Recently while working with an out of state Attorney who was the managing director for a large vertical market software company we ran across the following situation.  In preparing for a software upgrade they required access to a mutual client’s system to upgrade their software. To give them access they required sensitive information regarding these systems. This included locations of software locations as well as usernames and passwords (via phone). Imagine the shock when I received this email back:

“Please use clear email so we can track this without having to print the html for every
email from you. Other than the remote access credentials, I don’t think there is anything super-secret here.”

Nothing  “super-secret other than remote access credentials”? Outlined in the email was the roadmap on how to find all the data and access the entire cache of data that this client (who is a paperless office) has gathered over the past 5+  years. This information contains not only Personal Identifiable Information but also the financial information of their clients. This could include Social Security Numbers as well as financial information.

“In addition to regulating communications containing an individual’s Social Security number, the NY Social Security Number Protection Law requires companies to adopt reasonable measures to limit access to Social Security numbers in their possession.   Specifically, employees
accessing Social Security numbers must have a legitimate business purpose for doing so.  Unfortunately, the statute does not define these reasonable measures.  In light of the overall objective of the legislation, companies will need to ensure that employee access to Social Security numbers be kept to an absolute minimum.

Moreover, companies must store Social Security numbers in a manner designed to preclude unauthorized access and to ensure confidentiality.  Adherence to these security measures is a defense against alleged violations of the unsecured communication obligations noted above.”[i]

While encrypting this single email was a small part of a complete solution of maintaining compliance it outlines that many times the inconvenience of having “print the html” or storing them in a secure manner opens doors to risk of issues down the line. As a side note once this upgrade is complete disabled their account and changed all access passwords as there are now major concerns over how this vendor maintains their data.

[i] http://www.jonesday.com/newsknowledge/publicationdetail.aspx?publication=3778

If you have used SharePoint 2010 to store documents in a document library you will know that users are prompted to download and save them rather than just opening in the default PDF reader application.
There are ways within On-Premise SharePoint to get around these issues albeit while introducing some security risks. These steps can be found at the following blog entry

On premise solution

The question becomes how we do this when we are hosted in the 365 cloud. We cannot run PowerShell commands on the cloud servers so here is a solution by Joshua Booker

Office 365 Solution 
** May require some modification to the WebForm with regards to Relative path

While this still does not allow you to open files directly it does allow you to open files within your browser without the two step save and open. See our other Blog entry how to Use Google Chrome as Your Default PDF Viewer for some additional tricks.

It seems every day in the news we are hearing of system outages or breaches that seem to have been missed by large organizations who spend millions on security. Sony illustrates how a breach can go undetected for days if not weeks and cause an organization millions of dollars and also damage their reputation. What many people do not know is that many times our computers and network are telling trying to tell us something is not right. The question becomes is anyone listening?

There are applications that can monitor our systems and warn us of issues with both our systems and our users behavior. Naughton & Associates provides this affordable service to monitor, alert and self-heal issues that will inevitably cause downtime. Below is a snap shot of one of our live dashboards.

Whether for peace of mind, compliance issues or maintaining system integrity contact us today for your monitoring options we would be happy to provide the information your network is trying to tell you!

Many times we are asked by clients to investigate email issues they may have. One of the first places that we start is by using tools such as the ones available at MX Toolbox. From this site we are able to review the status of how a domain is configured to receive email. There are a number of tests that will allow us to determine issues that could affect email delivery.