Posts

5 Ways SMBs Can Save Money on Security

26 Small-to-medium sized businesses and large enterprises may seem worlds apart, but they face many of the same cyber-security threats. In fact, in recent years, cyber-criminals have increasingly targeted SMBs. This is because it’s widely known that SMBs have a smaller budget, and less in-house expertise, to devote to protection. Thankfully, there are several things SMBs can do today to get more from even the most limited security budget. And, no, we aren’t talking about cutting corners. Far too often, SMBs cut the wrong corners and it ends up costing them more money in the long run. It’s a matter of taking a smarter approach to security. Here are five smart approaches to take

  1. Prioritize – Every business has specific areas or assets critical to its core operations. Seek the input of valued staff and team members to determine what these are. Is there certain data that would be catastrophic if it was lost or stolen? If hackers compromise a network, or prevent access to certain applications, how disruptive would it be to daily business operations? What kind of potential threats or vulnerabilities pose the greatest risk to the company or your customers/clients? Focus on the most likely risks, not theoretical risks that “could happen.” Asking such questions gives you a clearer more complete perspective as to where to focus available security resources.
  2. Develop and Enforce Policies – Every SMB needs to implement a security policy to direct employees on appropriate and inappropriate workplace behaviors relative to network, systems, and data security. Merely drafting this document isn’t enough. Employees must be held accountable if they fail to adhere to policy. Such policies should be updated regularly to reflect new technology and cultural shifts. For example, a document written before social media took off, or before the BYOD (Bring-Your-Own-Device) movement, doesn’t necessarily apply today.
  3. Education – Ongoing end user training must be provided. Many security breaches happen because employees fail to recognize phishing schemes, open emails from unknown sources, create poor passwords that are seldom changed, and don’t take proper precautions when using public Wi-Fi connections on personal mobile devices also used for work.
  4. Take to the Cloud – Running applications and servers in-house is a costly endeavor. Leveraging the cloud today allows SMBs to cut costs while also strengthening their security. Cloud operators typically have built-in security features, alleviating SMBs of the burden of maintaining security themselves. Today, not only can SMBs shift much of the burden of IT to the cloud, but they can also outsource much of their security by taking advantage of the remote monitoring, maintenance, and security tools provided by Managed Service Providers (MSPs).
  5. Don’t Aim for Perfection – There is no such thing as perfect security. Striving for perfection is expensive and can prove to be more costly in the end. Improving protection and response would be a more ideal allocation of funds. It can take a hacker several months to figure out your systems and do real damage. Having the ability to quickly detect their presence, and mitigate any potential damage they may cause, is a more realistic and less expensive approach than thinking you can completely remove any probability whatsoever of a hacker breaching your system

CLICK HERE for a free network assessment and maintain security in the cloud.

Consider More Than Email When Choosing a Cloud-Based Email Provider

When it comes to deciding on a cloud-based email provider, small-to-medium sized businesses have two primary choices – Google Apps or Microsoft Office 365. In talking with SMB owners or technology decision makers, we’ve found that many have pledged their allegiance to Google and don’t want to hear a pitch for Microsoft. Many are adamant that they have everything they need in the core offerings of Google Apps – Gmail, Docs/Drive, Hangouts, and Sites.

While these are undoubtedly solid offerings, they are more than individual products. How about comparing Google Apps and Microsoft Office 365 in regard to the collective experience as a whole? By looking at the sum of their respective parts, many may find that Google Apps is actually limiting them to a degree. Here are a few examples

  • Pricing – Google has a one-size fits all approach to pricing. This approach is contradictory to the biggest selling point o 24 f Cloud technology, which is to pay for what you use, just like your electric or gas utility bills. By comparison, Microsoft lets users pay for only what they need.
  • Google Drive Lacks Efficiency with MS Office Files – While the Google Drive cloud storage app is fairly adept at handling native files, MS Office files are treated like the plague and must be downloaded, edited, and re-uploaded into the Google Drive. From there, expect to see formatting inconsistencies such as missing text boxes, images, graphics, watermarks, charts and more. In comparison, Microsoft provides more uniformity from document to document whether it’s sourced from a desktop version of Office or any web browser via the cloud.
  • Google Hangout Is More for Friends than Business – Google Hangouts, Google’s video chat and group conferencing tool, is deeply rooted in their social network Google+. There is nothing inherently wrong with Google+ besides the fact that it’s still kind of new and lifeless in comparison to other social media sites. However, in order to participate in a Hangout, users must have a Google+ account. This means external users without any Google accounts are shut out of meetings. On top of that, Google Hangouts limits meetings to no more than ten participants. By comparison, Microsoft Lync is all-inclusive and is even available to those on Google and Apple platforms. With the ability to include 250 meeting participants, Lync can even replace GoToMeeting for online conferencing.

As you can see, choosing a cloud-based email provider involves a lot more than determining who can best solve your email problems today. SMBs must also factor in which provider will best address their business document storage and unified communications the best tomorrow. In this regard, Microsoft Office 365 may have more of an “It” factor than Google which seems to have adopted an “our way or the highway” mentality and is less supportive of anything outside of the Google bubble.

CLICK HERE for a free network assessment.

A Smarter Approach to Mobile Device Management – Five Questions to Consider

More people today use personal mobile devices like smartphones and tablets for business purposes. Such devices, coupled with greater Wi-Fi accessibility and cloud services, have empowered us with the ability to access data and do business from practically anywhere at any time. Needless to say, many small-to-medium sized business owners have embraced the BYOD (Bring-Your-Own-Device) revolution. The benefits are obvious; increased employee productivity, enhanced services to customers/clients, and better overall customer and employee satisfaction. But what about the potential consequences associated with this mobility revolution? Are small business owners doing enough preemptive planning to address potential risks that could arise with the use of BYOD devices?

21

Mobile Device Management – Five Questions Every SMB Should Ask First, it is important that small business owners honestly assess whether their systems, networks, data, and overall infrastructure are ready for the use of an array of mobile devices. Once it is firmly established that both internal IT and components in the cloud are prepared for BYOD, solutions should then be put into practice that are concurrent with terms of use policies or any guidelines pertaining to remote/telecommute workers or the sharing of sensitive data. The following questions should be answered.

  1. What particular devices or applications are permissible for work use? Assuming security requirements are in place, not every device or application will meet those.
  2. Will anyone in the company be tasked with the daily management of BYOB strategies? What should BYOD policies cover and what kind of management solutions will be needed? Would a BYOD management tool that collects device information, deploys and monitors usage, and offers insight into compliance be helpful?
  3. Which costs will be the responsibility of the employee? This pertains to any fees associated with usage – from network plans, to the device itself, to software, accessories and maintenance costs.
  4. What data will be accessible? Will data encryption be necessary for certain information traveling through the personal devices of employees? Which employees will have read, write, update/delete privileges?
  5. What is the process when handling sensitive data stored on lost or stolen devices, or the personal devices of ex-employees? Does the company or organization have the right to wipe out the entire device or just corporate data and apps?

BYOD is here to stay as it affords smaller-sized companies the mobility of a corporate giant without a huge investment. But when it comes to ensuring that devices, applications and networks are safe from the variety of threats linked to greater mobility, small business owners may find it necessary to enlist the help of a managed service provider to adequately take on mobile management challenges and provide ongoing consultation.

CLICK HERE for a free technology assessment.

 

Achieving Hipaa Compliance & Data Security In The Cloud

Prioritizing Security & Privacy in Healthcare Sector

Physician offices, hospitals and health insurers take practical steps each day to protect private patient health information (PHI) and comply with HIPAA regulations. Anyone interacting with patients and regularly accessing or discussing confidential medical records is obligated to adhere to certain requirements to uphold privacy and security.

For example, employees must be mindful of what is said aloud pertaining to an individual patient. Doors must be closed when patient conditions, treatments and procedures are discussed in person or over the phone. Staff should never leave voice mails with specifics about patient health conditions or test results. Even simple acts like summoning patients from the waiting room must be carried out with patient discretion in mind.

Failure to do this can result in a reported HIPAA breach that can be accompanied by potentially heavy monetary fines and often-irreparable reputation damage. The industry’s need to prioritize the integrity of patient data is even more pronounced in this time of flux within the healthcare sector.

Transitioning to the Electronic Age

Healthcare service providers today are in the process of converting all paper medical records to electronic health records (EHRs) or electronic medical records (EMRs) to meet the meaningful use requirements outlined in the American Recovery and Reinvestment Act of 2009 (ARRA). The ARRA incentivizes the healthcare sector to accelerate the adoption of enterprise-wide electronic medical data by 2015 or face possible penalties.

We are entering a period in our history where volumes of confidential patient health information (PHI) will be stored, shared, and accessed electronically for the very first time ever. There has never been a more critical time for healthcare service providers to ensure that patient rights are protected, confidential information is safeguarded, and this transition from the immovable locked file cabinets to today’s electronic-system is completely HIPAA compliant and secure.

How HIPAA Breaches Most Commonly Happen

The U.S. Department of Health’s Office of Civil Rights found that there have been 21 million HIPAA security breaches since 2009. These breaches have resulted in an average of 2,769 records being lost or stolen per breach. Among them:

  • 48% were stolen medical files
  • 48% were stolen billing and insurance records
  • 20% were stolen prescription details
  • 13% were stolen monthly statements
  • 24% were stolen patient billing/payment details
  • 19% were stolen payment details

During this period, 66 percent of the reported large-scale HIPPA violations were due to the physical loss or theft of electronic equipment or storage media such as a laptop or flash drive that held unencrypted PHI. Another 8 percent of the large-scale HIPAA breach incidents were the result of hacking and cybercrime.

Physical Theft

Based on the above findings alone, one can come to the obvious conclusion that storing such unencrypted data on a physical hard drive or any portable storage media device elevates the risk of an HIPAA breach. Therefore, eliminating the need to store or transfer this data on equipment such as laptops or flash drives should significantly minimize the risk of many of the HIPAA violations reported today.

Cybercrime

Cybercrime is a growing threat within the healthcare sector since the industry has been slow to adopt new technology. According to the Identity Theft Resource Center, there were 17 reported financial industry data breaches in 2012 compared to a reported 154 healthcare industry breaches during the same time frame. The aging technology commonly used by healthcare service providers is rife with software and security flaws making it susceptible to data breaches resulting from hacking and other cyber-attacks.

Data thieves view private medical records as a high valued commodity – a gateway to identity theft. Safeguarding this data is challenging. With the shift to electronic records, data thieves have upped their game, finding new ways to gain unauthorized access to patient data by exposing vulnerabilities.

Defending against cybercrime requires constant monitoring for intrusion attempts and security upgrades. In this era where the volume of stored data is increasing, new cyber threats seemingly surface every day, and there is continuous demand to comply with regulations; healthcare service providers securing their own infrastructure will inevitably become overburdened and more vulnerable to attacks and HIPAA breaches.

 

The Case for Moving Data to the Cloud

Although many healthcare service providers have shown a reluctance to abandon their in-house IT infrastructure and security measures, on premise data center attacks are proving to be more prevalent, costly, and difficult to rebound from.

Healthcare providers who have resisted the cloud due to privacy and security concerns could be making a grave mistake. Increasing evidence suggests that the cloud can actually enhance data security. It does this while also freeing up manpower and budget dollars that can be better allocated toward the principle objective of improving patient care.

Proactive Remote Monitoring

Leading cloud-service providers offer an around-the-clock remote monitoring service that maximizes uptime while monitoring each node in the cloud infrastructure, each access point, and the data center platform as a whole. This is an extremely important function that detects and addresses potential issues before they become serious breach incidents. Metrics are collected and alerts are triggered whenever faulty conditions such as a data backup failure or an authorized attempt to access data are detected.

CLICK HERE for a free network assessment and see how your sensitive information can remain secure in the cloud.

Cloud and HIPAA – Questions You Should Ask

What to Ask Your Cloud-Service Provider

Cloud is establishing a foothold in the industry as the data management system of choice for many healthcare service providers. This means cloud security continues to evolve for the better. However, you must still choose a cloud-service provider wisely and ensure that patient data is secure at all levels of workflow.

We’ve compiled a list of several things you should ask your cloud-service provider regarding EHRs and PHI data.

  1. Who has access to this data and the systems supporting it?

Any cloud service provider should be able to tell you who has access to the physical storage facility, the hardware, operating systems and data.

  1. Is there an audit trail and can unauthorized access to patient data be easily verified?

Is there an auditing mechanism in place tracking all PHI-related system activities, warnings and failures? Any unusual system activity such as suspected unauthorized access should be easily detectable.

  1. Is the data password-protected and accessible to only those authorized?

Are users prompted to enter a unique username and password with each log on? Do active logged-in sessions time out after periods of inactivity?

  1. Is the data encrypted? Is it only viewable to those with proper authentication or accessing it through an application?

Is SSL-based encryption performed at the application level when healthcare sites and the data center communicate? This ensures end-to-end protection from the service access point to the data center and prevents any unauthorized network provider employee from accessing the data. Data also can’t be read while in transit to an end user’s viewing software over the Internet.

  1. What kinds of backup processes are in place to ensure business continuity?

How often is data backed up and what is the method of backup to reduce data loss? Are copies made on removable media and stored off-site if a disaster impacts the data center? Are the two copies continuously synchronized? What authentication processes are in place to ensure data integrity?

  1. How are the threats of viruses and Trojans handled?

Is there anti-virus software running every time files and disks are scanned or accessed? Is the anti-virus software frequently updated with the latest virus signature databases?

  1. What Kind of Physical Security Exists at the Data Center?

Is security at the data center manned 24-hours with appropriate identification required and recorded with each visit? Are security cameras, motion detectors or alarms present throughout the facility?

The necessary investment to buy and maintain physical equipment, hardware and software, and supply personnel with the continuous training they need to deliver top-level data security is unaffordable and overtaxes the resources of smaller healthcare entities. Converting to cloud-based services enable practices and companies of any size to achieve industry-leading HIPAA compliant data security while benefiting from a slew of cost-efficient benefits that liberate them from security problems – bringing them back to caring for patients, not patient technology.

If you’re interested in a cloud-service provider who follows the administrative simplifications referenced under HIPAA, and can satisfactorily assure the safeguarding of electronic patient health information, contact us today.

Call (214)377-4884 or CLICK HERE for a free network assessment.

Embracing the Age of Mobility & the BYOD Workplace

15 In today’s always-connected world, the time-honored separation of work and personal time is quickly disappearing. Mobile devices such as laptops, netbooks, tablets, and smartphones have fundamentally changed how all of us live and work.

With work no longer confined to a physical office space, or limited to traditional business hours, we’ve created an increasingly mobile and dispersed workforce capable of working anywhere at any time. 3 out of 5 workers today no longer believe an office presence is necessary for a productive day’s work. By 2015, the IDC estimates the U.S. will have over 200 million people working remotely.

By now, it’s obvious that BYOD (Bring- Your-Own-Device) isn’t just another buzz-worthy acronym or a workplace trend that will eventually fade; it’s part of the complete restructuring of the conventional way we’ve worked up to this point. There is simply no going back to the way we were. With or without company approval, employees prefer working from devices they own and are most comfortable with, meaning it’s out with yesterday’s loud, clunky and slow in-office desktop PCs and in with today’s feature-rich, on-the-go, employee-owned mobile devices.

Although many small-to-midsize businesses (SMBs) have fully embraced BYOD for its countless benefits, this proliferation of employee-owned devices accessing company databases, files, and email servers is unprecedented. It is also risky because it increases vulnerability to security breaches and data loss.

Which raises the question: are workplaces today responsibly ushering in BYOD with safety, security, and long-term adaptability in mind?

THE MAINSTREAMING OF BYOD

It’s hard to believe that just a decade ago work mobility was practically nonexistent. We worked from cubicle farms with workstations and desktop PCs straight out of the movie Office Space. The office was our only access to the company network. Select employees might be provided with company-issued laptops with pre-loaded software useful for work. Perhaps they’d be trusted with FTP (File Transfer Protocol) privileges to access and transfer files to the server. Cell phones were actually just phones.

Even when BlackBerrys were introduced to the business world, allowing people to use a mobile handheld device to access their work email and manage their schedule for the very first time, the BlackBerry Enterprise Server made it easy for IT departments to configure and manage the device. BlackBerrys eventually gave way to iPhones and Androids. Laptops eventually gave way to iPads and tablets that combined laptop usability with smartphone portability. Meanwhile, the number of public Wi- Fi hotspots grew, making employees eager to access their company network and work files from just about anywhere through their mobile device.

Today, BYOD has become the “new normal”. A recent poll of 1,021 small business owners in the United States found that 68% allowed employees to use personal devices for work. 79% of CIOs at businesses who aren’t encouraging BYOD believe employees access their network with unauthorized personal devices every day.

Initial resistance to the BYOD movement has proven to be futile. Gartner, a technology research firm, predicts that 90% of businesses and organizations will support the use of personal devices for work purposes by the end of 2014.

And it certainly seems that more business owners today are seeing the upside of BYOD, which include…

Increased Production

On average, it has been approximated that businesses gain 9 additional hours of productivity per week when employees use personal devices.

Improved Service

The benefits of this increased production and greater flexibility naturally extend to clients and customers since mobility allows workers to resolve escalated issues or almost instantly reply to inquiries outside of normal work hours. It is common these days to receive an email response after 5pm with a “Sent from my iPhone” tagline at the bottom.

Reduced Costs

Transferring IT hardware and equipment expenses to employees can save SMBs significant money. A study conducted by Cisco’s Internet Business Solutions projected that U.S. companies utilizing BYOD can save up to $3,150 per employee each year. Additionally, since consumers are drawn to the freshest technology, and the latest upgrade to their device of choice, businesses no longer have to budget to continually upgrade to keep up with technological advances.

In 2013, telecommunications and information technology service provider Cbeyond, Inc. conducted a blind survey of 711 C-level executives of firms with fewer than 250 employees. Their findings revealed that not only is BYOD more widely accepted today, but mobile devices have also become critical to day-to-day operations and essential to meeting business objectives. Many acknowledged that it would be a challenge to do business today otherwise. A fair share of executives felt their business couldn’t survive without mobile device usage. 20

One troubling aspect of the aforementioned report is 32% of the surveyed SMBs aren’t sure if their data is adequately protected. While they acknowledge that BYOD puts their organization at risk, just 22% of SMBs currently have a comprehensive BYOD policy in place to address mobile device usage and define data privileges extended to personal devices.

Here are a few reasons this sets a dangerous precedent.

  • Nearly a third of employees use more than one mobile device during a typical workday. It’s critical that organizations, especially small businesses, know whatdevices are accessing their network and whom they belong to.
  • With the existence of public Wi-Fi hotspots at coffee shops, restaurants, hotels, convention centers, trains, and airports, inadequately secured mobile devices are constantly exposed to hackers monitoring traffic on open networks. According to data compiled by the Ponemon Institute, 59% of organizations have experienced a rise in malware infections linked to insecure mobile devices.
  • BYOD makes SMBs increasingly susceptible to costly data breaches with 38% of these breaches occurring as the result of lost or stolen mobile devices. Verizon Business has estimated that 174 million records have been stolen in 855 data breaches linked to smartphones and tablets.
  • There are more than 500,000 apps in the Apple App Store. The Android Marketplace has over 200,000 apps. The security controls in place to evaluate the safety of these applications are suspect and some apps having phishing screens, hidden spyware, and malware. This means the apps or clients being used to access enterprise content could put your data at risk.

The adoption of BYOD can be beneficial to small businesses but it shouldn’tcompromise company or customer data. Developing a comprehensive BYOD policy minimizes risk while still granting full (and secure) access to the files and applications your employees need, regardless of where they are.

CLICK HERE for a free network assessment.