TAM data encrypted?

Started by Marie (Zionkowski) Gozikowski, June 05, 2012, 10:44:16 AM

Previous topic - Next topic

0 Members and 4 Guests are viewing this topic.

Marie (Zionkowski) Gozikowski

E&O time again.... going over things, and I am wondering... If someone gets by our security and into our server, can they read our dbf's, or does TAM automatically encrypt them? 

Thanks!
Marie (Zionkowski) Gozikowski
Iddings Insurance Agency
Wyalusing, PA
WinTAM 11.1    SBS 2003 
8 users

Todd Arnold

They can read your dbf's.  No automatic encryption in TAM.
Todd Arnold
AB Solutions, Inc.
800-753-7785 x111

Marie (Zionkowski) Gozikowski

I was afraid of that... I seem to remember that there is a way to turn on encryption, correct?  What are the pros and cons of this?

Marie (Zionkowski) Gozikowski
Iddings Insurance Agency
Wyalusing, PA
WinTAM 11.1    SBS 2003 
8 users

Bloody Jack Kidd

an encryption/decryption engine would have to be added and it would create significant processing overhead
Sysadmin - Parallel42

Alice Mooney

I believe the encryption available in Tam is for attachments only.
Epic 2023 R2 Online
1000+ users

Marie (Zionkowski) Gozikowski

Marie (Zionkowski) Gozikowski
Iddings Insurance Agency
Wyalusing, PA
WinTAM 11.1    SBS 2003 
8 users

Gene Foraker

I think the proper E&O answer is to not let the bad guys into your system.

Seriously.   I think you are expected to perform due diligence and proper controls.   You really aren't legally liable if you don't perform a negligent act or fail to act properly.
Gene Foraker CPCU
Gates-Foraker Insurance Agency
Norton, OH


My posts are a natural hand made product. The slight variations in spelling and grammar enhance its individual character and beauty and in no way are to be considered flaws or defects.

Andrew Carrick

Our docs are encrypted (via Homebase setting) and I can't open pdfs directly so I'm guessing they too are encrypted.
Jelf Insurance Partnership
Hull, East Yorkshire, UK
Me and TAM used to have a thing but we've split amicably. She got the kids, I got the Camaro and the maid.

Marie (Zionkowski) Gozikowski

Gene,

We do a lot here to try and keep our info private and our system secure.  However, as you know, there is no perfect solution (unless you go back to paper and pen).  Also, I am not a security guru, and we are a small agency.  As much as I would like, we just can't afford to spend thousands and thousands of dollars for absolute state-of-the-art defenses.   So, I would assume that any determined hacker could bypass the defense we have in place.  I think this is typical for most small businesses.

It is an interesting question though... what actually is due diligence?  Does it differ between a small agency like ours and a large, multi-location conglomerate?  Anyone have a list or article of what a reasonable (and legally sufficient) system defense requires?

Marie (Zionkowski) Gozikowski
Iddings Insurance Agency
Wyalusing, PA
WinTAM 11.1    SBS 2003 
8 users

Hans Manhave

'due diligence' is defined by the feeling of the public/judge/lawyer/media/expert at hand.  Much like other things.  We can "plant" articles, studies, white papers now so when they are referred to next year, they will be accepted as authoritative.  Maybe an "industry" publication can serve as a platform for this.
Fantasy is more important than knowledge, because knowledge has its boundaries - Albert Einstein

Jeff Zylstra

I'd say that due diligence is taking proactive steps to safeguard the data to the best of your abilities, whatever those abilities may be.  I'd say a business class firewall, anti-virus that is kept up to date with weekly scans, good physical security of data and computers, good password enforcement and timely changes of passwords, etc....  I'd have something in writing with scheduled checks and then follow it.  You can't be responsible for something you don't have knowledge of.
"We hang the petty thieves, and appoint the great ones to public office"  -  Aesop

Hans Manhave

Quote from: Jeff Zylstra on June 07, 2012, 12:07:30 PM
You can't be responsible for something you don't have knowledge of.

But you can!  Ignorance of the law is no excuse etc.  This goes for the people who drive into this town with a dog in the bed of their pickup (not allowed), but the next town has no problem with that, and many other things. 
Fantasy is more important than knowledge, because knowledge has its boundaries - Albert Einstein

Marie (Zionkowski) Gozikowski

Nothing like an E&O review (or taking an E&O class, for that matter) to make you worry about all the things that might go wrong.

We do all the standard things listed here to safeguard our data, and most days I do not overly stress about it.  But E&O time..... ugh :-)

All about balancing security with ease of doing business, I guess.
Marie (Zionkowski) Gozikowski
Iddings Insurance Agency
Wyalusing, PA
WinTAM 11.1    SBS 2003 
8 users

Jeff Zylstra

Quote from: Doofus Drake on June 07, 2012, 12:52:42 PM
Quote from: Jeff Zylstra on June 07, 2012, 12:07:30 PM
You can't be responsible for something you don't have knowledge of.

But you can!  Ignorance of the law is no excuse etc.  This goes for the people who drive into this town with a dog in the bed of their pickup (not allowed), but the next town has no problem with that, and many other things.

You are correct.  Ignorance of the law is no excuse, but I think this would fall under ignorance of technology and computers, and thankfully that's not a crime.  Can you imagine the jail overcrowding if it were! 
"We hang the petty thieves, and appoint the great ones to public office"  -  Aesop

Gene Foraker

I haven't read the thread since my last post weeks ago.

What was on my mind was the fact that you aren't responsible for things outside your control.   If Tom Cruise and his Mission Impossible team decide to break into your office and steal the server, then you are unlikely to be held responsible as long as you took normal expected precautions to safeguard the data.   

Years ago one of my law courses discussed liability and the "Prudent Man" rule.  You have a duty to protect the data against expected and normal risks.  The degree of care will be different for a small agency and a large national brokerage.

Yes, the duty you are held to can and will be decided by a judge and jury, but is not unlimited.
Gene Foraker CPCU
Gates-Foraker Insurance Agency
Norton, OH


My posts are a natural hand made product. The slight variations in spelling and grammar enhance its individual character and beauty and in no way are to be considered flaws or defects.