by Felicien | Aug 24, 2018 | Education
What’s A Blockchain?
A “blockchain” is basically a financial record similar to that of a spreadsheet, only for bitcoins and other forms of cryptocurrency available publicly and online. As the use of cryptocurrencies has evolved, it has created some innovative business opportunities. According to MIT Technology Review, the transparency and trust created through them have increasingly facilitated trade across the world in a number of ways.
First of all, they are publicly available, and access to the records is superior to that of public access to annual company reports. Many organizations do not produce annual reports out of a lack of obligation. The extent of transparency and detail in blockchain records generally exceeds those provided through annual reporting methods. This can allow investors to have more insight into trends and opportunities for investment, trade, and other forms of business growth.
The Rise of Bitcoin and Other Cryptocurrency
Bitcoins are the most common form of cryptocurrency recorded in these newer and more unique forms of financial transactions. They were initially used in 2009 with some trepidation, but have become so popular that, today, you’ll find hundreds of different forms of digital currency, now generally referred to as cryptocurrency.
Soon after the bitcoin was introduced, people began developing cryptography tools for public use, including the blockchain. Cryptocurrency was considered valuable because it provided a global means of completing financial transactions. Due to the complex nature of the bitcoin, it is nearly impossible for individuals or organizations to spend the same bitcoin currency twice.
This successfully addressed the previous challenges with digital currencies and effectively removed the demand to establish and maintain a central authority to mediate such electronic exchanges. Cryptocurrency transactions can be difficult or impossible to trace. That’s why they’re most often used by hackers when requesting ransomware payments from their victims.
Approximately two years after introduction, bitcoins grew from novelty to the preferred payment method in online commerce. “Altcoins,” a comparable cryptocurrency, were developed after bitcoin as an alternative form of digital currency but used the same open-source code for bitcoin. There were some slight differences between the two.
At this time, approximately $1 billion dollars’ worth of bitcoins and other cryptocurrencies are in circulation. Developers realized that blockchains could be more useful to other areas of common business operations as well. Normal steps in the development and use of a blockchain include the establishment or creation of a business transaction. This most often involves the sending of a form of cryptocurrency in exchange for a product or service. They’re also used for all types of investment and financial transfers.
The placement of a line of code representing the transaction as a ‘smart contract’ is initiated when specific conditions are met within the program. The sending of a broadcast to an access network on nodes and the ongoing listing of node subsets are referred to as ‘blocks’ within a ‘chain.’
More on the steps in the creation of blockchains and their history is available through MIT Technology Review.
What Other Uses Does It Have Currently?
With the fundamental added advantages of business transparency and prediction potential, blockchains have created exciting new business opportunities. According to Ignite, as their popularity has grown, they have affected a range of indirectly related aspects of business ranging from the manners by which banks transfer money to how medical records are handled.
Also referred to as ‘shared ledger technology,’ the transparency and trend perception is expected to become commonplace for the majority of business transactions. With over half of businesses now using them, increased opportunities for investors and small businesses, in general, are expected to escalate for an overall positive economic impact.
The use of cryptocurrency increases competition, diversification of products and services, and increased trade opportunities around the globe.
An example of improved business opportunities on a larger scale is the case of the New York City Depository Trust and Clearing Corporation, which began to use blockchain to more successfully facilitate their transactions. Experts attribute this to the success of $11 trillion dollars’ worth of transactions funneled through cryptocurrency technology.
More specific business uses include their infiltration into the banking system, once hesitant to use this form of digital currency. Cryptocurrency was originally thought to be unstable, as it was not backed by gold or other tangible assets. But today, many financial institutions have accepted the use of digital currency due to the increased speed and safety in making financial settlements.
Additionally, other organizations can increase efficiency by using the smart contract in the automatization of their agreements, with high potential for increased speed especially applicable to supply chain management and manufacturing. In addition to transparency, there is increased accountability, helping organizations to experience increased security over previous forms of common practice in transactions and records. This is why, as introduced above, the technology is even beneficial to the healthcare industry and medical records. More on how these areas, communications technologies, and other industrial developments can benefit from blockchain is available at Ignite.
According to The Economist, blockchain and smart contracts have even benefitted the way companies pay employees, the nature of cloud storage, and electronic voting. It seems increasing use and development continues to give rise to further opportunities, as organizations realize the potential benefits of using cryptocurrency and block chains over traditional financial transactions.
Can You Use Blockchain?
If you have the resources and other means required for conversion, your organization could benefit from blockchain if you are seeking increased security or efficiency in:
Banking transactions
Medical records
Manufacturing or inventory records
Communications records
Employee payments
Electronic voting
Cloud storage records
Even if your organization does not have a strong emphasis in any of these areas, the increased transparency and universal appeal of cryptocurrencies may be sufficient to warrant gradual integration.
by Felicien | Aug 23, 2018 | Education
As of 22 February 2018, the Notifiable Data Breach (NDB) scheme went into effect and included in its requirements is a mandatory data breach notification. Failure to correctly notify those affected by an eligible data breach can result in fines of up to $2.1 million, besides potential compensation for affected individuals. There are certain things that every Australian organisation needs to be aware of when it comes to mandatory breach notification.
To Whom Does It Apply?
The NDB scheme applies to organisations and agencies that have personal security information obligations under the Australian Privacy Act 1988. Such organisations and agencies include businesses, health service providers, credit reporting agencies, Australian government agencies, TFN recipients, and not-for-profits with an annual turnover of $3 million or more.
If an organisation …
Collects personal information,
Receives personal information on behalf of clients,
Processes personal information on behalf of clients,
Or holds personal information
Then they can be impacted by the NDB scheme.
If a breach occurs, the organisation and everyone involved in the chain can be affected, including marketers, data providers, brands, agencies, and similar partners. In addition, if an organisation has clients, those clients may impose notification requirements to make sure they are in compliance with their own NDB obligations.
What Is an Eligible Data Breach?
Data breaches refer to unauthorised access of, the disclosure of, or loss of an individual’s information. If a data breach involves an individual’s personal information and this breach is likely to result in serious harm to said individual, then that breach must to be reported. This type of data breach is referred to as an eligible data breach. Note that there are, however, some exceptions to the notification obligations.
What Constitutes Serious Harm?
While no hard and fast definition of “serious harm” has been provided, it is reasonable to assume that any type of harm – be it physical, psychological, or financial – would likely fall under the category of serious. This is especially true of information of a sensitive nature or involving an individual’s health. For example, loss of information involving medical allergies could result in life-threatening circumstances for an individual in a serious accident, or unauthorised access to financial information could result in identity theft and financial loss.
What Should Be Done When a Data Breach Is Suspected?
If a data breach is suspected, there are four key steps to be followed: contain, assess, notify, and review. Of course, as soon as a data breach is suspected it should be contained to prevent any additional compromise of information. Next, it should be thoroughly assessed by determining who was affected and what data was compromised, followed by risk assessment and, if possible, remediation. The third step is notification. The final step is a review of the incident and developing a plan of action to prevent a similar breach from occurring again.
Who Needs to be Notified?
According to the Office of the Australian Information Commissioner,
“The NDB scheme introduced an obligation to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm.”
In addition, the Australian Information Commissioner must also be notified of the breach, and this information can be submitted via an online form.
When Must Notification Take Place?
Notification must take place as soon as the organisation can determine what information was compromised and who was affected.
What Information Must Needs to be Included?
The following information must be included as part of the notification:
The identity and contact information for the organisation
A description of the data breach that took place
The type of information that was involved in the breach
Recommendations as to what steps the affected individual should take as a result of the breach
In terms of notifying individuals, there are two basic options available as to how the notification should take place: either notify all individuals or notify only the individuals who are at risk of serious harm.
If it is not practicable to notify individuals, then a statement about the breach can be published on the organisation’s website and then publicised.
What Happens When an Organisation Fails to Notify?
If an organisation fails to notify the affected individuals and the Australian Information commissioner of an eligible breach, fines of up to $2.1 million are possible. However, there is also the possibility of compensation for affected individuals if there is a privacy compliance failure. Compensation averages between $10,000 and $15,000 per individual if their complaint is successful.
Conclusion
Mandatory data breach notification is a critical part of the Notifiable Data Breach scheme, and failure to comply with notification requirements can result in hefty fines and compensation for those affected. If you are an organisation in Australia that deals with any type of personal information, then you need to know what your responsibilities are and how to respond should an eligible data breach occur under your watch.
by Felicien | Aug 23, 2018 | Education
What Is UEM and Cloud Security?
As technological devices continue to diversify, there is increased demand for streamlining control systems for security. According to Techopedia, Unified Endpoint Management (UEM) is a new digital system that integrates the range of devices that are available for use now, combining this wide range of software within a single organized program for increased efficiency and effectiveness.
The system can, therefore, be used to improve control over computer systems used in workplaces, smartphones integrated with business systems and other “Internet of Things” (IoT) or online devices that may be used for some aspect of business or system operations. Combining all of these controls into a single system makes it more convenient for administrators to use and oversee, thereby making them safer.
With concepts such as “bring your own device” (BYOD) now in existence for increased employee convenience analogous to the introduction of “plug and play” technology in the past, there is a greater potential for attacks and thus, an increased demand for better security.
UEM systems have increased capacity to control endpoints in comparison to previous system designs and can work to have more proactive strategies in place to accomplish this. UEM practices now include security embedded within request processes, cross-functional strategies, cross-platform designs, and increased capacity to streamline cloud security. UEM can, therefore, be highly useful in helping to simplify a diverse range of security needs in the cloud.
The Origin of Cloud Computing
Cloud computing has been around for some time, and its security demands continue to diversify. According to Pianese’s 2010 study, cloud computing, as the practice of using remote rather than local servers in a network hosted online to manage information, has demanded programs emphasizing control. It requires policies that provide improved information integration.
In the past, there was no system capable of integrating the range of cloud resources in existence. Therefore, system administrators were unable to experience the extent of flexibility and efficiency available with streamlined systems. The author of the study reported on his research team’s efforts in assessing the significance of establishing and improving virtual distributed operating systems for cloud computing. UEM can now address these through meeting the demands for elasticity, fault tolerance, and autonomous decentralized management.
Can UEM Better Address Modern Cloud Security Demands?
As both cloud security demands and technological diversity increase, UEM can help to streamline cloud security and its growing needs. According to SecurityIntelligence, cloud computing, the diversity of technological devices, and the IoT continue to expand in both hardware and software types. This has increasingly given hackers new opportunities for exploitation. There is an ever-growing need for better security all around.
With this, it has become more difficult for business leaders and IT specialists to maintain tight security over the extent of otherwise effective new programs and efficient integrations of hardware that can be networked through a cloud. In addition to the software security demands, the technological improvements challenge the development and maintenance of relevant policies that are developed for these purposes.
Businesses generally require policies to address technological aspects before software is installed that address specific security needs. It can be challenging for businesses to keep up with the extent of new devices that are available for networking, especially when projects or outsourcing changes frequently.
UEM has been increasingly sought to address all of these demands, because it was designed to streamline old and new software and hardware capacities within an IT network, combining the entirety of endpoints. The system, therefore, allows organizations to integrate desktop systems, networked laptops, smartphones, tablet devices, and the range of users and apps (including relevant content) that potentially operate within a network into a single security system for network administrators or others supervising and securing the company technology.
Improved Productivity and Efficiency
With UEM, in addition to the increased efficiency in streamlining cloud security, organizations can experience improved productivity or output. Infrastructures previously considered complex through wide distribution can be more efficiently managed through the centralization, thereby freeing company resources to focus on output. Through this, end-user productivity can be increased as IT management costs are reduced. This approach is regarded as superior to other strategies or models focusing on disparate point solutions, as the latter involves greater demands for costs and resources amid lower levels of efficiency.
Beyond these fundamental advantages, UEM:
Uses containment technology that can better protect device information while reducing the potential for it to leak
Can better facilitate software currency though patching and updating capacities
Increases the user-friendliness of apps
Help organizations track flaws in data
Limit app and resource access
Implement streamlined organizational needs for logic, auditing, and reporting
Conclusion
According to SecurityIntelligence, over 80 percent of organizations are expected to use a form of cognitive computing or AI for these endpoint demands in the next two years. Just over half are expected to have the current UEM model as their model for centralized management.
Cheuvront explained other potentially beneficial UEM capacities include:
Containerization
Identity and access management (IAM)
Increased balance of critical functions of user productivity and corporate security
Easier enrollment
If your business needs include any of the above, then you may benefit from increased examination or integration of UEM as research and development in the area continues.
by Felicien | Aug 22, 2018 | Education
11th Annual MSP 501 Identifies World’s Most Forward-Thinking MSPs & Leading Trends in Managed Services
August 21, 2018: Bralin Technology Solutions ranks among the world’s 501 most strategic and innovative managed service providers (MSPs), according to Channel Futures 11th-annual MSP 501 Worldwide Company Rankings.
The MSP 501 is the first, largest and most comprehensive ranking of managed service providers worldwide. This year Channel Futures received a record number of submissions. Applications poured in from Europe, Asia, South America and beyond.
As it has for the last three years, Channel Futures teamed with Clarity Channel Advisors to evaluate these progressive and forward-leaning companies. MSPs were ranked according to our unique methodology, which recognizes that not all revenue streams are created equal. We weighted revenue figures according to how well the applicant’s business strategy anticipates trends in the fast-evolving channel ecosystem.
“For the past 24 years, Bralin has been one of the leading IT providers in Saskatchewan and Alberta” says Brad Kowerchuk, CEO of Bralin Technology Solutions, “and now we’re honored to officially be named one of the leading IT managed services providers in the world! We are privileged to have Clients that trust and value our experience and solutions. Our Team is obsessed with ensuring the technology used to run our Client’s businesses is reliable and cost-effective. The daily rise of cybersecurity threats demands that businesses have a dedicated partner to keep them protected and secure. We look forward to facing the challenges tomorrow brings and growing with our Client’s success.”
Channel Futures is pleased to honor Bralin Technology Solutions.
For the first time, Channel Futures will also name 10 special award winners, including MSP of the Year, CEO of the Year and one Lifetime Achievement Award for a career of excellence in the channel.
The MSP 501 winners and award recipients will be recognized at a special ceremony at Channel Partners Evolution, held this year October 9-12 in Philadelphia, as well as in the Fall issue of Channel Partners Magazine.
“This year’s applicant pool was the largest and most diverse in the history of the survey, and our winners represent the health and progressivity of the managed services market,” says Kris Blackmon, Channel Futures content director and editor of the MSP 501. “They’re growing their revenue, expanding their customer influence and exploring new technology that will propel them for years to come.”
The full MSP 501 report, available this fall, will leverage applicant responses, interviews, and historical data to identify business and technology trends in the IT channel. Highlights will include:
Revenue growth and business models
Hiring trends and workforce dynamics
Business strategies
Service deliverables
Business tools and automation investments
The complete 2018 MSP 501 list is available at Channel Futures.
Background
The 2018 MSP 501 list is based on data collected by Channel Futures and its sister site, Channel Partners. Data was collected online from Feb. 28 through May 31, 2018. The MSP 501 list recognizes top managed service providers based on metrics including recurring revenue, growth and other factors.
About Bralin Technology Solutions
Since 1994, Bralin Technology Solutions has been providing leading IT Solutions and management for Clients in Saskatchewan and Alberta. Bralin’s slogan “We Manage Your Technology… So You Can Manage Your Business” is far more than a slogan. It drives the decisions they make, and focuses each Team member on helping their Clients move their businesses forward, further, faster.
About Informa
Channel Futures, Channel Partners Online, Channel Partners Conference & Expo and Channel Partners Evolution are part of Informa, the international business intelligence, academic publishing, knowledge, and events group. Informa serves commercial, professional and academic communities, helping them connect and learn, and creating and providing access to content and intelligence that helps people and businesses work smarter and make better decisions faster.
Informa has over 10,000 colleagues in more than 20 countries and a presence in all major geographies. It is listed on the London Stock Exchange and is a member of the FTSE 100.
MEDIA CONTACT:
Kris Blackmon,
Content Director, Channel Futures
Editor, MSP 501
Kris.Blackmon@knect365.com
by Felicien | Aug 22, 2018 | Education
Bralin Technology Solutions is excited to welcome Rabia Tinna to the team! Rabia is joining us as a Help Desk Technician, based in our North Battleford Office.
Rabia brings a wealth of education and experience to our company, holding a Master’s of Computer Applications degree along with various other academic distinctions. Rabia previously worked with Oracle as a Technical Analyst and at IBM as a Senior Software Engineer.
We’re confident that the professionalism and dynamic skillset Rabia brings, will be a great addition to our team. We’re very much looking forward to working with Rabia, and know that our valued clients will be served, by her and the rest of the team, based on Bralin’s core values of Caring, Excellence, Responsibility, and Trust.
Welcome aboard Rabia!
by Felicien | Aug 22, 2018 | Education
Of course, you will be living in a kicked anthill for days. The trick is to make sure that all the scurrying around is not just mindless motion, but actually protects the organization by:
Meeting legal responsibilities,
Protecting the organization’s reputation to the extent possible,
Immediately stopping intrusions and mitigating the damages,
Finding out how the breach occurred,
Repairing the vulnerabilities, and,
Making sure your risk assessment, security plans, and operating procedures reflect any necessary changes.
Meeting Legal Responsibilities
The Health Insurance Portability and Accountability Act (HIPAA) breach notification rule essentially requires entities that have had a breach to inform the Department of Health and Human Services (HHS), the affected individuals, and in some cases, the media, within 60 days. There are exceptions, but these are best handled by lawyers. Since there are stiff penalties for not reporting security breaches that should have been reported, but no penalties for reporting security breaches that did not need to be reported, it’s best to err on the side of caution.
Protecting the Organization’s Reputation To The Extent Possible
It is unfortunately not true that there is no such thing as bad publicity. Your organization’s reputation is going to take at least a small hit. Perhaps the worst example possible is the behavior of Experian, a credit reporting service, in response to its massive data breach. They failed to report it, they did not notify affected individuals, they dribbled out information, repeatedly contradicted the information they dribbled out, and immediately tried to monetize the breach by selling protective services to those affected. Everything that could have been done wrong in the early phase was done wrong. Apply the Golden Rule here. Look at things from the perspective of those whose data has been exposed. What would they want to be done? Figure that out, and at least pledge to do that much.
Immediately Stopping Intrusions and Mitigating the Damages
The first step is to get the affected devices off the network and isolated, so they can no longer serve as points of entry. The next step is to check the system and audit logs to identify the source of the penetration. Thirdly, it’s important to force an immediate password change for everyone, if passwords are still being used. Of course, if the source of the breach is the medical director’s smartphone, which was left in an Uber, the only way this data can be remotely deleted is for companies using a Mobile Device Management plan.
Finding Out How The Breach Occurred
In some cases (see above), the source of the data breach will be glaringly obvious. In others, it may be very hard to find. Your own IT staff may be too close to the problem to see it. In those cases, bringing in a computer forensics firm may be useful or even essential. Determining the root cause of the breach, once the details are known, requires thinking through policies and procedures. You’ll need the skills of a good detective, combined with those of an excellent IT specialist.
As illustrated above, there is always a tradeoff between ease of access and security of access. Does everyone really need remote access to patient records at all times, using devices that can be lost or stolen? Depending on the organization and how it delivers services, the answer may be yes or no. But if it is “no,” serious consideration should be given to limiting remote access. Of course, if you’re working with a managed IT services provider, they can set you up with a Mobile Device Management plan so that any lost or stolen devices can be remotely wiped of all data.
Repairing The Vulnerabilities
Once the source of the breach and the root cause have been identified, the vulnerabilities need to be repaired. The issue of 24/7 remote access from stealable devices is one example. Use of cloud services is another. Having data in the cloud is wonderful. Having unprotected data in the cloud is not. Several recent breaches have occurred because, even though access to the cloud from an organization’s network was protected, the server in the cloud itself was totally open – no password in place. Granted, this defies imagination, but it has happened more than once.
If something like this has occurred, every policy and procedure that relates to the root cause needs to be looked at. This has to be done slowly and carefully; it is not an exercise to be carried out in panic mode. In most cases, this type of error will not occur if you’re working with a managed IT services provider. They have too many checks and balances in place to allow such a glaring mistake.
It most often happens to companies who employ poorly trained in-house IT staff who spend all day playing games and talking with friends on social media. Again, though this scenario is shocking, it is occurring across the nation with more frequency. Don’t let your CEO find out the hard way that his in-house IT people actually don’t have much network and computer experience. Their last job was serving up hamburgers at a local fast-food chain.
Making Sure Your Risk Assessment, Security Plans, And Operating Procedures Reflect Any Necessary Changes
Having a credible, annually updated risk assessment is part of the HIPAA Security Rule. A breach presents an opportunity here. If it occurred, your risk assessment either did not identify it or did not prioritize it; your security plan did not encompass it; your operating procedures ignored it, or some combination of the above occurred. The breach gives you a chance to rethink the security assessment, the security plan, and your operating procedures. Take advantage of it.
Conclusion
A data breach is painful, but it is also an opportunity for health care organizations to assess their security approaches and make improvements. Never waste a crisis. If you have onsite IT staff members, they may need more thorough training in security protocols. In fact, this is probably a good time to ask a local managed IT services provider to come out and hold security awareness classes for your entire workforce.
