8 Ways to Keep Your Accounting Firm Safe from Cyberattacks

Cyberattacks have become more frequent and more dangerous in recent years. Many different institutions and organizations of all sizes and maturity have fallen victim, and it has become obvious that nobody can be completely safe from these kinds of attacks.

What Are Cyberattacks?

Cyberattacks are the targeting of information systems and computer networks with the intent of doing something malicious. As technology progresses, hackers use tactics that are increasingly more advanced and sophisticated. Criminals that want to steal, alter, or destroy information often pose as trustworthy sources in order to gain access to data. Any data or information that could be used to cause damage to other people’s professional or personal lives is up for grabs. In fact, the data does not even have to be valuable in and of itself, as criminals know that even the revelation that a data breach occurred can have a huge negative impact on a business. Thus, simply holding the data for ransom from the responsible party has become a very profitable way for hackers to make a living.

Cyberattacks on Accountants

The information that accountants and other professionals in the world of finance hold about their clients is very sensitive in nature. Files on financial transactions, tax filings, and other bookkeeping data contain extremely privileged information that underpin the integrity of those businesses and individuals. This information often consists of precise figures and delicate data that may lose integrity and authenticity once tampered with.

Harming an accounting firm’s system may cause a loss of income not just for the organization, but for the clients as well. This, of course, would cause the departure of the affected clients, and is also likely to cause other clients to lose trust in the firm and begin looking elsewhere for financial services.

How to Stay Protected from Cyberattacks

Cyberattacks do not occur solely in big corporations. Small accounting firms in out-of-the-way towns are often viewed as easier, more vulnerable targets. This is why it is vital to take action to avoid and defend against cyberattacks no matter what size of organization you belong to.

Here are some strategies that can be used to strengthen cybersecurity, and protect both your firm’s and your clients’ data.

  1. Hire people who know what they’re doing.

When it comes to protecting yourself from cyber-attacks, merely downloading some anti-virus program you found on the internet just won’t cut it. It is best to hire professionals who really know their stuff for these kinds of things. For instance, have I.T. experts set up systems that make sure all of your files and data are protected. It is their job to help ensure the safety of this information, just as it is your responsibility to take care of your clients.

  1. Secure all files and information.

Secure and keep track of all your important files and information at all times. Make sure this data is centralized, and may only be immediately accessed by those with a strict need-to-know. This is especially important if these files contain any sensitive material.

In addition, make sure to get rid of weak spots in your workflow where outgoing and incoming activity may lead to potential information leaks. This way, you can ensure that any cyberattacks will not be facilitated by careless lapses on your part.

  1. Keep a close eye on your software.

Regularly update your software to make sure all security features are in place and upgraded. You may also install anti-virus protection along with other programs so that you can keep an eye on everything.

Again, it is ideal to have I.T. professionals doing full sweeps for you, but you should also run your own malware scans from time to time.

  1. Protect your accounts.

One simple way to protect your accounts is to make sure your passwords are strong and difficult to guess. You should also avoid using the same password for different accounts. Otherwise, once one account has been breached, all your other accounts will be easy pickings. As a final step, you should make a habit of changing your passwords from time to time.

You may also want to pursue the option to install multi-factor authentication. This is where users have to input more information than one password to verify that it is in fact, an authorized user accessing the account.

Don’t neglect to encrypt all of your devices as well. There are multiple paths into your system, be sure and protect them all from intruders.

  1. Evaluate where you publish information.

Make sure the site or cloud you are accessing is secure. You should be wary of sending critical information via email, for example, because there may be a risk of the communication being intercepted.

  1. Be careful of external drives.

Contrary to the belief that most bad code comes from the web, a lot of malware is installed on computers via flash drives or other portable devices. If you are not sure where those devices are from and if they can be trusted, do not stick it in your computer. You never know what may be waiting on those things to cause damage to your system.

  1. Backup your files.

In the event that you do get hacked, it is important that you still have copies of your files backed up and waiting in a different source. Then, if any type of data loss should occur, you can easily reload your system from the backup.

  1. Prepare a risk management plan.

If worse comes to worst, you should be ready with a risk management plan to save the day. Even in the wake of a cyberattack, good firms must be able to maintain their composure and have a plan in place. Have guidelines on what steps need to be taken, and be prepared to comply with laws with regards to informing clients of a breach of their information.

Get Technology Support from the Experts at JMARK

Nowadays, the wrong people getting ahold of the right information can bring entire systems and institutions down. However, proactive planning and preparation can help keep your data protected.

Here at JMARK, we specialize in cybersecurity for accountants and other financial service providers. Regardless of whether you simply need enhancements to your established security, backup services and recovery planning, or a rebuilt network designed with stability and security in mind, we can help. Contact us today to learn more about how you can keep your data—and your firm—safe.

Your Law Firm Is a Target for Hackers: 5 Ways to Protect Yourself

Cybercrime, network intrusions, and data breaches are hot topics in today’s news cycles. The stories that are shared can seem sensational and hard to believe. The types of major infractions that are reported can also seem like the type of trouble that could never occur to a small law firm with clients contained to a single region. Yet if you thought that cybercriminals are focusing their efforts solely on governments and large corporations, you could not be further from the truth. Hackers are after sensitive data, no matter who owns it. With the amount of sensitive client data stored on law firm servers, you can be sure that any law firm, regardless of size, is a legitimate target for cyber attacks.

Your clients trust you to protect their rights and interests as if they were your own. For you to do so often requires that they entrust you with sensitive information. This trust puts an obligation on your shoulders to keep that data safe from intrusions. The number of cyber attacks against law firms is on the rise. If you have not recently reevaluated the security of your networks and servers, now is the time to do so. Here are some important things to keep in mind as you assess how best to ensure that the technology you use to do business is optimized to protect your firm and your clients.

What Cybercriminals Can Do to Your Law Firm

Cybercriminals can harm your law firm in many ways. The most common ways to do so include viruses and malware, along with phishing and social engineering attacks. Direct attempts to break into your firm’s network can also occur.

In the past, the endgame of a network breach was usually to obtain specific information or data, perhaps to resell or use for blackmail purposes. In those times, the clients themselves were the targets, and the data stored by a law firm simply the means to the end of hurting the client. Now, with the rise of ransomware, the law firms themselves have become the main target. Regardless of the particular value of a given piece of information obtained from your servers, hackers know that both your reputation and bar credentials would suffer immensely if it were revealed that your networks had suffered an intrusion. Thus, all they have to do is take control of your systems, at which point they can extort you for money in exchange for codes to gain back control of your technology.

The Problem With On-Site I.T. Solutions

When a law firm uses an on-site I.T. solution, it means that all the firm’s computers are connected to a server that is installed on site. Many law firms still prefer this solution, believing they are safer with their technology right where they can see it. Unfortunately, on-site storage can sometimes lead to additional vulnerabilities. With no protective measures between your computers and servers, it would only take one unsuspecting employee opening a malicious email, and the malware will be free to spread to every computer connected to the network.

What Steps Can You Take to Protect Your Firm’s Data?

There are many things you can do to protect your firm and your clients from hackers. However, only taking one or two of these steps is never enough. You need a complete security management and support plan if you want to minimize the risk of being an easy target for cybercrime.

  1. You Should Have the Best Antimalware and Antivirus Software

When it comes to arming your computers with the best protection software, you should not be attempting to save money at the expense of security. Think of it as an investment in your practice. Free or low-cost antivirus programs will give the illusion of protection, but they won’t hold up to the levels of attacks that your systems may sustain. Since they are tempting targets, law firms have to take stronger measures than other people and businesses.

  1. You Should Keep Your System Updated

Cybercriminals know exactly how digital security systems work. They know all their weaknesses and spend all their time inventing ways to get around and through the digital walls businesses erect. That is why security systems need to be updated all the time. Manufacturers spend a lot of time staying abreast of the latest threats and hacking techniques. By keeping your technology updated, you take advantage of the latest additions meant to strengthen security, protecting yourself against newly developed threats.

  1. You Should Run Regular Penetration Tests

Penetration tests are authorized simulated attacks on computers aiming to find all the possible vulnerabilities of the security system. The findings of these tests will let you know about the strengths and weaknesses of your servers, networks, and processes. These tests will tell you exactly where the hackers are likely to strike. Running regular penetration tests will let you manage the risk of attacks as well as maintain updated plans to strengthen your systems.

  1. You Should Have a Cyber Attack Response Plan

Even if you have an amazing I.T. security system, you also need a cyber-attack response plan. Even the best-protected systems can be breached, and having a comprehensive response plan will help you recover more quickly and with less damage. You’ll minimize downtime, and be able to restore your systems and get back to work sooner. Doing those things will help you keep your reputation when the worst happens.

  1. You Should Hire Cybersecurity Experts

Your focus should be on your legal practice. Securing your law firm from cyber attacks is too important to handle without any expert help. In the same way that you know what disasters can happen when people try to represent themselves without qualified legal help, you can imagine the trouble that can arise from attempting to handle cybersecurity without expert assistance. The wisest decision you can make is to outsource your cybersecurity to an I.T. provider that specializes in that area. You’ll gain an ally in the ongoing fight against cybercrime, and with the peace of mind of knowing that your networks are protected, you’ll be able to put your energy into your practice.

For a detailed list of what you should be doing to protect your firm, download our free Cybersecurity Checklist here. To speak with a cybersecurity expert about the specific needs of your law practice, call 844-44-JMARK or visit JMARK.com.

6 Practical Data Security Tips for Accounting Firms

Accounting firms are exposed to significant data security threats. Here are 6 practical tips to keep such threats at bay.

In an age where data is often called the “new oil,” there are key security challenges unique to every industry. Accounting firms have a difficult challenge. Not only do they have to ensure the complete sanctity of their client data and their internal processes, but they must also adhere to regulatory rules and oversight that are more complex and strictly enforced than those of other industries. Add to that a varied workforce and, in some cases, different underlying systems depending on the industry of the specific client, and the job of a security administrator becomes all the more difficult.

Top Accountancy firm Deloitte, which incidentally even boasts of its own CyberIntelligence center was breached by hackers in a sophisticated attack in 2017” – Source: The Guardian

If you have an accounting firm and would like to know what you can do to keep your data safe, here are six practical security tips that can help you set your house in order and avoid data security risks.

  1. Have Clear Policies for All Existing Data Security and Data Protection Measures in Use

First things first— if you operate out of more than one location, you need to get a handle on what protocols are in place and who is in charge. It does not work for two different offices to have two different agencies responsible for data security. This creates confusion, and you risk communication failure and increased downtime when trouble occurs. You need clear lines of responsibility and authority for all security policies and processes.

It is very critical to evaluate the protocols you have in place, looking at apparent areas where there are no guidelines available. If you find this task overwhelming, look into seeking help from a specialized managed I.T. services firm like JMARK. An experienced I.T. service provider will have procedures to help you appraise your security measures in light of the unique makeup of your company as well as your markets and goals.

Next, create a checklist of the measures you have in place and benchmark them based on industry standards. It would also be prudent of you to note the kind of security threats prevalent in your industry and discuss them with peers. Based on your study, create a Standard Operating Procedure for I.T. security—or update the existing one.

  1. Ensure Physical Security

While it may seem obvious, many accounting firms often overlook physical security. To keep the user data safe, you not only need to worry about information security, but also the physical security of your facility, and access control. Even the best firewalls are useless if a malicious individual can walk away with a laptop containing critical data. Apart from making use of options like key cards and visitor logs, you should also have provisions for desk locks where employees can keep their workstations secured for safety. In addition to all this, you should also train your staff to never put any confidential or sensitive information like passwords onto sticky notes. (This may seem like a silly reminder to be making nearly two decades into the new millennium, but sadly, this is still a common sight in many offices.) Access control should be strictly enforced, and data repositories should be off limits for non-essential personnel.

  1. Maintain Proper Security Across all Devices and Solutions

To ensure complete protection, you will have to make sure that proper security is implemented for all user devices and solutions. Take the time to do each of the following things to audit security throughout all your operations:

  • Ensure that the cloud services you are making use of are PCI compliant.
  • Secure your entire infrastructure with business grade firewall, and make sure it is updated on a regular basis.
  • Maintain strong passwords across networks, along with using strong anti-virus solutions.
  • Create clear distinctions between guest networks and internal networks.
  • Put in place standardized email defense software to make sure all email accounts are well protected.
  1. Make Plans for Data Backup and Recovery for Business Continuity

Even if you have implemented all the suggestions given above, you are still vulnerable. There are chances that a breach may occur at any moment. To make sure that you are well prepared to handle such a situation and do not end up losing all your data to a ransomware attack, you should have proper backup and recovery options in place. Once you have these implemented, do not forget to test them regularly to ensure that they are working effectively. Hackers are always working to find new ways to access your network. Since criminals do not rest, neither can your security. If you have implemented a versatile backup and recovery solution, you might just be able to save yourself a lot of trouble.

  1. Keep in Mind How a Bring Your Own Device (BYOD) Policy Can Affect Data Security

With the proliferation of smartphones, most accounting firms have implemented BYOD policies for mobile devices. There are many advantages to allowing your employees to use their own devices for business purposes; however, you must keep in mind the security implications that come along with mobile access to your network. Do not forget that access to your network means access to sensitive client data. A comprehensive mobile device management (MDM) policy, and accompanying software, can help maintain the integrity of your network. Be sure to:

  • Create a policy that details the circumstances under which employees are allowed to use their own device. Along with this, you should also provide them with clear guidelines to help them understand the risks attached to mobile access.
  • Make use of a thoroughly vetted MDM solution for managing your company data on all personal devices. Enrolling the devices of new hires—and newly acquired devices of everyone—should be a priority from the first day they begin work.
  • Enforce a secure VPN for accessing office servers while working from home networks. This is especially true for teams who collaborate across geographies and time zones with the need to access official data through public networks.
  1. Use Data Encryption

No longer solely the province of spies and special agents, encryption makes your data indecipherable to those who do not have access to it. There are often encryption features built into the core applications you use daily, and you should be making use of them, as this will prevent hackers from making sense of the data even if they get access to it. Data encryption can be helpful for protecting backup disk drives as well, helping to keep all your confidential data safe. Of course, when you are ready to go beyond out-of-the-box solutions, an I.T. service provider can help you take advantage of advanced encryption solutions for your network.

While the tips listed above can serve as a starting point for ensuring data security, they are just that: the starting point. Protecting your data is a continuous endeavor, and you need to dedicate the time and resources to make sure that your accounting firm is secure.

JMARK has an enviable record in securing I.T. systems and networks and has specialized teams with expertise in working in the financial and accounting sectors. We offer a comprehensive set of security solutions ranging from data security to backup and business continuity services. To learn more about how our managed I.T. services can keep your firm safe, contact JMARK today.

Spectre & Meltdown Processor Vulnerabilities Expose New Risks

This week the Internet is ablaze with talk about newly discovered vulnerabilities, named Spectre and Meltdown that exist in many central processing units (CPUs) manufactured since around 1995. We wanted to reach out and clear up some of the misconceptions that have been shared, as well as explain the steps we are taking at JMARK to keep your data safe.

This flaw can allow programs to access parts the CPU that should be protected, potentially exposing sensitive data.

This vulnerability was discovered by security researchers, and there is no evidence that it is active in the wild. This means that while the risk is present, there is no evidence that there is a wide scale attack exploiting the flaw.

Since the existence of this vulnerability was made known, JMARK’s security experts and our Automation team have been at work quietly deploying our own custom scripts, operating system patches, anti-virus patches, and 3rd party patches as they become available to our clients. These patches will help to mitigate the risks from this vulnerability.

We are monitoring the security data as it becomes available and will continue deploying updated solutions to protect our clients until this risk is no longer present.

Many of our colleagues and less-experienced competitors in the I.T. industry are using fear tactics to scare their clients and take advantage of rumors and misinformation. What makes JMARK different is that we have a layered, methodical, and agile approach to security. When our customers buy into this layered approach, JMARK can better protect our clients through proactive execution. While other companies are scrambling for answers, we are quietly deploying solutions.

Please feel free to email or call your JMARK support team or Account Manager for more information.

Hacking Into Healthcare

The healthcare industry has become a prime target for hackers. Here are 10 tips to keep them away from your data.

In 2017, a report by Experian cited the healthcare industry as the number one target of hackers. The sensitivity of the types of data collected and stored by healthcare-related entities makes those organizations tempting targets for attack. Stringent regulations from HIPAA, HI.T.ECH, and other overseers mean that severe penalties can arise when a breach occurs and data is lost. This makes healthcare organizations ripe targets for ransomware attacks and other coordinated hacking attempts.

“78% of Healthcare Providers experienced Ransomware or Malware Attacks.”

(Source: HIMSS Analytics Survey-2017 )

In light of this alarming situation, if you do business in the healthcare industry, it would be prudent to strengthen your I.T. infrastructure and put in place advanced measures to secure your data. An array of solutions are available, but it’s also vital that everything you do, from laying out a comprehensive security policy to ensuring access control, is followed through and enforced.

Let’s look at few practical tips that can go a long way in helping you keep hackers out of your network. The following tips will help you make your systems more secure and keep hackers out. While there is no absolute guarantee that your systems will be safe from every possible threat, but implementing these measures can certainly reduce the level of threats to which your organization is exposed.

  1. Ensure Limited Access to Confidential Data

It seems obvious, but it never hurts to reiterate: you cannot give access to confidential patient data to just anyone. This information should only be accessible to a limited number of people—those who are crucial to a patient’s care, and to the record-keeping chain—and no one else. Losing this information due to negligence will not only put you in trouble under HIPAA regulations, but may leave you open to legal action. Exceptional care must be taken while sharing Patient Health Information (PHI) data even within your organization.

  1. Always Use Fully Updated Software

It might feel like a hassle to have to spend valuable time updating your software, but failure to do so can leave you vulnerable to intrusion. If the software that you use is not up to date, you will not be benefitting from all the latest security features that are being provided, thus making yourself more susceptible to attacks. Note that this includes not just your antivirus and security software, but every app and tool on your network. Vulnerabilities in any program can provide the back door hackers need to get into your system.

  1. Keep Your Staff Well Trained on All Cybersecurity Protocols

In many cases, the loose end of your security chain is not someone from the outside, but someone who is a part of your organization and has access to sensitive information. Without proper training, your employees are susceptible not only to simple human error, but also to social engineering hacks designed to exploit the overly trusting and well-meaning. You should require ongoing training to ensure that your staff is aware of new threats and prepared to give hackers and tricksters no leeway.

  1. Use Different Passwords on Different Platforms

Using similar and easily guessable passwords should be completely avoided. Once again, the obvious needs to be restated: if you are using the same passwords in multiple places for the sake of convenience, you are inviting a catastrophe. All a hacker will need to do is get access to just one of your account passwords, and then they will be able to gain access to all your other accounts. By making use of different (and varied) passwords for all your accounts, you can feel assured that even if one of them is under attack, the others are safe.

  1. Make Use of a Secure Place for Storing Passwords

Ready for yet another piece of obvious advice that too few people follow? Do not make the mistake of writing down your password on a sticky note or a piece of paper. (And please don’t compound your errors by then sticking that note directly to your monitor!) Nor should you keep your password in an email or any other document. If you are not good at remembering passwords, find creative ways to store them. Instead of storing the exact password, you can make use of hints that will be understood by you and no one else. That way, even if someone gets ahold of your hints, they will still not able to guess your password.

  1. Regularly Assess Performance to Check for Risks

You will not be able to provide comprehensive protection for your system if you are not sure where the vulnerabilities lie. Risk assessment is necessary so that you are clear about all the areas where you need to beef up security. Yet even after you’ve got security in place, you cannot afford to get complacent. New attacks and approaches to hacking arise on a constant basis, so you must regularly reassess your system to make sure you are not open to the latest techniques.

  1. Ensure Security With the Help of a Layered Defense System

If you are making use of multiple layers of security, you are doing a great job, as this will go a long way to ensure the safety of all your data. This defense forces the attacker to break through more than one layer of security. This will not only help you prevent the attack, but might also help you identify the attacker as well. Just like multiple security gates increase the chances of a thief getting caught, multi-layered security systems can put the hacker at risk.

  1. Always Have a Backup Plan to Follow in Case of a Disaster

If a disaster strikes, you should know what steps should be taken to secure and back up your system. Make sure you not only have a comprehensive plan, but also the right set of people assigned to each job. Review disaster protocols regularly, so that everyone understands their duty when the time comes to act. After your data is recovered and your network is back in action, take the time to reevaluate your plan and make necessary changes so that things will run even more smoothly in the future.

  1. Enforce the Encryption Standards Guidelines Mentioned in HIPAA’s 2013 Rules

In 2013, the final Omnibus Rule was rolled out, offering specific guidelines for enforcing encryption standards while dealing with PHI data. Make it a point to implement these standards in your organization without delay. Not only will this keep you in compliance with regulations, it will also make your business more secure.

  1. Use a Managed Services Provider for Comprehensive I.T. Security

With the attention hackers and criminals are giving to your network, the task of securing the private data of your patients and business might best be left to experts. Consider employing the services of an I.T. managed services provider that specializes in data backup and I.T. infrastructure security. Make it a point to discuss in detail any existing vulnerabilities that you are aware of as you collaborate with them on designing and enforcing a strict security policy.

JMARK has specialized teams dedicated to serving the healthcare industry. We provide comprehensive security solutions, as well as backup services and disaster recovery planning. To learn more about how managed I.T. services can make your business more secure, contact JMARK today.

Office 365 Support that Makes a Difference

Microsoft has been putting considerable resources into promoting Office 365 is the complete, low-cost cloud solution for businesses of all sizes for years. It makes sense – Office 365 includes, what many consider, to be the complete package in cloud services for business productivity tools. Things such as hosted email, file storage, web-based versions of Microsoft Word, Excel, PowerPoint, and so on are all available online for businesses to access at the drop of a hat.

Unfortunately, Office 365 requires considerable time to understand the many features, options, and custom settings available. Without a comprehensive knowledge and understanding of those features, your company is not maximizing its productivity.  Additionally, Office 365 offers different packages that provide different levels of resources and tools for business use. Knowing which package is the right one for your business matters, and that’s why having a trusted and experienced I.T. partner to consult and provide support is so important.

Common Challenges with Office 365

There are plenty of benefits to implementing Office 365 throughout your organization, which we’ll get to, but first, it’s important to understand the many challenges end-users combat when trying to get the most out of the service.

  • Search functionality is limited and the degree and depth in which users are able to conduct advanced searches are based on the tiered package purchased
  • Training directly from Microsoft is difficult to come by and generally expensive, time-consuming, and confusing

Main Benefits of Office 365

Office 365 allows businesses to utilize workplace productivity tools from any internet connected device via the web browser or apps. That type of availability means employees are able to access and share the files they need when they need them, conduct video and voice calls with Skype for Business, work with the business applications they know, as well as full access to email and calendars – this is especially important for mobile workforce operations.

But, those aren’t the only highlights to a great workplace solution. Additional benefits include:

  • Security and uptime commitment
  • Work from anywhere at anytime
  • Incredibly user-friendly interface and controls
  • Predictable monthly cost
  • In-house system issues won’t impact availability or access to Office 365

Office 365 Is a Great Solution, Be Sure to Get Great Support

After reviewing the benefits and challenges of incorporating Office 365 within your business environment, it’s easy to see why it’s become such a common workforce productivity solution. Of course, understanding the challenges means having to figure out ways to overcome them in order to get the most out of it.

With so many advanced features within Office 365, and the additional features being added or updated on a regular basis, it’s become all too easy to not get as much out of it as your organization could – and should. JMARK has certified Microsoft experts on staff that can make the transition to Office 365 straightforward and seamless, while also providing unlimited support, improved business efficiency, and properly installing and configuring Office 365 the first time.

Threat Warning: WannaCry Ransomware Spreading Through Businesses

As you have probably heard in the news over the weekend, a security vulnerability named, WannaCry began infecting computers worldwide late last week. This vulnerability, if executed on a system, will encrypt the data on the computer, even backups, and then seek out other systems to infect. Once encrypted, the ransomware, demands a payment within 3 to 7 days. All it takes is one computer to be infected before many other computers on the same network could be compromised.

Currently, a new version (WannaCry 2.0) is expanding worldwide to further increase the infection rate.

JMARK had put many defenses in place prior to this outbreak and will continue to utilize further protection. However, email attachments and links in email messages still pose the top threat. We are currently assessing all possible means to mitigate the threats and taking appropriate action as necessary.  We will be sending more details as this continues to unfold.

What do I do if I am infected?
If you are infected, you will immediately know as you will be greeted by a screen saying “Ooops, your important files are encrypted.”

If this occurs, hold down the power button on your computer to turn off your machine as fast as possible and then contact JMARK for assistance.  Do not attempt to decrypt or check payment in the screens that appear.

How does the infection occur?
WannaCry exploits a known vulnerability in Microsoft Windows operating systems. The entrance of the attack can come in multiple ways, but the most common way is by email. A few things to keep you safe:

  1. Never open an attachment from any individual that you are not expecting to send a file. If you haven’t requested it or know the sender was specifically sending you the file, do not open it as they may be infected.
  2. Pay careful attention to the sender address and name. Often they are slightly misspelled to fool you into thinking the email is from a known colleague. 
  3. Pay special attention to any link, that you are requested to click. These can also be slightly misspelled domain names to fool you into thinking they are legit. 

Please contact your JMARK support team if you have any questions, problems or concerns.

JMARK Business Solutions, Inc., announces the successful completion of its first Service Organization Control (SOC) 2 Type II audit


JMARK Business Solutions, Inc., a leading provider of Technology Management services, announces the successful completion of its first Service Organization Control (SOC) 2 Type II audit, attesting to the design and effectiveness of its Security Controls

Springfield, MOJMARK, a leading provider of Technology Management services, announced the successful completion of its first Service Organization Control (SOC) 2 Type II audit. The American Institute of Certified Public Accountants (AICPA) has issued an Interpretation under AT Section 101 permitting service auditors to issue reports that are not specifically focused on internal controls over financial reporting. These reports are considered SOC 2 reports and focus on controls at a service organization relevant to Trust Services principles, such as security.

“JMARK’s focus on strong internal controls is evident in this report,” says Tim Roncevich, Partner at SSAE 16 Professionals. “The successful completion of this audit is a testament to JMARK’s integrity, accountability, and its commitment to its customers.”

The audit undergone by JMARK was conducted in accordance with the AICPA SOC reporting standards and was conducted by SSAE 16 Professionals, LLP, which is a full service accounting firm providing SOC 2 Type I and Type II audits. SSAE 16 Professionals evaluated JMARK’s design and operating effectiveness of internal security controls and processes related to the Security Trust Services Principle. The firm has found that JMARK has met or exceeded the expectations and is fully compliant to the standard.

“Completion of the SOC 2 Type II audit demonstrates the high value that we place on security,” says Todd Nielsen JMARK’s Chief Strategy Officer, who headed up the initiative. “A SOC 2 Type II audit shows our clients, especially those in the banking, healthcare, and hospitality verticals of our dedication to privacy and security. Clients can remain confident in JMARK’s operations, policies, and procedures to keep their data protected and private.”

About SOC 2 Reports

Completion of the SOC II Type 2 audit indicates that processes, procedures, and controls adopted by JMARK have been formally evaluated and tested by an independent accounting and auditing firm. The audit included the company’s controls related to the Trust Services Principles and Criteria of Security.

The SOC II certification is among the highest and most rigorous security achievements that can be achieved by any organization. It testifies of to the commitment to protecting JMARK’s client data and information systems.

A SOC 2 report falls under the AICPA AT 101 guidelines and can also be either a Type I or a Type II. Whereas SSAE 16 (SOC 1) reports are used for audits of controls that impact a user organization’s internal controls over financial reporting (ICFR), SOC 2 reports are intended service organizations whose services do not impact ICFR. The typical users of a SOC 2 report will include prospective clients of the service organization, management of the service organization, and independent auditors providing services to the user organizations. The SOC 2 audit covers operational and/or regulatory compliance controls and follows pre-defined Trust Services Principles and Criteria.


JMARK Business Solutions is an award winning global technology services company that has been in operation for more than 25 years. Not only are they a market leader, but they also specialize in various specific industry and technology verticals to directly benefit their clients. This market focus allows them to be highly specialized and educated in helping their clients to be successful. JMARK offers a full range of I.T. Solutions and Managed Services to serve any industry, anywhere in the country and even the world. JMARK is headquartered in Springfield, MO with offices in Oklahoma, Arkansas and Colorado.

About SSAE 16 Professionals, LLP

SSAE 16 Professionals, LLP is a leading firm specializing in SSAE 16 and SOC 2 audits and readiness assessments. Each of its professionals has over 10 years of relevant experience at “Big 4” and other large international or regional accounting firms. Each professional is certified as a CPA (Certified Public Accountant), CISA (Certified Information Systems Auditor), CIA (Certified Internal Auditor), CISSP (Certified Information Systems Security Professional), and/or MBA (Master of Business Administration). For more information, please visit www.SSAE16Professionals.com.

Learn more at JMARK.com and the JMARK I.T. Blog. Follow updates on Twitter and on Facebook.

Contact Info:

Name: Todd Nielsen
Organization: JMARK Business Solutions, Inc.
Address: 601 North National, Suite 102
Phone: 417-863-1700

A big thanks to the many people within JMARK that helped make this a reality.


JMARK Achieves SOC II Type I Certification

SOC II I am proud today to announce that JMARK Business Solutions, Inc. has passed a SOC II Type I audit. This audit comes after lot of hard work by many dedicated individuals at JMARK. The SOC II audit shows our dedication and commitment to the privacy, confidentiality, and security of JMARK and its clients. SOC II addresses many areas of the company and testifies to the soundness and integrity of our: Infrastructure, Software Systems, People, Policies, Procedures, and Data.

What Does This Mean to JMARK Clients

A SOC II audit shows our dedication to the privacy and security of client systems and data. In this world of daily security incidents, few I.T. Service organization can show through independent analysis that their operations and procedures are aligned to keeping their clients data safe and private.

Completion of the SOC II Type I audit indicates that processes, procedures, and controls adopted by JMARK have been formally evaluated and tested by an independent accounting and auditing firm. The certification included the company’s controls related to the Trust Services Principles and Criteria of Security.

The SOC II certification is among the highest and most rigorous security achievements that can be achieved by any organization. It testifies of our commitment to protecting our client data and information systems.


The Ashley Madison Hack Is Gonna Hurt More Than the Cheaters

bigstock-Fingers-Crossed-Behind-Back-5239824-e1440529846785No matter your opinion of the Ashley Madison hack, the real damage is yet to come, and you and your company, are the next target. Hackers are smart, and when any natural disaster, general conspiracy, or big event occurs, even another hack, they are quick to capitalize on the popularity and attempt to create more mayhem and extortion.

This is done through the sheer simplicity of common curiosity. When a popular event happens, hackers will try to squeeze the curiosity out of us to try to get us to do something, something that will hurt us, and benefit them. That brings us to the popular Ashley Madison hack.

In the Ashley Madison hack, millions of names, emails, and physical addresses of people who had extramarital affairs were posted on the Internet, but not the normal Internet you and I go to, they were posted to the dark web. You have to know what you are doing to get to the black web and it is not a safe or recommended place to enter.

That is where the hackers are taking advantage of people. Many are curious to see if anyone they know is on that list, as a result, hackers put up fake websites offering to show you that information. Someone goes to a nice looking website that looks legit in order to look at the names, and then BAM… suddenly your computer and network is hijacked and you have to pay money to get your files and data.

There will be thousands of emails that will fly into inboxes in the following weeks purporting to have links to list of addresses. Don’t go there, unless you want to infect your data and your network. Take a look at this article by CBS News that explains the potential damage of curiosity: http://www.cbsnews.com/news/scams-extortion-attempts-arising-from-ashley-madison-hack/

Stay safe and call JMARK if you have any problems. We are here to help!