JMARK Business Solutions, Inc., announces the successful completion of its first Service Organization Control (SOC) 2 Type II audit

SOC II

JMARK Business Solutions, Inc., a leading provider of Technology Management services, announces the successful completion of its first Service Organization Control (SOC) 2 Type II audit, attesting to the design and effectiveness of its Security Controls

Springfield, MOJMARK, a leading provider of Technology Management services, announced the successful completion of its first Service Organization Control (SOC) 2 Type II audit. The American Institute of Certified Public Accountants (AICPA) has issued an Interpretation under AT Section 101 permitting service auditors to issue reports that are not specifically focused on internal controls over financial reporting. These reports are considered SOC 2 reports and focus on controls at a service organization relevant to Trust Services principles, such as security.

“JMARK’s focus on strong internal controls is evident in this report,” says Tim Roncevich, Partner at SSAE 16 Professionals. “The successful completion of this audit is a testament to JMARK’s integrity, accountability, and its commitment to its customers.”

The audit undergone by JMARK was conducted in accordance with the AICPA SOC reporting standards and was conducted by SSAE 16 Professionals, LLP, which is a full service accounting firm providing SOC 2 Type I and Type II audits. SSAE 16 Professionals evaluated JMARK’s design and operating effectiveness of internal security controls and processes related to the Security Trust Services Principle. The firm has found that JMARK has met or exceeded the expectations and is fully compliant to the standard.

“Completion of the SOC 2 Type II audit demonstrates the high value that we place on security,” says Todd Nielsen JMARK’s Chief Strategy Officer, who headed up the initiative. “A SOC 2 Type II audit shows our clients, especially those in the banking, healthcare, and hospitality verticals of our dedication to privacy and security. Clients can remain confident in JMARK’s operations, policies, and procedures to keep their data protected and private.”

About SOC 2 Reports

Completion of the SOC II Type 2 audit indicates that processes, procedures, and controls adopted by JMARK have been formally evaluated and tested by an independent accounting and auditing firm. The audit included the company’s controls related to the Trust Services Principles and Criteria of Security.

The SOC II certification is among the highest and most rigorous security achievements that can be achieved by any organization. It testifies of to the commitment to protecting JMARK’s client data and information systems.

A SOC 2 report falls under the AICPA AT 101 guidelines and can also be either a Type I or a Type II. Whereas SSAE 16 (SOC 1) reports are used for audits of controls that impact a user organization’s internal controls over financial reporting (ICFR), SOC 2 reports are intended service organizations whose services do not impact ICFR. The typical users of a SOC 2 report will include prospective clients of the service organization, management of the service organization, and independent auditors providing services to the user organizations. The SOC 2 audit covers operational and/or regulatory compliance controls and follows pre-defined Trust Services Principles and Criteria.

About JMARK

JMARK Business Solutions is an award winning global technology services company that has been in operation for more than 25 years. Not only are they a market leader, but they also specialize in various specific industry and technology verticals to directly benefit their clients. This market focus allows them to be highly specialized and educated in helping their clients to be successful. JMARK offers a full range of IT Solutions and Managed Services to serve any industry, anywhere in the country and even the world. JMARK is headquartered in Springfield, MO with offices in Oklahoma, Arkansas and Colorado.

About SSAE 16 Professionals, LLP

SSAE 16 Professionals, LLP is a leading firm specializing in SSAE 16 and SOC 2 audits and readiness assessments. Each of its professionals has over 10 years of relevant experience at “Big 4” and other large international or regional accounting firms. Each professional is certified as a CPA (Certified Public Accountant), CISA (Certified Information Systems Auditor), CIA (Certified Internal Auditor), CISSP (Certified Information Systems Security Professional), and/or MBA (Master of Business Administration). For more information, please visit www.SSAE16Professionals.com.

Learn more at JMARK.com and the JMARK IT Blog. Follow updates on Twitter and on Facebook.

Contact Info:

Name: Todd Nielsen
Organization: JMARK Business Solutions, Inc.
Address: 601 North National, Suite 102
Phone: 417-863-1700

A big thanks to the many people within JMARK that helped make this a reality.

 

JMARK Achieves SOC II Type I Certification

SOC II I am proud today to announce that JMARK Business Solutions, Inc. has passed a SOC II Type I audit. This audit comes after lot of hard work by many dedicated individuals at JMARK. The SOC II audit shows our dedication and commitment to the privacy, confidentiality, and security of JMARK and its clients. SOC II addresses many areas of the company and testifies to the soundness and integrity of our: Infrastructure, Software Systems, People, Policies, Procedures, and Data.

What Does This Mean to JMARK Clients

A SOC II audit shows our dedication to the privacy and security of client systems and data. In this world of daily security incidents, few IT Service organization can show through independent analysis that their operations and procedures are aligned to keeping their clients data safe and private.

Completion of the SOC II Type I audit indicates that processes, procedures, and controls adopted by JMARK have been formally evaluated and tested by an independent accounting and auditing firm. The certification included the company’s controls related to the Trust Services Principles and Criteria of Security.

The SOC II certification is among the highest and most rigorous security achievements that can be achieved by any organization. It testifies of our commitment to protecting our client data and information systems.

 

The Ashley Madison Hack Is Gonna Hurt More Than the Cheaters

bigstock-Fingers-Crossed-Behind-Back-5239824-e1440529846785No matter your opinion of the Ashley Madison hack, the real damage is yet to come, and you and your company, are the next target. Hackers are smart, and when any natural disaster, general conspiracy, or big event occurs, even another hack, they are quick to capitalize on the popularity and attempt to create more mayhem and extortion.

This is done through the sheer simplicity of common curiosity. When a popular event happens, hackers will try to squeeze the curiosity out of us to try to get us to do something, something that will hurt us, and benefit them. That brings us to the popular Ashley Madison hack.

In the Ashley Madison hack, millions of names, emails, and physical addresses of people who had extramarital affairs were posted on the Internet, but not the normal Internet you and I go to, they were posted to the dark web. You have to know what you are doing to get to the black web and it is not a safe or recommended place to enter.

That is where the hackers are taking advantage of people. Many are curious to see if anyone they know is on that list, as a result, hackers put up fake websites offering to show you that information. Someone goes to a nice looking website that looks legit in order to look at the names, and then BAM… suddenly your computer and network is hijacked and you have to pay money to get your files and data.

There will be thousands of emails that will fly into inboxes in the following weeks purporting to have links to list of addresses. Don’t go there, unless you want to infect your data and your network. Take a look at this article by CBS News that explains the potential damage of curiosity: http://www.cbsnews.com/news/scams-extortion-attempts-arising-from-ashley-madison-hack/

Stay safe and call JMARK if you have any problems. We are here to help!

Are You Taking Responsibility for Your Company’s Security?

Security-Passwords-Cyber-InternetIn Early August, it was reported that Russian hackers had stolen more than 1.5 billion username and password combinations. Yeah 1.5 billion, that’s not a typo. That event makes the Target breach look like small potatoes. You might think your company is safe, but are you sure about that?

This breach is a huge exposure for small and large businesses alike. If that were the only event this year, it alone would be huge news, yet there has been an average of about two major security breaches reported each month this year. These breaches together put many things at risk, even if you think your network is tied down.

The first reason for this is that employees usually do more than work. They check their personal email, check social networks, surf the Internet, perhaps pay some online bills, and much more. All of these things can potentially open up your network to a breach. All it takes is for one employee to click the wrong link or download the wrong attachment and your network can be opened up

Another reason is that hackers are continually changing their tactics. Very few systems have the ability to monitor for abnormalities in network traffic and other parameters. JMARK has a special service that allows for advanced monitoring of logs from network devices and systems to detect abnormalities that could be attacks. Contact us if you want to learn more about this special log monitoring service.

We live in a world that is changing dramatically, and security is at the forefront of the priorities that need to be in a company’s budget in order to protect its identity, reputation, and intellectual property.

JMARK has the systems and expertise to help business owners sleep better at night. Contact us to learn more about how we can help, and please change your online passwords, if you have not in the past couple months.

The BASH Bug… Insecticide Is Not Gonna Help

BASH-BUG-Computer-Cyber-Network-Security-RiskAnother week… another security risk. It seems security risks and companies that get hacked are about as common dirt these days. This week is no different.

You may have seen the news already about very serious vulnerability known as “shell shock.” The affected software, Bash (the Bourne Again SHell), is present on most Linux and Unix-like systems, and including some Mac OS operating systems. The risk appears to be most viable on Internet-facing devices that rely on the Bash environment, such as web and mail servers, but could affect many other devices running those operating systems such as storage devices, public wireless hotspots, and other systems on the network. Additionally there is a risk for any DHCP clients that might connect to an at-risk DHCP server, which means you should be careful when connecting an Apple device to a public hotspot. The DHCP server if infected could issue commands that could put client computers at risk. Indicating that exploit could affect routers or even cell phone towers.

Patches have been made available via the official vendor of the Bash application; however, it merits noting that there are currently reports that the available patches do not fully resolve the issue. Yesterday, JMARK’s own network was under attack, but our skilled network admins diminished that threat without any loss of service.

JMARK is monitoring this situation for further developments and risks and will notify clients if the risk continues to increase.

At this time, JMARK recommends that:

  • Systems are updated to the latest application versions as they become available
  • Host activity is monitored for anomalies
  • Updated signatures from IDS/IPS vendors are obtained to protect against known attacks
  • Contact us if you feel you might be experiencing issues related to this threat.

We are committed to notifying you and protecting you of any new security threats that may impact your organization. For more information and updates on the Bash Bug, visit https://www.pcicomplianceguide.org/shell-shock-bash-bug-what-we-know/.

Your Private Information – For Sale to the World

Privacy-Security-Data-BrokerOn Sunday August 24th 60 Minutes aired a show that everyone should watch. I didn’t see it when it aired, but a colleague forwarded the replay to me and I was blown away. I have followed security trends for several years, but this was new to me.

We live in a digital world. One in which everything we do, on and offline – can be tracked. That data when combined with other data makes up a profile or dossier for hundreds of millions of people in the United States alone. These dossiers are not identified with some random unidentifiable number; they are coded with your name, your email addresses,  known aliases, health, buying preferences, and everything else about you.

You are probably wondering how this happens. How can you be tracked without you even knowing it? Here’s how:

  • Your cell phone tracks everywhere you go, that information combined with other information can identify habits, preferences, and a whole load of information that reveals information about you.
  • Apps on your phone that you think are providing entertainment or other communication with your friends, can actually track your location and what you do in other applications on your phone. They can learn your friends, contacts, who you call, and what you are saying to others. Many game apps are just fronts for the collection of data on you.
  • By just getting on the Internet, you are being followed everywhere. First of all your Internet service provider has tons of data on you, and knows what you do, what you say online, and what you buy. As soon as you log onto Google and do a search, or you go to your favorite social media account, or a host of other sites on the Internet. You are not just being monitored at that site, but every other one as well. For example, you go to Facebook and look around for a while, then you close it and go to a debt consolidation company website to learn about their services, then you go and read some articles about a health malady let’s say Diabetes, then you go to a job site and look at available jobs, etc… Facebook is tracking you during the whole session and beyond. Imagine all the personal information these sites could gather about you.
  • Then let’s say you go to the store and buy things, maybe you pick up a prescription at the pharmacy. Your credit card company knows everything you buy, not to mention all the retailers. Those discount cards, they are not just for discounts; they are for tracking your purchases and tying those purchases back to you, no matter what form of payment you might use. Then you swing by the elementary school and pick up your kid, you are too tired to cook so you go out to eat at some fast food restaurant.

If you take all those things and combine them, we learn that:

  • You are struggling with debt.
  • Based on your Internet search and the type of prescription you picked up, you have been just diagnosed with Diabetes.
  • You are most likely looking for a new job or are out of a job.
  • You have a child and you make poor eating decisions.

Obviously this is just supposition of a small amount of data, but each of us leaves thousands of data points a day all over the place.

If you are concerned about the security and privacy of your business, which you should be, contact JMARK. The damage in privacy that I discussed in this article is nothing compared to the damage and liability from a privacy or security breach of your business or of one of your clients or patients.

Your Password Alone Is Not Enough, Implement This Solution NOW!

Muti-Factor-Authentication-Password-SecurityYour first line of defense in all kinds of systems is the password used to get into it. Whether it is a phone, computer, tablet, firewall, wireless access point or third-party service, your password is sometimes considered the end-all, but in reality it is not enough.

I am not talking about Anti-Virus Software, Anti-SPAM software, Anti-Keylogger software, Firewalls, or the many other layers of security that can and should be be tacked onto a network; I am referring to something that can beef up the power of your password.

This extra power is called Multi-Factor Authentication. Multi-Factor Authentication is an add-on software, service, and/or device that proves that when you are typing your password, that it really is you typing the password and not someone who stole your password. JMARK uses various flavors of Multi-Factor Authentication for ourselves and for clients. Sometimes when typing a password a user gets a special code from an app on their phone, or off a device. This code changes every 30 seconds, so it can’t be hacked. This code, along with your username and password proves that you are you; and together they authenticate you to the system or software you are trying to get into.

Had Target, and many others who have experience security breaches, been using Multi-Factor Authentication, their story would have been much different.

We live in a world where security is of the utmost importance. Security discussions need to move from the server room, to the boardroom. Companies can no longer assume that they are too small to be a target, or that the security measures they’ve taken are enough. Things are always changing and it is important to stay ahead of the curve. Multi-Factor Authentication is one big way to do that.

Implementing Multi-Factor Authentication is not very expensive, especially considering what you might be preventing. If you are in the financial services, legal, healthcare, education, or any other business that is a high target or under regulation, contact JMARK to learn more about how Multi-Factor Authentication will protect you.

The Often Overlooked Physical Aspect of Network Security

Physical-Security-Network-Server-SupportI’ve written a lot about Network and Internet security, but have never covered a really big hole that exists in a lot of companies, and that’s, well… the door.

Talk to any business about Network Security and the conversation and thought process often focuses on hackers, attack vectors, wireless, passwords, and many other technology avenues where security can be compromised. Those are all important, but what about the physical security of your data?

Years ago I knew the CEO of a company that lost all their data, and it was not because of a hard drive crash or a hacker. Thieves broke into the office. The alarm went off, but the thieves were fast, they didn’t care about the alarm. They took a pair of giant clippers and cut all the wires in the back of the server rack, power and network were all sliced. Then they rolled the entire cabinet out the door, into a cargo van, and drove off into the night. They were in and out before the police were even close. To make matters worse they also took all the backup tapes that were sitting on a table in the server room.

Had the server room been locked and secured, this story might have ended differently. Had their video surveillance system been managed and working properly, they might have ended up catching the thieves.

Physical Security Questions You Should Think About

  • What are you doing to make sure that your physical security is enough to protect your data assets?
  • Are you using fingerprint, optical, and/or Smart Card security for access to your facilities and to your server room?
  • Is the server room secured so that only authorized personnel can access it?
  • Is the door always locked?
  • Do you use video surveillance and an alarm system?
  • Is your video surveillance system monitored and managed?
  • Is your server room in a central location, away from outside walls and doors?
  • Are servers locked in a rack?
  • Is your rack bolted to the floor?

There are a ton of relatively low-cost solutions that can be implemented to improve the physical security of your equipment and the critical data that is on that equipment. Losing your data is costly, so just about any money you spend for physical security is investment you cannot afford to not pay for.

Additionally this story above has other lessons. Had the data been encrypted on those servers, then data would not have been compromised and they would probably not had to tarnish their reputation by alerting everyone that data had been compromised

Lastly, every business needs a rock-solid remote backup disaster recovery solution. Had this company above employed this technology, servers could have been ordered quickly and data reloaded and they could have been back in operation after only a few days.

Many people take the belief that, “It won’t happen to me.” Don’t think that, because it very well can happen to you. Call JMARK so we can audit your physical security, backup and disaster recovery plans, and can help make sure you never have to deal with the pain that the CEO above had to deal with.

Security – Whether in the Cloud or the Closet – Must Be a Priority!

Security-Cyber-Internet-Backup-ITA 2013 survey by LinkedIn reported that 54% of people who participated, felt that security was a top concern and even a deterrent when they consider incorporating cloud computing into their business practices.

Industries that use sensitive data like health care, and finance related businesses, are especially aware of security concerns in technology and have a heightened sense of risk when it comes to placing data to the cloud. Security breaches are obviously a serious issue. If someone were to break into a business system whether it was in the cloud or not, that business’s reputation could be tarnished, it’s competitive secrets could be compromised, and it’s data could be lost, depending on the severity and type of breach. In this world of ever increasing transparency and risk, security should be a top concern for business owners and CEOs for any type of business. The old adage of “we’re to small to be hacked,” is no longer true.

Many people believe that data is safer within the confines of one’s own office space. The truth is, that with proper measures, data is often safer in the cloud, than in traditional methods of data storage. There are risks for data, no matter where it might be sitting.

While it’s true that security is a concern, data loss is also a hazard. A separate study conducted by Mimecast, showed that 57% of respondents felt their data was safer after using cloud computing, because data loss was at a reduced risk, and data was usually backed up in more than one place. Additionally cloud computing often has multiple points of failure and an army of very expensive security equipment and people to make sure data is safe.

As technology develops, standards increase. Security standards for cloud computing, and technology use in general such as: HIPAA, ISO, PCI, DSS, and SOC set the bar for IT technologists and cloud developers in terms of keeping data secure for clients. Meeting these standards allows clients to feel better about how their data is stored and missing these standards means client loss for developers and technology professionals

Some of my previous posts have addressed many areas of security for different industries and different technologies. The ways and methods that hackers can get access to data would surprise and scare most people. Whether your data is in the cloud or in your closet, JMARK understands the intricacies of cyber security and every other aspect of IT security. Our industry certifications, tight policies and procedures, overall technical scope and expertise, army of experts, advanced software, and the regulations we abide by – allow us to serve our clients and make sure that they can sleep peacefully at night, not worrying about security or the continuity of their data.

For more information about security in the cloud or in your office, contact us to get a proper security analysis performed.

7 Tips for Better Password Security

password-security-cybercrimeCybercrimes and threats to personal information are constantly on the rise. A day does not go by that we can’t read about someone’s e-mail, business, bank, or other online account being hacked. With hackers all around the world finding new ways of getting inside your personal online “space,” the need for a safer mechanism and new ways of protecting your information are at an all-time high.

Fortunately, there are some basic steps which each of us can take to ensure that our information is more secure. The first and most important step in this regard is properly protecting your passwords.

We may think that the passwords we choose are relatively safe and difficult to crack, but this belief is far from the truth. With such a huge amount of risk, how do we guarantee that our passwords are secure; and our personal information, safe? Here is a list of a seven simple steps:

  1. Always include numbers, special characters, upper and lower case letters in your password – A good combination of these will ensure that your password remains confusing and harder to crack, especially if there is no obvious meaning to the letters and numbers your use.
  2. Go to the MAX – Lots of people suggest a recommend length for passwords. Why not just use the maximum characters that the website will support. Many websites have maximum password characters over 40!
  3. Do not include important dates or names in your password – Try not to include any dates that may hold importance in your life in your passwords. Also, stay clear of obvious names like your spouse, pet, child, sibling, or parents.
  4. Do not repeat your passwords – Make sure your new password is always different from your last 5 passwords. Always keep switching between the combinations in your passwords.
  5. Do not share or write down your passwords – This is probably the most common mistake that we make. Never share your passwords even with the closest of your friends or family. You never know how much harm a slip of tongue can do!
  6. Be careful while accessing your important accounts on public computers – Try to never to access your bank or other important accounts on public computers or internet cafes. If you have no other option, make sure the browser does not have cookies and that the password saving setting if OFF. After accessing your account, clear the cache and cookies in the browser. Once you have accessed your bank account, reset your password from a secure computer using secure non-public Internet access.
  7. Different passwords for different accounts – Never keep the same password for more than one account. In case one of your accounts gets compromised, your other ones will still be safe.

In a world where so much of our personal lives are locked in online accounts, it’s our duty to take the basic first steps to insure and protect ourselves. If you need help, contact one of the brilliant technicians at JMARK.