Why Backing Up Data is So Important for Businesses

Remember the days of floppy disks where you entrusted important documents to tiny pieces of plastic that were easily lost, destroyed, erased? Well maybe you don’t because you’re too young to have even held a floppy disk, but it’s the same scenario with CD’s, flash drives and external hard drives today. Thankfully, we have cloud storage systems like DataYard’s OwnCloud, which is similar to Google Drive, OneDrive, and Dropbox to hold various documents.  

On top of that, many of our files end up in our email or on a project management system that we can access from any internet-connected device. 

These days, you’d have to be crazy to trust important files to a single disk, or even one hard drive. And yet, many businesses fail to properly backup their computer and server systems, leading to much bigger issues. 

Many companies that suffer a major data loss without a proper backup system in place never fully recover. Don’t think your business can suffer from data loss? Think again. 

There are many ways to lose data....

People often associate data loss with data breaches and malicious attacks, which is fair. After all, cyber-attacks, viruses, and other malicious activities ultimately result in the theft, corruption, and/or general loss of data. 

But that’s certainly not the only way you can lose data. 

Even if your systems are updated and well protected from external threats, things can still go very wrong. Machines break. Hard drives wear out. A power outage can result in the loss of unsaved information. A fire or natural disaster can destroy the equipment housing your data. 

Let alone the dreaded data loss due to something as basic as spilling a cup of coffee on a computer or network device. Nearly 30% of hard drive failures are caused by simple accidents. 

Losing data costs a lot of time and money. Having your systems down can cost a lot as wellIf you want to keep your business safe and your information protected, you need proper backup systems in place.  

For those who operate under various compliancy standards, backup systems are likely required. Failure to follow backup protocol can result in the loss of clients, as well as potential fines. 

Providing Peace of Mind with Quality Backup Support 

At DataYard, we understand just how important backups are to modern businesses. That’s why are backup services go above and beyond the various needs of our customers. Whether you have compliancy standards to meet or not, we can make sure you information is safe. 

Our cloud hosting automatically creates daily backups going back at least 30 days. Additional backups can be made as needed. Our servers our housed in our data center which is well protected against power outages and other dangers. 

Additionally, we offer colocation for those who prefer/need to use their own equipment. Want backups created offsite? We can help with that too. 

In addition to our general server capabilities, we offer consultation and management to clients across the globe, along with onsite IT services in the Dayton, Ohio area. 

Keep your business protected from data loss. Contact DataYard today.

Our Data Center is Here for You

LEARN MORE ABOUT OUR SECURITY AND BACKUP SERVICES


Thank You Dayton Developers

The last few weeks have been full of exciting announcements for Dayton’s downtown revitalization and we just want to thank a few of the people we see investing their time and passion into our home.

Continue reading

Protecting CUI and Maintaining NIST 800-171 Compliance

If you work for a company with government contracts, you’re well aware of how important security and compliance is, especially when it comes to how data is handledWhile you might not be working with officially classified information as a non-federal contractor, you’re still handling potentially sensitive materials. 

The primary standard governing the handling and accessing of non-classified information is NIST 800-171. NIST 800-171 (also referred to as NIST SP 800-171 or simply 800-171) is a set of security standards for non-federal computer systems, mandating how Controlled Unclassified Information (CUI) is to be handled. 

NIST 800-171 was created in response to a lack of consistency across federal departments and their contractors that left openings for exploits and resulted in some major breaches of informationWith NIST 800-171all non-federal contractors have a universal set of standards to follow when it comes to how they handle CUI. 

Handling Controlled Unclassified Information (CUI)

CUI is a classification created in 2008 to cover information that is potentially sensitive and relevant to US interests. CUI includes intellectual property, technical drawings, blueprints, legal materials, and more. 

Before CUI, agencies used their own internal systems for marking and filing unclassified information, creating confusion and openings for security breaches. CUI helps keep unclassified information better protected and better organized through a filing system of categories and subcategories such as Agriculture, Patent, Law Enforcement, etc.  

CUI should not be confused with classified information, which falls under NIST 800-53Classified information is placed under significantly higher restrictions, can only be accessed with officials holding specific security clearance, and can result in criminal charges when mishandled. 

Handling CUI might not be as strict, but it can still be a complicated process achieving NIST 800-171 compliance.  

Achieving and Maintaining NIST 800-171 Compliance 

If you’re handling CUI in any way, then you are bound to NIST 800-171 standards. If you are working for a federal or state organization, you fall under NIST 800-171. Even if you are working with a third party who in turn, is working with a government agency, you may need to follow NIST 800-171. 

It’s always best to be safe rather than be in trouble with the federal government. Failure to protect CUI and follow NIST 800-171 will result in the loss of your current contract, as well as future work. It may incur additional penalties as well. 

NIST 800-171 sets standards for user access, authentication procures, activity monitoring, maintenance and updates, physical server access, risk assessment, incident response, and more. Achieving compliance is not as simple as checking a few boxes. It is a process that is on-going. That’s where we can help. 

Being located in Dayton, Ohio, DataYard is well-versed in NIST 800-171 compliance. We provide a roadmap experience for our clients, guiding them along the way to meeting all of the necessary standards and helping them maintain them. 

From IT consultation to secured hosting to Dayton colocation, our suite of services can be tailored to meet all of the necessary NIST 800-171 standards. Contact us today to learn more and begin your journey towards true compliance.  

Need Help Maintaining Compliancy?

TELL US WHAT YOU NEED


Setting Expectations for Your IT Support

In today’s digital, data driven world, your IT department has never been more important. Digital security should be one of the top priorities of any modern business. After all, a data breach costs a company an average of $8.19 million.

Of course, an IT team handles much more than security. From setting up employees with company devices to upgrading software and hardware systems to simply keeping your systems running, your IT department is the heart of all things digital.

Because of this, you should carry very high expectations for your IT team, whether they’re in house or outsourced (or a combination). Third party IT companies can be a valuable asset, as they can typically provide more in-depth services at a much more affordable price.

But the wrong IT company can become a serious liability.

Here is What You Should Expect from a Third-Party IT Company

First and foremost, they need to actually offer the services you require. IT can cover a lot of area, and every company has different needs. Certain IT companies can be more niche than others. Check and see if they have familiarity with your systems as well, from server types to software that’s being used. 

There is expected to be a certain amount of discovery when it comes to onboarding a new IT company, but they should have an idea of what they’re getting into. 

The same goes for knowledge of your industries compliance needs and security standards. This is especially important for businesses that deal with NIST 800-171 and HIPAA compliance 

A lot of IT is also about thinking and planning ahead. That’s why it’s not enough for an IT provider to meet you where you’re at currently. Scalability is important to consider. As your business matures and grows, your IT needs grow with it. 

Your IT provider needs to be able to step up their service as required. 

Lastly, when IT emergencies arise, fast response time is critical. You need to make sure a company is easily reachable, effective at communicating what’s going on, and quick to act. While it can be difficult to know how quickly an IT company is going to respond until you’re actually working with them, you can watch for signs during your initial engagement with them. 

If details are being skipped over or replies are coming a day or two later, you may want to look elsewhere. 

At DataYard, We Aim to Exceed Expectations 

We believe that quality IT Support cannot exist without high-level customer service. We want you to know that you have our attention. We’re here to assist you, answer questions, explain uncertainties, and do everything we can to put you at ease. 

From the moment a client signs up, it’s our goal to not just maintain the status quo, but to improve your system so that you’re protected against the future.  After all, IT isn’t just about protecting against current threats and potential problems. It’s about staying ahead of them. 

We can cater our services to your needs. Whether you need a full external IT staff or another team to support your inhouse staff, we’ll integrate seamlessly with your company. And for those located near our data center in the Dayton, Ohio area, we make onsite visits as needed. 

With DataYard at your side, you can expect a level of IT support that exceeds your needs. 

We're Here for You

LEARN MORE ABOUT OUR IT SERVICES


DataYard Drinks Beer

It’s National Drink A Beer day and we’re happy to throw one back with you on this fine Saturday in September. Just to clue you in on some of the cold ones we will be throwing down here is our list of favorites. Go ahead and let us know what you’re drinking today too! 

Jacob C. – Whiskey Rebellion from Warped Wing

Joe D. – Coors Light

Dennis F.– Breckenridge Vanilla Porter

Tommy G. – Water

Phill H. – Shocktop

Natalie K. – Amaretto Sours

Ryan L. – Weihenstephaner Hefeweissen

Daniel L. – Angry Orchard  

Alek M.- ISO Heaven from Toxic Brewery

David M. – Codebreaker Double IPA from Dayton Beer Company

Mike M. – Diet A&W Root Beer

Victor W. – Budweiser

Don W. – Root Beer

Eric W. – Hoppy Ending Pale Ale from Palo Alto Brewing Company

#nationaldrinkabeerday

Who Exactly Needs to be HIPPA Compliant?

HIPPA compliance can be a little intimidating for those who have never dealt with it before. Not only are the rules vast and complex, but failure to follow HIPAA can lead to major fines, lawsuits, and more. Before you dig too deeply into the ins and outs of HIPAA, it makes sense to wonder whether or not HIPAA is a factor for you in the first place.  

Though HIPAA stands for the Health Insurance Portability and Accountability Act, it of course extends to more than just health insurance providers.  

Anyone working within the health or medical industry at any capacity will encounter some part of HIPAA. This includes physicians, dentists, counselors, and more. Additionally, companies that have vendors, customers, or third-party connections in the health industry may also be required to follow parts of HIPAA. 

In today’s digital age, one area where businesses really need to be mindful of HIPAA compliance is regarding their online tools and services. 

Do Your Online Services Need to be HIPAA Compliant?

Virtually every business or organization has a website these days. That website is hosted on a physical server somewhere. However, not all servers are the same.  

In addition to different speeds, capacities, and software, some servers are HIPAA compliant while others are not. Now, just because you operate within the health industry does not necessarily mean you need HIPAA compliant hosting. 

For example, let’s say you’re a dental office with a simple website explaining who you are, what you do, and how you can be reached. In this case, HIPAA compliant hosting isn’t required. However, if you wish to add digital intake forms, or you plan on storing current or potential client’s health information, HIPAA comes into play. 

Of course, it’s not just websites that are hosted on servers. Email, online software, cloud storage, and more all fall under HIPAA compliance rules. It’s important to make sure you’re protected. 

HIPAA Consultation Makes Compliance Easy 

At DataYard, we provide HIPAA compliant hosting solutions and IT services to protect your clients’ information and keep you from facing hefty fines. We realize you might not exactly know what you need when it comes to maintaining HIPAA compliance. That’s why we also offer IT consultation services that we call the Discovery process to make sure you get exactly what’s needed. 

Whether you know what you’re looking for, and you’re looking to talk to someone who does, DataYard is here for you. 

Need Security Consultation?

TELL US A LITTLE BIT MORE ABOUT YOUR BUSINESS


Your Business Needs a Next Generation Firewall

As we mentioned in a recent post, a firewall is your first line of protection against malicious presences on the internet. A firewall is the gatekeeper to what’s entering your network or device, keeping the bad things out while letting the safe information in. 

At least, that’s what it should be doing. But as malware, viruses, and hacking techniques evolve, the tools that protect against them need to evolve as well. A traditional firewall might not be enough to protect you. 

For example, once upon a time, malware and hackers exploited holes in networks and security systems. Now, however, most exploit weaknesses in applications, which make them harder to flag and block. 

That’s where Next Generation Firewalls come in.  

What Makes a Firewall “Next Gen”?

A next generation firewall (or NGFW) isn’t simply the newest version or model of firewalls on the market. It’s a complete evolution, redefining how a firewall operates and what it protects you from. 

Yes, a NGFW performs all of the traditional functions of firewalls, filtering traffic based off port, protocol, preset admin filters, etc., but that’s only the beginning. 

The exact capabilities of a NGFW can vary, but they all must meet certain criteria. Gartner, one of the most senior authorities in IT, defines them as deep-packet inspection firewalls that move beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention, and bringing intelligence from outside the firewall. 

In many ways, NGFW combines the features of traditional firewalls with features found in additional security tools, combining them into one efficient, streamlined package. This reduces complexity while enhancing control and improving performance. 

For businesses where data security and system integrity are top priorities, having a NGFW is a must. 

Do Small Businesses Need Next Generation Firewalls? 

There’s no question that every business should have firewalls in place, no matter the size.  But do small businesses benefit from the power of next generation firewalls? Absolutely. The level of control and security featured in a NGFW is something traditional firewalls simply can’t compete with. 

That said, it can depend on what type of data you’re storing online and within your internal system. For certain smaller businesses, it could be overkill. Then again, when it comes to digital security, it’s always better to be safe than sorry when it comes to properly caring for your customers data. 

Ultimately, it doesn’t hurt to talk to a professional team about what level of firewall you should have in place for your business. As it happens, we are a professional IT team that would be happy to answer those questions for you. Our Discovery process is a perfect health check for your security level while getting a great picture of your IT environment 

At DataYard, we provide IT consultation in addition to private cloud hosting, cybersecurity, colocation in Dayton, Ohio, and more. Big or small, we can scale our services to meet your needs on a reasonable budget.  

Contact us today! 

Is Your Data Protected?

LEARN MORE ABOUT OUR CYBER SECURITY SERVICES


Basic Requirements of HIPAA Data Compliance

Security should be a high priority for any business sharing information across the internet (or any other digital network). For those who operate under HIPAA, it’s not just something you should do; it’s something you have to do by law. 

Recently, we discussed what part of HIPAA covers digital and online assets. Today, we’re going to focus on some of the basic features HIPAA requires. This is by no means a full breakdown, as that would very long, confusing, and attention shattering. 

Instead, we’ll discuss on some of the broader areas you’ll want to make sure are covered by your hosting provider and IT team. 

The goal is here is to handle PHI (protected health information) appropriately by ensuring three things: 

  1. PHI can only be viewed, edited, and shared by authorized people. 
  2. An individual must be able to access their PHI whenever they choose to. 
  3. PHI must be safeguarded against data loss. 

To do so, you’ll need the following… 

Data Encryption 

Data encryption is the first level of defense for your PHI. This ensures that data can only be accessed through the proper points of access (such as login portals). Should a person or program go around your server controls to break into your system, any data obtained will be undecipherable.  

Access Logs 

It’s important to know who accesses what data and when they access it. Also, any changes, edits, or additions must be logged. These logs will help prove that compliance has been maintained. Should problems arise, they’ll also help determine the source and what’s been affected.  

Typically, access logs should go back as far as six years. 

Automated Backup Systems 

It’s not just data breaches that you need to protect against. The loss of data can be just as damaging. HIPAA systems are required to make regular, complete backups that are fully encrypted. That way, should your system be breached or destroyed, a backup can be put in place to maintain compliance.  

Backup Power 

In order to keep information accessible, the power needs to keep running to your servers and systems at all times. Backup power is required to prevent against potential outages and ensure that PHI can always be accessed. 

System Updates 

Outdated software or hardware systems can be a common cause for both technological issues and breaches in security. Any server, network, OS, or device that’s involved in the handling of PHI must stay up to date. 

Depending on the complexity of your network, this can be quite an undertaking. 

Password Compliance 

Weak passwords are very dangerous for any system. In fact, they’re the most common causes for data breaches. In the case of HIPAA, weak passwords aren’t just a liability; they can violate policy. Organizations operating under HIPAA must have systems implemented for creating, changing, and safeguarding passwords”. 

The specifics of how you go about doing this can vary. What matters most is that you have an established system that everyone follows. 

Still, using complex passwords and changing them frequently aren’t always enough. Even when strong passwords are used and regularly changed, you can still be vulnerable to brute force attacks (programs that randomly generate characters until the right password is entered). 

To truly protect yourself, you need additional security measures in place that signal warnings and lock-out hackers before they can break your password. 

When It Comes to HIPAA, You Can’t Plead Ignorance 

Whether you understand all the specifics of HIPAA requirements or not makes little difference. You’ll be penalized all the same. Failure to comply with HIPAA rules will put you under the enforcement of the Office for Civil Rights of the Department of Health and Human Services (or OCR). 

An individual HIPAA fine can be as much as $50,000. An organization can be fined as much as $1,500,000 per violation category in a single year. On top of that, you may face civil lawsuits from people affected by any breaches or data losses. 

This is enough to crush many large companies let alone the small ones. The best protection against this happening is by leveraging the assets, knowledge, and experience of a company like DataYard. 

At DataYard, we provide dedicated cloud hosting, cybersecurity services, and colocation services that can meet the strictest areas of HIPAA compliance. We house are cloud servers in Dayton, Ohio where they are protected against outages, breaches, and data loss.  

Additionally, our IT expertise enables us to consult, advise, and directly assist you in maintain HIPAA compliance across the rest of your systems. 

Contact us today and make sure you maintain compliancy.  

We Can Keep You HIPAA Compliant

TELL US WHAT YOU NEED


Cybersecurity 102: How Firewalls Protect Against Threats

The internet is two-way connection. You don’t just go onto the internet. The internet goes onto the device you’re using. If you’re not careful, a lot of bad things can get into your system through the internet.  

Recently, we discussed some of the major threats that companies face on the internet. Now it’s time to look at the first step to protect yourself from those threats.  

It’s Starts with a Firewall 

A firewall is the gatekeeper to your network and/or device. Its purpose is to let safe information in while keeping the bad stuff out. Dangerous items could include spyware, viruses, hackers, and much more. Additionally, certain firewalls can be customized and configured to keep out content that’s technically “safe”, but unwanted on a particular network. For example, companies may use firewalls to block time-consuming websites such as Facebook or YouTube. 

Firewalls can also act as a filter between different company networks. This is helpful in protecting your information from vendors and contractors you may work with. 

Are All Firewalls the Same?

No. First of all, a firewall can either be a software program or a physical device. Both perform the function of flagging questionable content and preventing it from coming through, though they do so in slightly different ways. 

A software firewall operates on your computer (or other device), protecting the information found there. Should a virus or hacker breach your network, a software firewall can still protect your individual device.  

A software firewall continues to protect your device even when you’re on other networks, which is very beneficial.  

Hardware firewalls are physical devices that act as the first point of connection to the internet, protecting your entire system and every device connected to it. Sometimes hardware firewalls double as routers. Other times, they connect to a router. Different hardware firewalls can offer different features. 

Not only do hardware firewalls protect against hackers and viruses, but they also keep out spam traffic that can slow down your network. 

The best form of protection is a mixture of both physical and device-based firewalls throughout the environment. DataYard provides a comprehensive solution that may include physical, hosted, and next-generation firewall solutions.  

Firewall Systems Need to Stay Updated  

Digital attacks are constantly changing as hackers find new flaws and loopholes in network systems and computer software. In order for your firewall to do its job, it needs to be maintained and updated. It’s important that you keep your network and online data somewhere that’s secure and protected against the latest threats. 

As an IT partner DataYard values an ‘eat your own dog food’ model that incorporates all the products that we would recommend to a client including physical devices, hosted firewall solutions, and software-based products. The more points of security the better. All of these options are available to new and current clients utilizing DataYard’s access, cloud hosting services and colocation. Second to great firewall solutions we maintain backups as an extra safety measure.  

For those who have extra security compliance standards to meet, we have you covered. Our team has a track record for providing thorough solutions that check all the boxes for all compliance requirements.  

And for those who want to make sure they have the right firewalls in place and configured correctly, our IT support in Dayton, Ohio can help you out. 

Not sure what you need? We’re happy to consult so you get the protection you need. Contact us today! 

Our Data Center is Here for You

LEARN MORE ABOUT HOW WE CAN KEEP YOUR DATA PROTECTED


Dayton Cares

DataYard has been located in the heart of Dayton’s downtown community for over two decades. Naturally, when the heartbreaking news of Sunday morning’s tragedy scrolled across our screens, we were devastated along with the rest of the community. Some of our own staff were in the district that night but had headed home just before the madness broke out. Sunday morning was a slew of messages, everyone checking in on one another. The sigh of relief that our team was safe was instantly followed by the realization that others were sending the same messages with empty replies, making our stomachs sink. Coping in the wake of tragedy is an endless carousel of questions and “what if?” scenarios. 

 

Our team somberly entered the office on Monday and had to deliver service like any other day, but the day was not the same. It was a day filled with confusion, mixed with a desire to do something in response. But how could we respond as a business? Our service isn’t poised to directly help or comfort someone hurting. We were at a lost as to how we could be there for our community, other than by just being there. It wasn’t until the end of the day on Monday that we discovered how we could help.

 

Monday afternoon we received a call from the Dayton Foundation with a request to help the victims of the Oregon District shooting. NBC Columbus was going to be hosting a telethon the next day, President Trump was visiting Wednesday, and American Airlines had already given $75,000. They were expecting to see unprecedented numbers hit the Dayton Foundation website over the next several days. We responded by immediately bulking up their resources so they were able to accommodate the traffic and security risks that come with national attention.

Dayton Strong. Dayton Proud. Dayton Cares.

Over the last 5 days, we’ve been able to help support our community and the victims in our own way, doing what we do best. This is where the joy of doing what we do shines through the darkness. When we could help the Dayton Foundation reach over 610,000 people from all over the world as well as give over 2,100 people the opportunity to contribute to the victims, we were glad to know we could help in our own way that was unique to our resources and abilities.

 

We’re Daytonians. What Daytonians do is show up and care for their own. We’ve watched this community rally against hate, around tornado victims, and in response to tragedy, each person giving what they could in the way they knew how. That is what makes Dayton great – the people. In Dayton, when someone gets hit, the entire community picks them backup. Dayton cares. So far, you can see 360,000 reasons why we care in the Dayton Foundation’s Oregon District Fund.

 

Dayton Strong. Dayton Proud. Dayton Cares.