by Felicien | Jan 9, 2019 | Education
No one wants to go through the stress of firing anyone, but sometimes you need to let one of your IT techs go. This can leave your company wide open for data breaches. Before starting the off-boarding process of an employee who has access to your entire computer network, having a proper procedure in place can help protect your data. Use these six tips to create a process you can use to safeguard your company’s private information when severing ties with a member of your IT team.
Tips to Terminate an IT Employee Without Risking Your Company’s Information Security
Eliminate the employee’s company network access. It is perhaps obvious fired employees should no longer have access to company computers, but a recent study found that surprisingly almost 9 out of 10 former employees’ credentials were still active for some time following termination. Your business can prevent potential issues by disabling, but not deleting a person’s business account and passwords before firing. You should pay particular attention to blocking any applications which allowed the employee to access your company data remotely.
Prevent access to third-party applications. Access to third-party software connected with your company can be more difficult to contain than access to in-house computer systems. If your former IT employee had access to third-party applications such as Dropbox, Outlook, Sharepoint, Trello, or Facebook, remove the person’s access immediately. This is where the importance of good record keeping is beneficial. Remember to leave your former employee’s email accounts and cell phone number open for a time, but forward emails and incoming calls to another member of your staff to maintain seamless communication.
Recover company-owned property. Before the former employee leaves your premise, take back the person’s company ID, access cards, keys, fobs, cell phones, laptop computers, and any manuals. Your HR department should always maintain a list of anything you give your employees to make it as easy as possible to verify the person returns everything.
Back up the former employee’s work computer. In the rare event that a former employee misuses your company’s data, it is essential for you to have a record of everything the person had access to while employed. Before reformatting the terminated employee’s computer or company cell phone, make a complete backup of the data and maintain the information for a few years just in case the worst-case scenario occurs.
Inform people that the person no longer works for your company. Make sure that all of your employees know that the person left the company and that their former coworker should not be in the office at any time. Ask your employees not to discuss company information with the person in the future. Contact any vendors which the former employee did business with and give them a heads up in case the person tries to contact your vendors for any reason.
Change access codes and locks for your most sensitive areas. If the terminated employee was able to access highly restricted areas in your company, replace locks and create new PINs and door codes. Look into the possibility of upgrading your security to use biometric or individual passcodes to make the process as easy as possible.
In a survey by Osterman Research, Inc., over 75 percent of former employees who retained credentials admitted to at least logging into company computers. Hopefully, your former employee is the rare exception, but the risk is far too significant to do nothing.
by Felicien | Jan 8, 2019 | Education
Every account you have is protected by a password or a PIN of some kind. A PIN is a personal identification number that is unique to the account it is attached to. In some cases, you are allowed to choose your own PIN. For other accounts, you must use the PIN or password that is provided by the creator of the account. Memorizing PINs and passwords is essential if you want to maintain your privacy and keep your accounts fully protected. It’s also vital that you use a few “best practices” when it comes to managing your passwords.
Avoid the Obvious
Avoid using the most obvious choices like your children’s names or notable dates. Choose passwords that would be difficult to trace back to someone or something that is important to you. Choose random numbers and words that can be easily remembered. Hackers who break into accounts will often look through your information to try and find patterns. Random words and phrases are less likely to be picked up within the pattern.
Two-Factor Authentication
Two-factor authentication can involve the use of a PIN and a password, or a PIN/password and a series of security questions. It can also include the use of a security key ( a card that is coded with personal information) and a PIN. The only way to access the account is to have both pieces of the puzzle to unlock the code. If one of the pieces is wrong, you may be locked out of your account until a system reset can be performed.
Separate Numbers and Symbols
Numbers and symbols that are used together may indicate a date or account number. Separate your numbers and symbols to remove any type of familiar sequencing. Alternate numbers, letters, and symbols so that it is difficult to identify any type of common pattern or series.
Use Your Fingerprint to Secure Mobile Devices
One of the best ways to protect your information is through the use of your fingerprint. iPhones can now identify your eye by scanning your cornea. Both of these methods use body parts that are unique to you. No one can duplicate them or alter them in any way. By using a fingerprint or eye-scan to protect your mobile devices, the information stored on that device is protected. You should still, however, change your passwords frequently.
Don’t Use the Same Password for Multiple Accounts
Avoid using the same password for multiple accounts. Choose a new and unique password for each account you have. While it may be difficult to remember multiple passwords, the alternative could mean devastating financial losses. Choose several password and PIN options that can be used effectively. In some cases, you may be able to rotate them. This must be done randomly and without a pattern to maintain the highest level of security possible.
There are ways to protect your passwords and PINs so that you can maintain your accounts and keep them secure. Using a password manager is just one way to secure your accounts. Determine which type of measures work best for you and use them effectively so that all of your information remains protected from outside predators and hackers.
by Felicien | Jan 8, 2019 | Education
Microsoft recently announced several new updates to Office 365. These updates and additions will help organizations who want to streamline efficiencies and remain compliant with new regulations across numerous industries. The nine key additions and updates to Office 365 will also help organizations effectively manage their digital presence.
9 New Updates And Additions To Microsoft Office 365
The nine key updates and additions to Office 365, include the following features and benefits.
Embed 3-D animations into Word documents and PowerPoint presentations. — You don’t need to know how to code an animation series to use this new feature. In fact, all you have to do is place the 3-D model into your slide, select a pre-built animation, click apply, and instantaneously watch as the 3-D model comes to life.
PowerPoint can transform written texts into readable messages. — Whether you have the world’s worst handwriting or a five year old can draw better than you, PowerPoint is now here to save you time and inevitably money as you create your business presentations. Simply draw out the presentation by hand using a touchscreen tablet. Next, launch PowerPoint and watch as the slides are automatically transformed with digital design recommendations that include layout, icon, and text suggestions. In minutes your handwritten ink can look like something that was designed by a professional artist in the graphic design department.
Save office supplies with the digital pen. — The Microsoft digital pen has all new features that will allow you to save time and resources when editing important documents. Enjoy the speed of simply using the digital pen to cross out paragraphs, circle text, add words, insert line breaks, split / change words, and leave detailed comments.
Transform Word documents into web-ready publications. — To transform your Word document into a Sway website, simply finalize your document, click File, and then click Transform. This feature can also be used to reduce the time needed to create and publish newsletters, training documents, product pages, and pitch decks.
Use blurred background to regain focus on video calls. — The new blurred background features allows video callers to blur their background so that unwanted distractions remain out of sight. The feature is particularly helpful for organizations that have a large remote workforce.
Avoid time-consuming compatibility issues. — Microsoft’s recently released desktop app allows organizations to easily check app compatibility before they complete a system upgrade. This check can save organizations time and money as they keep their systems operating at the optimal capacities, without suffering from incompatibility issues.
More efficiently complete Office 365 migrations with the SharePoint Migration Tool. — The new and improved SharePoint Migration Tool offers a point and click interface that makes it easier for organizations to complete Office 365 migrations. For example, in a few simple clicks your OneDrive files can be migrated to OneDrive for business.
IT teams can more effectively manage and implement business critical resolutions. — The SharePoint Admin Center now allows IT experts to more easily manage Office 365 group-connected sites and hub sites. The update also includes security and compliance enhancements. For example, admins can now restrict or allow access from known IP-addresses, automatically sign-out idle users, and restrict access from non-compliant devices.
Maintain user data compliance. — Office 365 has a complete list of certifications and attestations to ensure that security and compliance are maintained. In this vein, Office 365 recently achieved its HITRUST CSF Certification, which is specifically designed to help health organizations maintain security, privacy, and regulatory compliance.
The Bottom Line: Microsoft Office 365 Delivers Powerful New Updates
Whether you want to more effectively manage your digital presence or create dynamic PowerPoint presentations in a click of the button, the new updates to Office 365 are built with the business executive in mind. In short, the new updates and additions to Office 365 will help your organization to more efficiently and effectively complete daily tasks that will lead to heightened levels of business success.
by Felicien | Jan 7, 2019 | Education
How Much is Spent Worldwide on IT Costs?
Worldwide IT costs in 2018 hit an estimated $3.7 trillion, up 4.3 percent over the prior year, according to the Gartner, Inc. With so much at stake, it’s essential for all companies that utilize IT to consider the pros and cons of a traditional IT approach versus moving more and more functionality to the cloud. Finance considerations are one of the top considerations, but control over assets and data security are also vitally important. Therefore, it’s essential that the CIO is prepared to talk about the differences in language other executives can understand.
Why It’s Difficult to Explain Cloud Costs to the C-Suite?
CIOs sometimes have a hard time explaining the difference between cloud services (typically a SaaS with monthly operating expenses) and traditional healthcare IT models that may involve paying cash for software and equipment to own them outright (a capital expenditure). This comparison needs to factor in the monthly cost to run on-premise data centers, as well as the allocation of capital expenditures, such as hardware, licensing, etc. Non-financial factors include company policies that favor ownership versus rental models for IT hardware and software. Unless the cloud expense is much higher, the C-suite should lean toward cloud economics as a more strategic approach. It governance policies may also need to be revisited to support cloud computing trends.
Moving from a Cost Center to Strategic Partnership Model?
Healthcare organizations deliver healthcare services but are also digital companies. Cloud computing is now a critical component that brings the latest technology to the table, perhaps improving outcomes. It’s essential to help the C-suite understand this. One analogy that works is comparing it to another service based on consumption. Just as the utility or electric bill varies based on actual consumption, cloud computing cost varies based on changing usage. Building an accurate forecast prepares the leadership team for the hit to OpEx and the P&L. It may still be a tough sell, and the IT team might need some finance talent to track and adjust usage trends to keep the cloud cost forecast up-to-date.
How Can a Flexible OpEx Model Help Healthcare IT?
If a healthcare company needs to change directions fast to incorporate new diagnostic tools, therapies or IT innovations, an OpEx model is the fastest way to respond. Many times, the CIO is seen as someone holding fast to a traditional CapEx model or as someone rushing change before the organization is ready. Instead of letting the decision point be a source of contention, a mix of CapEx and OpEx could be the best answer. In this hybrid model, the decision to use a cloud-based approach versus a traditional on-premise solution would hinge on individual decisions about risk management and financial requirements, resulting in a variety of local and managed private cloud services as well as public cloud services.
What are Some Convincing Tactics for other Executives?
The difference boils down to buying software and hardware at once or paying a subscription. To show healthcare executives the advantages of the cloud, CIOs must demonstrate the benefits of the OpEx (or hybrid) model in a quantifiable way. For example, consider the CapEx model for buying a piece of hardware. The hardware has to be secured and configured, and the terms and conditions must be approved by the legal team before software can be installed. You put out a lot of hard-earned cash and wait months to actually use the product. The process takes months and ties up precious resources. In the cloud model, new solutions are available quickly without the headache of in-house configuration and maintenance. It also gives organizations the ability to scale down as well as up. This agility is something that’s easy to forget because most people associate cloud migration with scaling usage up.
How Can Cloud Solution Be Included in ROI?
Include the following in the calculation of ROI: increased productivity (concentration on core functions), cost reductions, security, network, data storage, and transfer improvements. In a healthcare organization, access is key to improving patient outcomes. It’s important to show how each of these items translates to the ROI. If you can do this effectively, the rest of the C-suite is likely to fall in line with a cloud model.
What Preparation is Needed Before Talking to the C-Suite?
Before speaking to a C-suite individual, the CIO should prepare a model showing the ROI. The presentation should include technical data on cloud-based models that are clearly understood. Documenting a cloud strategy defines the outcomes sought by the CIO, and it’s the beginning of a road map to get there. The CIO’s roadmap should describe how the cloud model will save cost and add efficiencies while improving security and networking reliability. It also has to conform to HIPAA regulations.
by Felicien | Jan 7, 2019 | Education
As businesses add more layers of cybersecurity to their arsenals, cybercriminals are finding new ways to attack system, networks and devices. There is a constant stream of emerging threats that can mean trouble for companies of any size.
Why Is Data Security a Major Challenge Going Forward?
Businesses today are realizing the vast opportunities that come from leveraging, monetizing and collaborating on their collected data. That means companies need to protect their data not only from privacy breaches but also from data misuse, data manipulation and loss of intellectual privacy.
Data validity, for example, is one particular area of cyberattack emerging. Data need not be stolen to hurt the business reputation. Instead, hackers could alter data such that it becomes invalid or inaccurate in such ways to delegitimize business outcomes and partnerships.
Industries need to identify and deploy new technologies that protect data while it’s at rest and in transit. Privacy risks related to data in use are hindering the full realization of data collaboration, limiting the opportunities available to companies.
Here are 8 other cybersecurity challenges that businesses need to combat now or shortly.
1. Chatbots at Risk
Artificially intelligent chatbots have become commonplace, helping to answer questions and guide web visitors to required information and action. Hijacked chatbots, however, could mimic existing tools to drive victims to click on links, download malicious files or share private information.
Web application flaws could also be exploited to insert malicious chatbots into sites that don’t have one.
While these intrusions will likely be text-based bots for now, shortly, speech-enabled bots could lead to further victimization over the phone or other voice-enabled technologies.
2. Artificial Intelligence Mean Powerful Malware
The rise of AI, the Internet of Things and machine learning means more opportunities for business transformation. They also invite more smart attacks using intelligent malware. Cybersecurity providers need to develop new means of detecting these threats and training personnel to recognize and prevent them. Many of these preventative measures need to be automated to provide continuous detection and prevention.
Part of the challenge is the sophisticated tools hackers are using. Updated exploit kits, artificial intelligence and natural-language algorithms have allowed hackers to automate convincing emails. Simple processes allow for the generation of emails to millions of stolen addresses with compelling phishing attempts.
3. Data Exposure
AI-enabled applications rely on data pools to power advanced functionality, both for smaller companies and giants like Amazon and Facebook. The increasing use of data pools means more potential for developers to expose information, often customer data. These data aren’t necessarily subject to hack, but instead are vulnerable and accessible to anyone who can find the vulnerabilities.
4. Cyberwarfare
Bad actors are no longer content on ransomware and phishing attempts. Technology advancements provide new opportunities for targeted and individualized attacks.
These attacks may leverage artificial intelligence to target individuals or corporations. Data integrity attacks, for example, could force organizations to completely replace computer hardware. Physical assaults could use drones and other tools for physical assaults.
5. Infrastructure at Risk
Nation-states will continue to wage cyber attacks on enemies with state-sponsored attacks on infrastructure. Attacks on national security, emergency communications, public health and financial systems could cripple governments and create spiraling consequences for the private sector.
Smaller conflicts could also be used as testing grounds for nation-states to assess new tactics, procedures and technologies that could be used in more significant geopolitical conflicts.
6. Data and Privacy Regulation
In 2018, the launch of GDPR, covering privacy issues for European Union citizens, forced companies to reevaluate their privacy and disclosure procedures. Similar privacy laws were approved in Canada and California. These new regulatory mandates are likely the first wave of protections that will force companies to spend more on cybersecurity, data transparency and reporting. As control of data begins to shift from institutions to individuals, companies are going to need better ways to monitor and report on compliance from multiple jurisdictions.
7. Connected Devices in the Crosshairs
With connected refrigerators, stoves, thermostats, doorbells and washing machines becoming the mainstay in many homes, the possibility of exploits is grave. Hackers will begin to identify and exploit vulnerabilities in these smart devices. Manufacturers will need to build in additional safeguards and architecture to meet growing consumer demand while keeping bad actors away.
8. Industrial Control System Risks
While there are more automated systems to allow for greater control of buildings, utilities and factories, there are inherent risks of exposure. Many of the players providing the technology in this space are new, making high-value targets all the more enticing to hackers.
Each year brings with it new technical innovations sure to drive better business outcomes. At the same time, hackers will find more sophisticated means to create more effective intrusions.
