Dapango Technologies

  • Compliance As a Services

    ¡FTC Safeguards Rule Deadline Has Passed!

    ¿ What guidelines must cover companies comply with?

    June 9 was the deadline for implementation of the FTC’s Safeguards Rule, which aims to strengthen the data security measures that companies covered by the rule must implement to protect customers’ personal information.

    ¿What does it require covered companies to do?

    – Must designate a qualified person to oversee their information security program

    – Develop a written risk assessment

    – Limit and control who can access confidential customer information

    – Encrypt all confidential information

    – Train security personnel

    – Develop an incident response plan

    – Periodically evaluate the security practices of service providers

    – Implement multifactor authentication or another method with equivalent protection for anyone accessing customer information.

    Many companies rushed to hire third-party services that offer solutions for each of these approaches; however, once they began to implement these solutions and work with their service advisors, it became evident that they did not always fully comply with what was offered or did not receive the personalized attention they were looking for.

    If this is your case, we want to tell you that you are not alone because it is not only about the product or service you select but about the whole experience; without a doubt, the secret of solutions that seem simple experiences, we are Digital Advisors in an era where technology is advancing rapidly, we know that modernizing your company can be a challenging task, especially when it comes to critical business processes.

    At Dapango, we understand that, so we conduct interviews with our clients to understand your company’s challenges before offering a solution. We specifically evaluate your business processes to identify weaknesses and opportunities for growth, ensuring we guide you on the right path. We create a line of defense for your information, automate processes to increase your productivity, train your team and guide them in the implementation. At the same time, we ensure you have several backup options in case of an attack, all to keep your activities uninterrupted.

    Visit our website or book an appointment with our consultants and discover the benefits of working as a team with a company focused 100% on the needs of its customers.

  • Compliance As a Services

    FTC Safeguards Rule

    ¿How do you know if your business is a financial institution subject to the Safeguards Rule?

    Nowadays, it is vital to know the laws that support your business activity, as their function is to protect you as an entrepreneur and, thus, your end customer.

    As the name suggests, the Federal Trade Commission’s Customer Information Protection Standards (the Safeguards Rule) ensure that entities covered by the Rule maintain defenses to keep customer information secure.

    The Safeguards Rule went into effect in 2003, but after public comment, the FTC amended it in 2021, which consolidated it to keep pace with our current technology, thus providing a more specific guidance model for companies to adapt and meet the required need.

     How do you know if your business is a financial institution subject to the Safeguards Rule?

    The first thing you should know is that this rule applies to financial institutions that are subject to the jurisdiction of the FTC and are not subject to the enforcement authority of another regulator under Section 505 of the Gramm-Leach-Bliley Act, 15 USC § 6805. Under Section 314.1(b), an entity is a “financial institution” if it engages in an activity that is “financial in nature” or is “incidental to such financial activities, as described in section 4(k) of the Bank Holding Company Act of 1956, 12 USC § 1843(k).”

    We will show you 13 examples of the types of entities that are financial institutions under Rule:

    1. Mortgage lenders.

    2.  Payday lenders.

    3.  Finance companies.

    4.  Mortgage brokers.

    5.  Account managers.

    6.  Check cashers.

    7.  Wire transfers.

    8.  Collection agencies.

    9.  Advisors.

    10.  Financial advisors.

    11.  Tax preparation firms.

    12.  Non-federally insured credit unions.

    13.  Investment advisers that are not required to register with the SEC.

    The 2021 amendments to the Safeguards Rule add a new example of a financial institution: finders. Those firms bring buyers and sellers together, and then the parties negotiate and consummate the transaction.

    What does the Safeguards Rule require companies to do?

    It requires covered financial institutions to develop, implement and maintain an information security program with administrative, technical, and physical defenses designed to protect customer information.

    The Statute defines customer information as “any record containing nonpublic personal information about a financial institution’s customer, whether in paper, electronic or other form, that is managed or maintained by or on behalf of you or your affiliates.”

    The Rule covers information about your customers and customers of other financial institutions that have provided that data to you. Your information security program should be written and appropriate to the size and complexity of your business, the nature and scope of your activities, and the sensitivity of the information involved.

    The objectives of your company’s program are:

    – To ensure the security and confidentiality of customer information.

    – To protect against anticipated threats or hazards to the security or integrity of that information

    – To protect against unauthorized access to that information that could result in substantial harm or inconvenience to any customer.

    Do you have any doubts? Would you like to know more about it?

    You can visit the FTC’s official website.

    FTC Safeguards Rule: What Your Business Needs to Know | Federal Trade Commission

    You can also request a meeting with one of our consultants to find out how advanced your security program is, its weaknesses, and what options exist to complement it.

    Our mission at Dapango is to provide people with the education, resources, and knowledge they need to be resilient in a world of advanced technology. We aim to create unique experiences and shape a better world for all by supporting them in pursuing their passions and achieving their goals.

  • Compliance As a Services

    Federal Trade Commission

    ¿Have you heard of the FTC Federal Trade Commission? 

    Created in 1914, its purpose was to prevent unfair competition methods within commerce as part of the “end to monopolies” battle.

     FTC is the national consumer protection agency of the United States; Its mission is to protect people from deceptive and fraudulent practices and to promote competition. 

    Its primary purpose is to enforce noncriminal antitrust laws in the United States, preventing and eliminating anticompetitive business practices, including coercive monopoly.

    The FTC also seeks to protect consumers from predatory or deceptive trade practices; its activities include investigating fraud or false advertising, conducting investigations of scams and unfair trade practices, consulting Congress, and providing pre-merger notices.

     ¿How does the FTC benefit consumers?

     As a consumer or trader, you may be better served than you think by the FTC’s work since it deals with issues that affect the economic life of every single American, including international influence.

    It is the only federal agency with jurisdiction in consumer protection and competition in broad sectors of the economy. Works for vigorous and effective law enforcement; promote consumer interest by sharing its experience and knowledge with federal and state legislatures and with US and international government agencies; develops policy and research tools through hearings, workshops, and conferences; and generates practical, plain language educational programs for consumers and businesses interacting in a global marketplace with ever-changing technologies.

    The consequences of a breach range from business interruption or fines that can go as high as $100,000 for violations (in the case of the FTC Safeguards Rule) to even legal action.

    Suppose an FTC investigation reveals illegal activities by one or more companies within an industry. In that case, they may seek voluntary compliance records through a consent order, initiate federal litigation or file an administrative complaint. Traditionally, such a complaint would be heard before an administrative law judge (ALJ) and can be appealed to the U.S. Court of Appeals and the Supreme Court.

    The easiest way to avoid penalties from the TFC is to protect yourself and your customers by knowing the rules that your business must comply with, as they are constantly evolving due to advances in commerce technology. If you have doubts regarding this or other trade issues, it is best to have specialized advice adapted to the characteristics of your business. At Dapango, we know the challenge of modernizing your business as a leading advisory, adoption, and delivery service provider. We generate safe and profitable solutions that take your business to where it needs to go. We work with companies, are where we are, and help them get where we want to be. No matter your challenges or needs.

    ! We are launching our new website, visit us and receive advice on your business!

  • Compliance As a Services

    Do you know how your information security program should be structured based on the FTC Safeguards Rule?

    It is such a sensitive and vital issue for your company, as your entire team must be involved in protecting one of the most critical assets of your business – YOUR INFORMATION and that of your customers. 

    As one of the critical processes to keep your business up to date in an ever-evolving technological world, it is essential to stay ahead of the curve, not only to avoid fines but also to avoid data leaks or losses that could damage your operation. 

    In 2022, over 40% of organizations reported having suffered six or more cyberattacks. In 2023, we are not only concerned about cyberattacks, cyber espionage, and data leaks, but as a new factor comes into play, artificial intelligence and how hackers will use it for these purposes, it will undoubtedly be one of the biggest threats we will face. 

    Fortunately, Section 314.4 of the Safeguards Standard identifies nine elements your company’s information security program should include. 

    A.   Designate a Qualified Individual to implement and supervise your company’s information security program. The Qualified Individual can be an employee of your company or can work for an affiliate or service provider. The person doesn’t need a particular degree or title. What matters is real-world know‑how suited to your circumstances. The Qualified Individual selected by a small business may have a background different from someone running a large corporation’s complex system. If your company brings in a service provider to implement and supervise your program, the buck still stops with you. It’s your company’s responsibility to designate a senior employee to supervise that person. If the Qualified Individual works for an affiliate or service provider, that affiliate or service provider also must maintain an information security program that protects your business. 

    B.   Conduct a risk assessment. You can’t formulate an effective information security program until you know what information you have and where it’s stored. After completing that inventory, conduct an assessment to determine foreseeable risks and threats – internal and external – to the security, confidentiality, and integrity of customer information. Among other things, your risk assessment must be written and must include criteria for evaluating those risks and threats. Think through how customer information could be disclosed without authorization, misused, altered, or destroyed. The risks to information constantly morph and mutate, so the Safeguards Rule requires you to conduct periodic reassessments in light of changes to your operations or the emergence of new threats. 

    C.   Design and implement safeguards to control the risks identified through your risk assessment. Among other things, in designing your information security program, the Safeguards Rule requires your company to: 

    Implement and periodically review access controls. Determine who has access to customer information and reconsider on a regular basis whether they still have a legitimate business need for it. 

    Know what you have and where you have it. A fundamental step to effective security is understanding your company’s information ecosystem. Conduct a periodic inventory of data, noting where it’s collected, stored, or transmitted. Keep an accurate list of all systems, devices, platforms, and personnel. Design your safeguards to respond with resilience. 

    Encrypt customer information on your system and when it’s in transit. If it’s not feasible to use encryption, secure it by using effective alternative controls approved by the Qualified Individual who supervises your information security program. 

    Assess your apps. If your company develops its own apps to store, access, or transmit customer information – or if you use third-party apps for those purposes – implement procedures for evaluating their security. 

    Implement multi-factor authentication for anyone accessing customer information on your system. For multi-factor authentication, the Rule requires at least two of these authentication factors: a knowledge factor (for example, a password); a possession factor (for example, a token), and an inherence factor (for example, biometric characteristics). The only exception would be if your Qualified Individual has approved in writing the use of another equivalent form of secure access controls. 

    Dispose of customer information securely. Securely dispose of customer information no later than two years after your most recent use of it to serve the customer. The only exceptions: if you have a legitimate business need or legal requirement to hold on to it or if targeted disposal isn’t feasible because of the way the information is maintained. 

    Anticipate and evaluate changes to your information system or network. Changes to an information system or network can undermine existing security measures. For example, if your company adds a new server, has that created a new security risk? Because your systems and networks change to accommodate new business processes, your safeguards can’t be static. The Safeguards Rule requires financial institutions to build change management into their information security program. 

    Maintain a log of authorized users’ activity and keep an eye out for unauthorized access. Implement procedures and controls to monitor when authorized users are accessing customer information on your system and to detect unauthorized access. 

    D.   Regularly monitor and test the effectiveness of your safeguards. Test your procedures for detecting actual and attempted attacks. For information systems, testing can be accomplished through continuous monitoring of your system. If you don’t implement that, you must conduct annual penetration testing, as well as vulnerability assessments, including system-wide scans every six months designed to test for publicly-known security vulnerabilities. In addition, test whenever there are material changes to your operations or business arrangements and whenever there are circumstances you know or have reason to know may have a material impact on your information security program. 

    E.   Train your staff.  A financial institution’s information security program is only as effective as its least vigilant staff member. That said, employees trained to spot risks can multiply the program’s impact. Provide your people with security awareness training and schedule regular refreshers. Insist on specialized training for employees, affiliates, or service providers with hands-on responsibility for carrying out your information security program and verify that they’re keeping their ear to the ground for the latest word on emerging threats and countermeasures. 

    F.    Monitor your service providers. Select service providers with the skills and experience to maintain appropriate safeguards. Your contracts must spell out your security expectations, build in ways to monitor your service provider’s work, and provide for periodic reassessments of their suitability for the job. 

    G.   Keep your information security program current. The only constant in information security is change – changes to your operations, changes based on what you learn during risk assessments, changes due to emerging threats, changes in personnel, and changes necessitated by other circumstances you know or have reason to know may have a material impact on your information security program. The best programs are flexible enough to accommodate periodic modifications. 

    H.   Create a written incident response plan. Every business needs a “What if?” response and recovery plan in place in case it experiences what the Rule calls a security event – an episode resulting in unauthorized access to or misuse of information stored on your system or maintained in physical form. Section 314.4(h) of the Safeguards Rule specifies what your response plan must cover: 

    The goals of your plan; 

    The internal processes your company will activate in response to a security event; 

    Clear roles, responsibilities, and levels of decision-making authority; 

    Communications and information sharing both inside and outside your company; 

    A process to fix any identified weaknesses in your systems and controls; 

    Procedures for documenting and reporting security events and your company’s response; and 

    A post mortem of what happened and a revision of your incident response plan and information security program based on what you learned. 

    I.    Require your Qualified Individual to report to your Board of Directors. Your Qualified Individual must report in writing regularly – and at least annually – to your Board of Directors or governing body. If your company doesn’t have a Board or its equivalent, the report must go to a senior officer responsible for your information security program. What should the report address? First, it must include an overall assessment of your company’s compliance with its information security program. In addition, it must cover specific topics related to the program – for example, risk assessment, risk management and control decisions, service provider arrangements, test results, security events and how management responded, and recommendations for changes in the information security program. 
    Meeting these requirements is a task that requires attention, effort, and constant dedication. Before choosing a service provider, it is advisable to investigate the solutions they offer and the benefits that complement their offer. They must fully comply with each of the aspects of the standard and train your team to use keys and recognize risk factors. 

    At Dapango, we guide our clients, and together, we solve the challenges they face, from strategy to execution, through our consulting services. We build new experiences, identify opportunities for improvement, help with digital transformation and the adoption of emerging technologies, dabbling in the art of the possible. 

    Request an appointment with one of our consultants and clarify your doubts before considering a long-term solution that could leave you unprotected against an attack.

  • Dante's Stories

    Miami Beach Convention Center

    Whenever there’s a change in the top management of any organization, a lot of things can become uncertain, and each approach can be unique. It can be an exhausting task to understand the company culture and learn every process and change, especially when it involves bringing agility and efficiency to an ongoing operation. Even a small change in the accounts payable process, such as swapping payment methods, can prove to be a huge task. It requires changing providers and redeploying some of the already in place solutions. However, we at Dapango Technologies have successfully helped and supported the Miami Beach Convention Center in migrating from credit card payments to a purchase orders process. Our assistance extending them credit terms and also providing knowledge and expertise in the technology field. We work with top brands like Dell, Microsoft, Honeywell, Logitech, HP, and others to bring top-notch value, cost-effectiveness, and agility. The Miami Beach Convention Center trusts Dapango Technologies as their go-to cloud, managed services, and equipment provider.

  • Dante's Stories

    AGV Consulting

    When it comes to expanding a business and introducing new services and revenue streams, it can be a daunting task that requires careful consideration and strategic planning. That’s why AGV Consulting recognized the importance of partnering with the right experts to ensure success. After conducting extensive research, they chose to collaborate with Dapango technologies to revolutionize CCTV monitoring systems in Panama. Thanks to Dapango’s specialized knowledge and experience in this field, the team was able to quickly and efficiently execute their innovative solution, which ultimately proved to be a game-changer in the market. AGV Consulting has come to depend on Dapango as their go-to Cloud and Managed Service Provider, knowing that they can trust their expertise and commitment to excellence. With this successful partnership, both companies have achieved their desired outcomes and continue to thrive.

  • Dante's Stories


    Jan and Jay arrived at the decision to close their business after more than forty years of operation. However, their current IT provider failed to prioritize them during this crucial phase in their lives. Retirement can be an overwhelming experience, particularly when faced with a significant IT workload, such as data destruction, migrations, and compliance with all type of regulations. It can be challenging to determine the appropriate course of action. Fortunately, our excellent relationship with Hornet Security facilitated our introduction to this remarkable couple. We assumed responsibility for their legacy systems and fulfilled the commitments they had made over the years. Throughout their year of transition, we continued to provide support, ensuring that their customers were not placed in a similar predicament.

  • Dante's Stories

    Reds Tax Services

    A mother and son duo decided to start an accounting firm, but their first hurdle was technology. They were unsure of what systems to use, where to host them, and how to store, protect, and encrypt data. Additionally, they needed to comply with various state and federal government regulations. Luckily, a family member who owned Dapango Technologies stepped in to help. Our team researched and tested different solutions for tax preparers who work with personal and business tax returns at the federal and state level. After selecting the best option, we helped the family startup architect and deploy the solution. Today, REDS Tax and Services relies on Dapango Technologies as their Cloud and Managed Service provider. They use our company’s vCIO services, Azure Virtual Desktop Infrastructure, Cybersecurity and Compliance as a Service to operate effectively.

  • Sportmax migration of the web core and infrastructure modernization
    Dante's Stories,  Our Projects

    Sportmax migration of the web core and infrastructure modernization

    Dapango Technologies provided guidance and designed a solution to modernize and expand the network infrastructure while safeguarding investments and training SportsMax.

    In 2021, an enthralling tale began to unfold as the founder of Dapango Technologies embarked on a remarkable journey. Driven by a fervent passion for innovation, he established a company with an exceptional vision: to revolutionize and amplify how people use technology.
    One fantastic project crossed his desk for the second time in 5 years.

  • Starbucks cafe store in shopping center, dapango technologies Starbucks partners
    Dante's Stories,  Our Projects

    Starbucks trusts us to guide them through

    Migration Microsoft 365 and Cloud-to-cloud mailbox migration

    As advisors in the field of technology, we recognize that transitioning between service providers, upgrading core systems, and modernizing applications can be a daunting task, particularly when it involves the central communication system of emails.