Here at Reclamere, we offer a variety of methods for eliminating information from computer storage devices. We follow the protocols set forth by the National Institutes of Standards and Technology (NIST). Our accreditation ensures that you don’t have to worry about data being recovered. Since we have many systems available, you also don’t have to take an all-or-nothing approach to data wiping. Instead, you can tailor your data destruction needs to the needs of your business, the sensitivity of the information and whether or not you need to be able to reuse the storage media.

Hard drive shredding is one of the services we offer; it is a good method for the destruction of both hard drives and the data stored on them. We also offer other physical destruction methods that will make the data on hard drives permanently unreadable.

If you do need to reuse your storage media, we suggest you choose one of our software-based data destruction methods. With these systems, the hard drive or other media is preserved while previously-stored information is eliminated. All of our methods meet the standards set by the Department of Defense (DOD), so you can rest assured that you won’t be liable for data breaches as long as you have a comprehensive security program in place.

With all of the options available, there’s no need to feel compelled to destroy hard drives every time you want to get rid of information. By tailoring your methods to the conditions found in your company and the expected threat level, you’ll save money and time while achieving the security level you need.

To learn more about the ways we can help with your data destruction needs, just contact us. We’ll be glad to answer any questions you have!

The post Is Hard Drive Shredding the Only Way to Ensure Data Security? appeared first on Reclamere Data Security Experts.

A terrible case of data breach happened recently to Sony Pictures. Experts are saying that it might be the worst breach of all time. One security researcher, Adrian Sanabria, even called it the “Sony-pocalypse.”A recent CNN article explains that the hack exposed tons of private information, including Social Security numbers: “In a single week, hackers have brought a major Hollywood studio to its knees. Sony Pictures is dealing with more than downed computers and frozen email. Movies have been leaked, and internal documents have exposed private company memos, along with employees’ salaries, Social Security numbers and health information.”

According to the article, what Sony’s going through will set the business back both in terms of finances and its reputation. It will understandably take time for Sony to recover from this breach.

Now, Sony is a large corporation, and it’s completely normal for these businesses to think that the rules are different for them. Because of their assets, corporations have to invest as much as possible in network security.

But where most people go wrong is thinking that small businesses are safe from hackers. It’s actually the opposite. Hackers typically target small businesses because they know they can’t invest much in network security. We just don’t hear about these breaches because it doesn’t affect the general public the same way as a Sony data breach does.

The lesson here is that every organization should practice network security. If you have information concerning finances, Social Security numbers, credit cards and bank accounts, then it’s your job to keep that data safe.

To talk more about small business security threats, or anything else, please contact us!

The post Small Business Security Threats: Learning From Sony’s Mistake appeared first on Reclamere Data Security Experts.

The settlement involved unsecured electronic protected health information (ePHI) for more than 2,700 patients of the Anchorage Community Mental Health Services (ACMHS). As was stated in the news story, this breach was caused by malware that affected the company’s information technology systems.

According to the Office for Civil Rights (OCR), which is a part of the U.S. Department of Health and Human Services (HHS), ACMHS neglected to assess potential risks from April 2005 to March 2012, failed to put appropriate security measures in place to reasonably reduce their risk of a breach, did not enact safety measures that would limit access to ePHI and did not update its IT systems with new patches and firewalls from January 2008 to March 2012. As a result of these security breaches, ACMHS agreed to pay a $150,000 fine in addition to implementing a Corrective Action Plan (CAP). Some of the requirements of this CAP include:

• Providing security awareness training to employees who use ePHI
• Conducting an annual assessment of potential risks and vulnerabilities
• Notifying the HHS of security breaches within 30 days
• Making an annual report detailing what, if any, security breaches occurred
• Keeping the appropriate documents on hand for inspection purposes

ACMHS was fortunate that the OCR did not assign a monitor to oversee their CAP, which would have increased the implementation cost considerably. The lesson to be learned here is that HIPAA compliance is not something you can put in place and then forget about. Instead, it should be an ongoing effort if you are to avoid fines and costly CAPs. Feel free to contact us if you need help with any aspect of HIPAA compliance.

The post Meeting HIPAA BA’s Security Requirements is an Ongoing Process appeared first on Reclamere Data Security Experts.

Beginning in 2015, Joseph Harford, Reclamere’s co-founder, will transition into the position of president. For the past 13 years, Harford and Dornich have worked to establish Reclamere as a front-runner in data security and a provider of secure ITAD services nationwide in the healthcare, financial services, and education markets.

“Reclamere’s reputation is built on quality, value, integrity, and years of experience,” notes Dornich. “Our success is correlated with our ability to provide tailored solutions to meet our customer’s unique needs. The numerous awards and honors among our peers and industry professionals is a true testament to Reclamere’s dedication to high-quality service. Joe has been an integral part of the team that has helped us meet our goals.”

Harford has been responsible for developing and managing all enterprise level accounts for the company, and has worked in a wide variety of business sectors, including hospitality, manufacturing, and higher education. A lifelong learner, Harford is earning his PhD in entrepreneurship and business success factors.

Harford is also an appointed member of the Complaint Resolution Council (CRC) of the National Association of Information Destruction (NAID). Harford’s appointment follows Reclamere CEO Angie Singer Keating’s recognition as NAID’s 2014 Member of the Year.

Reclamere’s recent accolades solidify the company’s growing influence as an industry leader that holds itself and its clients to the highest standards in data security. NAID’s mission is to promote the information destruction industry and the standards and ethics of its member companies. The CRC serves as a committee of peers entrusted with maintain the integrity and reputation of the secure industry.

“Bob’s impact on Reclamere and the data security industry is immeasurable. It’s an extreme honor to follow in his footsteps,” remarks Harford. “We have developed a transition and long-term growth plan for the next few years and look forward to bringing Reclamere to the next level.”

For more information on Reclamere and its services, visit: www.reclamere.com. To be included in upcoming communications from Reclamere, please email tyler@reclamere.com.

The post Reclamere President Announces Retirement appeared first on Reclamere Data Security Experts.

The Family Education Rights and Privacy Act (FERPA) is an existing federal law that governs schools, but it does not contain strong legal language with regards to how schools should handle data breaches. Rather, the responsibility for unsecure data rests within state law. But as was mentioned in an article by The Journal, each state varies in the outlining of their respective laws, with four states having no law at all. So the question is this: how do you ensure that you, and your students, are properly protected? Protection starts with a security posture assessment and implementation of a secure IT Asset Management program.

At Reclamere, our executive team and staff offer over 20+ years of expertise within the data security and data services industry. We have been assisting organizations in numerous industry verticals, ranging from healthcare to education, and offer program platforms that address each organization’s unique needs.

Our services range from secure eCycling and data destruction to risk/compliance assessments and eForensics. For more information on how Reclamere can assist your school or university, contact Tyler Golden, our Education Account Executive, at tyler@reclamere.com or (814) 684-5505 ext. 306.

The post Data Security: Are Schools on the Outside Looking In? appeared first on Reclamere Data Security Experts.

According to cnet.com, the hackers appear to have been based in China, and allegedly used sophisticated malware that infected the hospital’s computer systems in April or June of this year to collect the data. Soon after the breach, the hospital system announced it had wiped the malware from its system and put security measures in place to protect against attacks from happening again in the future.

Specifically, the attack reportedly used the Heartbleed OpenSSL vulnerability. Why the Community Health Systems computers hadn’t been fixed to protect against the vulnerability is unclear, as a patch for the Heartbleed problem was released in April 2014 under wide-spread publicity.

The hospital system says it carries liability insurance to protect itself against the consequences of data breaches. Under HIPAA, individual patients who have had their data stolen will be notified of the theft. Despite this notification, it is possible that the patients will sue the hospital system for negligence. Unfortunately, since the data breach occurred, there is little that patients can do at this time to protect themselves against identify theft other than remain vigilant.

Despite the fact that the healthcare industry deals with more personal information that any other industry and that it has to comply with HIPAA security regulations, the healthcare industry lags behind most others in computer security. Healthcare related data breaches made up 43% of the total reported data breaches in 2013. This is because security issues in the healthcare industry are more complicated than in many other industries. Healthcare workers often share the same computer workstations, and may need to access individual patient files in a hurry. Not only that, but the general public can also easily gain physical access to most healthcare facilities. Even though the need for security experts is great, IT workers in the healthcare field are not paid well and may have less expertise in security than in other fields.

Hiring an outside firm with security expertise like Reclamere to assess your system is a very good idea. We offer a risk assessment service to evaluate your data-breach prevention measures and responses for vulnerabilities and problems. After all, it’s far better to protect against data breaches than to have to respond to them.

For more information on Reclamere and our services, contact us today.

The post Massive HIPAA Data Breach Response: Too Little, Too Late? appeared first on Reclamere Data Security Experts.

Why should you make the time? Increasing litigation regarding data breaches with larger settlements, major revisions to key National Institute of Standards and Technology (NIST) 800 guidelines for security and disposition, increasing business closings and failures in the electronics recycling industry, and dramatic enforcement actions from government regulators.

What’s in it for you?

• Learn how to create and manage an information lifecycle plan
• Learn how to select vendors and partners for your plan
• Learn when it makes sense to perform tasks in-house and when outsourcing is the way to go
• Learn how to assess risk in your information lifecycle management process and mitigate accordingly

For more information on eCycling and how we can develop a customized approach for specific to your organization unique needs, contact us or check out our Reclamere Fact Find Survey.

The post Ensuring Proper Disposition of Data and Equipment: Reclamere’s eCycling Solution appeared first on Reclamere Data Security Experts.

No one is destroying your data and equipment for free in a standards-compliant manner–no one. And with the recent regulatory changes regarding data breach laws, are you now wondering if your data might someday come back to haunt you?  If your “free” vendor is telling you that they are working in a standards-compliant manner, they are most likely being dishonest. Secure e-Cycling costs money, but data breaches cost a whole lot more. If you want to ensure that your data will not be exposed, you should stay away from free. Make the investment and contract with a NAID-certified organization to guarantee that your data and your equipment are properly disposed of.

As the enhanced EPA enforcement of international law comes into effect, many organizations could be at risk for fines and clean-up costs. By going with free, particularly if you don’t conduct due diligence on your selected vendor, you’re increasing this risk. Unfortunately, not everyone in the e-Cycling business plays by the rules. Does your current vendor provide you with the certificates verifying the proper disposal of your equipment? If not, how will you account for your recycled equipment when the government regulators come knocking?

Do all of these questions now have you second-guessing your current choice in an e-Cycling vendor? Reclamere’s secure e-Cycling will put your worries to rest and make certain that your data and equipment are being properly disposed of. If you’re interested in more information on our secure e-Cycling services, and industry changes that could potentially be affecting you, don’t miss our upcoming complimentary webinar, Ensuring Proper Disposition of Data and Equipment—Reclamere’s e-Cycling Solution. The webinar will be held on August 28^th, 2014 at 12pm EST and will be led by Reclamere CEO, Angie Singer Keating, CIPP, CISA, CISM, CRISC. To register for the webinar, click here.

We also invite you to take this opportunity to fill out our Reclamere Fact Find, and get a head start on creating a customized e-Cycling plan specific to your unique needs and situation.

To stay up-to-date with Reclamere news and events, follow us on social media:

The post Reclamere e-Cycling: Don’t be Fooled by “Free” appeared first on Reclamere Data Security Experts.

Keylogging is the easiest type of hacking. A keylogger is a small program that, once installed on the victim’s computer, records everything the victim types on his computer. These logs are then sent back to the attacker via email for their records. While this is the easiest method, another form of hacking, phishing, is the most popular. Phishing is the attempt of a hacker to acquire sensitive information such as a username or password. Oftentimes, the hacker creates a fake login page and then asks the victim to log in. The information gets stored in a data file and then downloaded later with all of the victims secure information.

How can you avoid being hacked?

One of the best prevention methods is to enable “secure browsing” on your Facebook account. This can be done through the settings option on the user’s main Facebook page.  Additionally, never click on suspicious links. Compare the URL to others and make sure it follows proper formatting. The simplest way to avoid hackers is to change your password. Be creative using a combination of letters and numbers – check out our Top Five Password Tips blog.

When downloading or accessing certain links, make sure they are fully reliable and represent known websites and apps. Try to avoid downloading 3^rd party toolbars! Finally, use a security question. There are many login methods that can help prevent Facebook hackers.

Some other ways you could be hacked?

The list is essentially endless, but there are a two more that Facebook users should be aware of – engineering and cookies. Cookies are small files stored in a computer to track history and data. These should be cleared out at least every few months to avoid tracking. Social engineering is psychological manipulation attackers use to extract personal information. So the most important lesson is to not give into temptation.

What should I take away from this?

Above all, be aware and stay informed. Just because they are your friends, doesn’t mean they haven’t been hacked. Look for red flags. For example, Facebook will never send you an email asking for your login information.

As data security experts, the Reclamere team knows how easily social media accounts can be hacked. Review the tips above and protect your privacy!

Interested in Reclamere assessing your specific needs and creating a customized approach? We invite you to take our Reclamere Fact Find, to get started!

For more information on our services, visit: www.reclamere.com.

The post Facebook Hacking – How to Keep Your Account Safe appeared first on Reclamere Data Security Experts.

But that’s just the surface of the benefits of asset deployment. Put it this way – if computer lock-down is an ounce of prevention, you could be facing a ton of cure if disaster strikes.

Control and Security Dominate

Office end users are naturally territorial. They have a tendency to regard their office computers as private property, rather than a business resource.

With the best intentions, employees will often attempt to install their own favorite software or download content that is not related to your business. Also, with less than good intentions, they could be involved in dangerous or time-wasting activities that you need to lock out.

Let’s look at the onerous problems that locking down your office computers can solve:

User access control

Once you define who can have access, then you need to determine what they are allowed to do. Enforcing this policy keeps honest people honest. Access control and enforcing administrator or end-user rights keep the curious tinkerers at bay and can even detect unauthorized tampering.

Forestalling compliance problems

Compliance is all about protecting the business from unauthorized access and disclosure of personal and other sensitive information. The regulatory requirements deal specifically with the user access control mentioned previously. Your applications and their associated data need to be locked tight, or the results can be devastating.

Protecting administrator rights

Computer operating system patches and so-called “hotfixes” can, in certain environments, cause disastrous system outages. Locking down your end users’ desktops not only prevents inadvertent crashes from friendly updates, but it is also a sensible complement to security measures against malware.

Discouraging “cyberloafing”

The term cyberloafing is exactly what the term implies – using a computer during working hours for things that are not work-related. Research at Kansas State University uncovered this astonishing fact:

“[T]he average U.S. employee spends between 60 and 80 percent of their time at work cyberloafing. The survey revealed that older people tended towards activities like managing their finances, whereas younger employees spent time on Facebook or other social networking sites.”

Preventing cyberloafing and sanctioning employees are outside the scope of this piece. However, locking down office computers is obviously the first practical step. Also, keeping employees away from social media forestalls compliance problems.

Making your IT systems most efficient while you manage your core business is the best mix of productivity and security. Get started with our Reclamere Fact Find Survey to see how Reclamere can be your “ounce of prevention” as well as your “ton of cure” when it comes to IT challenges.

For more information on all of our IT Asset Management services, click here.

The post IT Asset Deployment – Putting Office Computers on Lock-Down appeared first on Reclamere Data Security Experts.