Craig Beringer of Beringer Technology Group: Five Things Every Business Needs To Know About Storing and Protecting Their Customers’ Information
Create and Retain Data Backups — Finally, one of the most important forms of data protection is the humble “backup”. As a security blanket, data backups help business owners sleep at night while offering real- world protection in case of physical equipment damage or a ransomware attack. Industry standards and individual business policies shape the requirements for data backup, and these can vary widely based on type of data, importance to business operations, and budgetary constraints.
As a part of our series about “Five Things Every Business Needs To Know About Storing and Protecting Their Customers’ Information”, I had the pleasure of interviewing Craig Beringer.
After twelve years serving as VP of Operations of a large electronic components distributor, Craig founded Beringer Technology Group in 1993, with the simple philosophy that “great work leads to more work”. This philosophy has propelled the company from a single person operation providing ERP consulting to one of the region’s top IT Services providers. Craig provides company vision and works with the leadership team to ensure execution and customer satisfaction.
Readers of the publication where this content will appear would like to get to know you. Can you tell us a bit about how you grew up?
I grew up in Southern New Jersey, a 3rd-generation entrepreneur after my father and grandfather, who both owned their own business. From the age of 13 to my late twenties, I worked in my family’s electronics distribution business where I gained a strong background in both business and technology. I attended Widener University with a major in Business and a minor in Computer Science. My current hobbies include snow skiing, water skiing and sailing.
Is there a particular story that inspired you to pursue your particular career path? We’d love to hear it.
While I don’t have a specific story or incident that inspired my career path, I was strongly influenced by an early passion for technology (remember the Commodore 64?). I continue to be inspired and motivated by the idea that technology can accelerate business growth, productivity, and profitability.
Can you share the most interesting story that happened to you since you began your career?
Wow that’s not an easy question, after nearly 30 years as CEO of Beringer Technology Group, there are so many stories it’s hard to pick one. What I will say this that when I started the business, I didn’t envision a day that we would be providing services to so many clients large and small. I am so very proud of my team and the faith so many businesses have in us. I’m proud that we have many clients that have been with us since the beginning.
None of us are able to achieve success without some help along the way. Is there a particular person to whom you are grateful who helped get you to where you are? Can you share a story about that?
My beautiful wife, Lisa, has provided me with unwavering support for over 30 years. She supported me in starting Beringer Technology Group. Lisa later joined Beringer Technology Group and has been instrumental in continuing to lead our business to new levels of success.
Are you working on any exciting new projects now? How do you think that will help people?
We have several projects in the works now utilizing the Microsoft Power Platform which have provided us will a digital foundation for building end-to-end business solutions. Through the custom-tailored solutions we build, businesses can analyze data, automate processes, and solve problems, leading to increased productivity and profitability.
What advice would you give to your colleagues to help them to thrive and not “burn out”?
I would encourage everyone to use your earned personal time off to “recharge your batteries.” Spend time with friends and family members as another way of re-energizing. Build a strong foundation for life by maintaining a healthy lifestyle, eating well and setting fitness goals. Finally, take up hobbies as a way of doing something fun.
Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. Privacy regulation and rights have been changing across the world in recent years. Nearly every business collects some financial information, emails, etc, about their clients and customers. For the benefit of our readers, can you help articulate what the legal requirements are for a business to protect its customers’ and clients’ private information?
More than 80 countries and independent territories, including most every country in Europe, many in Latin America and the Caribbean, Asia, and Africa, have now adopted comprehensive data protection laws. The United States is notable for not having adopted a comprehensive information privacy law, but we have limited sectoral laws in some areas like the California Consumer Privacy Act (CCPA), Health Insurance Portability and Accountability Act (HIPAA), Fair Credit Reporting Act (FCRA).
Beyond the legal requirements, is there a prudent ‘best practice’? Should customer information be destroyed at a certain point?
Information should be retained for no longer than is necessary and only for the purposes for which the personal data is intended and within the compliance laws and regulations that govern the data retention policy requirements.
In the face of this changing landscape, how has your data retention policy evolved over the years?
Education is key to understanding the changing landscape and adapting as needed. Over the years as the landscape has changed exponentially, we continue to evolve and adapt.
In response to legal or cybersecurity changes, we have many clients who are moving toward a longer or “infinite” retention time, to guard against data loss into a future where the landscape could continue to change.
Are you able to tell our readers a bit about your specific policies about data retention? How do you store data? What type of data is stored or is not? Is there a length to how long data is stored?
As an IT Managed Services provider, we work with our clients to help them with their data retention polices. Each of our client’s needs vary, generally based on compliance laws and regulations that may apply to their specific industry or client base.
Has any particular legislation related to data privacy, data retention or the like, affected you in recent years? Is there any new or pending legislation that has you worrying about the future?
My biggest concern is the lack of federal legislation, leaving a multitude of state legislation to follow.
In your opinion have tools matured to help manage data retention practices? Are there any that you’d recommend?
Yes, the tools to help manage data retention have matured. For example, the widely used Microsoft 365 platform’s retention policy lets you do this very efficiently by assigning the same retention settings at the container level to be automatically inherited by content in that container. For example, all items in SharePoint sites, all email messages in users’ Exchange mailboxes, all channel messages for teams that are used with Microsoft Teams.
Newer tools supporting data retention are being developed all the time, most notable in the cloud-storage arena with varying times up to “infinite” storage, and at a low cost to businesses. Each of these tools has different features, so if a business is looking for help in sorting through the options, they can reach out to us for more information.
There have been some recent well publicized cloud outages and major breaches. Have any of these tempered or affected the way you go about your operations or store information?
When I see those headlines, or when our customers come to us with questions about such events, this shows a baseline of heightened awareness of security around business data. From these types of events, we look at how we currently prevent our customers from becoming targets for a breach or forced outages, as well as planning for even better defenses into the future.
We suggest data is stored in a secure cloud environment and accessed using Multi-Factor Authentication (MFA). We suggest utilizing third party services that backup the data to other geographic location(s). This ensures that data is available in the event of an outage.
Ok, thank you for all of that. Now let’s talk about how to put all of these ideas into practice. Can you please share “Five Things Every Business Needs To Know In Order Properly Store and Protect Their Customers’ Information?”
- MFA
As mentioned above, use MFA (multi-factor authentication) for secure access to all devices, data storage and cloud/internet services, to ensure that you are who you say you are. One of our team members posted a blog describing MFA and why it’s so important. You can read it here: https://www.beringer.net/beringerblog/multi-factor- authentication-the-new-normal/
2. Secure Passwords
For several years, there was a trend toward increased password complexity as a means of thwarting hackers. Human nature pushed back on such requirements, and led to people creating passwords that seemed complex, but were in fact easier to guess or crack. A more modern approach is to create longer passwords that are easier to remember like “smartphoneexasperatedpicturesqueairplane” in combination with an MFA method. For more details on this methodology, see our recent blog linked here: https://www.beringer.net/beringerblog/complex-passwords-are-not-the-most-secure- passwords/
3. Data Encryption
Encoding data in a way that blocks “snooping” is not a new concept and has broad application to any scenario where customers’ information is stored or transmitted. When data is successfully converted into a format where it cannot be read except by the intended parties, the content is protected from unauthorized access. Such a simple concept has diverse implications across the security landscape in areas such as Email services and cyber insurance, topics which our team has covered in two informative blog posts:
https://www.beringer.net/beringerblog/insurance-is-driving-compliance/
https://www.beringer.net/beringerblog/prevent-data-loss-in-microsoft-365-with-these-7- security-tips/
4. System Updates
We have all seen operating system updates that pop up on our PCs on a regular cadence. Our mobile devices also receive system and app updates. Line of business applications also receive patches and new features, to maintain compatibility with operating system changes. These are all important in protecting software and its data. One area of updates that is often overlooked is firmware, which is the embedded software-in-hardware that manufacturers patch in responses to changes in the surrounding software and exposed vulnerabilities. To explain the importance of updated firmware, our team has posted two blogs on this topic:
https://www.beringer.net/beringerblog/obsolete-firmware-poses-security-risks/ https://www.beringer.net/beringerblog/protect-yourself-with-a-firmware-update/
5. Create and Retain Data Backups
Finally, one of the most important forms of data protection is the humble “backup”. As a security blanket, data backups help business owners sleep at night while offering real- world protection in case of physical equipment damage or a ransomware attack. Industry standards and individual business policies shape the requirements for data backup, and these can vary widely based on type of data, importance to business operations, and budgetary constraints. Specific examples of the importance of data backups for Microsoft cloud data and mobile devices while traveling are outlined in these two blogs from our team:
https://www.beringer.net/beringerblog/microsoft-office-365-that-stuffs-all-backed-up- right/
https://www.beringer.net/beringerblog/protect-yourself-from-cybercriminals-when- traveling/
You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. :-) (Think, simple, fast, effective and something everyone can do!)
I would mandate the use of multi-factor authentication methods for access to any internet-based service such as banking/financial institutions or social media sites. Multi- Factor authentication can go a long way toward creating secure access. A username and password alone simply isn’t secure enough.
How can our readers further follow your work online?
https://www.beringer.net, LinkedIn and Facebook
This was very inspiring and informative. Thank you so much for the time you spent with this interview!
