by Felicien | Nov 30, 2018 | Education
No industry is exempt from data breaches that lead to widespread fraud. However, the healthcare industry faces unique challenges since it is not always easy to determine the impact of the breach on patients as well as the healthcare organizations that serve them. The problem starts with isolating where the hack originated in the first place. With so many organizations having access to patient demographic and insurance data, this can be the most time-consuming aspect of the entire fraud investigation process.
Healthcare: A Unique Form of Identity Theft
Most patients are aware that their healthcare provider and their insurance company have access to their personal medical data. Providers need the information to diagnose and treat the patient while insurers require it to pay the patient’s claims. What many fail to realize is that a large number of third-party organizations could have access to the data as well. Pharmacies, medical equipment providers, home healthcare organizations, and supplemental insurance providers are just some examples of companies with access to patient data.
The problem in healthcare is that a cybercriminal intent on stealing the medical data of another person can piece it together from a variety of sources that the victim of identity theft does not even know to exist. Some in the healthcare IT industry refer to this as synthetic identity theft. By taking small pieces of information obtained from a healthcare report and combining it with information stolen elsewhere, hackers can easily scam the healthcare system. In fact, the problem is so widespread that millions of cases of fraud take place every quarter.
What Healthcare Providers Can Do
No healthcare administrators like to admit that a security breach took place on their watch. It may look to them like hackers gained access to private patient data and then did not use it. Unfortunately, that is rarely the case. Healthcare fraud differs from financial fraud because most criminals go on to use stolen credit, debit, and other banking information right away. With healthcare fraud, they need more time to piece together a forged identity before they start inflicting real damage. The CEOs of healthcare organizations are often too quick to claim that no one used the stolen information in a nefarious manner.
Obviously, it is better for healthcare IT departments to be proactive rather than reactive. This starts with knowing every location of a patient’s healthcare data. For example, a single patient could have an electronic medical record, a paper medical record, new test results not yet transferred to the medical record, and old information stored in boxes or machines that have not been used in years. To prevent medical fraud, healthcare providers must make it a priority to know the locations of all data about a patient and take adequate steps to protect it.
Sometimes health organizations are unaware a breach has taken place until a patient complains that someone used their information to obtain numerous prescriptions or to commit insurance fraud. Once alerted to it, they need to take immediate action to stop the current fraud and prevent it from happening again. This includes taking measures such as strong encryption with medical records and guarded access to paper records.
Besides a lack of inventory, part of the problem is the current patchwork approach to healthcare privacy laws. Organizations should push the federal and state governments to create uniform standards for improved patient protection.
How to Help Patients Protect Personal Health Data
Healthcare providers must work hard to gain patients’ trust in the current climate. One way they can facilitate this relationship is to provide patients with reminders about safeguarding their own information. Here are some typical examples:
Request a new medical card with a different identification number if the original has been lost or stolen
Submit a police report after the theft of a wallet or purse
Report any information on the explanation of benefits forms that appears suspicious such as services the patient does not remember receiving
Check medical records at least once a year to ensure accuracy
Always have the most current copy of medical records available
Providers should also consider publishing an annual notice to members outlining their privacy policy and the steps they take to prevent theft of patient data. Holding open meetings and taking questions from patients is another way to assure them that the organization is serious about protecting them from identity theft in a healthcare setting.
by Felicien | Nov 30, 2018 | Education
In Part 1 and Part 2 of the 2019 Cyber Security planning series, we looked at the evolution of technology and the future of cybersecurity defense systems. There has been a steady evolution of defense options to curtail the rising efforts to commit cybercrimes. In this segment, we look at emerging and enhanced threats moving forward.
Four Primary Cyber Security Risk Areas For 2019
Cybersecurity preparedness relies on year-over-year planning and strategic implementation. That means corporate decision-makers must cull together key staff members who include IT support team leaders, department heads and primary stakeholders. Determined preparation for 2019 relies on a rich, interdepartmental understanding of company goals, system needs and actionable knowledge of cybersecurity policy and protocols.
Knowledge equals power in the cybersecurity sector and arming employees with information about how and why measures are taken to protect vital information remains job one. That being said these rank among the biggest anticipated threats facing companies in 2019.
Ransomware Expected To Thrive In 2019
Cybercriminals have steadily made a shift away from direct systems hacks and are more inclined to plant encrypted files that take over a company’s data and require payment to send a code to unlock them. The FBI reportedly claims that upwards of 4,000 ransomware attacks are carried out every day. That figure is expected to escalate in the coming years.
Most ransomware attacks are conducted by prompting a user to inadvertently click on a malicious link or website that results in infection. Although only a fraction of ransomware incursions are reported, cybercriminals generally ask for $200 to $3,000 in bitcoin payments to send a cure. These are some of the ways an IT support team can mitigate ransomware attacks.
Incident Plan: Create an actionable ransomware protocol that employees can initiate in the event of an infection.
Critical Backup: Allow for multiple backup iterations of data in secure system locations.
Anti-Virus: Maintain cutting-edge preventative antivirus programs and conduct timely system scans.
Restrict Internet: Ransomware attacks commonly occur by employees visiting unsecured sites and opening spam emails. Each workstation requires appropriate restrictions.
Third-Party Risk Heightens In 2019
Consider for a moment that more than half of all breaches are initiated through third-parties, often vendors. Organizations generally have hundreds of business partners on a variety of levels. Many of these enjoy daily engagement through electronics and direct links to an outfit’s systems. From ordering products to pay invoices to basic communication, there could be thousands of points of contact between your servers and third-parties.
Moving forward, hackers will be increasingly targeting vulnerable systems to steal sensitive information to sell or ransom. Companies that do not secure their data at a high level can act as a backdoor into other servers. Once today’s hacker has infiltrated one of your vendors, they can email ransomware and other infections programs undetected. Cyber theft efforts are more likely to be successful because employees open vendor communications with confidence. These are some of the key steps organizations may want to consider for 2019.
Personnel Changes: Work with business partners to communicate staff turnover and take cybersecurity measures to prevent technology access after departure.
IT Glitches: Monitor systems appropriately and avoid support gaps.
Share Responsibility: Develop an agreed upon cybersecurity policy and protocol with vendors and other third-parties to minimize potential cross-company breaches.
Terminate BYOD Policies In 2019
We are all well aware of the headlines regarding high-ranking government officials using personal devices. In many instances, the federal government considers using a personal electronic device for work purposes a direct and discernable security threat. Despite that glaring warning, the number of companies that allow employees to Bring Your Own Device (BYOD) has grown exponentially in the last few years.
The convenience of a values staff member having tangible connectivity 24-7 seems to outweigh any risk. In the past, this policy may not have brought about a negative result. But cybercriminals are well aware that an employee Smartphone is now a doorway into a company’s system.
What makes BYOD even more problematic moving forward is that an average of 22 percent of workers misplaces their electronic device. Compounding that misstep, only about 35 percent use a password or PIN to secure it. This vulnerability does not even account for purposeful theft of a staff member’s device. Businesses would be wise to change course on the BYOD practice in 2019 by taking the following steps.
Stop: End the practice of BYOD entirely.
Company Only Devices: Issue secured company devices that are maintained by the IT support team.
Common Cyber Security Threats Expected To Increase In 2019
Cybersecurity breaches have proven to be costly for companies and organizations in every sector. The loss of time, productivity, and damage to reputation are exponentially expensive. Many of the seemingly low-level nuisances are expected to become high-level threats in the coming years. Decision-makers would do well to address these issues with the same determination as others in 2019.
Flawed Software: Glitchy programs are emerging as a gaping hole for hackers to infiltrate otherwise secure systems. It’s imperative that all applications are patches and updated accordingly. Outdated programs should be promptly removed.
Phishing: A reported 76 percent of all businesses are the target of phishing ploys at some point. It’s imperative outfits train employees to recognize and alert the IT support team when suspicious emails are received. Phishing scams are expected to become more sophisticated moving forward.
Update Passwords: The lack of complex passwords has lured hackers to attempt to breach systems through staff logins. It’s crucial to plan routine password changes at set times during 2019. Company systems should also require passwords to include at least one number and one symbol.
Cornerstones Of 2019 Cyber Security Planning
It takes strong cyber Security planning to minimize the growing threats to innovation, productivity, and profitability. With hackers using every conceivable means to gain access to critical data, it’s easy to lose sight of the forest through the trees. In terms of planning cybersecurity in 2019, an organization’s leadership team would be wise to consider their efforts under these four foundational ideas.
Deter Threats: Consider a 2019 cybersecurity plan in term of its potential success at avoiding data and systems breaches. Ask the simple question: How does this policy or protocol make hacking more difficult?
Protection: When implementing a 2019 cybersecurity plan, it should serve to insulate systems, infrastructure, components and data from intrusion. Does the plan effectively achieve these goals?
Detection: Thwarting a data or systems breach often begins by recognizing the imminent threat. Each facet of the cybersecurity plan should include measures of detection.
Adaptability: Each year, companies across the world take strategic measures to stop cybercriminals from negatively impacting their organization. Each year, hackers counter IT support strategies to commit crimes. A well-conceived cybersecurity action plan should include ongoing oversight, articulate new and emerging threats and have the agility to withstand them and make necessary changes.
It’s essential for an organization to understand cybersecurity as a process. Cybercriminals are continually looking for creative ways to steal valuable data, and industry leaders are tasked with ongoing cybersecurity planning.
by Felicien | Nov 29, 2018 | Education
The integration of the Microsoft (MS) digital ink function and digital pen provides companies with a way to improve collaboration, increase out-the-box creativity, and drive innovation. Have you given thought on how your organization can create better cooperation among your different work teams essential for driving new product development, opening up new markets, or managing workflow? If you have, you need to invest some time and effort learning how digital ink can be of assistance to your company.
About Microsoft Digital Ink
Microsoft digital ink allows a digital pen accessory to write on the surface of a pen-enabled device. These include laptops, notepads, notebooks, and Windows-based handheld devices. This capability allows the creator to share notes, capture your thoughts, and your ideas in real-time. This benefit is of great importance when your team members find themselves limited by space or the ability to use a fully attached keyboard.
You have the need to put together elaborate sales presentations in MS-PowerPoint or jot down quickly a sales quote for a potential customer in MS-Excel. The use of digital ink allows your workers to do this in less time then it takes to format a slide or complete a spreadsheet. It takes their handwritten notes and scribbles and converts them into a presentation that gets attention.
How Digital Ink Creates Collaboration
Imagine a massive project of yours that requires the input of stakeholders from different teams within your company. Accounting for financial projections, engineering for logistical support, and business planning for managing the project’s timetable, all of these disciplines need the ability to communicate with each other to keep the project on time and within budget.
You can take the traditional route of calling time-consuming meetings that require members of the project team to sit in the same room, away from their other duties and responsibilities. Or you can install Microsoft digital pen and allow input and updates come into the project from all over without the need for lengthy meetings or huddles that take time and people resources away from their jobs, reducing their productivity and increasing your costs.
Is Microsoft Digital Ink Easy to Use?
The digital ink application is both intuitive and easy to use. It is a simple plug-and-play application that requires nothing more than the digital pen itself as the peripheral device and a machine that is digital pen enabled. Your end-users will remark at how easy it is to simply draw, doodle, write, and express their ideas in any application using digital ink, and share that information between their colleagues.
The Bottom Line
The bottom line for you and your business is this: your competitors, especially younger entrepreneurs and competitors, are already employing next-generation technology. They are doing so as a way to gain market share and increase their competitive advantage.
You need to up your technology game to hold on to your customers, maintain relevancy, and attract the type of workforce that will grow your business. With so much riding on you and the decisions you make, Microsoft digital pen is a straightforward solution for you to consider and implement company-wide.
You can not afford to stay stuck in old practices in favor of new tools that make life easier for your teams. The investment you make in digital ink will pay huge dividends in the future, regarding better deployment of your people resources and greater freedom to innovate.
by Felicien | Nov 29, 2018 | Education
Guide To Ensure Your Cloud Data Is Properly Backed Up
Cloud storage is a relatively new technology that provides access to data on multiple devices any time and anywhere. Many businesses turning to cloud storage to boost the productivity of their employees. While cloud storage is both convenient and secure, it is not infallible. Therefore, it is important that you take the time to ensure your cloud data is properly backed up. Whether you’re running Google Apps or Office 365, this guide will help you make sure you’re properly securing and backing up the data you have stored on the cloud.
How to Back Up Office 365 Data
To back up your data on Office 365, you need to specify the backup settings in a new profile or in an already existing profile. This profile should have Cloud Apps enabled. Once you’ve done this, inSync will begin backing up the user data in Office 365 according to the backup schedule you specified in the profile. In your profile, you can specify how many times in a day or week inSync should perform automatic backups.
The inSync cloud administrator is also able to back up Office 365 data at any time when needed. The procedure for performing an unscheduled backup of data on Office 365 is as follows:
Go to the menu bar for the inSync Management Console and click Availability > Backup. The Backup Overview page will appear.
Go to the All Data Sources tab and click on the Office 365 device you want to back up.
Click on the button Backup Now.
inSync will then begin the backup of the device you selected. There are multiple pages where you an view the details of the backup. You can see the backup details on the inSync Management Console, the inSync mobile app, and the inSync Client.
How to Backup Google Apps Data
If your organization uses Gmail, Docs, Spreadsheets, and Calendar, chances are you have a lot of important information stored on Google’s servers. Unless you take the time to back up your Google Apps data locally, your organization will be in major trouble if Google loses your data or denies you access to it for whatever reason. Therefore, it is essential that you back up your Google-hosted data on a regular basis.
Unfortunately, it is not as easy to back up data on Google Apps. There are many third-party apps available for backing up data on Google Apps. For example, you can use POP access with a desktop email client to back up the Gmail accounts of your employees. Thunderbird is an example of a third-party application that you can use to back up Gmail accounts. You can use Google Docs Download scripts to back up your documents and spreadsheets on Google’s servers locally.
Backups are essential even if you’re storing your data on the cloud. For more information about how to ensure your cloud data is properly backed up, don’t hesitate to contact us.
by Felicien | Nov 28, 2018 | Education
California’s recently passed privacy law, coming on the heels of similar regulations issued by the European Union, makes it imperative that businesses have clear policies and procedures for collecting, storing and using personal information.
The California Consumer Privacy Act (CCPA), passed in May 2018, is a far-reaching law that covers not only the data itself but also how businesses manage relationships with consumers and third parties. It is similar to but more stringent than, the EU’s General Data Protection Regulation (GDPR), also enacted in 2018.
What Businesses Does the CCPA Affect?
The CCPA applies to any business or non-profit organization (or entity that controls or is controlled by such a business and shares branding) that meets one of the following criteria:
Exceeds $25 million in annual gross revenue
Has personal information on 50,000 or more consumers, devices or households
Earns more than half its annual revenue by selling personal information to a third party
How Is ‘Personal Information’ Defined?
The CCPA takes a broad approach to personal information, including some data that are not typically included in such definitions. Under the act, personal information includes:
Account name
Unique identifier, including cookies
IP address
Email address
Commercial information, such as property records
Biometric data
Internet activity, including browsing history, search history and interactions with websites, ads or applications
Professional and employment-related information
.A provision also covers inferences that could be drawn from any of the other information to create consumer profiles. The law does not include publicly available information.
What Rights Do Consumers Have Under the CCPA?
Consumer rights under the CCPA include:
Data Access. Consumers can request in which categories a company has collected information, the categories of sources of that information and the specific information itself. Businesses also need to divulge the purpose of obtaining or selling personal information. Companies receiving a request must promptly deliver said information via email or mail free of charge. Businesses are required to share information no more than twice annually.
Deletion. If requested, businesses must delete any information the firm has collected and order its service providers to do the same. Data need not be removed in some instances, such as to complete a transaction, detect fraud or use for reasonable internal purposes.
Data Transactions. Businesses must reveal the categories of information sold to a third party and how those match up with the third parties’ information categories.
Opting Out. Consumers can opt out of selling their information to third parties. Those that sell information to third parties must notify consumers and provide them an opportunity to opt out. If a consumer is under 16, the business must receive affirmative consent (e.g., opting in) from the consumer or, if under 13, a parent or guardian.
Non-Discrimination. Businesses may not discriminate against a consumer who exercises these rights, including refusing to sell goods or services, charging different prices or delivering a different quality of products or services.
Does the CCPA Address Data Breaches?
In the event of a data breach, the CCPA provides consumers with a private right of action. That means consumers can pursue statutory damages and injunctive relief if data is accessed or stolen by an unauthorized party. It also allows consumers to take action if the business failed to maintain reasonable security measures.
What Other Obligations Do Businesses Have?
Businesses must post California-specific privacy rights on websites. Those sites must also disclose how consumers can request information and the categories of personal information collected or sold in the previous 12 months. There must also be a conspicuous link titled ‘Do Not Sell My Personal Information.’
Businesses must train employees on the act and consumers’ privacy rights.
How Is the CCPA Different from the GDPR?
The European Union adopted the General Data Protection Regulation that applies to nearly all companies that collect private consumer data on EU citizens. It requires companies to comply with robust data security and management protocols.
While the compliance categories are nearly the same as those under the CCPA, the guidelines are not as well defined, and enforcement is weaker. Unlike the CCPA, the GDPR applies to small and large companies and will likely evolve over time.
What Should My Business Do to Address GDPR and CCPA?
What can your company do to comply with these acts? Here are a few tips:
Create an internal privacy team, responsible for developing and reviewing privacy policies and managing consumer requests
Develop a consumer information policy and processes that include how data is collected, categorized, stored and accessed. Consider deleting private consumer data that is not needed for the business relationship.
Update your website with the required notices, links, and policies that are updated annually.
Evaluate data security, including security policies, backups, encryption and access.
by Felicien | Nov 28, 2018 | Education
Companies that manage data governance well are in a better position to meet data protection and retention compliance requirements and to accomplish their digital transformation goals. Microsoft Office 365 makes comprehensive, streamlined data governance throughout your organization easy, with automation tools for setting policies governing data retention, expiration, and deletion.
The majority of companies already have data governance (DG) policies in place for at least some of their data types and operations departments, though DG is often not comprehensive in many smaller to medium-sized businesses. Many times, informal rules evolve into stricter controls and eventually are formalized as policies.
Here’s some helpful information about data governance in Office 365 and some general advice on DG implementation planning and execution, to help you prepare to formalize your DG program.
What is Data Governance?
Data governance is the management system that ensures the maintenance of high data quality throughout the lifecycle of an organization’s essential data. This includes management of data security, accessibility, integrity and usability.
A proper data governance program has a governing group, a clear set of DG procedures, and an agreed plan for following the procedures.
A company’s procedures for ensuring formal management of its data should include clearly defined practices for monitoring of processes and enforcement of its data protection and retention requirements.
Why is Data Governance Important to Organizations?
The relevance of data governance for general data management and security should be obvious enough. Still, many companies fear to try implementing a data governance program, because it seems too complicated, or because there is a strong sense of uncertainty about the sustainability of such a program as a component of their diverse operational processes.
Data Governance in Microsoft Office 365
Office 365 provides a set of exceptionally intuitive tools to protect your business’s data against security threats, potential accidental leaks or deletions, and other risks to data retention and integrity, and to regulatory compliance. Data governance tools are located in the Office 365 platform’s Security & Compliance Center in Microsoft software products including:
Office 365 Business Essentials
Office 365 Business Premium
All levels of Office 365 Enterprise packages
Exchange Online Plans 1, 2 and Kiosk
SharePoint Online Plans 1 and 2
Skype for Business Online Plans 1 and 2.
Key Advantages of Data Management in Microsoft 365
Easily Assess and Manage Compliance Using Just One Set of Functions.
Microsoft Cloud services allow you to assess compliance risks and increase your data protection by using the Office 365 Compliance Manager. The Compliance Manager enables DG actions in the categories of Ongoing Risk Assessment, Actionable Insights, and Simplified Compliance. Obtain more in-depth information on data protection and compliance through your Service Trust Portal.
Conveniently Govern Data Handling and Protect Sensitive Data Throughout Its Lifecycle.
Implement a comprehensive DG program that will automatically classify and protect valuable data across all of your company’s connected devices, cloud services and apps. Apply encryption, access and retention rules, and other governance strategies to help ensure data compliance, protection and quality.
Leverage Powerful AI to Respond Efficiently to Regulators’ Requests and More.
Use Microsoft Office 365’s robust eDiscovery functions to locate obscure relevant legal information, even amidst unstructured data. Easily acquire insights into all your business’s data-related activities by using Office 365’s comprehensive activity API and auditing tools.
Microsoft 365 Data Governance Features and Benefits
A formal DG program is usually undertaken at the point when a company grows to a size at which the staff can no longer implement cross-functional tasks involving data with the same degree of efficiency that they maintained as a small startup team.
While there will be implementation challenges in the area of team coordination, Office 365 takes the pain out of DG implementation on the technical end. Some of the benefits of using Office 365 Data Governance functionality include:
Automated data classification greatly simplifies rule applications.
Intelligent policies generated through powerful machine learning bring best practices to your decision process.
Built-in DG policies make regulatory compliance quick and straightforward to implement.
Over 80 built-in IDs of sensitive content types do the work of identifying possibly needed categorizations for you.
Automated policies help ensure proper systemic handling of data retention, expiration and deletion.
Policies you set immediately purge redundant, obsolete data and other unnecessary data, and preserve your important data.
You can fully customize your data retention policies, to have your sensitive data handled precisely as you determine it should be.
Your data is classified and labeled, and protected and retained based on the policies you choose, based on varying levels of sensitivity across your company’s data assets.
DG policies set in Office 365 help in regulatory compliance regarding data privacy (like HIPAA, GDPR, SEC regs, etc.).
You can tailor policies for various departments and enforce policies differently for multiple users.
Data preservation lock policies encrypt data and can’t be turned off or rendered less restrictive.
With minimal pointing and clicking, Microsoft Office 365 Data Governance functions can reduce your compliance risks throughout Office 365.
Having a clear picture of what data assets your company owns, and where it is in your system helps ensure compliance and security of your important data.
Challenges in Data Governance Implementation
Implementing DG programs in any business using any technology is not an uneventful undertaking. Some of the biggest problems to smooth implementation include:
Organizational Culture — DG succeeds best in open company cultures wherein fundamental changes are welcomed. DG becomes political, involving redistributing responsibilities. Sensitivity is required.
Upper Management and Budget — Persuading upper management of the need for DG and to allocate sufficient budget for the project can be challenging. Succeed in this before proceeding.
Universal Acceptance — DG requires buy-in from all departments and individuals. Top management and project managers especially must thoroughly understand the technical and business considerations and champion the project.
Standardizing DG — Flexibility is needed to grapple with rapidly-changing requirements. It’s critical to strike a winning balance between the needs of staff to acclimate and the need for a timely transition to full conformance to new DG standards.
Maintaining DG — Be mindful of the need for preventing data mismanagement and imposing repressive policies that are not conducive to a healthy team environment, to sustain long-term success of DG and to promote the overall interests of the business and its team.
Data Governance Implementation Project Best Practises
Data governance is a permanent proposition. Implementation and long-term oversight teams risk participants losing their sense of priority and commitment to the program over time. So, it’s recommended to begin with an application-specific, data-type-specific, or other prototypical introductory project and then continue in phases (of no longer than 3 months each). Keeping the project manageable allows for more natural adaptation and greater confidence in broader adoption.
Common DG implementation steps include:
Analyze the current condition of the company’s data management and data quality.
Define objectives and goals for the DG implementation project.
Ensure that top management fully supports and budgets for the project.
Ensure that all employees understand the importance of the project and support it.
Define roles for parties, including DG strategy steering committee, DG Oversight Board, Data Manager, Data Stewards, Data Owners, Data Users.
Develop a set of data governance program policies.
Create a roadmap for implementation.
Implement the data governance program.
Monitor and enforce the DG policies.
Repeat the above steps each time changes are made that can affect the program.
Final Recommendations for Data Governance Implementation
Before starting DG implementation, reasons for the project should be clarified, to help prevent wasting time on unnecessary tasks. Evaluate current processes and adapt them to the planned new DG requirements, if practical vs. unnecessarily developing entirely new procedures.
Evaluate various data governance platforms and compare the difference in functional blocks for data integration, master data management, metadata management, data integration, data protection and data quality insights.
When you embark on your data governance initiative, avoid reinventing the wheel. As much as possible, use proven implementation methodologies, structural models and best practices already available in software tools, technical information libraries, or Managed IT Services consultants.
