procedures for maintaining the security of the regional center.
Even the business plan for the center should include details
on how the business plans to maintain a secure technology
infrastructure. Just a few to consider include: passwords
(managing, storing and sharing); an investor portal that provides
secure communications; an encrypted escrow administration
system between investors, regional centers, administrators
and banks; email security measures (such as what you will and
will not send via email); determining a method for storing data
online; security measures for mobile technologies; website
development; basic and advanced search engine optimization for
EB-5; and secured third-party access for brokers, dealers, rental
center administrators, bankers and others who need access to
your data.
THE DANGER OF NOT SENDING
ENCRYPTED EMAILS
Email has become universal and many of us are complacent
when it comes to email security. Unless email is encrypted
before transmission, it travels over the Internet with nothing
stopping people with the right equipment from “sniffing” the web
and machine reading everyone’s email. There are over 246 billion
emails sent each day, according to Radicati Group research.
With spam accounting for over 20 percent of those emails, the
potential for one of those emails to be malicious is like playing
Russian roulette every time you click or tap on your device.
Phishing involves sending emails that purport to be from
reputable companies but are actually trying to induce recipients
into revealing personal information, like a password or credit card
number. If you get an email from your bank or other institution
that you work with, it is always safer to login through their
portal than click on an embedded link. These emails use the
real company’s logo and format to trick you. They can be very
convincing. There are examples of emails, supposedly from
reputable senders, that ask recipients to pay an attached invoice
or log into a site. In reality, the invoices are fake and the sites are
actually stealing passwords.
Virus protection is no longer merely a nice thing to have if you
operate an electronic device with access to clients’ personally
identifiable information. Without virus and malware protection
you are acting irresponsibly and committing malpractice in your
business. The days are long gone when you can say you didn’t
know. The court system is full of cases seeking huge damages
from business operators who wanted to save $9.99 per month
and not have proper virus protection software.
Whether you use a PC, Mac, Android or iPhone, you must be
diligent in updating your device. Most updates and patches
have something in them that will improve security. Software
developers learn about bugs and other vulnerabilities all the
time and put out fixes that need to be installed to be of benefit to
users. Web browsers need to be updated and they often need to
be helped manually, even though they are supposed to have an
automated update feature.
Check them monthly to be sure. Unless you’ve known someone
for 10 years or more, how can you really know enough to provide
trust with the type of materials, money and responsibilities
necessary to conduct business as an EB-5 regional center?
85
EB5 INVESTORS M AGAZINE
"Cyberinsurance...is
an absolute
necessity as part of
your continuity of
operations plan."