by Felicien | Aug 21, 2018 | Education
Workforce management (WFM) software is an all-encompassing term for mobile and desktop programs that are created to support a business at managing its staff scheduling. The software began in call centers and other service businesses that have a large number of workers who are normally paid by the hour.
Helping a company gain insight to utilize business metrics, WFM software gives management the ability to better judge the number of service agents that are needed or the number of people it takes to make a product within a certain amount of time.
According to Gartner Inc., one of the top research firms, workforce management software has five main roles:
Labor scheduling:
Help administer employees’ skills and compliance requirements more effectively.
Time and work data collection:
Capture and give very detailed information about the best use of labor.
Leave management:
Process paid time-off requests with a keen understanding of the staffing and liability implications.
Task and activity management:
Provide a detailed view of labor-management requirements to help with complex decision making required for activity-based management.
Time and attendance:
Receive feedback from other modules and employ rules alongside the reported times, based on the company’s needs.
Let’s break down the benefits of using workforce management software as your company begins to experience the positives and negatives of growing.
Engaged Employees Lead to a Better Customer Experience
A national poll has shown that 51% of workers in the United States do not feel engaged. These employees cost their employers as much as $300 billion each year, according to that same poll. Forecasting manually may mean your organization is spending too much time scheduling agents at times when they are not needed and not scheduling when they are in high demand. At the same time, it is far easier for you to over- or under-schedule your employees, which then leads to both employee disengagement and, ultimately, customer dissatisfaction.
The use of WFM software for your company has the ability to achieve the following:
Administer work scheduling, paid time-off requests and day-to-day business happenings.
Collect time and labor data.
Evaluate past performance and call volume developments.
Accurately predict staffing and scheduling demands.
Foresee unexpected events which will help you know when to add incentives or give encouragement to your employees.
Add labor flexibility to provide multiple scenarios that simulate future scheduling restraints.
Having accurate quantitative data that WFM software provides will help you assess and understand your employee’s satisfaction and engagement levels. This will ultimately guide you to providing a quality work environment where engaged employees will transfer this positive experience directly to your customers.
The Use of Real-Time Analytics Will Help You Predict the Future More Accurately
As WFM evolves, the next generation of this software will combine real-time, speech, and emotional analytics with agent-enabled workflow engines and computer telephony integration (CTI) applications. What this ultimately means for your business is that it will help managers stay one step ahead of developing situations.
These accurate clarifications allow managers to apply emotional or voice analytics, which can help them better understand what is happening in real-time in the call center. Also, while staying informed about the current work environment, it allows you to include a process that automatically notifies customer agents and gives them suggestions for handling high volumes or escalated customer related issues.
For example, your company has just rolled out a new product that has an unforeseen issue or glitch. The advanced WFM software will be able to detect an issue, alert management, and give up-to-the-minute feedback and advice to the customer service department so they can have ready solutions for the upset customers.
Can Workforce Management Software Help With Compliance?
Having proactive processes that address issues before they emerge, will also allow managers to ensure that the company complies with all call-recording requirements. These requirements include the Payment Card Industry Data Security Standard (PCI DSS), HIPAA, and the General Data Protection Regulation (GDPR). With these requirements and policies always changing, this gives you the peace of mind of avoiding potential penalties in the long-run. The newest workforce management systems guarantee your organization complies with these regulations and has records for all of the calls just in case you get a surprise audit.
Helping Your Business Launch to a New Level
Workforce Management (WFM) is a strategic asset in advancing your business goals of providing the highest-quality customer service at the best rate. In today’s need for quality customer service, interactions take on ever-evolving shapes and forms. WFM creates forecasts and schedules for agents with various skills who are handling customer and employee interactions in a variety of ways. WFM enables managers to create proposed future schedules, agents to bid on the schedules, and managers to incorporate the bids into final schedules.
Conclusion
Having the ability to maintain employee engagement and customer satisfaction will give you the opportunity to focus on the quality of the product or service that you are creating. Ultimately, it provides the needed tools to move your company to the next level. Experience continued growth and success with today’s innovative workforce management software.
by Felicien | Aug 20, 2018 | Education
The increasingly digitalized world we live in has a lot of benefits in business and in relationships, but with it also comes a whole new host of problems, including a rise in API data breaches.
A number of high-profile companies have been affected by API data breaches in recent years, allowing other businesses to learn from their mistakes in regard to cyber attack prevention. It can be difficult to regain public trust once a breach has occurred, not to mention the legal ramifications of not carefully storing your users’ information properly. Performing a vulnerability test on your system can help identify areas of weakness.
Given the vast variety and differences between potential attacks today, there is no easy solution to data breaches, and the right approach to prevention can depend on numerous factors. API security, in itself, is complex, and before you can come up with a good game plan, you must understand what you’re up against. While today’s cyber attackers are finding new ways to infiltrate networks all over the globe, there are a few common attacks you’ll need to keep an eye out for. Familiarizing yourself with these will help you form an effective plan for prevention.
What Are Some Different Types Of Data Breaches?
Data breaches can be the result of a variety of different attacks. Three of the most common include man-in-the-middle attacks, session cookie tampering, and distributed denial of service attacks. Each of these is unique in the way it is conducted, and which type of information may be at stake. Here, we’ll break down what these are and how you can shield against them.
Man-In-The-Middle Attacks
Man-in-the-middle attacks are common in today’s cyber world. In this scenario, there is the victim, the system they are interacting with, and the “man in the middle”, which refers to a person attempting to intercept a victim’s data. In order for this cyber breach to be successful, the victim must not know about the man in the middle. Some tactics man-in-the-middle attacks utilize include IP spoofing, DNS spoofing, Email hijacking, HTTPS spoofing, Wi-Fi eavesdropping, and stealing browser cookies.
The typical MITM attack requires that the attackers gain access to a poorly secured Wi-Fi router, which is commonplace in public areas that offer free Wi-Fi hotspots for guests. This may also be the case in a person’s home, where a Wi-Fi network may not require a password. Once attackers detect vulnerability in a network, they can intercept a victim’s data using different tools, then insert these tools accordingly to gain access to the different sites a user visits. Once the data is intercepted, the attacker will unencrypt the data to gain access to protected information.
Session Cookie Tampering
Cooking poisoning and cookie tampering are used to describe an attack where cookies, or pieces of data stored in a particular user’s browser to track information from websites, are modified to bypass security in hopes of infiltrating a network. A cyber attacker, who is using cookie tampering, might gain access to a user’s account via false information, such as tricking a particular server into accepting the new version of the intercepted cookie once it’s been modified.
It can be fairly easy to carry out cookie tampering if a web developer of the application didn’t carefully store information prior to the attempted attack. This is especially true when key parameters have been labeled and are therefore simple to identify. A strong web application firewall can help prevent cookie tampering by detecting a cookie’s “set” commands and only accepting them if the information held within is verified.
Distributed Denial Of Service Attacks
DDos, or distributed denial-of-service attacks, are also common in today’s digital realm. This is a type of attack in which more than one compromised system attacks a target, causing the denial of service for other users. This type of attack has been utilized by a variety of groups, including individual hackers, government agencies, and even organized crime rings.
Post-Assessment Tips
Once an assessment of your network and potential vulnerabilities have been conducted, you should take the appropriate steps to alleviate the issues found therein.
To begin, start with the basics. Maintaining a solid inventory of your APIs is the first step you should take to ensure you’re protected against attacks in the future. Once you’ve done this, you can begin to develop and implement an effective set of security policies, which can include authentication and authorization, traffic management, and training on how to detect content threats.
You might even consider an API management gateway to up the ante on protection. It is also a wise idea to evaluate your existing platform vendors. Often, third-party vendors represent a weak security link. Remove sensitive data in your API URL path as well.
As you can see, network security requires a layered approach. There are certain techniques that work better for some businesses. A great IT specialist can help you find the best combination to provide your business with a good line of defense against the wide range of cyber threats.
by Felicien | Aug 20, 2018 | Education
A recent breach left the protected health information (PHI) of more than 19,000 patients in Orlando, Florida completely exposed online for two months before it was detected. What is more concerning, however, is why it took the group of clinics involved five months to report the breach to the Department of Health and Human Services, and six months to alert the affected patients.
How the Breach Happened
The Orlando Orthopaedic Center in Florida hired a 3rd party vendor to handle their transcriptions, as do many clinics and health centers. When the vendor was updating their software during December 2017, they made a serious mistake that misconfigured access to one of their databases. That configuration issue left their server open to the public and accessible over the internet. Anyone who desired could access the patient data stored on that server, and they could do so without any authorization needed. It was two months before the mistake was discovered.
Impact of the Breach
This breach left 19,101 patient records seriously exposed, which was not only a major HIPAA violation, but a situation that could easily result in identity theft. Once the breach was recognized, investigators discovered that a great deal of information had inadvertently been made publicly available. This included names, insurance details, dates of birth, medical treatments, employers, and, in a limited number of cases, social security numbers. Fortunately, no financial information (debit card numbers, credit card numbers, bank account numbers, or other financial records) were exposed during the breach.
All patients that received treatment from any Orlando Orthopaedic clinic prior to January 2018 would have been affected by the breach. Investigators were not able to determine if anyone had gained access to what should have been PHI, and none of the affected individuals have, as of yet, reported identity theft or misuse of their PHI. However, the investigators were still unable to rule out the possibility of information theft or unauthorized access to patient information.
Aftermath of the Breach
Orlando Orthopaedic did not find out about the breach until February 2018, two months after it occurred. However, it would be almost six months before the affected patients were notified by mail. The clinics involved have yet to provide a reason for the delay in notification.
As a result of the security breach, Orlando Orthopaedic Center employees are receiving cybersecurity training even though they were not directly responsible for the problem. In addition, the affected clinics are taking additional security measures to ensure that PHI stored both on their own servers, as well as accessible through endpoints, are all secured.
The transcription vendor responsible for the breach has offered all the affected patients one year of free credit monitoring and identity theft protection and restoration services. The vendor has also made changes to their security to ensure that information on their servers remains protected from prying eyes.
In addition, all patients involved have been advised to closely monitor their insurance Explanation of Benefits statements, as well as their other accounts for any signs that their PHI is being used fraudulently. In the event that a patient sees unusual activity, they should notify their insurance provider immediately.
Who Is Responsible?
Even if a 3rd party vendor or business partner is responsible for causing the breach, the healthcare provider is still held legally responsible. In this case, Orlando Orthopaedic is the responsible party even though it was the security of the vendor that was lax, a situation over which they had no direct control. This reinforces the fact that healthcare providers must be thorough in vetting potential vendors.
Concerns about Delays
As already mentioned, it took Orlando Orthopaedic six months to notify their patients of the PHI breach and five months to notify the Department of Health and Human Services Office of Civil Rights (OCR). The OCR should have been notified 60 days after discovery of the breach, according to HIPAA guidelines, not five months. The same deadline applies to notifying patients.
No doubt a fine is to be expected. Presence Health delayed reporting a breach to the affected patients and OCR 40 days past the 60-day deadline. Their fine amounted to $475,000, and was the first case of a HIPAA breach fine for the untimely reporting of a breach of unsecured PHI.
Conclusion
Even if the breach of PHI is caused by the carelessness of a business partner (including 3rd party vendors), the healthcare clinic is still the entity held legally responsible. There is a 60-day deadline for notifying OCR and the affected patients, and failure to meet this deadline will most likely result in a punitive fine. Failure to notify the patients right away can damage the reputation of the healthcare provider. Even offers of credit monitoring and identity theft restoration cannot undo the negative effects of the breach.
by Felicien | Aug 20, 2018 | Education
Girl Scouts of the USA recently announced the addition of 30 new badges now available for Girl Scouts aged 5-18. The new badges were created to address a number of today’s most important social issues, including environmental advocacy, cybersecurity, robotics, computer science, and space exploration, among others.
Girl Scouts of the USA has long served as a means for young girls to acquire life experience and develop a number of important soft skills, which include perseverance and confidence. The benefits of participating in Girl Scouts are proven. According to one study, Girl Scouts are over twice as likely to demonstrate community problem-solving skills compared to those who do not participate.
The Cybersecurity badge, funded by Palo Alto Networks, will introduce the girls to a variety of age-appropriate internet safety and privacy principles. They will first learn how the internet works, then learn techniques to spot, report, and further investigate cybercrime.
Cybercrime is on the rise, and the Girl Scouts are in a unique position to influence young girls all over the nation. According to the FBI’s 2017 Internet Crime Report, cybercrime resulted in more than 300,000 complaints last year with losses reaching upwards of $1.4 billion. Raising awareness about cybercrime is just one step toward combatting the problem, and with the help of their sponsors, the Girl Scouts are on their way toward arming a new generation of young people with the tools they’ll need to make a difference in internet security.
New Leadership Journeys
In addition to the cybersecurity badge, the new badges include two additional Girl Scout Leadership Journeys to help girls on their path to growth. Girl Scout Leadership Journeys involve hands-on activities to help girls utilize their new skills to tackle problems within their respective communities. These programs prepare girls to achieve success in fields like computer science, robotics, and cybersecurity.
Funded by Raytheon, “Think Like a Programmer” offers girls a valuable foundation in computational thinking, which will serve as the basis for next year’s Cyber Challenge, a first for the organization. The Think Like an Engineer Journey will help girls further understand how engineers approach and solve problems.
Phase one of the national computer science program for middle school and high school-aged girls has been run as a pilot in a small group of geographies since earlier this year. The program is expected to expand nationwide in the fall of this year, with select groups of Girl Scout councils piloting the upcoming Cyber Challenge next year in 2019.
Raytheon & The Girl Scouts: A Partnership
Raytheon Company, headquartered in Waltham, Massachusetts, is a leader in technology and innovation in civil government, defense, and cybersecurity solutions. With a history spanning nearly a century, Raytheon operates in more than 80 countries. The company has a long history of partnership with several Girl Scout Councils. It is the inaugural sponsor of the Girl Scouts’ computational thinking program, which will expose the girls to age-appropriate content across areas such as science, engineering, technology, and math.
Although women made up half of the current college-educated workforce, only 29% work in occupations dealing with science and engineering. The new partnership with Raytheon seeks to increase the number of female STEM leaders by encouraging girls to explore an interest in these fields early on. In fact, the Girl Scout Research Institute, GSRI, compiled a report, the Generation STEM report, which determined that 74% of teen girls demonstrate an interest in STEM fields; however, this interest fades as they get older and move on through middle school and high school. The decreased interest is thought to be the result of a lack of exposure to STEM fields in ways that pique their further interest and inspire ambition.
In 2017, the Millennial Cyber Security Survey, conducted by the National Cyber Security Alliance, NSCA, found that the majority of female Millennials said that more exposure to STEM information, training, and classes during their middle school and high school years would have had an impact on their interest in cybersecurity careers. These new badges will strive to empower young girls to achieve their goals across all industries, particularly those currently dominated by males.
History Of Girl Scouts
The Girl Scouts of the US have been making a difference across the nation for nearly a century. The first Girl Scout troop was established in 1912 in Savannah, Georgia by Juliette Gordon “Daisy” Low. Since then, the organization has grown exponentially, culminating into a membership of more than 2.6 million. Today, they continue to operate under the principles of courage, character, and confidence in hopes of making the world a better place.
by Felicien | Aug 19, 2018 | Education
How Can I Keep My Business Safe From an Email Scam?
Recently, small business owner, Phoebe Bell of Sage and Clare, a popular homeware designer business in Australia, opened up about her company falling prey to email scammers. Sage and Clare lost $10,000 from the hi-tech thieves who Bell says were most likely tracking the company’s emails for months.
As they have done countless times before, Sage and Clare placed a routine stock order with an unnamed supplier. In fact, Bell handled the order herself, emailing back and forth with the supplier about the order for several weeks.
In the midst of negotiating the order, the supplier informed Bell they had a new bank account to pay the money into for the order. Again, this was nothing out of the ordinary, Bell says because suppliers often change bank accounts.
After paying the $10,000 into the supplier’s “new account,” Sage and Clare discovered that their business was the victim of a scam, where a third party posed as the initial supplier. The scammers most likely hacked emails and read through the correspondence between Sage and Clare and the supplier, intercepted the specifics, and then redirected the payment funds.
Fortunately for Sage and Clare, they have the capital to recover from this loss. For some small businesses, losing $10,000 would cripple them.
Ms. Bell said that she was both embarrassed and distressed that this sort of thing could happen to her. She thought that she was smart enough to spot a dirty trick like this. When she opened up about the incident online, she found that many others had gone through a similar experience. She says that if someone had broken into her shop and stolen $10,000, the local police would come out and do a full investigation. But since the incident happened online, there’s nothing the police can do. She did report the theft to her bank, the Australian Federal Police, and the Australian Cybercrime Reporting Network (ACORN).
How Can I Train My Team to Spot Hackers?
How can you keep your business safe from these types of email scams? What kind of safeguards can you put in place to ensure that your business does not fall prey to thieves prowling for businesses who practice naive online transactions?
5 Effective Tools to Keep Your Australian Business Safe from Hackers in 2018
Routinely Train Your Employees
Almost 90% of Cyber Attacks are Caused by an employee’s human error or an honest mistake, according to a cyber consultant, Willis Towers Watson. These circumstances are commonly a result of employees giving sensitive information to hackers who pretend to be clients in need of information.
Routinely scheduling an online security awareness training for all your team will keep your company updated and vigilant to fend off hackers.
Improve Your Technology
Having anti-virus software in place to protect your company’s site from viruses and malware is the first step in good cybersecurity.
It is essential to have the software updated on a regular basis. We all get the update software notices, and it’s easy to ignore or delay the update to the next day, week or month. Make sure your IT department stays on top of all updates and patches. This will ensure that each computer is up-to-date.
Here are some questions to ask yourself and your team to ensure you are protected from viruses and malware:
Do we have firewall protection?
Are our passwords strong?
Do we use two-factor authentication?
Being able to confidently answer these questions will give you peace of mind that you are doing your best to keep your business safe from cyber-attacks.
Keep a Tight Rein on Internet Access
This key step is often overlooked by employers but is so important. Your IT department can set up your computers so that they cannot access risky sites. Make sure that important company information can only be accessed by a chosen few.
Another good tip is to make it a practice to stay informed about current online data breach scams. Routinely making a habit of following a blog that reports the latest hacking news will help you stay vigilant.
Don’t Keep Unnecessary Data
It isn’t necessary to store old data or customer information that is outdated or no longer useful for the company. Too often, though, companies don’t take the time to purge old records. Instead, they end up keeping information such as credit card numbers and other sensitive information in their system for customers who are long gone.
When the information is of no further use to your company, have a system in place where it is deleted. This will ensure that you avoid the risk of revealing unnecessary customer information if you are breached.
Adhere to a Phishing Awareness Checklist
Sticking to a protocol of routinely checking off safety practices will keep you aware of potential phishing attacks.
Here are some suggestions of important checklist questions you may want to include:
Do you recognise who’s sending the email?
If not, hover your mouse over the “From:” field to check for the right domain (i.e., an email from Yum Dog Treats should have a domain name of yumdogtreats.com).
Can you identify the sender’s email address?
Don’t open anything when their name is not matched up with the email address. If “Katie Jones” from “Yum Dog Treats” sends you an email, her email address should most likely say something like kjones@yumdogtreats.com, not kjones1989@gmail.com.
Is there an attachment the sender wants you to open?
Be suspicious of all attachments, but especially ones that have two extensions (i.e., file.doc.scr) or small files that are zipped.
Is there a link from the sender?
If so, does the URL convey the message of the email? You can simply hover your mouse over the link to check the URL to read it.
Conclusion
With the current situation, cyber-attacks are increasing dramatically in Australia and around the world. No one is safe. It’s every person’s duty to remain informed and aware of these scams. Ms. Bell learned her lesson the hard way and it cost her $10,000 to do so. You may not be financially able to learn such an expensive lesson.
