Author: Stuart Crawford

2018 turned out to be a year of record fines for HIPAA violations. Over $25 million in fines, with the mean fine being just over $2.5 million. Could your medical entity bear that financial burden? Would it suffer irreparable harm from the adverse publicity? And just what violations did these healthcare entities do to get scrutinized, investigated and penalized?

Since 2016, settlements and fines from the Department of Health and Human Services’ Office for Civil Rights (OCR) have risen substantially. Healthcare entities should expect that this trend may continue and remain committed to avoiding HIPAA security breaches, negligence and failure to follow long-standing policies.

2018 Review of OCR Settlements

Whether your business is a smaller, private entity or a large, public entity, OCR investigations are expensive and potentially damaging to your business’s reputation. Prevention is our best defense – don’t let these errors happen.

• Fresenius Medical Care North America. $3,500,000 – Settlement. Risk analysis failure. Impermissible disclosure of ePHI. No policies covering electronic devices. Insufficient encryption; inadequate security policies; inadequate physical safeguards.
• Filefax, Inc. $100,000 – Settlement. Unauthorized disclosure of PHI.
• University of Texas MD Anderson Cancer Center. $4,348,000 – Civil monetary penalty. Impermissible disclosure of ePHI. No Encryption.
• Massachusetts General Hospital. $515,000 – Settlement. Filming patients without consent.
• Brigham and Women’s Hospital. $384,000 – Settlement. Filming patients without consent.
• Boston Medical Center. $100,000 – Settlement. Filming patients without consent.
• Anthem Inc. $16,000,000 – Settlement. Risk analysis failures. Inadequate review of system activity. Failure to respond to an identified breach. Lacking technical controls to thwart unlawful ePHI access.
• Allergy Associates of Hartford. $125,000 – Settlement. PHI disclosure to a journalist. No sanctions against an employee.
• Advanced Care Hospitalists. $500,000 – Settlement. Unauthorized PHI disclosure. No BAA (business associate agreement). Deficient security measures. No HIPAA fulfillment efforts before April 1, 2014.
• Pagosa Springs Medical Center. $111,400 – Settlement. Failure to end employee access. No Business Associate Agreement (BAA).

Don’t forget about your State’s Attorney General’s Office

Medical entities also saw a rise in fines/monetary penalties from state attorney generals. While the penalties are not always for HIPAA violations, they are still a distraction from your healthcare entity’s mission statement, requiring employees’ time and financial resources devoted to defending you against violation of state laws and HIPAA violations. Some states have become more aggressive in enforcement of HIPAA violations. The Northeastern states – New Jersey, New York, Massachusetts, Connecticut and the District of Columbia – have stepped up their enforcement efforts along with Washington State (who has yet to announce a settlement amount with Aetna). Defendants in these actions include insurance companies, hospitals, medical groups and even a transcription company.

State settlement amounts have ranged from a low of $75,000 to a high of over $1,000,000.

Common sense and training along with competent managed IT services will help ensure that your business is at decreased risk of HIPAA fines and penalties.

The deeper your understanding of the scope of potential HIPAA violations, the less likely you’ll be guilty of violating patient privacy. The Department of Health and Human Services publishes OCR news and bulletins on its website. Details of every action are published on a timely basis, including a PDF of the resolution agreement.

Make it a point to review the OCR website on a monthly basis. This site will provide insight into the actionable behaviors that employees or departments may commit.

Many of these offenses seem obvious in retrospect. Ensure that every employee understands these simple violations.

• Business associate agreement. Ensure that BAA agreements with outside vendors are properly executed and that the vendor owner (or their authorized agent) knows of this agreement.
• Terminated employees. Have a written policy regarding terminated employees so that their access to confidential patient information is terminated immediately. Your HR department and IT services vendor should work in unison to change passwords/deny access as soon as the employee leaves or is terminated.
• Filming patients without consent. Don’t be lured into a major HIPAA violation by television and documentary filmmakers. While upper management and the CEO may feel that being featured in a TV series will bring prestige and goodwill to the facility, patients don’t feel that way and are protected by HIPAA.
• Healthcare entities must be proactive in protecting data. Seemingly simple violations like insufficient encryption, no response to a breach or not providing HIPAA training to employees are not a viable excuse to OCR or state attorney generals.

Cybersecurity may be seen as a burdensome expense – protection of data is expensive, but it protects your business’s ability to recover in the event of a natural disaster or ransomware attack. Many of these settlements and penalties resulted from simple mistakes which would not have been costly to avoid. Be proactive and develop a plan to avoid expensive, avoidable HIPAA violations.

In March 2018, Alabama and South Dakota passed laws mandating data breach notification for its residents.

The passage meant all 50 states, the District of Columbia and several U.S. territories now have legal frameworks that require businesses and other entities to notify consumers about compromised data.

All 50 states also have statutes addressing hacking, unauthorized access, computer trespass, viruses or malware, according to the National Conference of State Legislatures (NCSL). Every state has laws that allow consumers to freeze credit reporting, too.

While those milestones are notable, there are broader issues when it comes to legislative approaches to cybersecurity across the United States. There are vast discrepancies and differences among states when it comes to cybersecurity protection.

What Laws Are on the Books About Cybersecurity?

In 2018, there were more than 275 cybersecurity-related bills introduced by state legislatures in 33 states, Washington, D.C., and Puerto Rico. The legislative action covers a broad range of cybersecurity topics, including:

• Appropriations
• Computer crime
• Election security
• Energy and critical infrastructure security
• Government and private-sector security practices
• Incident response remediation
• Workforce training

For companies, especially those that work across state lines, the variances among state laws creates a challenge in tracking requirements and remaining legally compliant.

For example, while most states require immediate notification of a data breach “without unreasonable delay,” the deadlines are varied. Nine states require notification within 45 days, South Dakota allows 60 days and Tennessee allows as many as 90 days. In addition, most states require written notification while some allow for notification via telephone or electronic notice.

While states have focused much of their recent legislation on data privacy, there are many other components of cybersecurity. Again, there is no uniformity. In fact, most states do not have laws about other important cybersecurity issues:

• Half the states have laws addressing denial-of-service attacks.
• Just five states explicitly cite ransomware in statutes.
• Phishing laws are in place in 23 states and Guam.
• Twenty states, Guam and Puerto Rico have laws regarding spyware.

While broader laws addressing malware or computer trespass may be used to prosecute some of these attacks, the discrepancies further illustrate the different approaches and terminology states use.

What States Have Strong Data Privacy Laws?

Here are a few examples of states that have strong legal provisions within their cybersecurity and privacy laws:

• Arkansas. Parental consent is required before student information can be shared with government agencies.
• California. The state passed sweeping data privacy laws in 2018 requiring businesses to inform consumers of what personal information is being collected, disclosed or sold. The law, which goes into effect in 2020, contains provisions giving consumers the right to opt out of having their data sold to a third party. California is the only state with a constitutional declaration that data privacy is an inalienable right.
• Delaware. Recently passed laws restrict advertising to children and protect the privacy of e-book readers.
• Illinois. The state is the only one to protect biometric data.
• Maine. It’s the only state that prohibits law enforcement from tracking people using GPS or other geo-location tools on computers or mobile devices.
• Utah. The state is one of only two that requires ISPs to obtain customer consent before sharing customer data.

What States Have Weak Data Security Laws?

Despite the growing legislative controls on cybersecurity issues and public expectation for data privacy, there are many states that have laws that are lacking, including:

• Alabama. There are no laws on the books that protect the online privacy of K-12 students.
• Mississippi. To date, no laws exist that protect employee personal communications and accounts from employers.
• South Dakota. Companies can retain personal information on employees indefinitely.
• Wyoming. Employers can force employees to hand over passwords to social media accounts.

How Long Does a Company Need to Retain Personal Identifying Information?

Many companies struggle knowing when or if to hold onto personal information on consumers. The challenge is that laws vary greatly from state to state. As of January 2019, according to the NCSL, only 35 states have laws requiring businesses or government entities to destroy or dispose of this data at all.

Of those 35 states:

• Only 14 require both businesses and government agencies to destroy or dispose of data.
• Virginia requires government agencies only but excludes businesses.
• Nineteen states do not require government agencies to dispose of or destroy personal information.

Where Is the Federal Government in Cybersecurity?

The federal government has many laws and rules regarding cybersecurity, from HIPAA to the Cybersecurity Information Sharing Act, which allows for the U.S. government and technology or manufacturing companies to share Internet traffic information.

Other proposed legislation has hit some roadblocks. Take the Data Acquisition and Technology Accountability and Security Act, which would have established a national data breach reporting standard. State attorneys general strongly opposed the legislation, introduced in March 2018. The 32 state AGs argued that the bill would weaken consumer protections, make state laws stronger, and exempt too many companies.

For companies, the variances from state to state present a complex technical challenge. To remain compliant, they need policies, tools and solutions that ensure data is protected and secure.

Managed service providers (MSPs) offer a powerful option to address many data issues. MSPs provide cloud-based, off-site, secure data storage and automated backups. Data, systems and networks are monitored 24/7 to detect and remove unwanted activity. The advanced firewalls, enterprise-strength anti-virus tools and employee education that MSPs provide help maintain compliance and keep data safe from the attacks that trigger responses.

The growth of state legislation to address cybersecurity issues is welcome. The challenge for companies is finding a reliable solution that allows for responsive and responsible action.

Several events in 2018 brought cybersecurity to the forefront of public consciousness, as major sectors– from financial institutions to Facebook– were affected by cybercrime. According to Forbes, 34 percent of US consumers had their personal information compromised in 2018. Security experts and business leaders are constantly looking for ways to keep two steps ahead of hackers. As we ring in the new year, predictions for 2019 are a popular topic. Here is what’s anticipated this year in the cybersecurity realm.

Tougher Regulations

As digital capabilities are rapidly gaining a worldwide foothold, data is becoming our most highly-valued commodity. Many governments are already recognizing the pressing need to protect citizens’ personal information, especially amid mounting pressure from constituents who seek to hold companies accountable. This year will see the rest of the world follow suit, enacting laws that punish corporations and other entities that do not take data security seriously enough. It’s anticipated that such legislation will seek to ensure greater protection for connected devices (also known as the Internet of Things or IoT). These measures are also expected to set cybersecurity standards that reflect the value of the protected data.

Stiffer Penalties

Enacting legislation is a step in the right direction, but appropriate consequences are usually needed to enforce it. The EU led the way in taking a firm stand against cybercrime with the GDPR. The Golden State followed with the California Consumer Privacy Act, which takes effect in 2020. These initiatives establish considerable punitive measures for hackers. The UK required Equifax and Facebook to pay maximum fines as mandated by its data protection law. This year, it’s predicted that several companies, such as British Airways, Facebook, and Google will come under intense scrutiny, and more jurisdictions are likely to enact stiff penalties– perhaps totaling as much as a billion dollars– for compromising data security.

Consistent Data Breach Patterns

Cybercriminals primarily use email and compromised privileges to access consumers’ personal data or engage in other illegal activities, and that trend is likely to remain the status quo in 2019. Businesses and other organizations are advised to put safeguards in place to control privileges and monitor emails, hyperlinks, and attachments.

Cyber Weapon Capabilities Revealed

During the post-World War II era, nuclear war seemed to be the most imminent threat to national security. Today, cyber weapons are believed to carry the greatest potential for harm. Many governments have been developing their cyber arsenal for years, with some using their newfound capabilities to disrupt political systems. Most of these clandestine efforts have been carried out behind closed doors. However, as the threat increases and countries are forced to fine-tune their tactics to defend themselves, they will likely bring their endeavors to light to create a deterrent. Showing hostile governments what might happen should they choose to attack may prevent them from completely unleashing their digital demons– at least for a while. There will likely be outliers who will continue to launch cyber attacks, despite efforts to discourage them. Therefore, companies should do their best to be prepared– developing a proactive, rather than a reactive, strategy.

IoT Working Against Us

Adding to our ever-increasing network of connected devices could have disastrous consequences. It’s expected that cybercriminals will be able to program these devices to attack humans. It may sound like the stuff of a dystopian sci-fi novel, but industry leaders predict that 2019 could well be the year that we see people using machines to target other humans to the point of causing great harm or even death. Hackers, for instance, may set programmable thermostats to keep homes unbearably warm or cold, or intentionally cause navigation systems in self-driving cars to suddenly go awry, colliding with other vehicles or striking pedestrians. These incidents could become so widespread that they span entire countries or transcend continents. For now, people still have some control over their devices. Unfortunately, however, more dire predictions are forecast when the day dawns that we surrender such control completely to artificial intelligence (AI).

Multiple Layers of Authentication

In the near future, you may need more than a password to log into your email, social media, and other Web-based accounts. Windows expert Susan Bradley reported to CSO that, “Only using a password to authenticate is increasingly leaving us open to phishing and other attacks.” As hackers become more adept at accessing your information, you may be asked to answer additional questions after supplying your password to verify that it’s really you. As this will likely prove frustrating for most users, IT providers are seeking a simpler, more sustainable solution.

Of course, with the advancement of technology comes more sophisticated security measures too, so hopefully, these predictions will not be fully realized. It makes sense though, to do everything possible to protect the integrity of your data and ensure that your team is on the same page about the security precautions you plan to take. It’s also important to stay current on the latest legislation, standards, and technology to ensure that you’re in compliance with applicable regulations and that you have the tools to provide continuous data protection. Utilizing the right strategy will also help you adapt to new developments in data security without disrupting operations or leaving sensitive information vulnerable while you search for appropriate solutions.

Use Windows 7? Do you love your Windows 7? Will your need or desire to continue to use Windows 7 surpass this year? If so, you should be aware that in just under one year — January 14, 2020, specifically — Windows 7 Extended Support ends for most users. As such, there are things you need to know and decisions you may have to make. This is your guide to understanding what the expiration of Windows 7 Support may mean for you in one year.

What is the Current Status of Windows 7?

Windows 7 is a reliable desktop OS for Microsoft users. When Windows 8 came out, the differences were so stark that most users preferred to stick to Windows 7.

Why would they stay with an outdated system?

Here’s what Windows 10 offers:

• A straightforward interface that is well-designed and laid out;
• A start menu that combines the old with the new;
• A clutter-free and clean look that is familiar to you;
• Thumbnail previews that allow you to automatically open an item;
• Jump lists that allow you to quickly access files or documents you frequently use;
• Performance that allows the system to boot up comparatively quickly;
• A new calculator to convert units, figure out fuel economy, etc.;
• A new WordPad that offers more formatting features; and — among many other features —
• Upgraded and improved media player and center.

These are just a few of the reasons that so many PC users love their Windows 7 and do not want to particularly give it up, especially when they found Windows 8 a disappointment.

In fact, StatCounter suggests that 41.86% of PC users — who according to Statista makes up nearly 84% of the market share for desktop PCs — use Windows 7 still while another 42.78% use Windows 10 and a sad 8.72% use Windows 8. Those statistics say a lot about Windows 7 and suggest that a lot of people are going to need to figure out what they are going to do before January 2020, if they want their systems to be secure and updated.

Why is Microsoft ending support for Windows 7?

There is no specific reason why Microsoft is ending support for Windows 7 come January 14, 2020, except that this date is the date provided in Window 7’s lifecycle.

Windows 7 Lifecycle
October 22, 2009	Date of general availability for: Windows 7 Professional Home Basic Home Premium Ultimate
October 31, 2013	Retail software end of sales for: Windows 7 Professional Home Basic Home Premium Ultimate
October 31, 2014	End of sales for PCs with Windows preinstalled with: Home Basic Home Premium Ultimate
October 31, 2016	End of sales for PCs with Windows 7 Professional preinstalled
January 13, 2015	End of mainstream support for Windows 7
January 14, 2020	End of extended support for Windows 7

As indicated in the above table, if you did not extend support for Windows 7, then the problem of extended support expiring on January 14, 2020, does not apply to you. If you had purchased that extended support, then you need to pay attention and determine what you want to do because a year will be over before you know it.

What will happen after extended support for Windows 7 expires on January 14, 2020?

Come January 14, 2020, if you are still using Windows 7, rest assured your desktop will still work; Windows 7 will continue to work beyond 2020. The issue here is your extended support.

Come January 14, 2020, extended support expires and with that expiration ends any updates to your PC. That means your system is vulnerable because the latest, most advanced security updates will not be available to you.

Who will be affected by Microsoft’s decision to end support for Windows 7?

It is important to be clear that not all Windows 7 users will be affected by the January 14, 2020 extended support expiration date. In fact, in September 2018, Microsoft announced that some business users can pay for an additional three years of security updates. Unfortunately, this does not extend to home versions.

In other words, if your windows license type is an original equipment manufacturer or a full package product, there will be no extended security updates for you, and this includes all home versions. However, if you purchased a volume license (i.e., Enterprise or Open Value) for Windows 7 Pro or Enterprise, then you can purchase the additional three years of security updates — so primarily only business users can receive the updates at a cost.

What are your options after Microsoft Windows 7 support expires?

If you absolutely must keep Microsoft Windows 7, then you have options, though they may not be optimal options. These options include:

• Playing with the idea of purchasing an upgrade to Windows 10 and then downgrading your rights to Window 7;
• Continuing to run Windows 7 without security updates, but this is not a good option because as computer desktops and software advance, so do the hackers capabilities (home users if careful, can consider it, but it is probably not an option for business users due to legal and liability risks);
• Disconnecting any Windows 7 PC from the internet, but this means disconnecting you to the very thing that keeps you connected to the world, so it may not be your best option either.
• Migrating from Windows 7 to another operating system, e.g. Windows 8 or preferably Windows 10.

What does Windows 10 offer you?

Some PC users are hesitant to switch to Windows 10 because it does have its drawbacks. Some specific Windows 10 drawbacks include:

• The increased sense that Microsoft is invading our privacy with its default settings. Most of these setting can be changed but you must go in and manually make these changes.
• The ability to control your updates is limited when compared to Windows 7. Plus, these updates are made without user knowledge — which only entrenches the sense that PC users are being spied on when something happens to their system without their knowledge, even if it is for their own security.
• The interface is less customizable (e.g., can’t change colors) — and this is unfortunate in an age where we celebrate our differences, including how we set up our interface system.
• Older programs do not run well on Windows 10, so if you have older programs, you may be in need of identifying additional and newer products or software.

That said, it is good to be reminded that even though you love your Windows 7 whether it’s because you simply love it or love it because it’s what you are familiar with, Windows 7 has its own drawbacks, too. Windows 7 drawbacks include:

• Windows 7 was released in 2009. This was a time when iPad was a rumor and mobile phones were not as advanced. Today you want software that works across all your platforms. Windows 7 can’t do this most likely, but Windows 10 can.
• If you ever needed to use a virtual desktop then you know this feature is not available in Windows 7 unless you use Desktops v2.0 software. Virtual desktops allow you to organize your space better and have become an essential tool for modern-day users. Windows 7 does not offer this capability easily but Windows 10 does.
• We all know Apple’s Siri and Google Now. These are convenient built-in assistants to help us do anything from scheduling tasks or appointments, dictating notes, playing music, adding reminders, and much more. Windows 7 does not have a built-in assistant but Windows 10 does: Cortana.
• Ever been in your Windows 7 and want to search the web from your desktop and then realize you can’t. To search the web, you have to navigate to the right tab and then look something up. Windows 7 does not offer a convenient search feature for the internet, but Windows 10 does: the search bar allows you to search anything from your folders, apps, files, Windows store, and the Internet.
• Gaming is another thing so many of us like to do today aside from work. Windows 7 has always been a trusted gaming platform — so this is not a drawback except for the fact that Windows 10 has built on Windows 7 gaming capabilities to make it even better. So, if you like gaming, whether it’s DirectX 12, PC Game DVR, or Xbox one game streaming, among others that you like to use for gaming purposes, then Windows 10 offers the best performance for you.

How to determine what you should do about your Windows 7 come January 14, 2020?

If you are one of those PC users to be affected by the end of extended support for Windows 7 in January 2020, then you have to determine what you will do. The last section implicitly directs you in which way you may consider, but if you are not yet confident in Windows 10, ask yourself the below two sets of questions:

1. Do you use your computer to access the internet? If so, do you keep private information online or conduct private matters online, i.e., financial information, tax information, banking, consumer purchasing via Amazon or other outlets, etc.?
2. Do you like Microsoft’s operating system Windows? Do you want to stay with Windows (but not Windows 8)? If so, would you like something similar to Windows 7 but operates better?

If you answer yes to these questions, then it is safe to say you should consider Windows 10. A free upgrade to Windows 10 expired in 2016, but the price you pay today can save you in the long run.

So, now you have it. There’s a lot to consider if you use Windows 7 and like using it. If you are an owner of a volume license for business users, then you do have a viable and reasonable solution to the deadline: you can purchase another three years of security updates. This option provides you ample time to consider other options and train personnel on new desktop operating systems.

But if you are not a volume license holder, then you really need to consider what you intend to do. Security is highly important today in our virtual worlds and without it, you risk impacting your so-called “real” world. A hacker can destroy what you have built up over the years, from finances to projects to just about anything that is maintained or kept on your computer, in the cloud, or online. The issue of the January 14, 2020 expiration for Windows 7 extended support is indeed a serious one.

Microsoft 365 and its suite of office productivity tools, has some new features for 2019. Microsoft 365, formerly Office 365, is the collection of business software for publishing, communication, mail, presentation, and accounting. The suite of programs including Microsoft Word, Excel, Publisher, Outlook, and PowerPoint have been designed to make work simpler and provide a way for greater collaboration and sharing to take place between internal and external work teams.

Many of these new features should be available to users in Q1 of 2019. These include enhancements to PowerPoint, Word, Outlook, and Teams, to name a few of the offerings available to Microsoft 365 users. Each of these new features is discussed in further detail below. This is an overview of what’s new, how the feature works and what you as a business user should expect.

Microsoft PowerPoint Editor and Forms Updates

Intelligent proofing has come to Microsoft PowerPoint. It is similar to the functionality users have known in Microsoft Word and that has also been available in Microsoft Outlook since the last part of 2018. It takes the machine learning capabilities and natural language process that exists in the program to proof, edit, and make recommendations to users based on the content of the presentation being created.

Things like wrong word choices, misspelled words, and improper grammar are detected in this feature added to PowerPoint. Office Insider users should have access to this enhanced feature with Microsoft 365 users coming online shortly in Q1 of 2019. To determine its availability, a user simply can click on SELECT FILE > OPTIONS > PROOFING. The boxes, “Frequently confused words” and “Mark grammar errors as you type,” should be checked, indicating the availability of the feature.

An additional feature that should be a welcome enhancement for users is the availability of forms in PowerPoint. Feedback, surveys, and questionnaires can be administered simply and easily with the adding of forms to this software program. Forms has been a standard within Word and have now come to PowerPoint. Users interacting with students or in a training environment looking to administer quizzes, or questionnaires with participants now have the facility to do so within PowerPoint.

Microsoft Word Collaboration Enhancements

Writing with Microsoft Word has become even easier in 2019. A new feature allows users to bookmark, or rather, create notes within a document as a reminder to return to that spot in a document. The feature is called inline TODO and it is as simple as typing the word “TODO” (all CAPS) as a placeholder in a document. The user will then have the ability to type a note as a reminder of some thought or action they wish to insert and can choose to continue writing or exit. The TODO placeholder is perfect for those times when a user loses their train of thought and needs to look up additional information or seek the advice or opinions of other members of the team for clarification.

These entries are tracked as To-Dos in the To-Do app, which can be viewed online or on a mobile basis. Every time a user returns to the document, the to-dos that have been coded in the document appear instantly as a reminder. A user (logged into SharePoint or creating a document shared in OneDrive) can also use the “@mention” feature to direct a message to another user within the team to look at the TODO denotation in the document. Office Insider users have immediate access to feature (in preview mode) while Microsoft 365 users will have access to TODO soon in 2019.

Creating and Managing Tasks in Microsoft Outlook

Task features that used to be available only in the desktop version of Microsoft Outlook have been released to web-based users. It allows for greater mobility and less dependency on the desktop for managing important tasks and project workflow. The ability to drop emails into the task icon previously has been limited to desktop users. New for 2019 is the ability of web-based Outlook users to also drop related emails into the task icon in order to properly manage and stay informed on any changes, updates, and any other important communications that may impact a given task.

The same goes for the ability to schedule tasks on a calendar. Where before a user would have been dependent on the desktop version of Outlook to perform scheduling, the new web-based enhancement allows users to perform the same function online. Once scheduling of a task takes place on the user’s calendar, it will be carried over to a mobile user’s To-Do app. Note that this capability is only available to those business customers opted-in the new Outlook.

With organizations working increasingly advanced technology into most aspects of their daily operation, it only follows that employees and customers may occasionally need help using those technologies and fixing problems they encounter. Help desks have emerged as the primary method for giving IT users the support they require to work effectively with technology as they complete their tasks and contribute to their organization’s success.

What is a help desk?

Help desks, or managed operation centers, provide consistent, critical support services to the employees within an organization, and in some cases, their clients. Help desks are run by personnel with extensive technical knowledge who are well-versed in managing, troubleshooting, maintaining and upgrading the various technological tools used by companies across industries.

While some businesses have in-house IT support through designated staff members, that option is often not tenable for many smaller organizations with limited employees and resources. Outsourced technology support allows them to focus their energy on more integral aspects of their practice. Even mid-size and large businesses, however, benefit by partnering with third-party entities that offer expert help desk support and gaining access to an additional resource for their internal IT staff.

What are the benefits of outsourcing help desk support?

Outsourcing IT support provides a number of advantages, particularly for small- to medium-sized businesses (SMBs). Here is a quick look at 10 ways your operation can benefit through outsourcing IT:

1. Cost-savings

Maintaining an in-house help desk can factor as a hefty expense into an organization’s annual budget, especially when benefit packages and other perks are taken into consideration. By entering into a contract with an outsourced help desk, you can tailor the services to fit your specific needs and financial position.

2. Increased Flexibility

Working with an outside provider for your IT support gives your employees flexibility, allowing them to work a broader range of hours without having to worry about not having support should they encounter a problem. Even when working remotely or outside peak hours, they can access a live representative for support.

3. Immediate Response

Help desk specialists are only a phone call, email, or support ticket away. As third-party providers manage IT support for multiple organizations, they will have several technicians on-call to address issues on demand. With a consolidated pool of employees, their efforts can be spread more effectively across the businesses they serve. If the technicians cannot fix the issue remotely, they will respond in person to fix the issue on-site.

4. Diverting Management Responsibilities

Working with a third-party service provider means they will handle their own IT team, relieving you and your human resources department of that responsibility. The firm will oversee the management of their own employees—from recruitment and hiring to training and retention—and take care of tracking their hours and performance, as well as addressing any personnel issues.

5. Access to More Resources

Most companies do not have the financial freedom to acquire the latest IT equipment or jump on emerging technological solutions. Providers whose sole purpose is managing technology, however, will have not only the most current but also a wider variety of resources. This helps even the playing field, especially for small businesses, allowing them to take advantage of advanced technologies without bearing the entire financial burden of procuring them.

6. Support from Highly Trained Specialists

Much like with resources, third-party IT firms can offer a wealth of expertise. Their tech specialists come equipped with a wide range of credentials, training and prior experience with businesses similar to yours, which gives you a strategic advantage. When your organization encounters an IT issue, one of their team members likely will have specialized knowledge and skill-set to troubleshoot that problem.

7. A Preventative Mindset

Help desk engineers are generally in the business of providing maintenance, as well as incident management to prevent problems before they occur. They can offer advice on upgrading old systems and software and suggest other technical solutions to address the root cause of recurring problems. Help desks also track important performance indicators and metrics via remote software, to compile data on average time for technician to accept ticket, average time to resolve problem (or close ticket), average number of tickets per day/user, issues occurring after business hours, communication pertaining to a ticket, and other areas. This statistical reporting is then used for continuous quality improvement.

8. Priority on Partnership

Third-party firms are invested in fulfilling their contract and building a long-term relationship with the organizations they serve, so they will approach help desk support with a cooperative attitude. One of their goals will be to make communicating and collaborating on tasks with the employees, or end users, smoother and less frustrating. The tools they recommend will be designed to bolster this partnership and help employees feel empowered when it comes to using technology, which in turn augments company morale and productivity.

9. Increased Customer Satisfaction

Many companies use outsourced help desk services, such as call flow support, to take care of their clients’ needs or give them technical support when they are using the organization’s website, purchasing products online, or making inquiries into services. Sharing the burden of this task with an external provider frees up employees to focus on their core competencies and daily responsibilities. Additionally, customers benefit by having their problems immediately addressed, which increases customer satisfaction and helps the business both attract and retain clients.

10. Peace of Mind

For many organizations, experiencing excessive downtime because an IT system is experiencing issues can be detrimental. With a team of industry-leading experts in your corner, you can rest at ease that your IT is being taken care of. You won’t have to use your internal employees and their valuable time to fix a problem that resides outside their area of expertise. Your trusty help desk will have the issue under control.

Help desks are aimed at helping the relationship between your business and its technology flourish. They understand the importance of keeping your systems functioning and available to the employees who rely on them to do their job. External providers can provide effective IT management and support at an affordable cost.