by Felicien | Jan 29, 2019 | Education
As technology improves, so does the way professionals use their programming to increase productivity and efficiency. At one time, emails were the preferred communication between colleagues simply because it was the new form of a written message. Over time, people came to see email as being a bit clumsy for informal messaging, as social media and SmartPhones introduced text messages and chat rooms. You wouldn’t send your roommate a formal email to ask whether to pick up an extra coffee on your way home, likewise, it makes more sense to send a text to ask if there are any specific topics to be addressed in the upcoming meeting.
Why Create Teams
The fact is, teamwork relies on communication, and teamwork is a vital aspect of how an office functions efficiently. The definition of your team might vary over time, as it is on one level the entire office staff, but it might also reference your department, or a group of people within that department who are working together on a project. By using Microsoft Teams in conjunction with Office 365, you can quickly choose who to share information with, whether it’s a quick message or a formal document. Unlike email, you can easily choose the team to share with rather than sending the message to everybody on your contacts list who doesn’t need to know about it, or alternately, accidentally leaving someone out who does need to be informed.
Recommended Settings
Like other software, Microsoft Teams has recommended settings which have proven to work best for most offices. The most common initial setting allows only team members to post to the general discussion. This can allow people outside the team to view what’s going on without cluttering up the discussion by adding their own thoughts to a project they may not be working on. Outsiders can still message individual team members with relevant information, and then the member can decide whether it is important enough to post for further discussion. Another way to keep the conversation crisp without unnecessary clutter is to turn off the “@team” notification. Although not a setting, it is important for the team owner to remove accounts that no longer belong, as they no longer need access to your org-wide team.
Conclusion
Microsoft Teams really is a great new program which is changing the way office communication is handled. Although it is much more than social media, to an extent it uses such a concept to bring the ease of communication such sites have incorporated into a professional setting. It makes it easy to share information with the people who need it, without giving it to people who have no interest or leaving anyone out of the loop who does need to know.
by Felicien | Jan 28, 2019 | Education
There is no better time than Jan. 28 to turn your attention to the importance of data privacy and all that it entails. During National Data Privacy Day, numerous businesses, nonprofit organizations, government entities, and individuals will come together to spread awareness about safeguarding data, protecting privacy, preventing information theft, and other issues that affect managers, owners, employees, and consumers alike.
What is Data Privacy Day?
Data Privacy Day is an international effort held annually on Jan. 28. The purpose is to create awareness about the importance of privacy and protecting personal information. Many people are unaware about how their personal and professional data is shared and don’t take the necessary precautions to protect it, leaving themselves and/or the organizations they work for vulnerable. Data Privacy Day helps spark a necessary dialogue that educates business professionals and organizations, giving them a sense of empowerment as well as practical knowledge about which best practices should be implemented. This year’s theme is “Respecting Privacy, Safeguarding Data, and Enabling Trust.”
The Data Privacy Day campaign was initiated in North America in January 2008 as an extension of the Data Protection Day observed in Europe, also on Jan. 28. According to the National Cyber Security Alliance (NCSA), Data Privacy Day “commemorates the Jan. 28, 1981, signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection.”
In 2014, the 113th U.S. Congress adopted a resolution expressing support for the designation of Jan. 28 as National Data Privacy Day, according to the NCSA. In the states, the National Data Privacy Day campaign is spearheaded by the NCSA, a nonprofit entity founded in 2011 that works with the Department of Homeland Security along with a number of private sector sponsors. The NCSA is advised by a distinguished advisory committee, whose members include experienced privacy professionals that help keep the campaign aligned with the most current privacy issues “in a thoughtful and meaningful way,” according to the NCSA. Although Data Privacy Day is perceived as the signature event sponsored by the NCSA, the organization is involved year-round in a comprehensive effort aimed at privacy awareness and education.
Why be involved in Data Privacy Day?
Any person or entity across any industry can be involved in the Data Privacy Day campaign. This includes businesses of all sizes; government organizations; nonprofit organizations; schools/school districts and other educational institutions; and individuals and sole proprietors.
Participating in this international initiative is a way to demonstrate your support and dedication to the idea of empowering businesses and individuals to take this issue seriously and giving them the tools to be part of the solution. Getting involved is as simple as signing up online. Upon signing up, your name, as an individual, business or other professional entity, will be added to the Champions page. You also will receive resources, such as the #PrivacyAware Toolkit, to help you disseminate awareness and information throughout your organization, as well as the larger community that you serve. The toolkit includes templates for a press release and email; sample social media messages; and digital graphics to use online and in other promotional materials. These items can be used among stakeholders to create dialogue about advancing data protection and privacy.
You can also follow the Data Privacy Day Facebook page to stay abreast of any news or updates.
What does Data Privacy Day entail?
During the day of Jan. 28, the NCSA will provide access to the live streaming of a special Data Privacy Day event, titled A New Era in Privacy, which will be hosted by LinkedIn in San Francisco. During the event, privacy leaders with diverse perspectives will discuss how the technology landscape is rapidly changing and provide insight on what opportunities and challenges are likely to crop up in this new era in privacy. Presentations will come from representatives of the NCSA, LinkedIN, the Federal Trade Commission, Verizon, and other industry leaders.
Data Privacy Day is also a good opportunity to discuss security tips and best practices with your staff and/or IT consultants. Find out if there are any new regulations governing the handling or transmitting of data, discuss any current cyber-security threats, put together a plan for dealing with a data breach, and collaborate on any further steps required to better protect private information.
How are you protecting your data?
Managed Service Providers (MSPs) with an expertise in IT can help you achieve the important mission of protecting your business or organization from unauthorized access to important information, identity theft, data loss and other potentially crippling events. They offer a number of technology-related services to help you with systems analysis, email security and archiving, mobile device management, keeping software up to date, web filtering, using firewalls, and other IT solutions.
Implementing these practices can help you encrypt data, mitigate the risks related to electronically transmitted communications, and comply with laws and regulations pertaining to the use of technology. Additionally, IT management companies and consultants can assist you with network monitoring and maintenance, which prevents smaller issues from causing your organization to lose productivity, experience data loss, or suffer financially in a more significant way.
by Felicien | Jan 28, 2019 | Education
As a business owner, one of your most pressing concerns should be improving the technology that drives your business.
There are so many reasons to care about your company’s IT. Here are just a few:
Your customers and clients will inevitably want better technology
Your employees need it too to do their jobs
Cyber hacking is a mounting threat
The advance of programming and storage services is getting hard to keep up with
Knowing this, you’re saddled with an important question: Will you hire an in-house IT department or will you outsource?
In this article, we’ll be making the case for the latter. Outsourcing IT is simply the way of the future. An increasing number of businesses and organizations are finding that it gives them more freedom, saves them money, and improves their technology by leaps and bounds. There are nearly no drawbacks.
If you still need more convincing, we get it. Below, we’ve listed the top reasons why outsourcing your IT is a wise move for any business. But first, let’s talk about what outsourcing really means and how to find the best IT service provider in your area.
What does outsourcing IT really mean?
As with any other type of outsourcing, outsourcing IT simply means hiring a separate company to handle your business’s IT services. They’ll be there when you need them, and when you don’t — you don’t have to pay them. Often, outsourcing means “on call.”
Furthermore, the business you’ll hire only focuses their services on IT. All of their technicians will work full or part-time providing better IT for other businesses (like yours).
Some IT companies help specific industries. For example, one IT company may focus solely on assisting medical providers with the best quality IT services. They will know the ins and outs of cyber security measures for hospitals, doctors’ offices, and emergency care centers. Other IT companies have an even more specific subset of customers. For example, there might be an IT company who only handles the IT services for dentists.
This specific focus on a unique industry allows these companies to know everything there is to know about the industry. Of course, this benefits you, the business owner, most of all.
Generally speaking, outsourcing is a way for you to only use the IT services that you actually need from a professional IT company. Most of the time, IT service companies provide different tiers of service so that you can choose the amount of care you’ll need for your business. Companies that offer these services are particularly called MSPs or managed service providers. They do not work directly for your company in that they are not on your payroll, nor do they have offices within your business. But they completely manage your business IT services.
As your business grows, you may go up a service level tier. This will be up to you and the contract you form between you and your IT service company.
How do you locate an IT service provider?
If possible, you want to find an IT service provider who caters to your industry specifically. Again, not all IT companies provide services for a particular sub-industry, but this is common in many industries, such as the following:
Law (lawyers and legal practices)
Hospitals and medical practices
Dental practices
Schools, colleges, and universities
Manufacturers
Transport companies
When you find several IT support companies who fit the bill for your particular business, make sure to interview them. Ask them the important questions. Here’s a list to get you started:
How long have you been in business?
What types of businesses do you primarily serve?
How many businesses are hiring you right now?
Can I speak to any of these businesses? Or to past clients who were happy with your service?
What levels of service do you offer?
What do your contacts look like?
What type of service am I going to get if I have a troubleshooting problem and need help immediately?
Will someone specific be managing my account?
What types of service don’t you provide? (Often, it’s better to ask what services are not included.)
Top reasons why outsourcing IT services is a great idea
Hopefully, you’ve already been convinced as to why outsourcing IT is smart for virtually every type of business, but let’s break down the specific reasons below:
1. You’ll save money: You won’t be paying an in-house IT team to do nothing, waiting for you to need their assistance.
2. You’ll have access to the best talent: IT companies only do IT. They hire professionals who love technology and staying up-to-date with the latest advances in cybersecurity, software, and hardware.
3. Ideally, you’ll find a niche company who only serves your industry: Again, if you are in one of the larger industries that IT companies may focus on, you’ll have unique care for your business that you won’t find anywhere else. These companies know everything there is to know about the programs and software that you use internally and with your customers.
4. You’ll improve your security by leaps and bounds: In this day and age, hackers are coming up with all new ways to attack your online stored data, steal your information or hold it ransom, and take down your business. A professional IT service company knows how to combat these hackers and stop a breach of your security, ideally before it starts.
Looking for an IT company in your area?
As you start the search for IT companies and managed service providers in your area, be sure to talk to other businesses and organizations who outsource their IT. You can also search the web and start reading reviews of MSPs or IT service companies in your area. Often, these companies work from a central location in a city, but if you are in the suburbs or the outskirts of a larger city, most managed service providers will include you in their service area.
Doing your research is always wise when it comes to outsourcing. While hiring out your IT services is definitely the way to go, the outcome will also depend on how much effort you put into finding the best company for the job.
by Felicien | Jan 28, 2019 | Education
2018 turned out to be a year of record fines for HIPAA violations. Over $25 million in fines, with the mean fine being just over $2.5 million. Could your medical entity bear that financial burden? Would it suffer irreparable harm from the adverse publicity? And just what violations did these healthcare entities do to get scrutinized, investigated and penalized?
Since 2016, settlements and fines from the Department of Health and Human Services’ Office for Civil Rights (OCR) have risen substantially. Healthcare entities should expect that this trend may continue and remain committed to avoiding HIPAA security breaches, negligence and failure to follow long-standing policies.
2018 Review of OCR Settlements
Whether your business is a smaller, private entity or a large, public entity, OCR investigations are expensive and potentially damaging to your business’s reputation. Prevention is our best defense – don’t let these errors happen.
Fresenius Medical Care North America. $3,500,000 – Settlement. Risk analysis failure. Impermissible disclosure of ePHI. No policies covering electronic devices. Insufficient encryption; inadequate security policies; inadequate physical safeguards.
Filefax, Inc. $100,000 – Settlement. Unauthorized disclosure of PHI.
University of Texas MD Anderson Cancer Center. $4,348,000 – Civil monetary penalty. Impermissible disclosure of ePHI. No Encryption.
Massachusetts General Hospital. $515,000 – Settlement. Filming patients without consent.
Brigham and Women’s Hospital. $384,000 – Settlement. Filming patients without consent.
Boston Medical Center. $100,000 – Settlement. Filming patients without consent.
Anthem Inc. $16,000,000 – Settlement. Risk analysis failures. Inadequate review of system activity. Failure to respond to an identified breach. Lacking technical controls to thwart unlawful ePHI access.
Allergy Associates of Hartford. $125,000 – Settlement. PHI disclosure to a journalist. No sanctions against an employee.
Advanced Care Hospitalists. $500,000 – Settlement. Unauthorized PHI disclosure. No BAA (business associate agreement). Deficient security measures. No HIPAA fulfillment efforts before April 1, 2014.
Pagosa Springs Medical Center. $111,400 – Settlement. Failure to end employee access. No Business Associate Agreement (BAA).
Don’t forget about your State’s Attorney General’s Office
Medical entities also saw a rise in fines/monetary penalties from state attorney generals. While the penalties are not always for HIPAA violations, they are still a distraction from your healthcare entity’s mission statement, requiring employees’ time and financial resources devoted to defending you against violation of state laws and HIPAA violations. Some states have become more aggressive in enforcement of HIPAA violations. The Northeastern states – New Jersey, New York, Massachusetts, Connecticut and the District of Columbia – have stepped up their enforcement efforts along with Washington State (who has yet to announce a settlement amount with Aetna). Defendants in these actions include insurance companies, hospitals, medical groups and even a transcription company.
State settlement amounts have ranged from a low of $75,000 to a high of over $1,000,000.
Common sense and training along with competent managed IT services will help ensure that your business is at decreased risk of HIPAA fines and penalties.
The deeper your understanding of the scope of potential HIPAA violations, the less likely you’ll be guilty of violating patient privacy. The Department of Health and Human Services publishes OCR news and bulletins on its website. Details of every action are published on a timely basis, including a PDF of the resolution agreement.
Make it a point to review the OCR website on a monthly basis. This site will provide insight into the actionable behaviors that employees or departments may commit.
Many of these offenses seem obvious in retrospect. Ensure that every employee understands these simple violations.
Business associate agreement. Ensure that BAA agreements with outside vendors are properly executed and that the vendor owner (or their authorized agent) knows of this agreement.
Terminated employees. Have a written policy regarding terminated employees so that their access to confidential patient information is terminated immediately. Your HR department and IT services vendor should work in unison to change passwords/deny access as soon as the employee leaves or is terminated.
Filming patients without consent. Don’t be lured into a major HIPAA violation by television and documentary filmmakers. While upper management and the CEO may feel that being featured in a TV series will bring prestige and goodwill to the facility, patients don’t feel that way and are protected by HIPAA.
Healthcare entities must be proactive in protecting data. Seemingly simple violations like insufficient encryption, no response to a breach or not providing HIPAA training to employees are not a viable excuse to OCR or state attorney generals.
Cybersecurity may be seen as a burdensome expense – protection of data is expensive, but it protects your business’s ability to recover in the event of a natural disaster or ransomware attack. Many of these settlements and penalties resulted from simple mistakes which would not have been costly to avoid. Be proactive and develop a plan to avoid expensive, avoidable HIPAA violations.
by Felicien | Jan 28, 2019 | Education
Accidentally deleting a file or folder was once something that could ruin your entire day, week, or month even — maybe even your career. All that work put into it. Countless hours put into it. And then: gone. Fortunately for those of you using Microsoft OneDrive for professional, personal, or academic reasons, there may be a way to retrieve and restore files or folders that were deleted. The same is true if your files or folders were overwritten, corrupted, or infected by a virus or malware. Depending on your subscription, you may have two methods to recover files: (1) restore files from the Settings page; or (2) restore files from the Recycling bin.
Files or Folders Recovered Using Settings
From your OneDrive website, you will want to follow the next steps in order.
Select Settings, which is the gear symbol in the upper right corner of the page — usually between the bell indicating notifications and the question mark for help.
From the Settings sidebar, scroll down until you see Restore your OneDrive.
The Restore your OneDrive page will open. Under Select a date, use the dropdown menu to select your option: (1) One week ago; (2) Three weeks ago; or (3) Custom date and time. If you choose Custom date and time, you will be provided with a chart. Simply slide the bar to indicate the days.
Click the Restore button.
All your files and documents from that time period will be restored.
If this option does not seem to work, there is another way to recover deleted files or folders.
Files or Folders Recovered Using the Recycling Bin
From your OneDrive website, follow these steps.
In the navigation pane, select Recycle bin.
The Recycle bin will generate a list of files and folders. If you use a work account, you have only one option for file recovery, but if you use a personal account for work, you have two options.
For work and personal accounts, simply select the circle checkbox to the left of each entry you want to restore. When you select the circle check box, the header will change. Once all entries are selected, click on the Restore button in the new header.
For personal accounts, you can also restore all items at once by clicking on the Restore all items button in the original header.
Things to Consider about Recovery of Files or Folders
Keep in mind that you can only recover files or folders in the Recycle bin so long as the files or folders have not been permanently deleted. Typically, files only live in the Recycle bin for 30 days for personal accounts or 93 days for business accounts — unless the administrator for business accounts changed the setting for a shorter or longer period. Once the time limit is reached, the files are automatically deleted. Files can also be automatically deleted within three days if the Recycle bin is full, at which time the oldest items are deleted first.
It is also important to note that if you want to restore a file to a specific version, File Restore cannot do so if version history was turned off. It is a good idea to always keep version history on while you work.
In summary, when using OneDrive, you have the potential to restore a file or folder that has been accidentally (or in some cases, intentionally) lost. The key is knowing the functions of your Microsoft subscription. Need more tech tips? Return to this blog. New tips for your OneDrive subscriptions and other tech needs are posted regularly.
by Felicien | Jan 25, 2019 | Education
In March 2018, Alabama and South Dakota passed laws mandating data breach notification for its residents.
The passage meant all 50 states, the District of Columbia and several U.S. territories now have legal frameworks that require businesses and other entities to notify consumers about compromised data.
All 50 states also have statutes addressing hacking, unauthorized access, computer trespass, viruses or malware, according to the National Conference of State Legislatures (NCSL). Every state has laws that allow consumers to freeze credit reporting, too.
While those milestones are notable, there are broader issues when it comes to legislative approaches to cybersecurity across the United States. There are vast discrepancies and differences among states when it comes to cybersecurity protection.
What Laws Are on the Books About Cybersecurity?
In 2018, there were more than 275 cybersecurity-related bills introduced by state legislatures in 33 states, Washington, D.C., and Puerto Rico. The legislative action covers a broad range of cybersecurity topics, including:
Appropriations
Computer crime
Election security
Energy and critical infrastructure security
Government and private-sector security practices
Incident response remediation
Workforce training
For companies, especially those that work across state lines, the variances among state laws creates a challenge in tracking requirements and remaining legally compliant.
For example, while most states require immediate notification of a data breach “without unreasonable delay,” the deadlines are varied. Nine states require notification within 45 days, South Dakota allows 60 days and Tennessee allows as many as 90 days. In addition, most states require written notification while some allow for notification via telephone or electronic notice.
While states have focused much of their recent legislation on data privacy, there are many other components of cybersecurity. Again, there is no uniformity. In fact, most states do not have laws about other important cybersecurity issues:
Half the states have laws addressing denial-of-service attacks.
Just five states explicitly cite ransomware in statutes.
Phishing laws are in place in 23 states and Guam.
Twenty states, Guam and Puerto Rico have laws regarding spyware.
While broader laws addressing malware or computer trespass may be used to prosecute some of these attacks, the discrepancies further illustrate the different approaches and terminology states use.
What States Have Strong Data Privacy Laws?
Here are a few examples of states that have strong legal provisions within their cybersecurity and privacy laws:
Arkansas. Parental consent is required before student information can be shared with government agencies.
California. The state passed sweeping data privacy laws in 2018 requiring businesses to inform consumers of what personal information is being collected, disclosed or sold. The law, which goes into effect in 2020, contains provisions giving consumers the right to opt out of having their data sold to a third party. California is the only state with a constitutional declaration that data privacy is an inalienable right.
Delaware. Recently passed laws restrict advertising to children and protect the privacy of e-book readers.
Illinois. The state is the only one to protect biometric data.
Maine. It’s the only state that prohibits law enforcement from tracking people using GPS or other geo-location tools on computers or mobile devices.
Utah. The state is one of only two that requires ISPs to obtain customer consent before sharing customer data.
What States Have Weak Data Security Laws?
Despite the growing legislative controls on cybersecurity issues and public expectation for data privacy, there are many states that have laws that are lacking, including:
Alabama. There are no laws on the books that protect the online privacy of K-12 students.
Mississippi. To date, no laws exist that protect employee personal communications and accounts from employers.
South Dakota. Companies can retain personal information on employees indefinitely.
Wyoming. Employers can force employees to hand over passwords to social media accounts.
How Long Does a Company Need to Retain Personal Identifying Information?
Many companies struggle knowing when or if to hold onto personal information on consumers. The challenge is that laws vary greatly from state to state. As of January 2019, according to the NCSL, only 35 states have laws requiring businesses or government entities to destroy or dispose of this data at all.
Of those 35 states:
Only 14 require both businesses and government agencies to destroy or dispose of data.
Virginia requires government agencies only but excludes businesses.
Nineteen states do not require government agencies to dispose of or destroy personal information.
Where Is the Federal Government in Cybersecurity?
The federal government has many laws and rules regarding cybersecurity, from HIPAA to the Cybersecurity Information Sharing Act, which allows for the U.S. government and technology or manufacturing companies to share Internet traffic information.
Other proposed legislation has hit some roadblocks. Take the Data Acquisition and Technology Accountability and Security Act, which would have established a national data breach reporting standard. State attorneys general strongly opposed the legislation, introduced in March 2018. The 32 state AGs argued that the bill would weaken consumer protections, make state laws stronger, and exempt too many companies.
For companies, the variances from state to state present a complex technical challenge. To remain compliant, they need policies, tools and solutions that ensure data is protected and secure.
Managed service providers (MSPs) offer a powerful option to address many data issues. MSPs provide cloud-based, off-site, secure data storage and automated backups. Data, systems and networks are monitored 24/7 to detect and remove unwanted activity. The advanced firewalls, enterprise-strength anti-virus tools and employee education that MSPs provide help maintain compliance and keep data safe from the attacks that trigger responses.
The growth of state legislation to address cybersecurity issues is welcome. The challenge for companies is finding a reliable solution that allows for responsive and responsible action.
