If the old saying that “We protect what we value” is true it seems that I value my morning cup of coffee and my Internet Access more than anything else in this world (Family and Friends excluded of course).
Why would I say this? Well let me tell you a story.
We moved to North Andover, MA about 7 years ago. As a matter of fact we live inside Harold Parker State Forest. When you hear forest, if you think of trees, well that would be accurate. Beautiful spot to live but as we discovered very soon after we moved in, even with a moderate wind, there is a decent chance we are going to lose power. And lose power we did. About 10 times in the last 7 years. First time was traumatic being the city folk that we were. But we learned. Got a generator, Made sure there was plenty of propane and got a DC Converter for the Car. Losing power continues to be a pain in the %!@ but we are pretty much prepared these days.
OK..OK.. Let me explain the rant and how it pertains.
I was sitting a month or so ago browsing the Internet while drinking my morning coffee. We had lost power the night before and we were running on generator. And although a little inconvenienced, I was relatively content. And then dawn breaks over marble head.
I had unintentionally built in about 3 layers of fault tolerance to make sure I got my morning coffee and could check email and perform other Internet related tasks no matter what.
For Coffee, I had the Generator as a primary source. If that failed, I could always turn on the car, plug in the DC/AC converter, throw an extension cord out the window, Plug it all in and brew the coffee. Funny thing though, after a few successful brews, and after a new coffee maker, the converter suddenly would trip off. (Maybe the new pot needed more juice?) In any event, I always had the gas grill where I could boil some water and use our French Press System.
For Internet, We have the generator and this works fine if the outage is local but if it is regional and the Comcast Facility is down, I always have my good old Verizon 4G Card or the HotSpot on my iPhone.
So to summarize I have three layers of fault tolerance for my coffee.
Two layers for my Internet Access.
Interestingly enough this is more layers of Fault Tolerance than I had for my File Servers and Infrastructure. I own a computer support company so this type of thing matters to me.
Do I value my cup of coffee more that by company data?
Maybe I need my coffee more than my data at that moment?
Whatever the case it was a wakeup and we now have at least as many layers of Fault Tolerance for our servers and other critical equipment now than I do for my morning coffee.
What is your strategy? Do you have your head in the sand hoping for the best? Do you really know what your data is worth and what downtime could possibly cost you?
- Natural Disaster
- Man Made Disaster
- Virus Outbreak (Remember Crypto Locker)
All of the above have happened at some point recently. Maybe not to us. At least not yet.
This is truly a numbers game and you never know.
So what does downtime cost us?
Find out. Click link below for access to our easy to use, (though if you need help using, give us a call)
or check out…..
Two Minute Video on Business Continuity
Self-admitted “Backup Fanatic” (Hey, I’ve been in this business too long and have seen too many heartaches not to be)
So what should you look for when choosing a company or service to backup and secure your data both onsite and offsite? Who can you trust to not only keep your data safe, but also to be there when you need to recover it?
Unfortunately, this is not an easy choice. There are literally hundreds of companies offering backup devices, software and services because they see it as an easy way to make a quick buck. As you would expect, not all service providers are created equal, and you want to make sure you choose a good, reliable vendor or you’ll get burned by hidden fees, unexpected “gotchas,” difficult and slow recovery of your data or by the horrible discovery that your data wasn’t even being backed up properly, leaving you high and dry when you need it most. Here are 12 things we recommend looking for:
- Production-Grade, SAS 70 Data Center. One of the first things you need to ask your IT person is, “Where will my data be stored?” After all, we are talking about your financial information, client data, and other sensitive information about your company! What you DON’T want is for them to keep your data at a rack in their office that is not designed to be a high-availability data center. A TRUE data center will be 100% dedicated to hosting data and should have:
- Redundant power sources and generators
- High-level, on-site building security
- Redundant Internet access
- SAS 70 certification
The term “SAS 70″ (Statement on Auditing Standards No. 70) refers to an official document issued by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA). The AICPA sets out the auditing standards for data centers and issues this document to show that the data center is doing what they are promising in the areas of security and availability.
- Bare metal imaging. This is important to ensure a quick restoration of your data and IT operations. A “bare metal” image is simply a snapshot of your server and all the data on it. That snapshot can then be copied to another server or “virtualized” (put on a server online), often within 1 hour. Without this type of backup, you would have to:
- Locate all your software disks and keys
- Re-install the operating system
- Re-install all applications
- Re-install the data
- Re-configure the settings
This process could take anywhere from one to two days; even longer if you don’t actually HAVE your software discs and keys. A bare metal image eliminates this delay.
- The ability to recover data FAST. An EXTREMELY important question to ask is, “If my server crashes beyond repair, how do we get our data back?” You do NOT want Internet download to be your only option for recovering data from the cloud because it could take days or weeks. At a minimum you should be able to get an overnight copy of your data on a physical disk or device – but ideally you should have instant access to a bare metal image so that a new or makeshift server can be set up within an hour, allowing you to keep working (see above).
- Continuous backup. Another feature to look for is ongoing or “continuous” backup versus a nightly backup. This allows you to restore a file that you worked all morning on and saved right before the server crashed in the late afternoon.
- Multiple data centers that are geographically dispersed. Anyone versed in data security knows the best way to avoid loss is to build redundancy into your operations. All that means is that your remote backup service should store multiple copies of your data in more than one location. That way, if a terrorist attack, city-wide power outage or natural disaster destroys one of their locations, they have backups of your backup in a different city where the disaster did not strike.
- The INITIAL backup should be to a local, physical device. Trying to transfer all the data online could take days (possible weeks) and cause your Internet connection and systems to drag. If you have a large amount of data to backup, ask your provider how the initial backup is created.
- Make sure your data can be restored to a different computer than the one it was backed up from. Amazingly, some backups can only be restored to the same computer they came from. If the original computer was damaged in a fire, stolen, or destroyed in a flood, you’re left without a backup.
- The ability to “virtualize” your server. This is a fancy term for putting your server online so that you and your staff can work remotely if necessary. This option would be important if your building was destroyed or if your area was evacuated.
- Demand a local “spare” server and backup. Most server crashes are due to hardware failure, not natural disasters. Therefore, you should have an onsite, local backup server as a failover device if your main server dies. This local server also makes it much easier to retrieve a file or folder than trying to pull it down from the Internet (see #3).
- Demand daily status reports of your backup. All backup services should send you a daily e-mail to verify if your backup actually ran AND to report failures or problems. The more professional providers should also allow you to notify more than one person (like a technician or your IT person) in addition to yourself.
- Demand LIVE monitoring by a qualified technician. Many online backup services are “self-serve,” which allows them to provide a cheaper service to you. BUT backups are not “set it and forget it” processes so don’t settle for an “automated” monitoring service. All too often problems happen with backups that require someone who knows what they’re doing to investigate the problem and resolve it. Otherwise, you simply have an alarm system that no one responds to.
Plus, if you need to recover your data, you want to be able to call and talk to someone who can help you, especially if it’s a major disaster. If you’re using a cheap online backup service or a company that doesn’t offer live monitoring, you’ll be stuck trying to recover your data on your own, wasting tons of time and possibly not being able to get back up and running for days.
- 12. Demand a written IT disaster recovery plan. This shows YOU that they have a plan in place for restoring your data and that they won’t be scrambling to figure it out when disaster strikes. As the saying goes, “by failing to plan you’re planning to fail.” A written report shows you that they have thought the process though and know what to do in the event of a disaster
See our Datto Intelligent BizCon Solution in this 2 minute video:
Where has all the cloud talk gone, long time passing. Where has all the cloud talk gone, long time ago. OK so shoot me. I’m a Peter Paul and Mary (or should I say Pete Seeger) fan.
Funny thing happened on our way to cloud computing proliferation. We stopped hearing about it. Just a year or so ago, “The Cloud” was everywhere. On TV, on Magazine Covers and just about every other BLOG post was about the cloud. Now it’s nowhere to be seen. Does this mean it was just another passing fad or a transient buzz? Absolutely not! As a matter of fact, cloud computing is bigger than ever.
If you look at the big players, Google, Amazon and Microsoft you will see that the growth of cloud is still with us. See informative chart from “eclipse” for some interesting facts.
Managed IT Services
“The reports of my death are greatly exaggerated”
I have been hearing off and on for the last three years about the death of the MSP model for IT support. This is coming from both within and outside the MSP community.
- I have heard “the cloud” will kill the model. (whatever that means?)
- I have heard the model is being commoditized with the entry of Konica Minolta,Staples, Comcast, BestBuy (not so fast-BB just sold their Managed Services division to Ricoh?) and it’s in the wind that Kyocera has just launched a Managed Services division.
- Microsoft with the Office 365 efforts and last but not least “Google Apps”
Does all of this spell doom for the MSP’s.
Of course not or more bluntly “hell no”!
The MSP market has never been so vibrant and I would say it is on the upswing rather than a downswing. I say this for 2 reasons:
1) Personal experience. We are a local MSP and quite frankly more than half of our prospects are not even on a Managed Service model yet and they all get “very interested” when we talk about the model and all of its benefits. We will get into that in a bit.
2) Various Research firms predict significant growth in the next 5 years. MarketsandMarkets expects managed services to grow from 143 billion in 2013 to 256 Billion in 2018. A healthy 80%.
The main benefits of a Managed Service IT support model are proactivity and predictability of services and cost.
How has that changed? Well it hasn’t.
Most IT support at the SMB (Small and Medium sized business) happens at the desktop. The cloud model will hardly change that. We will still have our printer, malware, how-to and other desktop related issues, regardless of whether the infrastructure resources are in the cloud or on premise. I say that from experience. We are also Cloud Service Providers and we still get the same type of calls from our Cloud clients that we do from our Managed Service Clients and for that matter our T&M clients.
As far as the commoditization argument due to the bigger players entering the arena, well I personally welcome it. For 3 reasons.
- It gives validity to the model. And creates an awareness that only the big marketing dollars can.
- If the model was not growing why are the big players entering?
- When it comes to our clients, we own the “last mile” which is the relationship. This is ours to lose.
In summary with all of the new products and work strategies out there such as BYOD, Managed Business Continuity, Managed Security and Print Management ( yes Konica Minolta, Kyocera and Ricoh, we can do that too), there is tremendous opportunity in the next 5 years or so.
For more information on our Managed Services:
For a short presentation the describing the BSU Support model:
To Download Consumer Awareness Guide:
7 Reasons Why Getting Rid Of Windows XP Will Likely Exorcise Hidden Gremlins and Goblins Lurking In Your Computer Network
Yes we know. Halloween has come and gone. We also know that the inherent weaknesses of Microsoft Windows XP are still with many of us. Although many businesses have been getting rid of Windows XP for at least the last 3 years, the fact remains that as of early this year, around 500 million business computers were still running Windows XP. While the witching hour for Windows XP is still a few months away (April 9, 2014), here are 7 of the top reasons running Windows XP should scare any business owner right now:
1) Tons Of Viruses. There is a huge library of viruses aimed at Windows XP and limited antivirus support still available.
2) XP Is OLD (almost 12 years old!). The 1st iPod was released the same year as Windows XP. In a world where the 5th iPhone has been released, no one should be left using an O/S that pre-dates the 1st iPod!
3) Least Secure Operating System (By Far!). ALL other platforms, including Linux, all versions of Mac OS X, Windows 7 and Windows 8 are more secure than XP by a huge margin. Windows Vista is actually a far safer option (scary!).
4) Built For A Simpler Time. XP was created for a simpler world of technology. It was formatted to fit to a screen only 640 pixels wide, and it showcased IE6 as a new product. The internet was a different place when XP was developed. Smartphones were non-existent, laptops were a luxury and tablet computers were science fiction.
5) No More Band-Aids. Only so many band-aid fixes on top of each other can be effective.
6) Support Is Ending. All support of XP will end on April 9, 2014. It’s time to replace your systems now while you can plan ahead.
7) Malware Everywhere. You can continue to use XP, but with more malware than ever. XP is by far the most vulnerable platform to connect to the internet.
When Microsoft introduced Windows 8 there was a universal question of:
"Where's the Start button?"
The disappearance of that signature Windows feature left businesses mystified and ultimately a little miffed. IT professionals found themselves burdened with guiding confused users through the new interface.
The biggest problem users experienced when Windows 8 came out was understanding how to manipulate the user interface on non-touchscreen devices.
As an increasing number of businesses convert to the convenience of mobile touchscreen devices including tablets and smartphones, Windows 8 is ready to take on the business sector.
Here are 11 Reasons why:
Windows 8 was a bold upgrade of Windows 7, referred to as one of the best operating systems ever developed. The banishing of the Start Button was a revolutionary statement that tied into the growing emphasis of touch for multiple uses.
2) Unified Experience
Windows 8 operates on touch screen devices as well as PCs with the standard keyboard and mouse combination. The convergence of PC, tablet and smartphone accessibility provides a simplified and unified experience.
Many businesses encourage employees to bring their own device but it's essential that the device be supported. Business owners are facing the issue of managing a mobile workforce with a variety of devices. With the ability of Windows 8 to function on PCs, tablets, phones and convertible devices with touch and keyboard, it's the obvious option for a standardized OS. This enables businesses to provide their users with the highest level of support.
Hands-on businesses like construction companies need their field staff to have more capabilities at a job site. Windows 8 tablet interface provides users with efficient portability because of its ability to function on multiple devices.
Despite the loss of the Start Button, Windows 8 has that familiar Windows feel. The vast majority of businesses prefer Windows-based devices for upgrades because the OS has a familiar user-interface.
The convenient portability of a mobile workforce comes with the drawback of increased security issues. Employees prefer user-friendly devices but the IT department requires security and management. Windows 8 features intuitive devices that don't compromise on features and mobile management with stronger security features to protect users in the field from potential threats. For Encryption Windows 8 Pro and Enterprise come with BitLocker which is an easy to use and very effective solution.
7) Virtual Smart Card (VSC)
Along with advanced security features, Windows 8 also supports virtual smart cards. Traditional smart cards are physical objects that fit into specific reader devices. They're part of a two-part authentication process that includes the smart card and a pin to access a company's system. Computers equipped with a Trusted Platform Module chip that meets Windows 8 specifications can utilize these virtual smart cards. Virtual smart cards remove the expense of investing in physical readers and the frustration associate with users losing their smart cards.
The ability to create custom Windows Store apps for use on Windows 8 makes the OS highly adaptable to all types of businesses. Custom apps on tablets are a modern and mobile connection for employees and aids in enhancing efficient operations and increasing customer satisfaction.
9) Surface Tablet
The release of the Surface Tablet in conjunction with Windows 8 finally gives businesses a Windows-based tablet. This new hardware secures Microsoft's relationship with businesses.
10) Windows to Go (Very Cool-Click Link Below for short video)
Windows to Go is a fully-functional version of Windows 8 that boots from an external USB stick. This enables the IT department of businesses to support the idea of employees bringing their own devices because it grants them access to the system without risking security.
11) Microsoft Listens
Now is the time to deploy Windows 8 in preparation for the launch of Windows 8.1, which promises to bring back a variety of features that make it more user-friendly.
Traditional Backup vs.
Intelligent Business Continuity
Traditional backup methods such as tape, disk, and NAS devices are no longer sufficient. In fact, SMB owners are finding them unacceptable. Technological innovations have set a new solution standard: Intelligent Business Continuity, going beyond data protection; delivering automated assurance, continuous protection, secured storage, and instant recovery.
See our Datto Intelligent BizCon Solution in this 2 minute video:
Can take weeks to recover data after a disaster occurs
Downtime after a disaster is reduced to hours, minutes, or even seconds
High risk for human error due to heavy manual administration: 60% of on-site disasters are due to human error
Full automation backup process—very little manual management required
Difficult to test if a backup is working properly
Automated screenshots are taken and reported to ensure each backup was successful and can be booted at anytime
Time consuming and expensive to make copies of backups or to store backups in multiple locations
Each backup is saved in multiple locations: local appliance and bi-coastal data centers
Backup speeds are slower
Quick and efficient transferring of files to off-site data centers, even with low bandwidth or busy network environments. Critical data can be prioritized to be transferred off-site first
Physical to virtual conversions can be time consuming and have a high failure rate
Incremental backups can be instantly virtualized, rather than the entire backup chain
No redundant backups in multiple locations, leaving high risk for original backup systems to be destroyed
Eliminates downtime in the event of a disaster by allowing your business to run off the secure cloud
Limited options for encrypting data, may not pass industry regulations (i.e., HIPAA, SOX)
AES 256 and SSL key-based encryption ensures data is safe and meets industry regulations (ie. HIPAA, SOX)
When recovering data, tape failure rates exceed 50%
Minimal risk of corrupted backups or data loss
Potential for theft of loss of media
Off-site backups stored in SSAE 16 data centers
Learn about our Datto Intelligent Business Coltinuity Solution in this 2 minute video:
Social networking burst onto the scene in the 1990s as a way to alert college students of the parties on campus and has evolved into one of the most effective ways to drive customers to companies and LinkedIn is leading the charge in the business sector. Once thought to be a glorified job board, today’s savvy managers understand the critical role LinkedIn plays in both the domestic and global markets. LinkedIn is a powerful customer and business-to-business marketing tool that excels at building industry-specific networks.
Why does it make sense to use LinkedIn for your business? Here are 21 reasons:
Using LinkedIn’s people search permits you to assess a database of literally millions of members and focus your search to specific criteria.
Groups are a way to connect with people in your industry and geographic region.
#3: Generate More Business
More leads, more connections, more business.
#4: Know the Competition
See what your competitors are up to.
#5: Be Seen
Link your profile to be indexed by search engines for greater visibility.
#6: Research and Development
Track demand for your product or service and see what similar companies are offering. Post questions to generate responses that will can help to improve your business.
Connections are the backbone of the LinkedIn platform. Ask connections to introduce you to new customers. Return the favor.
#8: Cheap Ads
Compared to conventional advertising, LinkedIn is relatively inexpensive so take advantage of it and the free ways to advertise your business too.
Word-of-mouth has gone virtual: Recommendations go a long way to building marketplace “cred”.
#10: Target Geographic Areas
The location connection feature allows you to expand your territory and reach more who are interested in doing business.
#11: Be an Expert
Answer questions in your field and link your website. If you provide thoughtful and helpful answers, people will notice.
Update your profile so customers can find you and also link your Twitter and Facebook accounts along with your website.
Even if you are not a savvy social networker, a simple link to your website can increase your SEO a lot.
LinkedIn members actually read the recommendations so be sure to ask your customers to post some.
Along with receiving recommendations, you can gain a lot of goodwill points by giving them.
#16: Brand Exposure
It’s a game of numbers: The more connections you make, more groups you belong to and more questions you answer, the more you increase your brand’s visibility.
#17: Recruit Talent
LinkedIn is the premiere place employers and employees go for job searches. A recent survey found that finding a job through LinkedIn takes fifty percent less time than other methods.
#18: Product/Service Features
Post products and services and link them back to your website. Create a YouTube video to showcase your business and ask customers to write reviews.
If you’ve moved to a different market or changed industries update your LinkedIn profile to make sure your customers (and high school buddies) can always find you.
#20: Integrate Twitter and Facebook
When your company Tweets, your LinkedIn network should know it. Facebook share important status updates or events.
#21: Track the “Buzz” About your Business
Like “Googling” yourself, LinkedIn has a feature that provides a way for you to search your company and see who’s talking about you.
LinkedIn is “In”
Using LinkedIn to its optimum capacity gives you the potential to locate more customers, get more business and have more sales. The “bottom line” is really the bottom line, isn’t it?
MDM for the SMB. A must!
As more workers use mobile devices to complete an ever expanding multitude of job-related processes and tasks, managing them becomes increasingly complex and more necessary. Enter Mobile Device Management or MDM. Mobile device management (MDM) platforms are available for use in firms of all sizes. Their utility lies in administering real time mobility policies throughout the enterprise, assuring expanded employee connectivity for the growing use of mobile devices, such as tablets and deep-utility smartphones. The increasing need for employee connectivity brings with it serious security issues, as well as a need to revise enterprise data-access procedures and assure the SMB's data is protected on all fronts. MDM should be implemented in all businesses including the SMB to provide appropriate administration and protection of these devices, and to maintain an operational/competitive parity with larger firms.
As with larger firms, mobile policy for SMBs focuses on the provisioning of fluid and secure data access from disparate locations. Simple messaging platforms no longer suffice. Increased use of rich media management through adoption of MDM policies and platforms is essential for the SMB to maintain a competitive standing. The question is, How do you secure and manage these mobile devices? The answer of course is mobile Device Management (MDM). MDM will become more important as enterprise applications for mobile encompass most business transactions and related communication. Among these are data input, employee recruitment, record-keeping, customer communications, and financial management. Unique mobile-apps will distinguish a firm from its rivals, generating competitive advantage, the opportunity to expand market share and revenues through flexible, real-time performance; they all require MDM for best-use implementation.
However, specialized apps will require a finer degree of MDM supervision to provide quality business performance, without compromising the SMB's enterprise strategies and objectives.
Maintaining multiple mobile platforms produces scrupulous quality assurance (QA) for measuring real-world performance and infrastructure adaptability. Best-practice MDM establishes the SMB's policies for deploying mobile workflows, as well as those administrative, budgetary and security practices best-suited to the firm, supervising performance and QA, without compromising enterprise needs or breaking the bank.
For SMBs, where the security issues of BYOD -- potential data loss or leakage – are more serious, implementing digital asset management (DAM) is suggested for supervising, chronicling and distributing information to mobile workers. MDM improves monitoring of workers' mobile operating systems and resource-management; network surveillance also improves. Through all these functions are built for enterprise-mobile, the issue of security always requires adroit management.
MDM security for SMBs must conscientiously monitor mobile operations to generate best-practice protection, particularly with the increasing emphasis on Cloud-apps among mobile-users and the firms they work for. Cloud's ease of use, flexibility and speed of operation sometimes mask heightened security issues, chiefly in the form of disrupted transmission or modified content from off-premise sources. Tablets are exceptionally valuable and are becoming as popular as smartphones for corporate mobile; however their encryption/security-apps require consistent monitoring when in use and additional development to improve protection of SMB corporate information. These measures of security remain pressing concerns for the SMB.
There is some agreement among SMB executives that workplace mobility will continue to proliferate and perhaps dominate business operations. Nevertheless, many SMBs remain unfamiliar with MDM, despite the fact most use at least some form of mobile computing for work purposes.
Mobile devices increasingly replace desktop and laptop computers, even in on-premise situations. A large-scale bring-your-own-device (BYOD) conversion -- where employees use their own mobile devices for work purposes -- is well upon us, even where firms may supply their workers with mobility options. Under these circumstances, MDM assumes greater significance; a well-conceived mobile policy — focusing on functions like application/device supervision and wireless provisioning, as well as security — is recommended for all SMBs seeking to remain competitive in the future.
MA Privacy Regulations - "A not so gentle reminder" They still exist!
It’s a little over 3 years since the MA Privacy Regulations 201 CMR 17:00 went into law.
Here are four questions to ask yourself:
1) 1) Are you compliant?
2) 2) Do you have a WISP-Have you reviewed it recently-Can you locate it?
3) 3) Do you execute the yearly and other event driven requirement actions?
4) Do you even remember there is such a law?
We are IT Consultants and I shudder to think about various security holes that we find when doing network and security assessments for potential clients. With tax season just about to end, I wonder how may unencrypted emails were sent out containing PI or Personal Information? * (see end of post for definitions of PI) Beware, the law has more "teeth" than other state laws regarding personal information privacy because it allows for monetary fines. Penalties can be severe as proven in some recent breaches.
Penalties for Mass. Personal Information Law Violation - 201 CMR 17.00
· Up to $50,000 per improper disposal
· Maximum of $5,000 per violation
· Above penalties don't include lost business, dealing with irate customers, mailing out letters, and other associated costs
· Courts can order treble the damages if it's concluded that there was a willful or knowing violation
According to the Chief of Consumer Protection Division, MA Attorney General’s Office, the AG’s Office is looking for warning signals that may indicate noncompliance with the Regulations that would trigger a detailed investigation. Some of the circumstances likely to trigger a detailed investigation include:
- The reporting entity knew of the breach, but failed to notify affected individuals as required by the Notice Law.
- A Written Information Security Plan (WISP) cannot be produced.
- The WISP is inadequate, or had significant gaps because of a lack of due diligence in the risk assessment process.
- The compromised data was stored or maintained in circumstances not compliant with the “reasonable” security required by the Regulations.
- Unfairness or deception around the purpose for which the data was originally collected.
- Collected data that was subsequently used for purposes not disclosed to consumers, or where the collection itself is not disclosed leading to unfairness or deception to Massachusetts residents.
With the proliferation of BYOD (Bring Your Own Device) such as Smartphones and Tablets being used in the workplace the risks as well as the ramifications increase exponentially. The possibility of PI (Personal Information) being present on these devices is extremely high. An unencrypted device or one without PIN protection that is lost or stolen that has PI on it calls for immediate notification to the proper agencies and is considered a breach. If however the device was encrypted and PIN protected it would not be considered a breach even if there were thousands of records considered Private Information. In summary Encryption and PIN Protection equals “Safe harbor”
*Personal information, a Massachusetts resident's first name and last name or first initial and last name in combination with any one or more of the following data elements that relate to such resident: (a) Social Security number; (b) driver's license number or state-issued identification card number; or (c) financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to a resident’s financial account; provided, however, that “Personal information” shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public.