contact Us for a FREE IT Assessment

 

A La Carte Option

When your organization requires specific IT services, you can choose to hire a managed IT services team to handle the tasks you assign to them. You can also specify that they only address issues that occur or request a set number of hours for them to provide a set of services you choose.

  • 24-Hour Monitoring Capabilities

Time is critical in business.  Downtime may see like a harmless side effect of doing business in a world that relies on technology to perform just about everything, but it can have a devastating effect on the growth of your business. When your systems aren’t active, that means that communication to and from your business is stifled. Employees may not be able to complete their tasks, which leads to customers not receiving their products and services as expected. 

Minimizing downtime is achieved most often when organizations use a proactive approach that discovers problems before they cause downtime. This is particularly important to businesses that operate in industries that are heavily targeted by cyber criminals. The Verizon 2021 Data Breach Investigation Report states that targeted industries such as the financial sector were more successful at discovering data breaches when the task was performed by an external third-party using monitoring tools.

Organizations that provide managed IT services generally offer around-the-clock monitoring with proactive discovery tools. These organizations usually provide dedicated resources to remotely respond quickly to alerts about system problems.

Related: Mitigating Potential Threats with Sound Security Protocols

  • Security and Compliance

According to the Cisco 2021 Security Outcomes Study, security practices such as responding quickly to incidents and accurately detecting threats help businesses keep pace with other businesses.  However, the resources necessary to manage such activities is prohibitive for most businesses. 

Managed IT services firms that offer security and compliance management typically provide the following tasks:

    • Perform an assessment of your organization’s assets and determine a strategic risk mitigation plan.
    • Catalog and monitor all assets within your organization.
    • Continually monitor your organization’s network activity.
    • Make sure your organization is compliant with applicable regulations.
    • Educate employees about their contribution to your organization’s security.

New call-to-action

  • Access to Cutting-Edge Technology

Technology is constantly evolving. In the business domain, adopting the latest technologies enables organizations to extend the benefits of existing solutions and develop innovative ones. Remaining competitive in the marketplace is the bottom line. Organizations realize that accessing the latest technology will help push them further in the marketplace. However, there are costs and testing involved with adopting new technology. Managed IT services firms work with the latest tools and can pass the benefits of using the advanced technology to the Bay Area businesses they serve.  

  • Expert IT Services

Having access to the most advanced technology is useless unless you have an experienced IT team that has the knowledge and skills to effectively deploy and maintain those technologies. Your organization may employ a well-versed IT staff, but are they able to grow with your business? Unfortunately, the answer for most Bay Area businesses is “no”. If an IT team encompasses an array of skills, the organization is likely burdening a heavy financial cost to keep those resources on the payroll. Managed IT services specialize in technology. Since they often offer end-to-end IT services, they must be equipped to manage all areas of a business related to IT.

Related: Building the Framework for a Better IT Experience

BACS as Your Bay Area Growth Partner

The really good news about adding managed IT services to your business strategy is that offers your Bay Area business multiple benefits. You can save money, remain competitive, and experience higher productivity—all of which contribute to business growth.

BACS is a team of IT experts that seeks to establish partnerships with Bay Area businesses to assist them with establishing or maintaining a long-term strategic IT plan for growth.

 

Contact Us for a FREE IT Assessment

Business Continuity

Managed IT Services: Tapping Into The Cost-Saving Value

By | managed It services

In an age where technology is often a core driver of business growth, effective and reliable IT performance is more vital than ever. A structured, planned approach to IT support can help keep your business operating at peak efficiency and optimal performance.

That’s where managed service providers are playing an increasingly critical role by providing the consistent management and optimal balance of resources businesses need to help drive productivity, protect data and assets, and maximize return on investment.

With your IT strategy and support services managed by an outside provider, you benefit from best-in-class expertise and technical capabilities along with an assortment of resource and cost optimization advantages that span across operational and business functions:  

 

1.IT planning and strategy

Today’s IT environments are complex and fast-moving. To meet ongoing efficiency and performance goals, you need an IT strategy that supports and aligns with your core business objectives. Intelligent IT planning starts with a comprehensive assessment of your IT infrastructure and operational environment to pinpoint strengths and weaknesses and help you better understand how to best leverage existing resources and technology. 

With years of experience across multiple technologies and domains, MSPs can leverage their business planning and technology procurement expertise to help you create a roadmap for performance improvement―providing a coordinated framework for managing changes to business priorities. 

Your MSP can help you transition to new technologies and platforms at the most favorable time, while extracting maximum value from your legacy investments. They will evaluate workflows and processes to identify potential areas of improvement and opportunities for cost savings.



Related: Managed IT Services vs. Traditional IT Support: What’s The Difference? 

 

2. Preventative maintenance

Ongoing monitoring of your network infrastructure and IT environment can help minimize downtime, reduce costs, and enhance performance. Rather than waiting for problems to emerge, you can proactively identify areas that are vulnerable and take action before they impact your business.

MSPs are ideally equipped to help ease the burden of day-to-day network management. By using advanced evaluation and reporting tools they can collect information and analyze the performance of your network and IT infrastructure. 

This insight allows you to chart performance over time and identify patterns and trends that could lead to disruption. It also enables better decision making around future investments and areas of improvement to help ensure your network and supporting technology is reliable, efficient, and secure.

 

3. Responsive support

A proactive approach to technology management requires ongoing collaboration and responsive support on behalf of your IT provider. One advantage of an MSP is their ability to access the latest analysis and reporting tools to track your performance and identify critical areas for improvement and investment.  

Recurring checks and ongoing follow up help make sure their recommendations are delivering the results you need and are aligned with your business goals. With responsive and reliable support from a partner you can trust, your in-house team can focus on growth and performance instead of stressing over routine management tasks.


4. Technology management  

Understanding what performance functionality your business needs is essential. One important advantage MSPs bring to the table is their knowledge and expertise around the latest technologies and operational best practices that can help boost performance, increase efficiency, and safeguard critical business assets.  

MSPs are well-versed in the need to create a strategic IT roadmap with an inherent focus on long-term growth and achieving maximum return on investments. These experts understand the complexities of technology integration and work closely with you to make sure your IT decisions align with your business priorities.

The best MPSs have well-established vendor relationships and have deep experience identifying, evaluating, and procuring the best technologies and products across a range of platforms and domains, including:  

New call-to-action

What You Get When Working With BACS IT Consulting Group 

 

Smarter, more intelligent IT  

One of the biggest advantages of working with an outsourced IT provider like BACS IT is the potential for operational efficiencies. With a fixed-cost support model, you benefit from predictable pricing and manageable costs, allowing you to better plan for larger IT investments. And with a proactive IT support strategy, you are better able to anticipate problems before they can disrupt your business.  

With knowledge and expertise needed to keep your infrastructure running at peak performance, your MSP can handle any number of routine or specialized tasks including remote monitoring, IT planning and strategy, and technology evaluation and procurement.  By delegating ongoing IT support tasks to a reliable partner, you can turn your attention to more pressing priorities with confidence that your IT operation will be running efficiently and securely.

Related: Hear About Companies Like Yours That Benefited from Managed IT Services

Enhanced security

We have deep experience in the latest security tools and best practices to safeguard your enterprise business and IT systems against today’s increasingly malicious security threats. Not only can MSPs provide monitoring services, but they have the deep expertise needed to help prevent attacks through a range of proactive measures. With customized backup and recovery and business continuity planning solutions, your service provider can help restore systems and get your operation back online in the event of a disaster―quickly replacing faulty equipment, eliminating  system vulnerabilities, and recovering systems and data with minimal disruption. 

Peace of mind 

Businesses often have little time to focus on the routine functions of infrastructure management, worrying about underlying issues such as dependability, patching and updates, and speed of network connections. By outsourcing IT support tasks to a trusted partner, you can focus more on more strategic priorities with greater peace of mind knowing that your IT operation is running smoothly and efficiently. 

Making IT a strategic priority

Changing business models are driving a shift in the role of IT―from leveraging technology and support of the business, to the higher, more strategic goal of driving business value. Your MSP can help make sure your investments and support strategy is aligned with your core business goals, providing strategic guidance that caters to your business needs. 

Following are some of the core performance and cost savings benefits of working with BACS IT:  

  1. Better insight for more informed investment decisions
  2. Better knowledge to address ongoing performance, security, and compliance issues
  3. Optimized ROI through better researched and well-timed technology updates
  4. More seamless integration of business systems, hardware, and processes
  5. Enhanced security through better identification of IT strengths and weaknesses   
  6. Optimized availability and reliability of resources and applications
  7. Better ability to meet business requirements for uptime, compliance and security
  8. More accurate decisions and actions based on an long track record of experience and success
  9. Increased operational efficiency and better optimization of internal resources  
  10. Increased security and reliability of IT operations

Choosing the right MSP

Determining where and how you might benefit from an MSP starts with a careful evaluation of your current in-house resources, business goals and growth plans. Does your in-house IT team struggle with time to focus on big-picture projects? Is your business looking to move some or all of your data to the cloud? Are your IT costs inconsistent and unpredictable? Does your business currently have a disaster contingency plan for your business? Do you plan to grow or expand your business in the future? Does your business store and manage sensitive data?

Not all providers are created equal and choosing the wrong one could prove costly. As your business needs evolve over time, more effort is needed to help ensure that business goals and priorities are carefully aligned with IT strategy. Selecting a service provider that can deliver the range of capabilities you need is critical.

You can count on BACS to:

  • Gain a deep understanding of your business, your people and your goals
  • Advise you on how to best optimize the value of your technology investments
  • Identify and outline every strategic and business advantage we can find
  • Be your trusted partner for IT strategy and technology decisions

Contact Us for a FREE Security Assessment

Data-Backup-and-Recovery-Reaping-the-Benefits-of-the-Cloud

Managed IT Services vs. Traditional IT Support: What’s The Difference?

By | IT Support, managed It services, Technology

Business technology has come far in just a few decades as many firms now enjoy operating in the cloud. While some companies still hold on to traditional tech support methods, modern enterprises are working closely with more modern Managed IT Services. Here’s a comparison of traditional and 21st century IT support.

 

 [Free  Resource Download]: 7 Tips  To  Create A Password  Policy  For  Your  Organization

 

Traditional Business Network Tech Support

Commercial organizations have embraced the internet as a backbone for connecting with other resources since the seventies. Retailers and suppliers were among the first commercial entities to connect online. Large firms typically hired their own in-house technology departments while small companies often turned to break-fix shops that often were fly-by-night operations seeking fast cash opportunities from widespread adoption of the computer revolution.

Another dimension of traditional tech support firms was the attempt to be all-things-tech without broad diverse knowledge of technology. Any type of computer or networking problem could potentially lead to massive amounts of downtime for hours or even days. Your business was at the mercy of technicians who might not have been familiar with your hardware or software, which took time to learn.

By the nineties it was very common for even small businesses to use computer networks. For maintenance they would often turn to help desks that weren’t interconnected with technicians in real-time like they are now. Consequently, response to technical issues was generally slow for coordination and troubleshooting. Then if the technicians made errors, it led to more costly downtime.

During the traditional IT era managers weren’t well informed about their business technology and simply trusted whatever tech support firm they found to fix bugs. Sometimes it led to long-term expensive contracts that contributed to a company’s financial collapse.

 

Related: The 10 Benefits of Managed IT Services for Businesses Like Yours

 

Today’s Managed IT Services

A Managed Service Provider (MSP), as defined by technology research giant Gartner, is a company that delivers various services and ongoing support to clients on their property, via the MSP’s data center or through a third part cloud provider. MSPs often pool their native services with outsourced resources to maximize serving client needs. High quality MSPs often offer the following IT services:

Cloud computing disrupted the traditional IT profession enormously. The rise of Software-as-a-Service (SaaS) firms such as Salesforce scrambled the IT landscape into a brave new setting that empowered businesses of all sizes to streamline operations. In other words, migrating to the cloud (a private or public intranet) helped business cut all kinds of upfront technology costs.

The cloud allowed businesses to operate more efficiently and independently. MSPs began offering a wider menu of technology solutions that old fashioned break-fix firms simply couldn’t compete with. Traditional help support personnel typically weren’t encouraged by their bosses to keep learning new technology, whereas today’s MSPs need to be experts on cybersecurity and innovations that make businesses more efficient and scalable, such as automation, AI and smart devices.

On top of that, MSPs learned how to talk with business decision makers on a personalized level instead of using the old scheme of shutting down questions or blurring answers with complex and confusing jargon. The new attitude of MSPs is to learn each client’s needs and provide custom solutions.

BACS IT Difference for Businesses Like Yours

The one difference that BACS IT has over other MSPs is our customer service experience. While many traditional help desks have limited capabilities and can be considered less efficient, BACS IT, an experienced MSP, can elevate your business to a more competitive level, allowing you to be more productive and profitable. Schedule a call with us and learn how we can bring your business up to date with the newest advancements in IT. 

managed-it-services

10 Benefits of Managed IT Services for Your Business

By | IT Support, managed It services

Are you considering managed IT services for your business?

If yes, youre in a growing number of organizations. Managing technologies within an organization can be overwhelming to maintain. One approach to lessen the stress is to delegate all or a portion of these tasks to a third party outside the company that specializes in those tasks. An organization that provides IT services for other organizations is referred to as a managed service provider (MSP).

 

Related: MSP 101- What is a Managed Service Provider 

 

Businesses vary widely in their IT administration needs. For example, an organization may have a dedicated IT staff and only require assistance with routine tasks. Another organization may have a single individual that holds multiple jobs within the organization, one of those being responsible for IT tasks, and the organization wants to free up that individual to focus on other tasks. Firms that provide managed IT services offer a wide variety of services.

The following are just a few of the types of services that MSP firms offer:

If you are tasked with justifying the switch to managed services or want to learn more about the offerings, the following are 10 key benefits that should interest you:

1. Lower IT Costs

The services network firm Deloitte surveyed 40 of their clients, from all over the world who held various upper-level positions, and revealed in a report that cost was the primary objective for their outsourcing IT operations. This makes sense. Modifying any aspect of your business is going to require looking at the financial impact. The main costs associated with IT operations include equipment and operation costs, as well as personnel costs (salaries, benefits, and training). According to the Robert Half Salary Calculator, the average salary for a system administrator in Sacramento, California is $92, 340. Thats just one employee. While some organizations delegate a single individual to manage IT operations, the more prudent scenario is to employ several professional individuals with specific roles. When you calculate the salaries, you can easily reach an exceptionally large number. In comparison to hiring an MSP to handle some or all of your IT operations, the average monthly costs vary depending on the level of services provided and the size of your organization, but in the U.S. ranges from $100 to $250 per user/per month. For full managed services for an organization with fewer than 50 users, that works out to about $42,000 to $66,000/year. That amount is considerably less than the salary, benefits, and training you would pay a single employee to manage your IT services. 

2. Scalability

Change is a normal aspect of doing business. As your business goals change, your IT services will also need to change. Managed IT service firms allow you to determine the level of services they provide your organization. As your business goes through changes, you can modify those services. For example, if your organization is a startup operation with limited funds and resources, you may choose to start with a full-service option where all of your IT operations are managed by an MSP. When your business grows, you may want to minimize those services and start allocating resources to an in-house IT team that performs tasks that align with your business goals, and delegate only your routine support tasks to an MSP. 

3. Availability

It might seem strange that a firm outside of your organization would be able to boast availability as a benefit, but its true. The unfortunate reality of many in-house IT departments is there are more tasks than individuals to handle those tasks and the organization suffers because of that reality.  For example, when an employee encounters a problem with their computer that is preventing them from performing their work and your in-house IT staff is not available to render assistance right away, that ultimately impacts your organizations productivity. When you obtain the services of an MSP, one of the first steps is to create a Service Level Agreement (SLA). This is an agreement that outlines the details of the services the MSP will provide to your organization. Availability is an important component of an SLA. This type of agreement or expectation of availability typically does not exist within an in-house IT department. The usual process for an internal IT staff is to prioritize tasks and get to them as time allows.  

 [Free  Resource Download]: 7 Tips  To  Create A Password  Policy  For  Your  Organization

4. Reduced Downtime

Downtime is another aspect of doing business than can have a significant impact on your organization. One of the main methods organizations use to gauge the costs of downtime is the average provided by the research and advisory firm Gartner in 2014, which is $5600/minute. Of course, that average is just estimate. Your organization may vary considerably from that estimate. There are calculators available online that can help you more accurately determine the cost of downtime for your organization. The financial impact of downtime is important, but there are other ways that downtime can have a significant impact on your organization. If your network connection is down,  employees may not be able to perform their duties and your customers and potential customers may be unable to connect to you or your website. Your organizations brand may become tainted because of downtime. This is a potential consequence whether you have a well-established brand or are trying to establish one. Customers and potential customers may view a downtime incident as an indication of how you run your business. 

Managed IT service firms will, depending on the SLA, monitor your network and other systems from a remote location. Since they are focused on managing your operations, they are more able to quickly respond to potential problems and lessen downtime.

5. Constant Monitoring

Are your IT systems being monitored every hour of every day? If the answer is no, your organization may be an ideal prey for data criminals. Abnormal events such as changes to files and performance issues that occur in the late-night hours may be a sign of an intruder accessing your network. Logging is a common practice for detecting abnormal events. However, an issue discovered in a log may be too late to prevent a security issue. If your organization hasnt implemented 24/7 monitoring, you might overlook such critical events. Constant monitoring provides your organization with peace of mind. Constant monitoring tracks any changes or disruptions to the systems that can be investigated and, if necessary, resolved before they develop into data breaches. Constant monitoring enables your organization to take a proactive approach instead of one that is reactive.

6. Improved Security

If your organization has implemented monitoring tools and have reduced your system downtime, how confident are you that those systems are properly managed? If you dont have a lot of confidence, consider the consequences of such neglect. According to a report by IBM, the average cost of a data breach is $3.86 million. However, the costs of recovering from a security incident can be much higher with long-term effects. An example is the Equifax data breach of 2017. The consumer credit reporting agency used monitoring software, but its security certificate had expired, and the monitoring solution was subsequently rendered inactive. Equifax discovered the suspicious activity only after their security certificate was updated. Two years after the data breach, the company entered a settlement with consumers who were impacted by the incident. Equifax ended up paying nearly one billion dollars, not including legal fees.

The following are a few of the ways that a managed IT service company can improve your organizations security:

  • Assess your organization’s risk and implement security measures that mitigate those risks.
  • Remotely monitor your IT systems 24/7 for vulnerabilities and suspicious activity.
  • Ensure all compliance requirements are met and maintained.
  • Provide training for staff.
  • Inventory and track endpoint activity in the organization .


Related
: A Beginners Guide to Cybersecurity


7. Latest Technology

Its common knowledge that technology is constantly changing at a rapid pace. Managed IT service firms rely on advanced tools to provide the reduced downtime, 24/7 monitoring, and improved security benefits mentioned above. Many organizations are not able to justify the costs necessary to keep up with the pace of software to enjoy the benefits. 

8. Dedicated IT Team

As mentioned previously, the costs associated with hiring IT professionals can be excessive. Developing a team of IT experts that manage all IT operations in-house is not only a costly endeavor that can cripple an organization with limited resources, but one that can limit the value of the organization.  When a large percentage of the organizations resources are allocated to an in-house IT staff, that means that fewer resources are available for other activities such as growing the business.  

9. Higher Productivity

An IT department provides a variety of critical functions for an organization. All of these tasks are important, but some of them are routine and take time away from more critical tasks. Examples of routine tasks include hardware/software installation and configuration, endpoint maintenance (warranties, licenses, etc.) and troubleshooting. By allowing a managed IT services company to perform these tasks, your organizations IT staff can concentrate on tasks that help your organization reach its business goals.

10. Less Stress

The really great news about delegating your organizations IT services to an MSP is that you obtain a  combined effect of the benefits listed above in the form of a reduction of your organizations IT responsibilities. An overburdened IT staff can suffer burn out, make careless mistakes, neglect their duties, and  develop disdain for their job. All these effects can cause your IT operations to enter into a vulnerable state. Delegating just a few of your IT operations can have a positive impact on an existing It staff.

Next Steps with BACS IT Consulting Group

While there are numerous benefits associated with managed IT services, not all businesses that provide managed IT services are equal in the value they offer. Your organization should make sure the MSP that you choose is right for your organization. That means understanding the level of expertise, services offered, industry experience, and personability of the staff. Working with an MSP should be considered a partnership. Ensuring that the organization you work with has these skills will provide the best benefit for your business.

BACS offers expertise in a full spectrum of managed IT services and works with organizations to determine the best strategy to align with their business goals.

Contact Us for a FREE IT Assessment

wifi-security

Safeguarding Your Business from Wi-Fi Vulnerabilities

By | IT Support, Security

Businesses today must manage an ever-growing number of security risks. From client database breaches to malicious ransomware attacks, cybercriminals are continuously searching for new opportunities and methods of exploitation. One high-risk area that is often overlooked is your company’s Wi-Fi network.

While Wi-Fi offers the advantage of fast and easy access, this convenience is also its weakness. Unprotected Wi-Fi connections provide hackers with easy network access, allowing them to introduce malware onto any connected systems and devices. This malware can instigate a number of serious attacks, including phishing, DDoS, ransomware, and more.

 

Closing the gaps on Wi-Fi security

In the age of digital proliferation and broad network connectivity, creating a detailed, well-defined network security strategy is more critical than ever. It requires a holistic approach that effectively blends proven practices with cutting-edge techniques. Following are some common sources of Wi-Fi security vulnerabilities, along with some best practice strategies to address them.

 

Outdated firmware.

Keeping your business-critical data secure hinges on making sure your Wi-Fi network is operating with the latest firmware updates and patches. In some cases, your router will prompt you when an update is due. But for many IT teams, keeping firmware and drivers up to date can be a tedious, easy-to-overlook task. The best approach is to stay proactive. Periodically check the manufacturer’s website for any updates or patches for your device and keep this task high on your list of ongoing IT priorities. Today’s cybercriminals are persistent. Staying one step ahead requires ongoing diligence on your part.

 

A poorly protected print environment.

All devices connected to a business network, including copiers and printers, represent an area of risk that often falls outside the normal security responsibilities of an IT organization. Still researchers have identified print networks and printers as potential sources of security failures and data breaches. That’s why print security best practices should be given ample attention and action, including configuring appropriate IP addresses and status, and password-protecting connected printers, along with the entire print network.

Improperly managed user behavior.

A security system’s overall effectiveness hinges on correct user behavior within that system. Even robust systems can be compromised by an employee clicking on a phishing email, an ineffective firewall, or even accessing a network site on an unfamiliar device. Another area that demands business Wi-Fi attention is mobile device security. Inappropriate user behavior on a business network, including digital apps and email, can threaten a network’s security. Mobile device management focuses on both business-owned mobile device security protocols, and private or guest devices on a network.

 

Network piggybacking. 

Piggybacking on network access is a way of creating a wireless connection by discretely tapping into another subscriber’s wireless service without their knowledge or permission. This can be done from any wireless-enabled computer, and depending on the location of your business’s wireless access point, and can be completed from up to 1,000 feet away. Once on your network, the unwanted users can hack into sensitive information, monitor web traffic, or conduct other illegal activities.

 

Ineffective firewall.

A properly implemented firewall plays a vital role in helping to keep your company’s networks separated from the Wi-Fi. It helps prevent potential hackers from breaching the Wi-Fi connection and making unwanted entry into your servers and company networks. In addition to your network firewall, consider installing a host-based firewall, which provides an extra layer of protection between the network and connected devices.

 

Lack of data encryption

Encrypting the data on your wireless network helps prevent those who might gain unauthorized access from actually viewing it. Should hackers breach the Wi-Fi connection, any data they obtain is scrambled and unreadable. Several encryption protocols are available to help enable this protection. The strongest encryption currently available is Wi-Fi Protected Access 3 (WPA3). While WPA and WPA2 are also available, the best approach is to implement technology that specifically supports WPA3, since other protocols lack the robust protection today’s networks require.

 

Reaping the benefits of outside expertise

Whether you are upgrading your existing Wi-Fi network or starting from scratch, the best protection can be achieved through careful planning and expert execution. That’s where the knowledge and experience of a competent managed serviced provider can deliver substantial value.

By outsourcing your Wi-Fi security to an outside expert, you benefit from a more robust network design, clear policies and procedures, and better awareness of potential vulnerabilities and weaknesses. These outside experts can suggest tools and techniques for improving network speed and efficiency and recommend the latest best practices for securing your Wi-Fi network. These include:

 

Network monitoring.

Monitoring is the first line of defense against unstable or unforeseen events that affect your network performance and security. Real-time monitoring of Wi-Fi traffic through routers and network servers provides IT teams with vital insight into user behavior and trends, and helps speed response time in the event of a breach. Proactive monitoring of your business Wi-Fi network can help your thwart issues before they become a more serious problem. Remote monitoring capabilities are particularly critical for satellite offices.

 

Router protection.

Keeping your router out of public reach can help reduce the potential for tampering or someone attempting to circumvent security protocols. It only takes a few seconds to restore the access point to factory default settings. For optimum safety, keep the router high on a shelf, secured behind a door, or otherwise out of reach where a bad actor could potentially gain access without authorization. Router ports can also be secured by properly defining the IP address.  Be sure your router access point is housed in a secure area, such as a locked room or closet.

 

Maintain antivirus software.

Be sure to install the right antivirus software and keep your virus definitions up to date. Make sure your practices include automated patching to help enforce policies and keep systems and networks up to date and enforced with the latest software patching. Also, make backups of all your data and software on a storage device that is not attached to your network or computer. Confirm that all your backups are operating properly and test them on a regular basis to make sure they will perform when you need them.

 

Protect your SSID.

To help prevent hackers from gaining easy access to your network, avoid exposing your SSID. At the minimum, be sure to change your SSID to a unique identifier. Keeping the manufacturer’s default ID in place could open the door to an attacker skilled at identifying the type of router and possibly exploit any known weaknesses.

 

Employ a VPN.

Installing a Virtual Private Network (VPN) as part of your Wi-Fi infrastructure can be a highly effective way to bolster your overall network security strategy. VPNs conceal user identities by masking IP addresses and routing data through a, alternate IP address.  By encrypting connections and sending and receiving points, VPNs help keep out improperly encrypted traffic. Cybercriminals who manage to access to data via your VPN will find it useless, since it is encrypted on its way from sender to a receiver.

 

Bolstering your IT strategy

With losses from cybercrime now reaching epic proportions (up to $6 trillion globally), Securing every aspect of your network is more crucial than ever before, and that includes making special considerations for your Wi-Fi security. Wi-Fi security is not only essential to sound IT strategy; it’s a smart business practice.

teams vs zoom vs meet

Microsoft Teams vs. Zoom vs. Google Meet

By | Technology

Video conferencing is more important than ever before as businesses of all sizes across the world have embraced this technology. Organizations can quickly communicate with each other through video conferencing without the need for long travel days. Teams can work together more efficiently and effectively without being in the same room.

There are countless options to consider when choosing a video conferencing software solution. Choosing the correct option for your business will help you grow your business. Any issues with your video conferencing software can ruin a potential sale or make you look unprofessional. In order to narrow these options down, businesses should consider their needs by comparing some similar video conference software qualities.

 

Factors To Consider

Number Of Participants

Most small and medium-sized businesses will only have a handful of people on a video conference call at one time. Larger businesses may have hundreds or even thousands of video call participants, which makes the audience limit significant. Many video conferencing software have a limit to the number of people allowed in one call.

 

Security

Just as with other forms of communication, your organization needs to ensure that your video conferencing solution is secure and encrypted. Any security breaches can result in the loss of valuable data and customer trust. Some businesses were subject to ‘Zoom Bombs,’ where pranksters would infiltrate private company Zoom meetings.

 

Ease Of Use

Some employees will be using video conferencing software for the first time. Organizations should consider how easy the software is to learn and use. Simple mistakes, such as sharing the wrong screen, can make your team look unprepared for an important meeting.

 

Pricing

As with any software solution, the price can be a significant barrier to adoption. The organization must be able to afford the video conferencing application for every user that needs it. Some businesses are able to get by using the free version of these applications, but others will need the premium versions.

 

Microsoft Teams

Number Of Participants

The Microsoft Teams free version offers the highest number of meeting participants as compared to Google Meet and Zoom with up to 300. Participants can see up to 49 other users on the screen at one time. The paid version of Microsoft Teams allows businesses to host webinars. Up to 10,000 users can attend the webinar for a period of four hours.

 

Security

Microsoft Teams has a relatively robust level of security. This software solution automatically encrypts all meetings in order to keep data safe. However, If you want enterprise-level security, then you are going to have to pay for it. Microsoft offers multiple two-factor authentication packages in order to increase security levels.

 

Ease Of Use

Microsoft Teams has a feature that allows users to collaborate with other users on Office documents. Teams allow users to keep track of all of their messages with other users and search through them, which is more efficient than searching through emails. Organizations that are already working with other Microsoft 365 apps will likely find Microsoft Teams the best solution.

 

Pricing

Microsoft Teams is free for businesses that already have a Microsoft 365 subscription. Microsoft 365 subscriptions start at $5 per user. Businesses can access the free version of Microsoft Teams, which allows users to host a meeting with up to 300 participants.

 

Google Meet

Number of Participants

The free version of Google Meet has a limit of 100 participants for 60 minutes. While the paid version of Google Meet can handle up to 250 users per meeting and up to 100,000 viewers within a domain.

 

Security

Google Meet may be the best of these three when it comes to security. This solution offers multiple two-factor verification options and creates a unique encryption key for every meeting. Google Meet also meets the Internet Engineering Task Force’s standards for Secure Real-time Transport Protocol and Datagram Transport Layer Security.

 

Ease Of Use

In order to use Google Meet, users have to have a Google account. This could be a barrier to some users. The software itself is relatively easy to use and even has automatic live captioning powered with Google Speech. Similar to Microsoft Teams, if your business already works with G-suite products, then Google Meet will probably be the solution that is easiest to integrate with.

 

Pricing

Google Meet is currently priced from $6 to $18 per user depending on the plan. Depending on the size of the business, this could be an affordable option. Google Meet also has a free version that small businesses can take advantage of.

 

Zoom

Number of Participants

The free version of Zoom allows users to host a meeting of up to 100 participants for 40 minutes. The business version of Zoom allows meetings of anywhere between 300 and 1,000 participants. Zoom premium has a webinar feature that allows users to host a webinar with up to 3,000 users.

 

Security

One of the big concerns about Zoom is that they do not have a robust security solution as compared to Teams and Meet. Hackers were able to get into private Zoom meetings in the beginning of the pandemic to cause havoc. Zoom has been able to address those security issues since then. Zoom now offers end-to-end encryption for all meetings.

 

Ease Of Use

Zoom is arguably the most popular video conferencing software application. Zoom is exceptionally easy to use, even for a user who has never used video conferencing software before. Zoom has the capability to run on almost any operating system or device. Even below-average Android devices have no issue video conferencing with Zoom.

 

Pricing

Zoom pricing starts off at $15 per host. That price can quickly add up if your business involves many one-on-one meetings. Many small businesses can utilize the free version of Zoom, as their meetings will typically last less than an hour and involve less than 100 participants.

 

BACS Can Help You Choose The Best Video Conferencing Solution

Are you still unsure which video conferencing software to use? BACS can help your organization analyze and decide which software will best suit your needs. Our team will work closely with your organization to understand your business and deliver a solution that makes your life easier. Reach out to BACS today to learn more about all video conferencing software solutions. Our team is more than happy to answer any questions you may have about video conferencing software.

construction-company-cybersecurity

Everything Your Construction Company Needs For Cybersecurity

By | Data Protection, Security

As a construction company, you may be surprised to learn that hackers are increasingly targeting the construction industry. One study performed by security vendor Sophos found that out of 203 construction companies, 68% had suffered a cybersecurity attack in the past year. There was even one instance where hackers were able to take control of a crane remotely. 

Some construction companies may not be interested in cybersecurity, as they want to focus mostly on what they do best. Many owners may downplay potential cybersecurity threats, but they should be paying attention to these threats. Even if your construction company does not want to actively focus on cybersecurity, there are a few reasons why you should care about cybersecurity. There are also some cybersecurity essentials that you need to have in order to properly protect your business. 

 

Why Should A Construction Company Care About Cybersecurity?

Cybersecurity is important no matter what industry you are operating in. There are a few reasons that your construction company should care about cybersecurity. The most important reason may be data. 

 

Data

Your organization is responsible for all of the valuable information and data that it holds onto. Hackers want this information and will do nearly anything in their power to gain access to it. Your company has to do everything in its power to prevent this from happening. The loss of competitive data, such as bidding strategies, can hamper your ability to do business. 

A hacker could gain access to valuable blueprints and designs, which could compromise an entire project. A hacking breach can result in the loss of trust between your company and a fantastic customer. You could lose valuable customers if you suffer a hacking incident. Hacking incidents can also make government contracts harder to win against a competitor who has not had similar issues. 

 

Downtime

Hackers can create serious headaches for any organization. One way that they can cause huge problems is by taking down machines, systems, and computers in an organization. Once a hacker gains access to your network, they can take systems offline and bring your entire company to a screeching halt. 

This can lead to multiple hours where employees cannot properly perform their work. If this happens multiple times each year, it can lead to millions of dollars in lost productivity. No organization wants to lose countless hours to get machines back up and running from a hacking incident. 

Now that we understand the importance of cybersecurity for construction companies, let’s discuss how your company can mitigate these risks. 

 

4 CyberSecurity Essentials For Construction Companies

Every construction company should at least have these basic cybersecurity essentials, which will give your business a comfortable level of security and protection. 

 

Firewall Protection

One of the most basic essentials that any company should employ is a firewall. A firewall is a network security system that monitors that incoming and outgoing internet traffic that can protect your construction company. The newest firewalls bring together a combination of security measures in order to keep your construction company safe. 

Firewalls can help prevent hackers from stealing valuable data and keep your systems free from any viruses. Most incoming potential threats will be blocked when it is detected by the firewall. Overall, a firewall should improve your cybersecurity outlook and prevent potential data loss. 

 

Email Security

Email has become one of the primary methods for communication for nearly all businesses. Ensuring that this line of communication is secure is key to any cybersecurity strategy. Having a dedicated email security software solution can help your company stay safe and build trust with customers. 

Email security solutions can scan outgoing and incoming emails to identify any potential threats and alert users to these threats. Two factor authentication can also help ensure that you are sending potentially sensitive documents to the right party. Email security will help keep your data safe, if employees are properly trained and educated. 

 

Education

Phishing scams are one of the most common ways that hackers utilize that enable them to breach an organization. Even the most educated, senior employees could fall for a sophisticated hacking scam. Consistent and thorough education will help employees make the right decisions when performing their daily activities and encountering phishing scams. 

Organizations should ensure that employees are educated about the latest phishing scams that are likely to impact safety. Employees that are educated on phishing can identify them and forward them to the appropriate team member. Your company can alert other employees to the scam to keep the hackers out of your organization. 

 

Backup and Recovery

Even the most robust cybersecurity strategies can fail at times, which is where backup and recovery comes into play. According to some estimates, more than 50% of all small and medium businesses do not have adequate back and recovery strategies in place. That is precisely why construction companies need to have backup and recovery systems in place for when something does go wrong. 

A proper backup and recovery system will ensure that your data will still be accessible if the worst happens. Construction companies can selectively choose which critical data will be backed up in a separate medium. You can rest easy at night knowing that your data has been backed up, if anything disastrous happens. 

All of these initiatives are not easy and require a certain level of knowledge. Most construction companies do not have the necessary expertise to ensure that these essentials are taken care of. Cybersecurity companies can help construction companies fill these knowledge gaps. BACS regularly works with construction companies in order to help them with cybersecurity projects. 

 

BACS Can Help You Construct Your Cybersecurity Defense

BACS has helped plenty of construction companies develop a customized cybersecurity defense strategy that can help your company fend off any potential hackers. Our team will work closely with your key leaders to understand your business and give you everything that you need. Your business can use our expertise to keep your data safe and secure. 

Reach out today to learn more about all of the offerings that BACS has. Our team is more than happy to answer any questions that you may have regarding cybersecurity. We can develop a customized cybersecurity solution for your construction company. Your team can focus on building your next project, instead of building your cybersecurity defense. 

 

Safe Harbor laws

Safe Harbor laws: Mitigating the impact of a data breach

By | Data Protection, Security

Today’s cybercriminals have become increasingly more sophisticated in their ability to exploit weaknesses in security defenses. When a data breach does occur, the biggest losers, of course, are businesses who must explain the impact to stakeholders and shoulder the cost of recovery.

To help minimize damage resulting from a data breach, most states have enacted Safe Harbor (Against Data Breach) laws, which are often linked to existing IT governance and security frameworks such as the National Institute of Standards and Technology (NIST). To be eligible, however, Safe Harbor rules require businesses to implement best practice security protocols and procedures as part of a clear, well-defined data security framework.

 

Safe Harbor advantages

The goal of safe harbor laws is to impel businesses to take proactive measures to protect sensitive and confidential data. When a data breach occurs, a notification requirement is triggered where the business must notify the compromised parties regarding the details of the breach. Depending on the jurisdiction, some laws may also require the business to notify credit bureaus and local government agencies.

Safe harbor laws provide businesses with two distinct benefits. First, they can help ease the level of scrutiny from regulators and reduce fines and penalties for data breach violations. The rationale is that if a business is following sound security practices, why should they be punished to the same degree as an organization that has invested little into data protection and security?

Second, the law provides a natural incentive for businesses to voluntarily improve their cybersecurity practices, which is a benefit for the marketplace overall.  What’s more, implementing robust security measures is a smart business strategy, particularly in light of today’s escalating cybersecurity threats.

 

Reaping the benefits of data encryption

Many safe harbor laws include a provision that rewards organizations that have implemented sound data encryption technology, allowing them to classify a data breach as an “incident” rather than a “breach.” The advantage of this classification is that it can exempt companies from the expense and (potential reputational harm) of having to comply with breach notification requirements.

While encryption offers an effective way to reduce risk, not all encryption will get you off the hook from notification. To fully protect your business and achieve safe harbor status, you must employ robust, role-based encryption and implement effective encryption key management techniques, including the protocols and procedures of how keys are generated, distributed, stored, and replaced.

Avoiding a breach altogether is always the better option, even if notification is not required. Understanding your current security posture and building an effective data security framework is more than managing a checklist of tools and policies. It requires a holistic approach that takes into consideration your unique data protection and access needs, regulatory and market pressures, and long-term business goals.

The good news is that with the right mix of technology, engineering know-how, and smart policies, building a solid data breach defense is possible.

 

Building a solid security foundation

While implementing the right technology, like strong access controls and user authentication methods, is important, it’s not the whole solution. The users who interface with IT systems must also be educated and instructed in how to perform their tasks. And, the policies and procedures that define the actions must be properly designed and consistently enforced.

Additional proactive measures can provide an extra layer as part of a comprehensive security strategy.

 

  • Create a culture in which people talk about data protection and security, and make security a clear priority. Teach users about secure online practices such as how to recognize potential threats and phishing attempts. Check their security awareness with in-house hacking checks and interactive security activities.
  • Simplify and streamline security with solutions that consolidate authentication, encryption and advanced threat protection into a single security suite. Compared with point tools, these integrated systems require a fraction of the IT resources required to maintain effective threat protection.
  • Deploy updated anti-malware to help prevent malicious software such as ransomware and viruses from sneaking into your network, and make sure your anti-malware software is consistently updated with the latest definitions
  • Define policies and procedures. Usage policies define what behaviors are and aren’t acceptable. Work with your internal team to define and implement policies and practices based on your usage preferences and requirements or mandates specific to your particular market.
  • Keep patches current―make sure your practices include automated patching to help enforce policies and keep systems up to date and enforced with the latest software patching.
  • Make backups of all your data and software on a storage device that is not attached to your network or computer. Confirm that all your backups are operating properly and test them on a regular basis to make sure they will perform when you need them.

 

Without a clearly defined plan and ongoing commitment to effective data protection and oversight, your organization may fail to meet the standards needed to reap the benefits of Safe Harbor protection.

Some important points to keep in mind:

  • Safe Harbor statutes can help minimize costs and potential reputational damage arising from data breach lawsuits.
  • Cybersecurity insurance can help ease the cost of recovery from a data breach incident.
  • Following data security best practices is the best way to leverage the benefits of Safe Harbor laws.
  • Building your security strategy around a framework like NIST can help ensure alignment with current security practices and techniques.

 

Combining technology with the right expertise

As cybersecurity becomes increasingly more complex, many organizations lack the resources and knowledge they need to create an effective strategy. That’s why you need a trusted security expert who not only understands the latest security trends, but can accurately define your business requirements and implement a plan that aligns with your current and long term needs

Safeguarding your vital IT infrastructure is not just a security concern; it is a fundamental business issue. It requires an intelligent investment in resources to meet an increasingly complex threat landscape. Ultimately, the cost of recovering from a breach will always be more exorbitant than any expenses incurred in safeguarding data with the right expertise and technology.

 

 

CCPA Privacy Act

What California Businesses Should Know About the CCPA

By | Data Protection, Security

The California Consumer Privacy Act (CCPA), which became effective January 1, 2020, grew out of a need to protect the privacy of consumer data at a time when data breaches involving the personal information of consumers are becoming commonplace. The state of California has the most data breaches and the most data records exposed (1700) in the U.S. That’s according to findings by Comparitech of data breaches between 2005 and 2020. During this time, California had a total of almost 5.6 billion records. It makes sense that the state would be the first in the U.S. to adopt strict regulations to protect the privacy of consumer’s personal information. Are you a California business wondering how the CCPA affects your operation? You should view the CCPA privacy rights as outlined in their entirety on the State of California Department of Justice website. The website provides all the information you need to determine if the CCPA applies to your business, what actions the business must take, and the penalties if the business does not obtain compliance.

The following are nine key takeaways from the CCPA for California businesses:

  1. The CCPA grants consumers specific rights regarding their personal information.
  2. The CCPA includes definitions of consumer and personal information.
  3. The CCPA impacts specific businesses.
  4. Businesses impacted by the CCPA have responsibilities regarding the personal information of consumers.
  5. Some personal information is excluded from the CCPA.
  6. The CCPA includes requirements for selling the personal information of children.
  7. Non-Compliance of the CCPA is enforced by the Attorney General.
  8. Consumers have legal recourse for business non-compliance of the CCPA.
  9. A security breach could become more costly.

1. The CCPA grants consumers specific rights regarding their personal information.

The CCPA grants consumers the following four rights regarding their personal information:

  • The right to know what personal information about them is collected, the purpose of collecting the information, and the reason collecting the information is necessary.
  • The right to request the deletion of their personal information collected by a business or service provider.
  • The right to opt-out of the sale of their personal
  • The right to not be discriminated against because they choose to opt-of sharing their personal information.

2. The CCPA includes definitions of consumer and personal information.

The two key concepts addressed in the CCPA are “consumer” and “personal information.” These terms are defined by the CCPA:

  • The CCPA defines a consumer as a natural person who resides in California, even if the person is temporarily outside of the state.
  • The CCPA defines “personal information” as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household such as a real name, alias, postal address, unique personal identifier, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.” The CCPA includes a long list of categories by which personal information can be identifiable.

3. The CCPA impacts specific businesses.

There are three questions that businesses can ask themselves to determine if the CCPA applies to their business:

  • Is your business a for-profit business that conducts business in the state of California?
  • Is your gross annual revenue more than $25 million?
  • Does your business “buy, receive, or sell the personal information of 50,000 or more California residents, households, or devices”?
  • Does your business “derive 50% or more of their annual revenue from selling California residents’ personal information”?

If your business answers “yes” to any of the above questions, the CCPA applies to your business.

4. Businesses impacted by the CCPA have responsibilities regarding the personal information of consumers.

Businesses that are impacted by the CCPA must do the following:

  • Advise consumers that they collect personal information.
  • Inform consumers of the types of personal information they collect.
  • Inform consumers of their purpose for collecting personal information.
  • Reveal any third-party businesses to which personal information is distributed.
  • Provide a method for consumers to submit a request to access their personal data.
  • Provide consumers an opt-out option to selling their personal information. If a consumer later chooses to opt-in, the business must make the request and confirm their opt-in. The CCPA allows businesses to offer consumers who have not opted-out, a financial incentive.
  • Include a privacy policy on their website that includes the information stated above.

5. Some personal information is excluded from the CCPA.

The CCPA references the following exclusions:

  • Medical information that is governed by the Confidentiality of Medical Information Act (CMIA) or health information that is protected by the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 are not covered by the CCPA.
  • While employers are required to inform employees and potential employees about the personal information they collect and its purposes, the personal data collected and stored as part of being an employee, an employee’s emergency contact, or personal information used in processes for benefits is not protected by the CCPA.
  • Any aspect of the CCPA that prevents an impacted business from complying with other federal, state, or local laws is excluded.
  • Information that is available to the public is not covered by the CCPA.

6. The CCPA includes requirements for selling the personal information of children.

The U.S. federal government enacted the Children’s Online Privacy Protection Act (COPPA) in 1998 for the purpose of protecting the online privacy of children. The CCPA includes the following requirements of impacted businesses that extends that protection by giving parents and teenagers additional control over the personal data of minors:

  • Impacted businesses are prohibited from selling the personal information of consumers that are younger than 16 years old without prior authorization from a parent, legal guardian, or the minor consumer (when the consumer is age 13 or over).
  • The consent to sell personal information of minors must be verifiable using “reasonable methods” that are in line with the recommended methods stated in the CCPA. An impacted business must have knowledge that a consumer is under the age of 16.

7. Non-Compliance of the CCPA is enforced by the Attorney General.

The CCPA is enforced by the California attorney general. The attorney general has the right to bring a civil action against an organization that has been informed that they are not in compliance of the law and have not come into compliance within 30 days of being notified of the noncompliance. Violators of the CCPA may be hit with fines of up to $2500 for each violation and up to $7500 for each intentional violation.

An impacted business that chooses not to inquire about a consumer’s age is considered “willful disregard” of the CCPA and may result in a non-compliance violation.

8. Consumers have legal recourse for business non-compliance of the CCPA.

If a consumer’s personal information is involved in a data breach, the CCPA allows the consumer to bring suit against the organization.

There are three checks for this to apply:

  • The personal information must be a combination of the consumer’s first and last name and one of the items outlined by the CCPA.
  • The personal information must have been stolen, accessed without authorization, or disclosed.
  • The personal information must have been in nonencrypted and nonredacted form.

9. A security breach could become more costly.

The average cost of a data breach will likely increase with the CCPA in force. According to a report by IBM, the average cost of a data breach is $3.86 million. Since 2003, California law has required organizations and state agencies to report data security breaches involving the unencrypted personal information of any California resident by an unauthorized person. Under the CCPA, an impacted business is required to pay a maximum of $750 for each data breach incident.

Next Steps

According to a report by the global computer security software company McAfee, only 31% of organizations in the U.S. have a plan to prevent IT security incidents. While the CCPA does not require that impacted businesses implement specific security methods, it’s a good plan for these businesses to take steps to obtain compliance.

The following are general steps that can help you obtain compliance with the CCPA:

  • Review the CCPA in its entirety and stay informed of any updates.
  • Understand the personal information of consumers that your business collects and stores.
  • Create or update your privacy policy to include the information required by the CCPA.

If you’re not sure where your business stands regarding the CCPA or need assistance obtaining compliance, BACS can help. BACS is a firm that provides IT security solutions. Compliance is one of the core areas of expertise of the firm. The professional staff has expertise in analyzing the security needs of organizations and developing a comprehensive and strategic plan that includes adherence to applicable regulations.