by Felicien | Nov 29, 2018 | Education
Guide To Ensure Your Cloud Data Is Properly Backed Up
Cloud storage is a relatively new technology that provides access to data on multiple devices any time and anywhere. Many businesses turning to cloud storage to boost the productivity of their employees. While cloud storage is both convenient and secure, it is not infallible. Therefore, it is important that you take the time to ensure your cloud data is properly backed up. Whether you’re running Google Apps or Office 365, this guide will help you make sure you’re properly securing and backing up the data you have stored on the cloud.
How to Back Up Office 365 Data
To back up your data on Office 365, you need to specify the backup settings in a new profile or in an already existing profile. This profile should have Cloud Apps enabled. Once you’ve done this, inSync will begin backing up the user data in Office 365 according to the backup schedule you specified in the profile. In your profile, you can specify how many times in a day or week inSync should perform automatic backups.
The inSync cloud administrator is also able to back up Office 365 data at any time when needed. The procedure for performing an unscheduled backup of data on Office 365 is as follows:
Go to the menu bar for the inSync Management Console and click Availability > Backup. The Backup Overview page will appear.
Go to the All Data Sources tab and click on the Office 365 device you want to back up.
Click on the button Backup Now.
inSync will then begin the backup of the device you selected. There are multiple pages where you an view the details of the backup. You can see the backup details on the inSync Management Console, the inSync mobile app, and the inSync Client.
How to Backup Google Apps Data
If your organization uses Gmail, Docs, Spreadsheets, and Calendar, chances are you have a lot of important information stored on Google’s servers. Unless you take the time to back up your Google Apps data locally, your organization will be in major trouble if Google loses your data or denies you access to it for whatever reason. Therefore, it is essential that you back up your Google-hosted data on a regular basis.
Unfortunately, it is not as easy to back up data on Google Apps. There are many third-party apps available for backing up data on Google Apps. For example, you can use POP access with a desktop email client to back up the Gmail accounts of your employees. Thunderbird is an example of a third-party application that you can use to back up Gmail accounts. You can use Google Docs Download scripts to back up your documents and spreadsheets on Google’s servers locally.
Backups are essential even if you’re storing your data on the cloud. For more information about how to ensure your cloud data is properly backed up, don’t hesitate to contact us.
by Felicien | Nov 28, 2018 | Education
California’s recently passed privacy law, coming on the heels of similar regulations issued by the European Union, makes it imperative that businesses have clear policies and procedures for collecting, storing and using personal information.
The California Consumer Privacy Act (CCPA), passed in May 2018, is a far-reaching law that covers not only the data itself but also how businesses manage relationships with consumers and third parties. It is similar to but more stringent than, the EU’s General Data Protection Regulation (GDPR), also enacted in 2018.
What Businesses Does the CCPA Affect?
The CCPA applies to any business or non-profit organization (or entity that controls or is controlled by such a business and shares branding) that meets one of the following criteria:
Exceeds $25 million in annual gross revenue
Has personal information on 50,000 or more consumers, devices or households
Earns more than half its annual revenue by selling personal information to a third party
How Is ‘Personal Information’ Defined?
The CCPA takes a broad approach to personal information, including some data that are not typically included in such definitions. Under the act, personal information includes:
Account name
Unique identifier, including cookies
IP address
Email address
Commercial information, such as property records
Biometric data
Internet activity, including browsing history, search history and interactions with websites, ads or applications
Professional and employment-related information
.A provision also covers inferences that could be drawn from any of the other information to create consumer profiles. The law does not include publicly available information.
What Rights Do Consumers Have Under the CCPA?
Consumer rights under the CCPA include:
Data Access. Consumers can request in which categories a company has collected information, the categories of sources of that information and the specific information itself. Businesses also need to divulge the purpose of obtaining or selling personal information. Companies receiving a request must promptly deliver said information via email or mail free of charge. Businesses are required to share information no more than twice annually.
Deletion. If requested, businesses must delete any information the firm has collected and order its service providers to do the same. Data need not be removed in some instances, such as to complete a transaction, detect fraud or use for reasonable internal purposes.
Data Transactions. Businesses must reveal the categories of information sold to a third party and how those match up with the third parties’ information categories.
Opting Out. Consumers can opt out of selling their information to third parties. Those that sell information to third parties must notify consumers and provide them an opportunity to opt out. If a consumer is under 16, the business must receive affirmative consent (e.g., opting in) from the consumer or, if under 13, a parent or guardian.
Non-Discrimination. Businesses may not discriminate against a consumer who exercises these rights, including refusing to sell goods or services, charging different prices or delivering a different quality of products or services.
Does the CCPA Address Data Breaches?
In the event of a data breach, the CCPA provides consumers with a private right of action. That means consumers can pursue statutory damages and injunctive relief if data is accessed or stolen by an unauthorized party. It also allows consumers to take action if the business failed to maintain reasonable security measures.
What Other Obligations Do Businesses Have?
Businesses must post California-specific privacy rights on websites. Those sites must also disclose how consumers can request information and the categories of personal information collected or sold in the previous 12 months. There must also be a conspicuous link titled ‘Do Not Sell My Personal Information.’
Businesses must train employees on the act and consumers’ privacy rights.
How Is the CCPA Different from the GDPR?
The European Union adopted the General Data Protection Regulation that applies to nearly all companies that collect private consumer data on EU citizens. It requires companies to comply with robust data security and management protocols.
While the compliance categories are nearly the same as those under the CCPA, the guidelines are not as well defined, and enforcement is weaker. Unlike the CCPA, the GDPR applies to small and large companies and will likely evolve over time.
What Should My Business Do to Address GDPR and CCPA?
What can your company do to comply with these acts? Here are a few tips:
Create an internal privacy team, responsible for developing and reviewing privacy policies and managing consumer requests
Develop a consumer information policy and processes that include how data is collected, categorized, stored and accessed. Consider deleting private consumer data that is not needed for the business relationship.
Update your website with the required notices, links, and policies that are updated annually.
Evaluate data security, including security policies, backups, encryption and access.
by Felicien | Nov 28, 2018 | Education
Companies that manage data governance well are in a better position to meet data protection and retention compliance requirements and to accomplish their digital transformation goals. Microsoft Office 365 makes comprehensive, streamlined data governance throughout your organization easy, with automation tools for setting policies governing data retention, expiration, and deletion.
The majority of companies already have data governance (DG) policies in place for at least some of their data types and operations departments, though DG is often not comprehensive in many smaller to medium-sized businesses. Many times, informal rules evolve into stricter controls and eventually are formalized as policies.
Here’s some helpful information about data governance in Office 365 and some general advice on DG implementation planning and execution, to help you prepare to formalize your DG program.
What is Data Governance?
Data governance is the management system that ensures the maintenance of high data quality throughout the lifecycle of an organization’s essential data. This includes management of data security, accessibility, integrity and usability.
A proper data governance program has a governing group, a clear set of DG procedures, and an agreed plan for following the procedures.
A company’s procedures for ensuring formal management of its data should include clearly defined practices for monitoring of processes and enforcement of its data protection and retention requirements.
Why is Data Governance Important to Organizations?
The relevance of data governance for general data management and security should be obvious enough. Still, many companies fear to try implementing a data governance program, because it seems too complicated, or because there is a strong sense of uncertainty about the sustainability of such a program as a component of their diverse operational processes.
Data Governance in Microsoft Office 365
Office 365 provides a set of exceptionally intuitive tools to protect your business’s data against security threats, potential accidental leaks or deletions, and other risks to data retention and integrity, and to regulatory compliance. Data governance tools are located in the Office 365 platform’s Security & Compliance Center in Microsoft software products including:
Office 365 Business Essentials
Office 365 Business Premium
All levels of Office 365 Enterprise packages
Exchange Online Plans 1, 2 and Kiosk
SharePoint Online Plans 1 and 2
Skype for Business Online Plans 1 and 2.
Key Advantages of Data Management in Microsoft 365
Easily Assess and Manage Compliance Using Just One Set of Functions.
Microsoft Cloud services allow you to assess compliance risks and increase your data protection by using the Office 365 Compliance Manager. The Compliance Manager enables DG actions in the categories of Ongoing Risk Assessment, Actionable Insights, and Simplified Compliance. Obtain more in-depth information on data protection and compliance through your Service Trust Portal.
Conveniently Govern Data Handling and Protect Sensitive Data Throughout Its Lifecycle.
Implement a comprehensive DG program that will automatically classify and protect valuable data across all of your company’s connected devices, cloud services and apps. Apply encryption, access and retention rules, and other governance strategies to help ensure data compliance, protection and quality.
Leverage Powerful AI to Respond Efficiently to Regulators’ Requests and More.
Use Microsoft Office 365’s robust eDiscovery functions to locate obscure relevant legal information, even amidst unstructured data. Easily acquire insights into all your business’s data-related activities by using Office 365’s comprehensive activity API and auditing tools.
Microsoft 365 Data Governance Features and Benefits
A formal DG program is usually undertaken at the point when a company grows to a size at which the staff can no longer implement cross-functional tasks involving data with the same degree of efficiency that they maintained as a small startup team.
While there will be implementation challenges in the area of team coordination, Office 365 takes the pain out of DG implementation on the technical end. Some of the benefits of using Office 365 Data Governance functionality include:
Automated data classification greatly simplifies rule applications.
Intelligent policies generated through powerful machine learning bring best practices to your decision process.
Built-in DG policies make regulatory compliance quick and straightforward to implement.
Over 80 built-in IDs of sensitive content types do the work of identifying possibly needed categorizations for you.
Automated policies help ensure proper systemic handling of data retention, expiration and deletion.
Policies you set immediately purge redundant, obsolete data and other unnecessary data, and preserve your important data.
You can fully customize your data retention policies, to have your sensitive data handled precisely as you determine it should be.
Your data is classified and labeled, and protected and retained based on the policies you choose, based on varying levels of sensitivity across your company’s data assets.
DG policies set in Office 365 help in regulatory compliance regarding data privacy (like HIPAA, GDPR, SEC regs, etc.).
You can tailor policies for various departments and enforce policies differently for multiple users.
Data preservation lock policies encrypt data and can’t be turned off or rendered less restrictive.
With minimal pointing and clicking, Microsoft Office 365 Data Governance functions can reduce your compliance risks throughout Office 365.
Having a clear picture of what data assets your company owns, and where it is in your system helps ensure compliance and security of your important data.
Challenges in Data Governance Implementation
Implementing DG programs in any business using any technology is not an uneventful undertaking. Some of the biggest problems to smooth implementation include:
Organizational Culture — DG succeeds best in open company cultures wherein fundamental changes are welcomed. DG becomes political, involving redistributing responsibilities. Sensitivity is required.
Upper Management and Budget — Persuading upper management of the need for DG and to allocate sufficient budget for the project can be challenging. Succeed in this before proceeding.
Universal Acceptance — DG requires buy-in from all departments and individuals. Top management and project managers especially must thoroughly understand the technical and business considerations and champion the project.
Standardizing DG — Flexibility is needed to grapple with rapidly-changing requirements. It’s critical to strike a winning balance between the needs of staff to acclimate and the need for a timely transition to full conformance to new DG standards.
Maintaining DG — Be mindful of the need for preventing data mismanagement and imposing repressive policies that are not conducive to a healthy team environment, to sustain long-term success of DG and to promote the overall interests of the business and its team.
Data Governance Implementation Project Best Practises
Data governance is a permanent proposition. Implementation and long-term oversight teams risk participants losing their sense of priority and commitment to the program over time. So, it’s recommended to begin with an application-specific, data-type-specific, or other prototypical introductory project and then continue in phases (of no longer than 3 months each). Keeping the project manageable allows for more natural adaptation and greater confidence in broader adoption.
Common DG implementation steps include:
Analyze the current condition of the company’s data management and data quality.
Define objectives and goals for the DG implementation project.
Ensure that top management fully supports and budgets for the project.
Ensure that all employees understand the importance of the project and support it.
Define roles for parties, including DG strategy steering committee, DG Oversight Board, Data Manager, Data Stewards, Data Owners, Data Users.
Develop a set of data governance program policies.
Create a roadmap for implementation.
Implement the data governance program.
Monitor and enforce the DG policies.
Repeat the above steps each time changes are made that can affect the program.
Final Recommendations for Data Governance Implementation
Before starting DG implementation, reasons for the project should be clarified, to help prevent wasting time on unnecessary tasks. Evaluate current processes and adapt them to the planned new DG requirements, if practical vs. unnecessarily developing entirely new procedures.
Evaluate various data governance platforms and compare the difference in functional blocks for data integration, master data management, metadata management, data integration, data protection and data quality insights.
When you embark on your data governance initiative, avoid reinventing the wheel. As much as possible, use proven implementation methodologies, structural models and best practices already available in software tools, technical information libraries, or Managed IT Services consultants.
by Felicien | Nov 27, 2018 | Education
It seems like every week, a new, high-profile data breach is in the news. Both national and international companies alike can be hacked at any time, putting clients and customers in danger of having their financial and personal information used by criminals. Likewise, breaches like these pose real threats to the stability of a company. Trust in a company’s brand, products, services, and overall reputation can be lost in a matter of days.
But while most consumers — and many companies themselves — assume that data breaches happen over the Internet (and granted, they often do), another highly susceptible mode of communication may also be the culprit of a data breach: The telephone.
While it may not appear so now, it is essential to take precautionary steps to ensure the safety and security of your company’s phone line. Here are some key questions you and your company may have on this topic:
Aren’t online security precautions enough to keep my data safe?
No, unfortunately not. Today, when consumers need to enter their personal and financial information online, companies are usually (hopefully) at the ready with security precautions in place. But most companies don’t offer the same protections on their phone lines, and hackers are becoming more and more in tune with this loophole.
Moreover, you simply cannot expect your company to go entirely online. Older consumers, especially, still want to carry out transactions and make updates to their personal information over the phone. If any customer needs to call your company, you’ll also need to verify their identity, which means asking them personal information such as their full name, address, phone number, email address,
Sometimes, customers will even be asked to give passwords, pin codes, and answers to security questions over the phone. For better or worse, there are more than a few consumers who use the same passwords, pins, and security answers for many or all of their accounts. Again, hackers are keenly aware of this and use this information to conduct illegal activity.
How can my company start protecting our phone lines better?
You’ll need to implement security protocols with your phone lines just as you do with your website.
One such form of data protection is the GDPR or the General Data Protection Regulation, an EU-based framework of rules, which aims to help consumers have more control of their personal information. You’ll need to abide by GDPR and implement the necessary payment systems into your telephone protocol. GDPR-friendly systems allow the customer to enter data — especially payment information — directly into your banking establishment’s system (often by asking the consumer to dial in their credit card or social security numbers, etc.) instead of vocalizing it to an agent.
Another thing you can do to add an additional layer of security to your phone lines is to record all calls. You’ve likely heard the phrase, “all calls will be recorded” when phoning a company or service before. This is a notification that that establishment is concerned about call security and is putting an extra precaution in place.
How can recording calls help security over the phone?
It’s a way for companies to have full transparency of what transpires on a phone call in the event of a related security breach.
Of course, one concern in this area is that call agent may take personal information from customers and use it illicitly. In the event of this occurrence (or suspicion of this occurrence), the company will have a record of all calls, which they can then use to get to the bottom of security issues.
Is my company’s phone line at risk of a data breach?
It’s best to assume that yes, it is at risk. All phone lines can be hacked and are at risk, and if your phone line ends up being compromised, your company is unfortunately in for a world of trouble. Regrettably, even if you can fix the problem right away, your current and potential customers will lose trust in your ability to protect their information.
Time and again, companies, both large and small, take hard hits because of data breaches. And earning back the reputation of old customers becomes increasingly more difficult when news of every security problem is plastered all over television, news sites, and social media.
Instead of fixing security issues after they happen, aim to prevent them altogether. Keep in mind as you move forward that this means preventing security breaches online and over the telephone.
by Felicien | Nov 27, 2018 | Education
No longer are cyber thieves content to steal individuals’ financial information off unencrypted hard drives or through spam or phishing schemes. Increasingly, these criminals are going after bigger targets – they are targeting corporations with ever more complex threats like SQL injections, advanced persistent threats and Zero-Day exploits. These criminals are ruthless and have begun targeting healthcare providers.
According to Robert Herjavec, ransomware attacks on hospitals may increase fivefold over the next five years. Why, you may ask, all this interest in hospitals and the healthcare industry?
Financial gain. Medical records are far more valuable than credit card data. Medical records can sell for up to $50 each on the Dark Web compared to the meager $1 that Social Security and credit card data brings.
Easier to hack. Banks and other financial institutions are becoming more difficult to crack for cyber thieves. These institutions have invested heavily in cybersecurity to protect their data, while healthcare’s investment in sophisticated cybersecurity is lagging.
Medical identity theft is more difficult to detect. Consumers can purchase plans to help protect them again identity fraud and track their financial statements to detect fraud. But both patients and healthcare providers are unlikely to recognize a security breach immediately.
Large hospitals and other large healthcare organizations are not the only targets. Smaller private medical practices are also being targeted. According to Healthcare Informatics, 45 percent of all ransomware attacks in 2017 were in the healthcare field.
Regardless of the size of the organization, ransomware attacks can cause significant financial loss. Some organizations chose to pay the ransom because of the urgent need to resume patient care. However, there are more considerable economic consequences too.
Disruption of services. During the ransomware attack, the healthcare provider cannot provide a wide array of medical services causing loss of income by interruption of the business’s operations.
Loss of reputation. Patients often choose a medical practice, hospital or same-day surgery center based on the facility’s reputation. Loss of trust in a facility’s ability to safeguard patients’ medical records could potentially lead to business failure.
The CIO in any healthcare organization must communicate with the facility’s board of directors and management that cybersecurity is not an issue that can be tabled until next year. Clearly, everyone should develop a deep understanding of the serious consequences if their facility is attacked by ransomware. When the magnitude of potential damage is fully appreciated, cybersecurity will cease to be an expense. Cybersecurity will become an investment to protect the business from catastrophic cyber-attacks.
The healthcare industry is unique – bound by HIPAA for patient privacy and security – unlike credit cards which can be canceled and reissued – medical records uniquely belong to the patient and could be at risk for the life of the patient.
Why is the healthcare industry at increased risk for ransomware attacks?
Cybersecurity companies like Herjavec Group and Cybersecurity Ventures issued a report in 2016 that ransomware damages would be in the range of $1 billion for the year. Let’s look at some of the reasons the healthcare field is now the #1 target for ransomware.
IoT growing in healthcare. The Internet of Things is exploding. Global healthcare entities will spend upward of $270 billion on IoT devices by 2023. Imaging devices connected to the internet are a tantalizing target. Add in equipment maintenance software that requires periodic updates, and we can begin to see the opportunities for cybersecurity breaches. The critical needs of patient care demand that imaging devices are available 24/7 with no scheduled downtime – leaving updates to patch weaknesses not always performed on a timely basis.
Healthcare executives seem less aware of the risks than in other industries. Unfortunately, many healthcare executives seem less aware of the potential dangers from ransomware than management in different vertical industries. Hospitals, ambulatory clinics, imaging facilities and private practices are playing catchup to secure their networks.
Insider threats. Insider threats generally come in two forms. An obvious insider threat is the disgruntled employee or former employee. Less obvious threats may come from third-party contractors or outside consultants. And lastly, lack of employee training may cause careless or inadvertent mistakes.
What types of problems does ransomware cause?
Understanding the potentially catastrophic dangers that ransomware is the first step in realizing how important cybersecurity is the healthcare field.
Patient’s health and well-being. IoT connected devices include Wi-Fi heart pumps and smart beds in the surgical suite. If these devices become compromised through security, a fatality could result. Altering a patient’s records by changing their blood type could result in an adverse reaction after a blood transfusion.
Hollywood Presbyterian Medical Center. The Locky strain of ransomware infected this Los Angeles hospital in 2016. The hospital paid over $16,000 in ransom. More damaging was the news that the breach put the hospital on lock-down because employees couldn’t access their computers. Their radiology and oncology departments couldn’t use their equipment.
Hancock Health, Greenfield, Indiana. Officials paid over $55,000 to get decryption keys to regaining access to over 1,400 files. Although the hospital had backups, officials did not want to risk days or possibly weeks before they regained access to their data.
16 Hospitals Shut Down in the United Kingdom. In 2017, ransomware known as WannaCry creating chaos for hospital administrators, employees and patients. The ransomware even affected their telephone systems forcing employees to use their personal mobile phones. Citizens were advised to use these facilities for emergencies only.
MedStar Network, D.C. and Maryland. The largest healthcare provider in the area, with 10 hospitals and 200 outpatient locations, was hit by a ransomware attack in the spring of 2016. Patient records were locked, and some patients had to be turned away.
2018 and no end in sight. Almost 50 major breaches have been reported by Healthcare IT News.
The Challenges Hospitals Face
First of all, the FBI will continue to monitor ransomware attacks through their Cyber Division. The FBI discourages hospitals and other organizations from paying ransoms – recommending a proactive approach – data backup and a business recovery plan instead.
Challenges include outdated systems and too few experienced cybersecurity personnel. The data is high value on the open market so ransomware intrusions will continue to occur.
Hospitals, rightly so, focus on patient care. But more attention and budget must be directed toward cybersecurity over the next five years. Lagging wages for IT personnel in the hospital industry are a contributing factor.
Many hospitals work on outdated platforms, and they utilize more off-the-shelf software too. Sadly, many hospitals lack the backups they need to protect themselves. Stricter adherence to back up recommendations could stem healthcare facilities from being forced to pay ransoms.
Protect your organization against ransomware attacks by acknowledging the risk, putting a plan in place and then allocating the budget for cybersecurity.
