Posts

Four Key Components of a Robust Security Plan Every SMB Must Know

/in , /by

41Most businesses are now technology dependent. This means security concerns aren’t just worrisome to large corporate enterprises anymore, but also the neighborhood sandwich shop, the main street tax advisor, and the local non-profit. Regardless of size or type, practically any organization has valuable digital assets and data that should not be breached under any circumstances.

This makes it the responsibility of every business, especially those collecting and storing customer/client information, to implement a multipronged approach to safeguard such information.

Yes, we’re looking at you, Mr. Pizza Shop Owner who has our names, addresses, phone numbers, and credit card information stored to make future ordering easier and hassle free.

 

Today’s SMB Needs a Robust Security Plan

Protecting your business and its reputation comes down to developing, implementing, and monitoring a robust security plan that adequately addresses everything from physical access and theft to the threat of compromised technology security.  This involves defining and outlining acceptable uses of your network and business resources to deter inappropriate use.  Here are four key components to consider.

  1. Network Security Policy: Limitations must be defined when it comes to acceptable use of the network.  Passwords should be strong, frequently updated, and never shared.  Policies regarding the installation and use of external software must be communicated. Lastly, if personal devices such as laptops, tablets, or smartphones are accessing the network, they should be configured to do it safely, which can be done easily with a reliable Mobile Device Management (MDM) solution.

 

  1. Communications Policy:  Use of company email and Internet resources must be outlined for legal and security reasons.  Restricting data transfers and setting requirements for the sharing or transfer of digital files within and outside of the network is recommended. Specific guidelines regarding personal Internet use, social media, and instant messaging should also be clearly outlined. If the company reserves the right to monitor all communication sent through the network, or any information stored on company-owned systems, it must be stated here

 

  1. Privacy Policy: Restrictions should be set on the distribution of proprietary company information or the copying of data.

 

  1. Inappropriate Use: Obviously, any use of the network or company-owned system or device to distribute viruses, hack systems, or engage in criminal activity must be prohibited with the consequences clearly noted. Any website that employees cannot visit should be identified if not altogether blocked and restricted. For instance, downloading an entire season of True Blood from a Bit Torrent site isn’t an acceptable use of company Internet resources. Every employee must know these policies and understand the business and legal implications behind them.  Companies must also make sure these policies are clear and understood by all, and most importantly, strictly enforced.

CLICK HERE for a free network assessment

 

 

Demystifying the Cloud in Layman’s Terms

/in /by

24 For several years, cloud technology has been one of the most talked about subjects in business technology circles. By now, most small-to-medium sized business (SMB) owners have heard that cloud computing is transforming the way their peers do business, and they’ve been inundated with talk of how the cloud enables small businesses to cut IT costs and operate more efficiently.

But for many small businesses, the cloud is a pretty (ahem) nebulous idea, and they have a pretty wispy notion of its potential business value.

For example. 54% of SMBs told Wakefield Research – a market research firm – that they’ve never used cloud technology. Of that figure, it was found that roughly 95% of them were already in the cloud

We are going to explain cloud computing in layman’s terms. For decision makers who aren’t necessarily technology gurus, any mention of the cloud can sometimes set off a “Stranger Danger” alarm. SMBs often resist change because they fear the risks and costs of investing in new technology and they lack knowledge and support.

We’ve reached a point now where it’s obvious the cloud is here to stay and its economic benefits simply make too much sense to ignore. Since most start-ups and small businesses run with exceptionally strict budgets, bearing the financial brunt of owning, maintaining, and securing their technology may be impossible. Understanding the cloud – what it is, its benefits, its risks, and how to manage those risks – is critical.

A SIMPLE VIEW OF THE CLOUD

Let’s try describing the cloud for once without any tech lingo. Picture for a moment a really cramped office space. You and a few coworkers sit in tight quarters with disheveled desktops buried in mounds of files and paperwork. There is absolutely no room for storage. And it will be years before you’ll be able to afford a larger office space.

Your building manager offers to rent you an empty file cabinet in the basement. Although this basement space is shared with other tenants, only you and your team will have a key to this locked file cabinet to store and retrieve documents and files as you wish. Your rent is relatively cheap compared to other tenants since you’re only paying for the file cabinet and not the larger storage areas they’re renting.

Suddenly, those once cluttered desktops are cleared, leaving some actual physical space to work. Work can be done much more efficiently without the complications that once hindered it. This is close to what the cloud does for the backend of small business IT infrastructure.

THE CLOUD IS A TECHNOLOGY EQUALIZER

Historically, the technology used by larger companies has never been available to smaller businesses. Most SMBs have neither the hardware budget nor internal support to “own” a massive internal network infrastructure. Previously, only large organizations have had the money to invest in IT infrastructure. But the cloud truly democratizes computing and levels the playing field. In many ways, it’s the great equalizer, giving companies of any size the ability to store information at a remote datacenter rather than on-premises. It gives small businesses the ability to do large-scale business at a lower cost.

In 2010, Cloud Hype Market surveyed SMBs who had already made the switch to the cloud. Here’s some data from their findings:29

THE CLOUD ISN’T NEW, YOU’VE BEEN USING IT FOR YEARS

The cloud is more or less a buzzword for the Internet… or at least the next evolution of the Internet. Many SMBs don’t even realize that they’re already in the cloud and have been for more than a decade. Anyone that has ever used a hosted email provider such as Gmail has already had sensitive data stored, accessed and exchanged in the cloud. Cloud-based email hosting was one of the first and most broadly adopted cloud services used for both personal and professional use.

If you’re using social media sites like Facebook, Twitter, LinkedIn, or photo sharing sites like Instagram, you’re already part of the public cloud. Do you shop at Amazon or order movies through Netflix? You’re again in the cloud.

IT’S A MULTILAYERED CLOUD

The cloud has three deployment models:Chart2

Since SMBs don’t typically have the resources to build private clouds, most rely on public clouds. Public cloud deployments are completely virtual, which means less hands-on management is required since the infrastructure (hardware such as servers, storage devices, networking equipment, and firewalls) is all off-premises. In an economy where SMBs find themselves having to stretch their technology investment as far as it can go, the benefit of not having to pay for hardware, employees to maintain and manage that hardware, software licensing, deployment, and updating is critical.

One analogy commonly used is the public utility. Obviously nobody would expect you to power your home or business with your very own electrical plant. The costs to do so would be exorbitant and the maintenance would be impossible. Consequently, you and others within the same electric grid share in the overall cost of the infrastructure to generate and transmit electric power into your home. Being part of the grid enables us all to have access to affordable power based on our usage – just as the cloud makes business solutions that were once only affordable to large enterprises reasonable for SMBs by spreading costs across a network of users and charging only for actual usage.

Companies typically focus on offering one of three categorized cloud-computing services that are referred to as layers in the cloud. These are:Chart4

Basically, the cloud hosts an application for any type of work process needed by a SMB.

WHY USE THE CLOUD?

  • Reduction of Costs: Significant savings can be achieved since the cloud’s mass scale computing minimizes on-site physical storage hardware and internal IT staffing.
  • Anytime, Anywhere Access: Since data access is no longer restricted to a solitary employee or physical device, users can access, share and collaborate in the cloud whenever and from wherever they please. Examples of cloud-based applications include Google Drive (Docs), Trello, Booker and PipeDrive.
  • Better Collaboration: The cloud is available on-demand to computers and other devices from any location at any point of time. This allows for better collaborative efforts among teams given today’s increasingly dispersed mobile workforce. Today’s SMB can share data and collaborate across their organization in a way that was once only possible with a highly competent System Administrator and Microsoft Sharepoint.
  • Greater Scalability: Cloud-based services offer SMBs greater flexibility to scale IT needs up or down as the varying business environment demands.
  • Faster Deployment: Cloud-based services can be deployed within just an hour or a few days rather than the weeks or months it often takes to strategically plan, buy, build and implement an internal IT infrastructure.
  • Environmental Friendliness: The cloud’s energy efficiency is attractive to any company conscientious about the environment and wanting to be “green.” The Berkeley Lab conducted a six-month study that determined that shifting 86 million U.S. office workers to the cloud reduced energy usage by 87 percent. That’s enough left over electricity to power the city of Los Angeles for one year.
  • Improved Security: Although many SMBs cite security concerns as the reason they’re reluctant to move to the cloud, there are actually very few data breaches involving cloud providers. Of the reported 404 data breaches in the U.S. in 2013, roughly 270 of them were due to lost, stolen, or discarded devices and paper records, rogue employees, payment fraud, and unintentional employee error. Data in the cloud may actually be more secure than data stored on computers, laptops, and company servers with an array of security vulnerabilities. Unlike a laptop, the cloud can’t be left behind in a hotel lobby. Most SMBs cannot secure their datacenter with the advanced tools, encryption methods, frequent testing, and third–party certifications used by cloud service providers.
  • Business Continuity: Data storage and backup is one of the most frequently used cloud-based services amongst SMBs. Many cloud service providers offer SMBs unlimited storage capability, automated data sync and backup processes that reduce or eliminate downtime events.

 

THE NEED FOR CLOUD MONITORING

SMBs who are still uneasy about a move to the cloud may want to consider cloud monitoring through a local managed services provider (MSP). Cloud monitoring helps SMBs deploy to the cloud with confidence. The idea of relinquishing control to a third-party service provider tends to make many SMBs understandably tense. Cloud monitoring offers the worried SMB owner or Chief Information Officer (CIO) around-the- clock end-to-end visibility into the performance of their cloud services and IT infrastructure. Cloud monitoring supports a hybrid deployment architecture by unifying servers deployed in multiple environments – whether it’s on premise, in a data center, or in a public cloud such as Rackspace or Amazon – into one single dashboard to simplify 24/7 performance monitoring. This allows SMBs to oversee the performance of any servers and applications deployed to the cloud to maintain optimal uptime and ensure a positive end-user experience.

Cloud monitoring services offer SMBs proactive monitoring, automated alerts, alert escalation, and full problem resolution support by way of a fully dedicated 24/7 network operations center (NOC). Cloud security is also carefully monitored with frequent audits to proactively identify and address possible breach vulnerabilities.

Concerns about security are valid but small businesses today may actually be exposing themselves to more breach vulnerabilities by not being in the cloud. The notion that data must be on-site to truly be secure is as misguided as the belief that money is safer tucked beneath a mattress than in a bank. Top cloud-service providers are capable of investing far more into their security than any SMB running their own technology.

Cloud monitoring services adequately address any perceived loss of visibility SMBs commonly fear by taking to the cloud. It also simplifies the adoption of cloud solutions for SMBs, setting them on a path to progressively forge ahead with business goals and objectives and leverage new technology with confidence.

CLICK HERE for a free network assessment.

3 Steps to Improved BC/DR Planning

/in , /by


Step 1 – Recognize the Need and Importance

Business continuity and disaster recovery strategies tend to be on the to-do lists of many SMBs, but they are often delayed as more urgent business issues emerge. U.S. businesses lose roughly $1.7 billion in profit each year from network outages according to the same 2011 CDW business continuity survey referenced earlier. Obviously, it isn’t smart business for an SMB to let business continuity and disaster recovery planning become an afterthought.

To structure a solid business continuity plan, SMBs must be prepared for all possible disruptions. It is important to note that business continuity goes beyond being prepared for natural or man-made disasters. We are now so technologically dependent that BC/DR plans must be in place to counter any disruption – big or small – that threatens business and profitability. Internal technical or infrastructure failures or cyber-attacks are obvious examples. Small internal “single-points-of-failure” can bring down an entire operation.

 

Step 2 – Impact Analysis and Risk Assessment

Constant availability is critical to success. In order to minimize downtime, it’s important to determine what technology is behind each phase of your business operations. Knowing the technology infrastructure of your business allows for a comprehensive impact analysis and a better grasp of the impact on business operations when specific technology fails or becomes unavailable – even for a short period of time.

Determining what could unexpectedly bring down each piece of that infrastructure is risk assessment. Risks come in the form of either internal or outside threats. Internal threats can be anything from an application failure, disk crash, and server malfunction to human error or a bitter employee. External threats can vary depending on location – natural disasters like hurricanes, earthquakes, tornados, floods, and fires, as well as man-made events like power outages, acts of terror, and accidents can knock out services. Additionally, our dependency on technology leaves firms susceptible to cyber-attacks like malware, computer viruses, phishing schemes, and the theft of personal mobile devices used for work purposes.

While major disasters do occur, and shouldn’t be overlooked, it is the smaller everyday disruptions like power outages, server crashes, email issues, equipment failure, and lost or corrupted data that pose the bigger risk to business.

Doomsday prepping may be the rage these days, but a sound BC/DR plan typically begins by focusing on addressing the day-in and day-out disruptions first. Documenting, reviewing, communicating, and testing the effectiveness of smaller response scenarios will better prepare businesses for potential disasters and longer-term disruptions.

 

Step 3 – Look to Recent Tech Trends That Simplify Planning

Recent technology developments like server and desktop virtualization, cloud computing, and mobile devices are beneficial to SMBs looking for BC/DR solutions.

Virtualization – BC/DR preparedness may be the most compelling reason to consider virtualization. Virtualization allows businesses to condense data and applications onto fewer servers – taking up less space and consuming less power. Virtualization allows small-to-medium sized businesses the benefit of high availability (HA) without the added expense of building a backup data center. Operations can be restored faster as the entire system can be brought back in a single virtual container.

Cloud Computing – More firms are moving to the cloud for backup services. The cloud has enabled small and medium sized businesses to backup operations away from their primary location and enhance their business continuity process at a reduced cost.

Cloud-based Software-as-a-Service (SaaS) packages often come with built in business continuity solutions that can automate data backup processes onsite or off-site – spreading out risks and minimizing the impact of a disaster. Data, servers, software, and tools can be stored in the cloud and remain safe if a business is hit by a computer virus or disaster. The cloud also allows remote workers to access an organization’s communication and collaboration tools, further allowing for “business as usual” in the event of a serious disruption.32

Although it is understandable that ownership and upper management at small to medium sized businesses are hesitant to spend money, BC/DR planning is a lot like insurance. It is human nature to think that bad things won’t happen to you, but the investment pays off the when you’re hit by an extreme event or emergency.

New technology trends and the back-up-as- a-service, remote backup, and online backup services provided by MSPs have given SMBs the ability to safeguard their business operations at a reasonable cost. Money and resources can no longer be an excuse for a lack of solid BC/DR solutions. There is way too much at risk. Plan now and CLICK HERE for a free network assessment.

Business Continuity and Disaster Recovery for Small Businesses

/in , /by

31As a small business owner, you owe it to yourself, your employees, stakeholders, and any customer you serve to honestly answer this one question: Is your business resilient enough to withstand short or long-term interruptions to its operations?

The answer should be immediate. If you have to pause or think for one second before responding, the answer is no. Each day of business brings with it unforeseen risk. Whether it’s catastrophic weather conditions, cyber- security threats, or the vulnerabilities of the technology we’re dependent on to perform daily work functions, there must be both a business continuity (BC) and disaster recovery (DR) plan in place. There must also be complete confidence in the effectiveness of the BC/DR strategies that are implemented.

The truth of the matter is most small-to-medium sized businesses (SMBs) aren’t doing nearly enough when it comes to continuity and disaster planning. It’s inconceivable that in this era where smaller businesses store more sensitive data than ever before, and the risk of losing this data is so great, that a 2011 Systematic survey revealed that up to 57% of small businesses still have no business continuity or disaster recovery plan in place.

A few years ago, a study conducted by Forrester Research concluded that 66% of businesses with fewer than one hundred employees admitted to having no tested response to not just tech issues like a downed server or network but disasters, emergencies, and power outages.

Let’s break down some of the potential costs of short and long-term business interruptions, why far too many SMBs don’t have a solid business continuity/recovery plan in place, and the necessary steps SMBs can take to get prepared.

 

A Competent BC/DR Strategy Is a Must

Often misconceived as a problem for the “big guys,” business continuity is a concern for businesses and organizations of all sizes – whether there are 5 or 5,000 employees. The costs of having no solutions in place are too high for many smaller companies to rebound from.

Several hours of unplanned downtime can result in thousands of dollars lost each hour. That’s the kind disruption a small business may face from a shorter-duration tech issue or power outage. Imagine the consequences of longer lasting outages, where a business may be down for days or weeks, as seen in natural disasters like Hurricane Sandy and Hurricane Katrina, or acts of terror like the 2001 World Trade Center attack.

Beyond the immediate tangible costs of outages like lost productivity and revenues, there is also an intangible domino effect that may be harder to quantify. The repercussions can greatly exacerbate the total losses over time, for instance:

  • Customers/Clients Jumping to a Competitor: The web hosting company1&1 Internet, Inc. reported that 72% ofweb users admit to abandoning a businessfor a competitor if they can’t instantlyaccess a company website or encounternumerous error messages, problemsplacing an order, or issues accessing onlinefeatures/support. People want immediategratification today and will take theirdollars elsewhere if they don’t get it.Even more alarming is the fact that 58%are likely to never return, which meansthe loss of long-term revenue streams.Perhaps they may be more forgiving inthe event of a crisis like a natural disasterbut there will still be those who go to acompetitor and never come back.
  • Word-of-Mouth/Negative Brand Reputation: Thanks to the power of socialmedia, those frustrated by instances ofdowntime will take to Facebook or Twitterto quickly spread their vitriol. Brandbuilding and reputation managementare critical to small businesses. Anynegative attention and publicity broughton by downtime can have long lasting consequences.
  • Disgruntled Employees: In small companies or organizations, the burden of troubleshooting recurring tech issues or getting a system back online will typically fall upon the shoulders of an already busy, possibly overworked, employee. This multi-tasking employee will have to sacrifice bigger priorities to constantly play damage control. He or she will sometimes have to do this outside of normal work hours and may be pulled away from projects that generate revenue. If they aren’t happy about this, they may seek employment elsewhere. Both high turnover and the inability to use an employee’s knowledge and skill set for revenue generating tasks are costly to small-to-medium sized businesses.

Too Many SMBs Aren’t Prioritizing BC/DR Plans

Businesses are fueled by information. They are defined by their ability to efficiently and safely handle the data and vital information they generate or process on a daily basis. It is this data that keeps their day-to-day business functioning, ensuring optimal customer service and interaction. While protecting data is a priority for large enterprises, small-to-midsize business owners have the same responsibility but are challenged by limited budgets. For a start-up, the entire focus must be customer-facing, with few resources directed at anything not driving short-term revenues.

This means far too many SMBs today are failing to employ some very basic safeguards to ensure BC/DR.

A September 2011 CDW Business Continuity Straw Poll suggested that 82% of U.S. service disruptions could be reduced or altogether eliminated by even the most basic BC/DR plan. So why aren’t more SMBs taking these precautions?

  • Failure to Recognize a Problem: Most SMBs don’t think about business continuity or disaster recovery until it’s too late and they’re scrambling to recover after being taken down. It’s ironic since so much focus goes into keeping a business sustainable by growing sales, or outdoing the competition, yet a vital part of “staying in business” is overlooked when it comes to their supporting technology.
  • Intimidating and Complex Planning Tools: SMBs looking to streamline costsand simplify procedures will sometimeswrite off BC/DR practices as unnecessary.Those who do recognize the importanceof preparedness are often overwhelmedby the complex technical jargon thataccompanies business continuity planningand don’t know where to begin when theyhear terms like “business impact analysis”and “risk assessments.”
  • They Feel as if They Can’t Afford It and They’re On Their Own: Decision-makers may know they’re living on theedge without a tested strategy, however,they don’t realize that new technologytrends, and the availability of productslike managed service providers (MSPs),can reduce costs and save on resources.MSPs can leverage their knowledge of anSMB’s specific needs with the numerouscloud and hosted backup and recoverytools currently available today.

Create a plan. CLICK HERE for a free network assessment.

 

Outsourcing Isn’t a Dirty Word – Meet Your IT Team’s New Best Friend: Managed Services

/in /by

Small-to-medium-sized businesses (SMBs) generally don’t have the resources to fully support all IT infrastructure needs. Even if your business has one or several in-house IT technicians on payroll, they’re often so bogged down by routine daily tasks that their talent is wasted. The very core of your business infrastructure is jeopardized if they’re overworked and vulnerable to error. This employee isn’t adding nearly as much value to your business as they should be. It’s not a good place for them or you.

According to the research group Gartner, over 65% of IT budgets go towards tasks that do nothing more than keep the lights on. This means SMBs investing in their technology aren’t necessarily improving operations and efficiency or enhancing their security. They’re just keeping the wheels turning.

The concept of “managed services” has evolved through the last decade. Today, managed service providers (MSPs) are being used by small businesses to cost-effectively manage, service and support their IT processes. MSPs are often called in as an alternative to adding additional in-house staff. Unfortunately, this also means MSPs are typically seen as a threat to the job security of any IT employee that fears they’re about to be replaced by “outsourced” help.

A hybrid approach, utilizing managed services, cloud services, and internal IT support can truly be the best of all worlds. They simultaneously help SMBs achieve a greater return-on-investment (ROI) on their IT costs while allowing existing in-house IT resources to be channeled into more valuable development roles.

  1. A Happier, Less Overwhelmed In-House IT Staff

Many of those never-ending mundane tasks performed by in-house IT support on a daily basis can be automated. While this could easily be interpreted as suggesting on-site staff aren’t necessary, that couldn’t be further from the truth. Your current IT support can leverage all of the benefits of MSP services such as:28

  • Proactive management
  • Remote monitoring
  • End-user help desk
  • 24/7 network operations center
  • Disaster recovery/business continuity solutions
  • Security audits/updates

These services free your in-house IT support from much of the routine daily maintenance and support taking up most of their workday. This enables them to expand their role and work on more meaningful projects. They’re also happier on the job since they’re no longer perpetually overwhelmed or feeling as if they’re wearing too many hats.

In this case, MSPs remove the burden of routine tasks from internal IT support, allowing them to make better use of theirtime. With access to the MSP ticketing and monitoring system, and support from the 24/7 Network Operations Center (NOC), in-house IT have help identifying and addressing system issues before they become business disrupting problems.

Additionally, daily interruptions like constantly having to run to Susie’s computer to figure out why her system is running slow can instead be handled by the Help Desk.

  1. Guided Focus, Direction and Prioritization

Working with a MSP gives existing in-house IT support some much needed focus and direction. MSPs commonly offer a complimentary consultation and network assessment that evaluates the overall performance and health of your IT infrastructure. From there, the MSP will recommend the products or services most beneficial to current IT needs.

This evaluation helps internal IT determine what system oversight and future planning they should be doing. A queue can be created where projects are evaluated and ranked by what’s most critical. Any regular system maintenance tasks can be performed by the MSP while in-house IT can focus on processes that will drive down costs or potentially increase revenue.

  1. Fewer Instances of Failure and Human Error

A high percentage of costly security breaches are the result of human error. This is often because IT employees are stretched too thin and overlook vital security measures, such as applying tested security patches or updating antivirus software programs. Working with a MSP will eliminate much of the work overload that often leads to system or security vulnerabilities. Systems can be backed up in the cloud for an immediate full system restore if needed. Internal IT support will no longer bear sole responsibility for the constant availability and security of stored data.

Many of the issues that become costly business disruptions for SMBs, such as downtime-inducing hardware, software, and application failures, are completely preventable if they’re detected and addressed early enough.

It’s a reality that your systems run 24/7, but you likely don’t have the resources right now for a 24/7 IT staff.

Existing in-house IT support will find their workload to be much more manageable with the help of MSP services like the Remote Monitoring and Management (RMM) tool and the 24/7 NOC. Systems are monitored around-the-clock through a comprehensive interface that can even be viewed on a mobile device. Alerts will notify the in-house IT staff of any potentially threatening issues on the horizon.

30Many SMBs have some incredibly gifted and skilled IT employees on staff that are burdened with way too any responsibilities and tend to get stuck in a routine each day. These employees would be solid contributors to your business if they weren’t running around extinguishing tech fires and handling monotonous tasks that are below their skill-level.

A good MSP acts as an extension of the business they’re servicing. SMBs and MSPs will work very closely together but caution must be taken, as any internal IT staff will likely consider a MSPs presence to be intrusive and a threat to their job security.

SMBs must convince their internal staff that embracing the cloud and leveraging the service desk and RMM tools of a MSP will only make their jobs more manageable and less stressful. Freeing them from manual tasks will allow them to work on projects that matter- developing applications, concepts, and strategies that will benefit the company or organization’s bottom line rather than spending the day tending to the intern’s computer after she clicked a malicious link in a phishing email. Your existing onsite IT support can do much more for your business as you cut costs by exploiting the industry’s best practices, latest tools, and newest technology.

CLICK HERE for a free network assessment from us.

Five Major Benefits of the Cloud for the Healthcare Sector

/in , /by

28How Cloud Computing Enables Industry Advancements

When it comes to staying on top of industry trends, those in the healthcare sector utilizing cloud computing will undoubtedly have an advantage over those slow to adapt to change. The Internet is more widely used now by both patients and those providing health services.

Today’s patient desires anytime/anywhere access to health-related information and physicians may need access to digitized health data such as MRI scans, ultrasound images, or mammograms. Patient information must also be accessed for clinical decision-making such as potential prescription drug interactions or the American Recovery and Reinvestment Act of 2009 (ARRA) funded community health information exchanges (HIEs) that enable health providers and insurers to share a patient’s medical records with his or her permission. The cloud supports all of these.

In many ways, cloud computing levels the playing field as its affordable benefits are available to anyone from a small physician’s office or non-profit to large organizations or insurers. This fosters an all-inclusive collaboration that isn’t restricted to only large institutional players.

Major Benefits of the Cloud for the Healthcare Sector

  1. Security – Ironically, the biggest concern most healthcare entities have about taking to the cloud is one of its biggest strengths. Recent updates have made CSPs as responsible and liable for HIPAA compliance as the healthcare institutions that hire them. CSPs must ensure that data is encrypted, backed up, easily recoverable, and secured with permission-based access.
  2. Costs – Reduced costs are an incentive for healthcare entities to take to the cloud. Costs are dramatically cut since the cloud moves everything into a virtual environment, eliminating the need for costly hardware, software, maintenance, data center space, and IT labor. Pay-as- you-use fees requiring little-to-no capital investment replace these often overwhelming up-front capital expenses.
  3. Scalability – With the 2015 HER conversion deadline nearing, and the fact that health service providers are generally required to maintain patient medical records for at least six years, it’s easy to anticipate that managing such a high volume of patient data will inevitably stress any on-site IT infrastructure. But the cloud presents a scalable alternative where additional server or storage capacity is available as needed.
  4. Mobility – The cloud improves a physician’s ability to remotely access readily available patient information. This enables even the busiest physician to review a patient’s medical records or test results even after they leave the office.
  5. Sharing – Cloud computing keeps physicians better connected to not just their patients but their colleagues as well. Patients will notice benefits to medical professionals being able to share patient information online – for example, referrals to specialists will be more timely, there will be less paperwork to fill out with each office visit, and no unnecessary repeat diagnostic tests.

Are You Ready for This Transition?

The transition to cloud computing is underway in the industry. For healthcare service providers, it is no longer a question of if they will transition to the cloud, but when they can start benefiting from its potential savings and all of its capabilities.

Healthcare is a heavily regulated industry and cloud computing will continue to evolve to meet the industry’s growing security requirements and regulatory mandates. Many legitimate CSPs familiar with the healthcare sector already have strict security protocols in place to comply with regulations and will not hesitate to sign a BAA when asked. It is best to choose a CSP cautiously. Avoid any CSP who refuses to sign a BAA and carefully evaluate even those who do to get a feel for their stability, level of service, and delivery on promises.

Taking care of people – not your IT infrastructure – is your core service. Why not put the money being spent right now on hardware, software and equipment back into patient care while actually strengthening patient data integrity and security? Contact us today if you’d like to learn more about HIPAA compliant cloud-based technology.

CLICK HERE for a free network assessment.

HIPAA and the Cloud – Moving Toward 2015

/in /by

29In the healthcare sector, the storing and sharing of sensitive digitized patient data has become a significant undertaking and is a heavy burden on resources. Preparation for a complete conversion from paper medical records to electronic health records (EHR) by 2015 has independent practitioners and small healthcare entities making significant investments in equipment, hardware and software, and tech-savvy personnel. Rather than focusing on the delivery of core patient care services, they must now worry about IT infrastructure issues, underlying network constraints and data center accessibility as well. This is problematic as very few medical offices or small health service organizations can afford to employ dedicated IT staff.

In this context, it is obvious that cloud-based solutions, which consolidate and outsource computing resources to external entities, would provide substantial relief to healthcare service providers. Data stored in the cloud is available on-demand and requires no expensive equipment, physical home or hired staff to manage and maintain it.

But while other business sectors have fully embraced the cloud for cheaper, more flexible, scalable and secure computing, many in the healthcare sector have yet to entertain putting patient data into the cloud. HIPAA-driven security and privacy concerns have been a serious deterrent.

This is about to change. Recent modifications to the HIPAA Privacy, Security, Enforcement and Breach Rules have made it clearer that data center operators are to be classified as business associates under HIPAA. This means cloud-service providers are required by law to report and respond to data breaches and uphold their obligation to properly protect and secure patient info.

These modifications are a game changer because they now assure covered entities such as doctor offices, hospitals, and health insurers that they can remain HIPAA compliant while adopting cloud technology.

Cloud Computing in Healthcare Sector Projected to Grow

According to recent report by the research firm Markets and Markets, although the healthcare sector has been notoriously slow when it comes to adopting new technology trends, the cloud computing market in this sector is projected to grow to $5.4 billion by 2017.

Breaking Down HIPAA and the Cloud

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was upgraded in 2009 with the Health Information Technology for Economic and Clinical Health (HITECH) ruling addressing the growing use of digitized medical records. HITECH was introduced to provide federal funding to deploy HER and establish a protocol for protecting the electronic storage and transmission of Protected Health Information (PHI). [PHI is defined as any information obtained, used or disclosed in the course of providing a healthcare service–treatment, payment, operations or medical records–that can be used to identify an individual.]

Compliance with HIPAA requires the reporting of any potential unauthorized PHI access. Because any impermissible access, use, or disclosure of PHI can severely damage an organization’s reputation, as well as levy penalties varying from $100 to $50,000 for first time offenders, it is understandable that many in the healthcare industry have chosen to avoid migrating patient data to the cloud unless they’re absolutely certain that a cloud-service provider (CSP) is HIPAA compliant.

Cloud-Service Providers as HIPAA Business Associates

Over the past five years, there has been much confusion whether cloud-service providers were classified as business associates (BAs) under HIPAA. The Department of Health and Human Services holds BAs accountable for certain required privacy and security obligations to protect PHI data, upholding them to a signed Business Associate Agreement (BAA). If confidential health data is compromised, the Associate is liable for responsibilities on their end.

The HIPAA privacy rule defines a BA as “a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity.”

Since most CSPs “maintain” PHI on behalf of either the covered entity or another BA that subcontracts them, one would assume they’d be deemed a BA themselves. But that hasn’t always been the case due to some ambiguous language that originally accompanied the regulation, language that was only just recently modified to expand the scope of BAs as defined by HIPAA.Capture4

As you can see, this language easily leaves “access on a routine basis” up to interpretation. For instance, although it states that HIPAA requires those accessing PHI data on a routine basis be treated as BAs, some CSPs felt they were mere “conduits” of protected data – not very different than courier services or postal services, having only random or infrequent access to public health information as they transport/share it with others. These CSPs would often argue that a signed BAA wasn’t necessary, thus avoiding the added due diligence or security control requirements and liability.

Take a high-volume Platform-as-a-Service (PaaS) for example. Here the CSPs primary role is to provide storage services that enable the covered healthcare entity’s staff, such as a doctor’s office, to routinely look at data stored remotely. While the CSP providing the PaaS bears responsibility for maintenance and upgrades to the hardware, software and the operating system, they don’t touch the actual PHI data all that much. Therefore, a CSP offering PaaS doesn’t necessarily have the same level of PHI access as a cloud provider using Software-as-a-Service (SaaS) who must grant their personnel daily access to PHI.

A similar argument could be made for a CSP who maintains encrypted PHI for a covered healthcare entity but doesn’t hold the encryption key.

This uncertainty was the reason for much of the healthcare sector’s reluctance to take to the cloud. If a cloud-service provider (CSP) didn’t feel the need to sign a BAA, and the patient info they managed was breached, the covered healthcare entity, not the CSP, would be fined.Capture5

The new HIPAA Omnibus Rule further clarifies that BAs and subcontractors of BAs are directly liable for compliance with certain HIPAA Privacy and Security Requirements. This has calmed skeptics, resulting in a healthcare industry now actively looking to cloud-based solutions.

Protecting personal information and cloud security are a must by 2015. CLICK HERE for a free network assessment and choose Cognoscape for your HIPAA compliant managed IT services.

8 Cold Hard Truths for SMBs Not Worried About Disaster Recovery and Business Continuity

/in , /by

27The foundation of any successful business continuity solution is the ability to retrieve data from any point in time from anywhere. When the topic of data recovery and business continuity comes up, you get the feeling that many decision makers at smaller businesses and organizations wish they could channel their inner six year old, simply cover their ears, and sing “La, la, la. I Can’t Hear You. I’m Not Listening.” Everybody things bad things only happen to other people. Just because we hear about a fatal car accident on the morning news, doesn’t mean we fixate on that news when we ourselves get into a car and drive to work. So no matter how many times the owner or CIO of a small to midsize business (SMB) hears of other small businesses being crippled by hurricanes, tornados, fires, or flooding, they aren’t necessarily overcome with fear to the point that they feel an urgency to take action. Sure, they may think about backup and data recovery solutions a little more that day, but not enough to initiate immediate change or reverse a lenient approach to their processes. If you fall into this category, here are eight cold hard truths to consider

  1. It isn’t natural disasters or catastrophic losses like fires that take down small businesses but something far more sinister – malware. Cyber attacks through malware have grown exponentially in the past four years. Malware is hitting everything from PCs to Macs to mobile devices and it’s inflicting damage.
  2. Over half of the small businesses in the U.S. have experienced disruptions in day-to-day business operations. 81% of these incidents have led to downtime that has lasted anywhere from one to three days.
  3. According to data compiled by the Hughes Marketing Group, 90% of companies employing less than 100 people spend fewer than eight hours a month on their business continuity plan.
  4. 80% of businesses that have experienced a major disaster are out of business within three years. Meanwhile, 40% of businesses impacted by critical IT failure cease operations within one year. 44% of businesses ravaged by a fire fail to ever reopen, and only 33% of those that do reopen survive any longer than three years.
  5. Disaster recovery solution providers estimate that 60% to 70% of all business disruptions originate internally – most likely due to hardware or software failure or human error.
  6. 93% of businesses unable to access their data center for ten or more days filed for bankruptcy within twelve months of the incident.
  7. In the United States alone, there are over 140,000 hard drive crashes each week.
  8. 34% of SMBs never test their backup and recovery solutions – of those who do, over 75% found holes and failures in their strategies.

It’s critical that small businesses review their backup and disaster recovery processes and take business continuity seriously. Given the vulnerabilities associated with the cloud and workforce mobility, the risk of critical data loss today is quite serious and firms must be truly prepared for the unexpected.

CLICK HERE for a free network assessment.

5 Ways SMBs Can Save Money on Security

/in /by

26Small-to-medium sized businesses and large enterprises may seem worlds apart, but they face many of the same cyber-security threats. In fact, in recent years, cyber-criminals have increasingly targeted SMBs. This is because it’s widely known that SMBs have a smaller budget, and less in-house expertise, to devote to protection. Thankfully, there are several things SMBs can do today to get more from even the most limited security budget. And, no, we aren’t talking about cutting corners. Far too often, SMBs cut the wrong corners and it ends up costing them more money in the long run. It’s a matter of taking a smarter approach to security. Here are five smart approaches to take

  1. Prioritize – Every business has specific areas or assets critical to its core operations. Seek the input of valued staff and team members to determine what these are. Is there certain data that would be catastrophic if it was lost or stolen? If hackers compromise a network, or prevent access to certain applications, how disruptive would it be to daily business operations? What kind of potential threats or vulnerabilities pose the greatest risk to the company or your customers/clients? Focus on the most likely risks, not theoretical risks that “could happen.” Asking such questions gives you a clearer more complete perspective as to where to focus available security resources.
  2. Develop and Enforce Policies – Every SMB needs to implement a security policy to direct employees on appropriate and inappropriate workplace behaviors relative to network, systems, and data security. Merely drafting this document isn’t enough. Employees must be held accountable if they fail to adhere to policy. Such policies should be updated regularly to reflect new technology and cultural shifts. For example, a document written before social media took off, or before the BYOD (Bring-Your-Own-Device) movement, doesn’t necessarily apply today.
  3. Education – Ongoing end user training must be provided. Many security breaches happen because employees fail to recognize phishing schemes, open emails from unknown sources, create poor passwords that are seldom changed, and don’t take proper precautions when using public Wi-Fi connections on personal mobile devices also used for work.
  4. Take to the Cloud – Running applications and servers in-house is a costly endeavor. Leveraging the cloud today allows SMBs to cut costs while also strengthening their security. Cloud operators typically have built-in security features, alleviating SMBs of the burden of maintaining security themselves. Today, not only can SMBs shift much of the burden of IT to the cloud, but they can also outsource much of their security by taking advantage of the remote monitoring, maintenance, and security tools provided by Managed Service Providers (MSPs).
  5. Don’t Aim for Perfection – There is no such thing as perfect security. Striving for perfection is expensive and can prove to be more costly in the end. Improving protection and response would be a more ideal allocation of funds. It can take a hacker several months to figure out your systems and do real damage. Having the ability to quickly detect their presence, and mitigate any potential damage they may cause, is a more realistic and less expensive approach than thinking you can completely remove any probability whatsoever of a hacker breaching your system

CLICK HERE for a free network assessment and maintain security in the cloud.

Stay Secure My Friend… More Hackers Targeting SMBs

/in , , /by

Many SMBs don’t realize it, but the path to some grand cybercrime score of a lifetime may go right through their backdoor.  SMBs are commonly vendors, suppliers, or service providers who work with much larger enterprises. Unfortunately, they may be unaware that this makes them a prime target for hackers. Worse yet, this may be costing them new business.

Larger companies likely have their security game in check, making it difficult for hackers to crack their data. They have both the financial resources and staffing power to stay on top of security practices. But smaller firms continue to lag when it comes to security. In many cases, the gateway to accessing a large company’s info and data is through the smaller company working with them. Exposed vulnerabilities in security can lead cybercriminals right to the larger corporation they’ve been after.

25Cybercriminals Target Companies with 250 or Fewer Employees

In 2012, Symantec research confirmed that cybercriminals are increasingly targeting smaller businesses with 250 or fewer employees. Attacks aimed at this demographic practically doubled from the previous year. This news has made larger enterprises particularly careful about whom they do business with. This means that any SMB targeting high-end B2B clientele, or those seeking partnerships with large public or government entities, must be prepared to accurately answer questions pertaining to security. This requires an honest assessment of the processes taken to limit security risks.

View Security Measures as Investments

CIOs must start viewing any extra investment to enhance security as a competitive differentiator in attracting new business. Adopting the kind of security measures that large enterprises seek from third-party partners they agree to work with will inevitably pay off. The payoff will come by way of new revenue-generating business contracts that will likely surpass whatever was spent to improve security.

Would-be business partners have likely already asked for specifics about protecting the integrity of their data.  Some larger entities require that SMBs complete a questionnaire addressing their security concerns. This kind of documentation can be legally binding so it’s important that answers aren’t fudged just to land new business. If you can’t answer “yes” to any question about security, find out what it takes to address that particular security concern.

Where a Managed Service Provider Comes In

Anyone who isn’t yet working with a Managed Service Provider (MSP) should consider it. First, a manual network and security assessment offers a third-party perspective that will uncover any potential business-killing security risks. A good MSP will produce a branded risk report to help you gain the confidence of prospects to win new business.

A MSP can properly manage key elements of a small company’s security plan. This includes administrative controls like documentation, security awareness training, and audits as well as technical controls like antivirus software, firewalls, patches, and intrusion prevention. Good management alone can eliminate most security vulnerabilities and improve security.

Stay secure and CLICK HERE for a free network assessment. Managed IT could prevent a security breach.