Category: Uncategorized

2018 turned out to be a year of record fines for HIPAA violations. Over $25 million in fines, with the mean fine being just over $2.5 million. Could your medical entity bear that financial burden? Would it suffer irreparable harm from the adverse publicity? And just what violations did these healthcare entities do to get scrutinized, investigated and penalized?

Since 2016, settlements and fines from the Department of Health and Human Services’ Office for Civil Rights (OCR) have risen substantially. Healthcare entities should expect that this trend may continue and remain committed to avoiding HIPAA security breaches, negligence and failure to follow long-standing policies.

2018 Review of OCR Settlements

Whether your business is a smaller, private entity or a large, public entity, OCR investigations are expensive and potentially damaging to your business’s reputation. Prevention is our best defense – don’t let these errors happen.

• Fresenius Medical Care North America. $3,500,000 – Settlement. Risk analysis failure. Impermissible disclosure of ePHI. No policies covering electronic devices. Insufficient encryption; inadequate security policies; inadequate physical safeguards.
• Filefax, Inc. $100,000 – Settlement. Unauthorized disclosure of PHI.
• University of Texas MD Anderson Cancer Center. $4,348,000 – Civil monetary penalty. Impermissible disclosure of ePHI. No Encryption.
• Massachusetts General Hospital. $515,000 – Settlement. Filming patients without consent.
• Brigham and Women’s Hospital. $384,000 – Settlement. Filming patients without consent.
• Boston Medical Center. $100,000 – Settlement. Filming patients without consent.
• Anthem Inc. $16,000,000 – Settlement. Risk analysis failures. Inadequate review of system activity. Failure to respond to an identified breach. Lacking technical controls to thwart unlawful ePHI access.
• Allergy Associates of Hartford. $125,000 – Settlement. PHI disclosure to a journalist. No sanctions against an employee.
• Advanced Care Hospitalists. $500,000 – Settlement. Unauthorized PHI disclosure. No BAA (business associate agreement). Deficient security measures. No HIPAA fulfillment efforts before April 1, 2014.
• Pagosa Springs Medical Center. $111,400 – Settlement. Failure to end employee access. No Business Associate Agreement (BAA).

Don’t forget about your State’s Attorney General’s Office

Medical entities also saw a rise in fines/monetary penalties from state attorney generals. While the penalties are not always for HIPAA violations, they are still a distraction from your healthcare entity’s mission statement, requiring employees’ time and financial resources devoted to defending you against violation of state laws and HIPAA violations. Some states have become more aggressive in enforcement of HIPAA violations. The Northeastern states – New Jersey, New York, Massachusetts, Connecticut and the District of Columbia – have stepped up their enforcement efforts along with Washington State (who has yet to announce a settlement amount with Aetna). Defendants in these actions include insurance companies, hospitals, medical groups and even a transcription company.

State settlement amounts have ranged from a low of $75,000 to a high of over $1,000,000.

Common sense and training along with competent managed IT services will help ensure that your business is at decreased risk of HIPAA fines and penalties.

The deeper your understanding of the scope of potential HIPAA violations, the less likely you’ll be guilty of violating patient privacy. The Department of Health and Human Services publishes OCR news and bulletins on its website. Details of every action are published on a timely basis, including a PDF of the resolution agreement.

Make it a point to review the OCR website on a monthly basis. This site will provide insight into the actionable behaviors that employees or departments may commit.

Many of these offenses seem obvious in retrospect. Ensure that every employee understands these simple violations.

• Business associate agreement. Ensure that BAA agreements with outside vendors are properly executed and that the vendor owner (or their authorized agent) knows of this agreement.
• Terminated employees. Have a written policy regarding terminated employees so that their access to confidential patient information is terminated immediately. Your HR department and IT services vendor should work in unison to change passwords/deny access as soon as the employee leaves or is terminated.
• Filming patients without consent. Don’t be lured into a major HIPAA violation by television and documentary filmmakers. While upper management and the CEO may feel that being featured in a TV series will bring prestige and goodwill to the facility, patients don’t feel that way and are protected by HIPAA.
• Healthcare entities must be proactive in protecting data. Seemingly simple violations like insufficient encryption, no response to a breach or not providing HIPAA training to employees are not a viable excuse to OCR or state attorney generals.

Cybersecurity may be seen as a burdensome expense – protection of data is expensive, but it protects your business’s ability to recover in the event of a natural disaster or ransomware attack. Many of these settlements and penalties resulted from simple mistakes which would not have been costly to avoid. Be proactive and develop a plan to avoid expensive, avoidable HIPAA violations.

In March 2018, Alabama and South Dakota passed laws mandating data breach notification for its residents.

The passage meant all 50 states, the District of Columbia and several U.S. territories now have legal frameworks that require businesses and other entities to notify consumers about compromised data.

All 50 states also have statutes addressing hacking, unauthorized access, computer trespass, viruses or malware, according to the National Conference of State Legislatures (NCSL). Every state has laws that allow consumers to freeze credit reporting, too.

While those milestones are notable, there are broader issues when it comes to legislative approaches to cybersecurity across the United States. There are vast discrepancies and differences among states when it comes to cybersecurity protection.

What Laws Are on the Books About Cybersecurity?

In 2018, there were more than 275 cybersecurity-related bills introduced by state legislatures in 33 states, Washington, D.C., and Puerto Rico. The legislative action covers a broad range of cybersecurity topics, including:

• Appropriations
• Computer crime
• Election security
• Energy and critical infrastructure security
• Government and private-sector security practices
• Incident response remediation
• Workforce training

For companies, especially those that work across state lines, the variances among state laws creates a challenge in tracking requirements and remaining legally compliant.

For example, while most states require immediate notification of a data breach “without unreasonable delay,” the deadlines are varied. Nine states require notification within 45 days, South Dakota allows 60 days and Tennessee allows as many as 90 days. In addition, most states require written notification while some allow for notification via telephone or electronic notice.

While states have focused much of their recent legislation on data privacy, there are many other components of cybersecurity. Again, there is no uniformity. In fact, most states do not have laws about other important cybersecurity issues:

• Half the states have laws addressing denial-of-service attacks.
• Just five states explicitly cite ransomware in statutes.
• Phishing laws are in place in 23 states and Guam.
• Twenty states, Guam and Puerto Rico have laws regarding spyware.

While broader laws addressing malware or computer trespass may be used to prosecute some of these attacks, the discrepancies further illustrate the different approaches and terminology states use.

What States Have Strong Data Privacy Laws?

Here are a few examples of states that have strong legal provisions within their cybersecurity and privacy laws:

• Arkansas. Parental consent is required before student information can be shared with government agencies.
• California. The state passed sweeping data privacy laws in 2018 requiring businesses to inform consumers of what personal information is being collected, disclosed or sold. The law, which goes into effect in 2020, contains provisions giving consumers the right to opt out of having their data sold to a third party. California is the only state with a constitutional declaration that data privacy is an inalienable right.
• Delaware. Recently passed laws restrict advertising to children and protect the privacy of e-book readers.
• Illinois. The state is the only one to protect biometric data.
• Maine. It’s the only state that prohibits law enforcement from tracking people using GPS or other geo-location tools on computers or mobile devices.
• Utah. The state is one of only two that requires ISPs to obtain customer consent before sharing customer data.

What States Have Weak Data Security Laws?

Despite the growing legislative controls on cybersecurity issues and public expectation for data privacy, there are many states that have laws that are lacking, including:

• Alabama. There are no laws on the books that protect the online privacy of K-12 students.
• Mississippi. To date, no laws exist that protect employee personal communications and accounts from employers.
• South Dakota. Companies can retain personal information on employees indefinitely.
• Wyoming. Employers can force employees to hand over passwords to social media accounts.

How Long Does a Company Need to Retain Personal Identifying Information?

Many companies struggle knowing when or if to hold onto personal information on consumers. The challenge is that laws vary greatly from state to state. As of January 2019, according to the NCSL, only 35 states have laws requiring businesses or government entities to destroy or dispose of this data at all.

Of those 35 states:

• Only 14 require both businesses and government agencies to destroy or dispose of data.
• Virginia requires government agencies only but excludes businesses.
• Nineteen states do not require government agencies to dispose of or destroy personal information.

Where Is the Federal Government in Cybersecurity?

The federal government has many laws and rules regarding cybersecurity, from HIPAA to the Cybersecurity Information Sharing Act, which allows for the U.S. government and technology or manufacturing companies to share Internet traffic information.

Other proposed legislation has hit some roadblocks. Take the Data Acquisition and Technology Accountability and Security Act, which would have established a national data breach reporting standard. State attorneys general strongly opposed the legislation, introduced in March 2018. The 32 state AGs argued that the bill would weaken consumer protections, make state laws stronger, and exempt too many companies.

For companies, the variances from state to state present a complex technical challenge. To remain compliant, they need policies, tools and solutions that ensure data is protected and secure.

Managed service providers (MSPs) offer a powerful option to address many data issues. MSPs provide cloud-based, off-site, secure data storage and automated backups. Data, systems and networks are monitored 24/7 to detect and remove unwanted activity. The advanced firewalls, enterprise-strength anti-virus tools and employee education that MSPs provide help maintain compliance and keep data safe from the attacks that trigger responses.

The growth of state legislation to address cybersecurity issues is welcome. The challenge for companies is finding a reliable solution that allows for responsive and responsible action.

Several events in 2018 brought cybersecurity to the forefront of public consciousness, as major sectors– from financial institutions to Facebook– were affected by cybercrime. According to Forbes, 34 percent of US consumers had their personal information compromised in 2018. Security experts and business leaders are constantly looking for ways to keep two steps ahead of hackers. As we ring in the new year, predictions for 2019 are a popular topic. Here is what’s anticipated this year in the cybersecurity realm.

Tougher Regulations

As digital capabilities are rapidly gaining a worldwide foothold, data is becoming our most highly-valued commodity. Many governments are already recognizing the pressing need to protect citizens’ personal information, especially amid mounting pressure from constituents who seek to hold companies accountable. This year will see the rest of the world follow suit, enacting laws that punish corporations and other entities that do not take data security seriously enough. It’s anticipated that such legislation will seek to ensure greater protection for connected devices (also known as the Internet of Things or IoT). These measures are also expected to set cybersecurity standards that reflect the value of the protected data.

Stiffer Penalties

Enacting legislation is a step in the right direction, but appropriate consequences are usually needed to enforce it. The EU led the way in taking a firm stand against cybercrime with the GDPR. The Golden State followed with the California Consumer Privacy Act, which takes effect in 2020. These initiatives establish considerable punitive measures for hackers. The UK required Equifax and Facebook to pay maximum fines as mandated by its data protection law. This year, it’s predicted that several companies, such as British Airways, Facebook, and Google will come under intense scrutiny, and more jurisdictions are likely to enact stiff penalties– perhaps totaling as much as a billion dollars– for compromising data security.

Consistent Data Breach Patterns

Cybercriminals primarily use email and compromised privileges to access consumers’ personal data or engage in other illegal activities, and that trend is likely to remain the status quo in 2019. Businesses and other organizations are advised to put safeguards in place to control privileges and monitor emails, hyperlinks, and attachments.

Cyber Weapon Capabilities Revealed

During the post-World War II era, nuclear war seemed to be the most imminent threat to national security. Today, cyber weapons are believed to carry the greatest potential for harm. Many governments have been developing their cyber arsenal for years, with some using their newfound capabilities to disrupt political systems. Most of these clandestine efforts have been carried out behind closed doors. However, as the threat increases and countries are forced to fine-tune their tactics to defend themselves, they will likely bring their endeavors to light to create a deterrent. Showing hostile governments what might happen should they choose to attack may prevent them from completely unleashing their digital demons– at least for a while. There will likely be outliers who will continue to launch cyber attacks, despite efforts to discourage them. Therefore, companies should do their best to be prepared– developing a proactive, rather than a reactive, strategy.

IoT Working Against Us

Adding to our ever-increasing network of connected devices could have disastrous consequences. It’s expected that cybercriminals will be able to program these devices to attack humans. It may sound like the stuff of a dystopian sci-fi novel, but industry leaders predict that 2019 could well be the year that we see people using machines to target other humans to the point of causing great harm or even death. Hackers, for instance, may set programmable thermostats to keep homes unbearably warm or cold, or intentionally cause navigation systems in self-driving cars to suddenly go awry, colliding with other vehicles or striking pedestrians. These incidents could become so widespread that they span entire countries or transcend continents. For now, people still have some control over their devices. Unfortunately, however, more dire predictions are forecast when the day dawns that we surrender such control completely to artificial intelligence (AI).

Multiple Layers of Authentication

In the near future, you may need more than a password to log into your email, social media, and other Web-based accounts. Windows expert Susan Bradley reported to CSO that, “Only using a password to authenticate is increasingly leaving us open to phishing and other attacks.” As hackers become more adept at accessing your information, you may be asked to answer additional questions after supplying your password to verify that it’s really you. As this will likely prove frustrating for most users, IT providers are seeking a simpler, more sustainable solution.

Of course, with the advancement of technology comes more sophisticated security measures too, so hopefully, these predictions will not be fully realized. It makes sense though, to do everything possible to protect the integrity of your data and ensure that your team is on the same page about the security precautions you plan to take. It’s also important to stay current on the latest legislation, standards, and technology to ensure that you’re in compliance with applicable regulations and that you have the tools to provide continuous data protection. Utilizing the right strategy will also help you adapt to new developments in data security without disrupting operations or leaving sensitive information vulnerable while you search for appropriate solutions.

Use Windows 7? Do you love your Windows 7? Will your need or desire to continue to use Windows 7 surpass this year? If so, you should be aware that in just under one year — January 14, 2020, specifically — Windows 7 Extended Support ends for most users. As such, there are things you need to know and decisions you may have to make. This is your guide to understanding what the expiration of Windows 7 Support may mean for you in one year.

What is the Current Status of Windows 7?

Windows 7 is a reliable desktop OS for Microsoft users. When Windows 8 came out, the differences were so stark that most users preferred to stick to Windows 7.

Why would they stay with an outdated system?

Here’s what Windows 10 offers:

• A straightforward interface that is well-designed and laid out;
• A start menu that combines the old with the new;
• A clutter-free and clean look that is familiar to you;
• Thumbnail previews that allow you to automatically open an item;
• Jump lists that allow you to quickly access files or documents you frequently use;
• Performance that allows the system to boot up comparatively quickly;
• A new calculator to convert units, figure out fuel economy, etc.;
• A new WordPad that offers more formatting features; and — among many other features —
• Upgraded and improved media player and center.

These are just a few of the reasons that so many PC users love their Windows 7 and do not want to particularly give it up, especially when they found Windows 8 a disappointment.

In fact, StatCounter suggests that 41.86% of PC users — who according to Statista makes up nearly 84% of the market share for desktop PCs — use Windows 7 still while another 42.78% use Windows 10 and a sad 8.72% use Windows 8. Those statistics say a lot about Windows 7 and suggest that a lot of people are going to need to figure out what they are going to do before January 2020, if they want their systems to be secure and updated.

Why is Microsoft ending support for Windows 7?

There is no specific reason why Microsoft is ending support for Windows 7 come January 14, 2020, except that this date is the date provided in Window 7’s lifecycle.

Windows 7 Lifecycle
October 22, 2009	Date of general availability for: Windows 7 Professional Home Basic Home Premium Ultimate
October 31, 2013	Retail software end of sales for: Windows 7 Professional Home Basic Home Premium Ultimate
October 31, 2014	End of sales for PCs with Windows preinstalled with: Home Basic Home Premium Ultimate
October 31, 2016	End of sales for PCs with Windows 7 Professional preinstalled
January 13, 2015	End of mainstream support for Windows 7
January 14, 2020	End of extended support for Windows 7

As indicated in the above table, if you did not extend support for Windows 7, then the problem of extended support expiring on January 14, 2020, does not apply to you. If you had purchased that extended support, then you need to pay attention and determine what you want to do because a year will be over before you know it.

What will happen after extended support for Windows 7 expires on January 14, 2020?

Come January 14, 2020, if you are still using Windows 7, rest assured your desktop will still work; Windows 7 will continue to work beyond 2020. The issue here is your extended support.

Come January 14, 2020, extended support expires and with that expiration ends any updates to your PC. That means your system is vulnerable because the latest, most advanced security updates will not be available to you.

Who will be affected by Microsoft’s decision to end support for Windows 7?

It is important to be clear that not all Windows 7 users will be affected by the January 14, 2020 extended support expiration date. In fact, in September 2018, Microsoft announced that some business users can pay for an additional three years of security updates. Unfortunately, this does not extend to home versions.

In other words, if your windows license type is an original equipment manufacturer or a full package product, there will be no extended security updates for you, and this includes all home versions. However, if you purchased a volume license (i.e., Enterprise or Open Value) for Windows 7 Pro or Enterprise, then you can purchase the additional three years of security updates — so primarily only business users can receive the updates at a cost.

What are your options after Microsoft Windows 7 support expires?

If you absolutely must keep Microsoft Windows 7, then you have options, though they may not be optimal options. These options include:

• Playing with the idea of purchasing an upgrade to Windows 10 and then downgrading your rights to Window 7;
• Continuing to run Windows 7 without security updates, but this is not a good option because as computer desktops and software advance, so do the hackers capabilities (home users if careful, can consider it, but it is probably not an option for business users due to legal and liability risks);
• Disconnecting any Windows 7 PC from the internet, but this means disconnecting you to the very thing that keeps you connected to the world, so it may not be your best option either.
• Migrating from Windows 7 to another operating system, e.g. Windows 8 or preferably Windows 10.

What does Windows 10 offer you?

Some PC users are hesitant to switch to Windows 10 because it does have its drawbacks. Some specific Windows 10 drawbacks include:

• The increased sense that Microsoft is invading our privacy with its default settings. Most of these setting can be changed but you must go in and manually make these changes.
• The ability to control your updates is limited when compared to Windows 7. Plus, these updates are made without user knowledge — which only entrenches the sense that PC users are being spied on when something happens to their system without their knowledge, even if it is for their own security.
• The interface is less customizable (e.g., can’t change colors) — and this is unfortunate in an age where we celebrate our differences, including how we set up our interface system.
• Older programs do not run well on Windows 10, so if you have older programs, you may be in need of identifying additional and newer products or software.

That said, it is good to be reminded that even though you love your Windows 7 whether it’s because you simply love it or love it because it’s what you are familiar with, Windows 7 has its own drawbacks, too. Windows 7 drawbacks include:

• Windows 7 was released in 2009. This was a time when iPad was a rumor and mobile phones were not as advanced. Today you want software that works across all your platforms. Windows 7 can’t do this most likely, but Windows 10 can.
• If you ever needed to use a virtual desktop then you know this feature is not available in Windows 7 unless you use Desktops v2.0 software. Virtual desktops allow you to organize your space better and have become an essential tool for modern-day users. Windows 7 does not offer this capability easily but Windows 10 does.
• We all know Apple’s Siri and Google Now. These are convenient built-in assistants to help us do anything from scheduling tasks or appointments, dictating notes, playing music, adding reminders, and much more. Windows 7 does not have a built-in assistant but Windows 10 does: Cortana.
• Ever been in your Windows 7 and want to search the web from your desktop and then realize you can’t. To search the web, you have to navigate to the right tab and then look something up. Windows 7 does not offer a convenient search feature for the internet, but Windows 10 does: the search bar allows you to search anything from your folders, apps, files, Windows store, and the Internet.
• Gaming is another thing so many of us like to do today aside from work. Windows 7 has always been a trusted gaming platform — so this is not a drawback except for the fact that Windows 10 has built on Windows 7 gaming capabilities to make it even better. So, if you like gaming, whether it’s DirectX 12, PC Game DVR, or Xbox one game streaming, among others that you like to use for gaming purposes, then Windows 10 offers the best performance for you.

How to determine what you should do about your Windows 7 come January 14, 2020?

If you are one of those PC users to be affected by the end of extended support for Windows 7 in January 2020, then you have to determine what you will do. The last section implicitly directs you in which way you may consider, but if you are not yet confident in Windows 10, ask yourself the below two sets of questions:

1. Do you use your computer to access the internet? If so, do you keep private information online or conduct private matters online, i.e., financial information, tax information, banking, consumer purchasing via Amazon or other outlets, etc.?
2. Do you like Microsoft’s operating system Windows? Do you want to stay with Windows (but not Windows 8)? If so, would you like something similar to Windows 7 but operates better?

If you answer yes to these questions, then it is safe to say you should consider Windows 10. A free upgrade to Windows 10 expired in 2016, but the price you pay today can save you in the long run.

So, now you have it. There’s a lot to consider if you use Windows 7 and like using it. If you are an owner of a volume license for business users, then you do have a viable and reasonable solution to the deadline: you can purchase another three years of security updates. This option provides you ample time to consider other options and train personnel on new desktop operating systems.

But if you are not a volume license holder, then you really need to consider what you intend to do. Security is highly important today in our virtual worlds and without it, you risk impacting your so-called “real” world. A hacker can destroy what you have built up over the years, from finances to projects to just about anything that is maintained or kept on your computer, in the cloud, or online. The issue of the January 14, 2020 expiration for Windows 7 extended support is indeed a serious one.

Microsoft 365 and its suite of office productivity tools, has some new features for 2019. Microsoft 365, formerly Office 365, is the collection of business software for publishing, communication, mail, presentation, and accounting. The suite of programs including Microsoft Word, Excel, Publisher, Outlook, and PowerPoint have been designed to make work simpler and provide a way for greater collaboration and sharing to take place between internal and external work teams.

Many of these new features should be available to users in Q1 of 2019. These include enhancements to PowerPoint, Word, Outlook, and Teams, to name a few of the offerings available to Microsoft 365 users. Each of these new features is discussed in further detail below. This is an overview of what’s new, how the feature works and what you as a business user should expect.

Microsoft PowerPoint Editor and Forms Updates

Intelligent proofing has come to Microsoft PowerPoint. It is similar to the functionality users have known in Microsoft Word and that has also been available in Microsoft Outlook since the last part of 2018. It takes the machine learning capabilities and natural language process that exists in the program to proof, edit, and make recommendations to users based on the content of the presentation being created.

Things like wrong word choices, misspelled words, and improper grammar are detected in this feature added to PowerPoint. Office Insider users should have access to this enhanced feature with Microsoft 365 users coming online shortly in Q1 of 2019. To determine its availability, a user simply can click on SELECT FILE > OPTIONS > PROOFING. The boxes, “Frequently confused words” and “Mark grammar errors as you type,” should be checked, indicating the availability of the feature.

An additional feature that should be a welcome enhancement for users is the availability of forms in PowerPoint. Feedback, surveys, and questionnaires can be administered simply and easily with the adding of forms to this software program. Forms has been a standard within Word and have now come to PowerPoint. Users interacting with students or in a training environment looking to administer quizzes, or questionnaires with participants now have the facility to do so within PowerPoint.

Microsoft Word Collaboration Enhancements

Writing with Microsoft Word has become even easier in 2019. A new feature allows users to bookmark, or rather, create notes within a document as a reminder to return to that spot in a document. The feature is called inline TODO and it is as simple as typing the word “TODO” (all CAPS) as a placeholder in a document. The user will then have the ability to type a note as a reminder of some thought or action they wish to insert and can choose to continue writing or exit. The TODO placeholder is perfect for those times when a user loses their train of thought and needs to look up additional information or seek the advice or opinions of other members of the team for clarification.

These entries are tracked as To-Dos in the To-Do app, which can be viewed online or on a mobile basis. Every time a user returns to the document, the to-dos that have been coded in the document appear instantly as a reminder. A user (logged into SharePoint or creating a document shared in OneDrive) can also use the “@mention” feature to direct a message to another user within the team to look at the TODO denotation in the document. Office Insider users have immediate access to feature (in preview mode) while Microsoft 365 users will have access to TODO soon in 2019.

Creating and Managing Tasks in Microsoft Outlook

Task features that used to be available only in the desktop version of Microsoft Outlook have been released to web-based users. It allows for greater mobility and less dependency on the desktop for managing important tasks and project workflow. The ability to drop emails into the task icon previously has been limited to desktop users. New for 2019 is the ability of web-based Outlook users to also drop related emails into the task icon in order to properly manage and stay informed on any changes, updates, and any other important communications that may impact a given task.

The same goes for the ability to schedule tasks on a calendar. Where before a user would have been dependent on the desktop version of Outlook to perform scheduling, the new web-based enhancement allows users to perform the same function online. Once scheduling of a task takes place on the user’s calendar, it will be carried over to a mobile user’s To-Do app. Note that this capability is only available to those business customers opted-in the new Outlook.

With organizations working increasingly advanced technology into most aspects of their daily operation, it only follows that employees and customers may occasionally need help using those technologies and fixing problems they encounter. Help desks have emerged as the primary method for giving IT users the support they require to work effectively with technology as they complete their tasks and contribute to their organization’s success.

What is a help desk?

Help desks, or managed operation centers, provide consistent, critical support services to the employees within an organization, and in some cases, their clients. Help desks are run by personnel with extensive technical knowledge who are well-versed in managing, troubleshooting, maintaining and upgrading the various technological tools used by companies across industries.

While some businesses have in-house IT support through designated staff members, that option is often not tenable for many smaller organizations with limited employees and resources. Outsourced technology support allows them to focus their energy on more integral aspects of their practice. Even mid-size and large businesses, however, benefit by partnering with third-party entities that offer expert help desk support and gaining access to an additional resource for their internal IT staff.

What are the benefits of outsourcing help desk support?

Outsourcing IT support provides a number of advantages, particularly for small- to medium-sized businesses (SMBs). Here is a quick look at 10 ways your operation can benefit through outsourcing IT:

1. Cost-savings

Maintaining an in-house help desk can factor as a hefty expense into an organization’s annual budget, especially when benefit packages and other perks are taken into consideration. By entering into a contract with an outsourced help desk, you can tailor the services to fit your specific needs and financial position.

2. Increased Flexibility

Working with an outside provider for your IT support gives your employees flexibility, allowing them to work a broader range of hours without having to worry about not having support should they encounter a problem. Even when working remotely or outside peak hours, they can access a live representative for support.

3. Immediate Response

Help desk specialists are only a phone call, email, or support ticket away. As third-party providers manage IT support for multiple organizations, they will have several technicians on-call to address issues on demand. With a consolidated pool of employees, their efforts can be spread more effectively across the businesses they serve. If the technicians cannot fix the issue remotely, they will respond in person to fix the issue on-site.

4. Diverting Management Responsibilities

Working with a third-party service provider means they will handle their own IT team, relieving you and your human resources department of that responsibility. The firm will oversee the management of their own employees—from recruitment and hiring to training and retention—and take care of tracking their hours and performance, as well as addressing any personnel issues.

5. Access to More Resources

Most companies do not have the financial freedom to acquire the latest IT equipment or jump on emerging technological solutions. Providers whose sole purpose is managing technology, however, will have not only the most current but also a wider variety of resources. This helps even the playing field, especially for small businesses, allowing them to take advantage of advanced technologies without bearing the entire financial burden of procuring them.

6. Support from Highly Trained Specialists

Much like with resources, third-party IT firms can offer a wealth of expertise. Their tech specialists come equipped with a wide range of credentials, training and prior experience with businesses similar to yours, which gives you a strategic advantage. When your organization encounters an IT issue, one of their team members likely will have specialized knowledge and skill-set to troubleshoot that problem.

7. A Preventative Mindset

Help desk engineers are generally in the business of providing maintenance, as well as incident management to prevent problems before they occur. They can offer advice on upgrading old systems and software and suggest other technical solutions to address the root cause of recurring problems. Help desks also track important performance indicators and metrics via remote software, to compile data on average time for technician to accept ticket, average time to resolve problem (or close ticket), average number of tickets per day/user, issues occurring after business hours, communication pertaining to a ticket, and other areas. This statistical reporting is then used for continuous quality improvement.

8. Priority on Partnership

Third-party firms are invested in fulfilling their contract and building a long-term relationship with the organizations they serve, so they will approach help desk support with a cooperative attitude. One of their goals will be to make communicating and collaborating on tasks with the employees, or end users, smoother and less frustrating. The tools they recommend will be designed to bolster this partnership and help employees feel empowered when it comes to using technology, which in turn augments company morale and productivity.

9. Increased Customer Satisfaction

Many companies use outsourced help desk services, such as call flow support, to take care of their clients’ needs or give them technical support when they are using the organization’s website, purchasing products online, or making inquiries into services. Sharing the burden of this task with an external provider frees up employees to focus on their core competencies and daily responsibilities. Additionally, customers benefit by having their problems immediately addressed, which increases customer satisfaction and helps the business both attract and retain clients.

10. Peace of Mind

For many organizations, experiencing excessive downtime because an IT system is experiencing issues can be detrimental. With a team of industry-leading experts in your corner, you can rest at ease that your IT is being taken care of. You won’t have to use your internal employees and their valuable time to fix a problem that resides outside their area of expertise. Your trusty help desk will have the issue under control.

Help desks are aimed at helping the relationship between your business and its technology flourish. They understand the importance of keeping your systems functioning and available to the employees who rely on them to do their job. External providers can provide effective IT management and support at an affordable cost.

Of the risks your company faces on a regular basis, those associated with your IT department are likely a low concern and priority. The fact is, in today’s world most office professionals are capable of conducting the majority of their own IT work as needed for their individual devices. However, that isn’t their primary job description; their time is better used for the projects they were hired to do. There is also a matter of uniformity and consistency with how work is performed. When these issues are considered, it begins to make sense as to why a designated IT team is generally a worthwhile investment.

What Are Managed IT Services?

Just like employees are specialists in their own job description, IT people also tend to have specialties. Although IT people have the training and education required to work in any field, their personal expertise depends on their individual professional experience. Someone who has worked in architectural offices, as an example, may have a bit of learning curve when dealing with medical software and equipment. That’s not to say they “can’t” do the job and do it well, but they will take longer and likely have to correct some errors after initial setup. Hiring an outside source with specific industry experience for managed IT services is recognized as a solution for these and other problems that arise when using an in-house team.

Budgeting and Accounting for IT Expenses

With an in-house IT department, you know what you pay the employees who conduct the work, but are you aware of how much you’re really spending regarding efficiency? This can include issues with how much downtime the IT team has, and how much time other employees are spending to do some of the work themselves. Many office needs can be provided with an app, but what happens when the marketing department is using one app while the sales team uses a different app? Then you have to consider the time spent when they work together to make their work compatible with each other. An in-house IT team will likely work with each department individually rather than pointing out how efficiency would be boosted if they both agreed to use the same programming. Having an outside managed IT resource is going to be more likely to assure such inconsistencies are corrected.

Maintaining a Secure Network

To the layman, “Secure Network” can vary according to each person’s concerns. Cyber attack is something everyone who uses a computer is aware of, and certainly a threat every company faces. But there are other ways in which a network can be insecure. Imagine the nightmare of having a major system-wide failure and losing important client information. Such an incident might happen from a computer crash due to improper setup, outdated software, or even a natural disaster. It’s important to remember information has to be backed up, securely, as insurance might cover the physical damage of a flood or fire but no amount of insurance payment can cover the cost of lost data when hardware is destroyed in such a scenario.

Keeping a Backup Plan in Case of Emergency

There always has to be a backup plan in place for such an emergency. One of the worst things that can happen to a business is for clients to lose faith in the company’s ability to provide their service, and that’s what happens when you lose data. Think about how you would feel if an investment adviser had to ask you to resupply all your information with an explanation it had been lost in a network failure. You probably wouldn’t feel comfortable continuing to work with that company because even though they might be really good with financial advice, they aren’t completing the job by keeping your investments secure. Likewise, your clients are going to wonder about your professionalism if you lose their information.

Specialized Services for Your Field

Specialized services are the new norm and expectation of every business, and this concept holds true for IT personnel as well. To return to the previous example, the IT person who works with an architect knows how to set up a plotter to make blueprints, and they understand how to use software toward making graphic designs for presentational purposes. They have an aptitude for such things which is why they went into the IT business, but they still don’t have the experience to set up medical equipment and even though some software might be the same or similar, it’s going to be used differently by a doctor’s office. Someone with a specific specialty working with people in your field is merely going to be more efficient for your needs.

Trying to “Figure It Out on the Fly”

Having office workers conduct their own IT work can potentially be even more disastrous toward office morale and overall efficiency. Most people have a familiarity with computers and equipment and can figure out how to get it working, but might take all day or even settle for a less than perfect setup. Have you ever seen someone print a 20-page document one page at a time because they can’t get the printer to print the entire project as a single function? Now imagine that situation with over a hundred pages, and what else they could be working on instead of manually printing each page and then having to put the papers in proper order after spending half a day trying to make it work. An IT person fixes it by spending five minutes to clear old data and restart the printer.

Conclusion

The rest of your company is specialized by department, so should your IT. A managed IT services company can provide for your needs and due to the nature of the work, makes more sense than allowing the job to be conducted in-house. You end up with oversight for your network by specialists not only in IT work, but how it pertains to your business needs.

Who Has Been Impacted by Chinese Cyber Attacks?

At the beginning of the year, the FBI warned businesses to protect themselves from cyber attacks by foreign entities, saying activity has spiked in the past 18 months.

Hewlett Packard and IBM are among the businesses most recently targeted. There’s a National Counter-Intelligence and Security Center that manages intelligence efforts for the U.S. government. It recently launched a campaign to address continuing threats. The center warns that many companies need to be more to protect against cyber theft.

Foreign governments accused of cyber attacks against the U.S. include Russia, China, Iran and North Korea, with China receiving the most scrutiny in recent reports.

How Do Hackers Breach Company and Government Security?

According to Entrepreneur magazine, hackers create fake social media accounts to get people to reveal work and personal information. One of the ways to guard against bad actors is to carefully scrutinize social media requests from people that aren’t personal connections and to research apps before using or downloading them, as well as keeping antivirus software up-to-date.

The FBI warning including a brochure entitled, “Know the Risk, Raise Your Shield” that targets federal employees. The recent warnings follow a string of cases against individuals and organizations accused of stealing proprietary information from U.S. government and businesses.

Nine cases filed since July 2018 include two hackers investigators say are linked to the main Chinese spy agency. Knicknamed APT 10, they allegedly stole corporate and government information via cyber attacks on employees.

Has There Been an Uptick in Recent Activity?

The breach of private businesses by Chinese hackers first hit news headlines in 2014, when Sony Pictures was hacked. This prompted an agreement in 2015 between Chinese President Xi Jinping and then President Barrack Obama that curbed cyber attack for a while.

At FireEye, a cybersecurity firm, analysts track hackers working on behalf of the Chinese government. The firm’s representative says attacks are on the uptick recently. These hacking groups are referred to as Red Leaves, cloudhopper, and APT10.

Managed Service providers are among the groups targeted. MSPs supply technology, telecommunications and other services to business clients. If they can break the security systems of such companies, Chinese hackers gain access to the sensitive data of the MSP’s clients.

APT10 has routed malware via an MSP network to its business targets. However, there are many steps businesses can take to protect their employees and data from prying eyes in cyberspace.

What Should Business Do to Raise Their Shields?

U.S. businesses should take proactive measures to safeguard against cyber attacks from Chinese hackers via email, social media and other points of entry.

This includes ensuring that advanced detection tools are utilized on network and email servers to safeguard access to company data. Regular threat assessments and employee training can help. This provides a diagnosis of the state of a firm’s cyber defenses regarding advanced persistent threats that attempt to find breaches in the company’s firewall. Precautions taken against the intrusion of foreign governments include:

• Fortify access controls. Evaluate the plans, policies, and procedures that govern corporate technology to keep proprietary data safe. This could include that installation of multi-factor authentication (MFA), data encryption and solidifying a layered defense system on all possible points of cyber attacks.
• Training. Make cybersecurity education and training a top priority. Everyone from the Board of Directors and C-Suite to individual employees needs to understand how to avoid cyber attacks by avoiding fake emails, malware and weak password strategies, among other efforts.
• Incident response plan. Organization leadership and key technical personnel must develop a protocol for dealing with threats. This should include representatives from business administration, information technology and operations.
• Crisis communications plan. Align the protection policy to risk management methodologies and the business needs of employees.
• Adopt a monitoring, detection and response plan. Quickly detect intrusions and breaches via rapid-respond plans to effectively eradicate the malware or other methods of entry.

Most of us, when asked if we would prefer to pay for something we could theoretically do ourselves, will opt to take care of the task personally – even if it’s not our strong suit, or indeed, if we lack all experience entirely. This is often the case with managed IT services.

Whether your company has an in-house IT team or is small enough that you hire only one person, chances are good you don’t spend much time thinking about whether you should update your approach. That could spell disaster for your company, though, especially in this day and age of cyber attack and data breach.

Here’s a quick look at what most people get wrong about IT management and six of the most common signs your company needs it.

Why Does IT Require So Much Management, Anyway?

The root of many companies’ unwillingness to bring on IT help stems from a fundamental misunderstanding about its nature. Most people think of computers and other technology as a blank canvas of sorts. You put your applications and software on them, type messages, input information, manage spreadsheets and message others using the systems IT makes available to you. But you rarely think about the systems themselves.

That’s a problem. If we compare it to dentistry, you’ll see why. No one would claim that you can eat and eat all day without ever worrying about your teeth. Taking care of your teeth requires both daily maintenance and constant vigil, looking out for any problems that might be headed down the pipeline. Brushing your teeth isn’t enough to stay safe and healthy, but neither can you neglect to brush your teeth simply because you watch for cavities.

Managed IT is like any other sphere requiring both care and prevention. Your daily activities are the food. Your hardware and software and network security protocols are the teeth. If they don’t stay healthy, you won’t have the tools to eat for long.

Sadly, most companies have neither the expertise nor the resources to care for your company’s IT the way it needs. The result is that they use IT systems until they break, at which time they cast about wildly for the quickest possible fix, so they can go on with business as usual. Sometimes your in-house team can handle it, but more often (at least when the problem is serious), they can’t. As for preventing those problems in the first place, that’s usually more than one small team or a single individual can handle on behalf of a company.

5 Signs Your Business Needs Managed IT Services

That’s where managed IT services come in. When you outsource your IT needs to an outside company, you have access to a true wealth of expertise and professional tools. Rather than the limited knowledge and skills of one person – and whatever budget you can put toward information technology in-house – you now have an entire business on your side.

Still, think you don’t need outsourced IT services? Here are five signs you do.

1. Tech issues stop productivity in its tracks: You’ve been there. The day was going just fine, and suddenly someone’s computer manifested a weird bug … and then everyone’s computer seemed to have it. Or maybe your SSL certificate grew outdated and no one fixed it; the network went down and no one could figure out why; half the people in the office were locked out and asked to create new passwords for no reason. These “temporary” problems might have solutions, but that doesn’t make them easy to deal with. If you’re facing a lot of them, it’s time to do something about it.
2. Your “IT guy” doesn’t have experience in your niche: It hardly bears saying that banking IT and artisanal grocery IT are not the same thing. While both require careful safeguarding of customer information, the former industry manages far more detailed, and personal data is under much greater scrutiny and is subject to particular federal laws regarding the safeguarding of information. To keep your company aboveboard, you need someone who knows exactly what they’re doing, both on the day to day, and in extreme situations or crisis.
3. You don’t have a security plan: One of the primary responsibilities of an IT staff is to ensure you have a good security plan and robust software to back it up. If you don’t have a strong defensive approach, you could find yourself at the mercy of cyberattackers and data thieves, so don’t wait for that to happen before contacting a real IT provider.
4. Your maintenance plan is casual at best: Again, many companies use a “break it, fix it” model, in which they turn a blind eye to systems until something goes wrong. With preventative maintenance, however, you can avoid many (if not most) of those breaks – but you need someone who knows what they’re doing. An expert can help you configure your systems most intelligently, reallocate resources as your company grows, protect new vulnerabilities that open up and stay on top of updates, so you’re always protected and functioning at the highest level of productivity.
5. You’re paying too much for IT: If you’ve ever asked yourself “Why does it cost so much to deal with this?” that’s a bad sign. Believe it or not, it often costs less to pay for outsourced IT, because you have access to economies of scale that you just don’t have if you employ a few people in-house. We challenge you to do a cost comparison and see what happens.

Don’t Wait to Get Started with Managed IT Today

In the end, your decision to outsource your IT services to a professional provider should be an easy one. It’s like getting a dentist. Is there really any doubt that your company needs one to stay healthy now and in the future?

Hint: The answer is no. If you want to stay safe from attack, steer clear of potential disaster and keep your business humming along at the most productive rate, it’s time to make the switch today.