Category: Uncategorized

Posted on

The Critical Aspects of Mandatory Data Breach Notification That You Need to Know About

Data Breach Notification

As of 22 February 2018, the Notifiable Data Breach (NDB) scheme went into effect and included in its requirements is a mandatory data breach notification.  Failure to correctly notify those affected by an eligible data breach can result in fines of up to $2.1 million, besides potential compensation for affected individuals.  There are certain things that every Australian organisation needs to be aware of when it comes to mandatory breach notification.

Data Breach Notification

To Whom Does It Apply?

The NDB scheme applies to organisations and agencies that have personal security information obligations under the Australian Privacy Act 1988.  Such organisations and agencies include businesses, health service providers, credit reporting agencies, Australian government agencies, TFN recipients, and not-for-profits with an annual turnover of $3 million or more.

If an organisation …

  • Collects personal information,
  • Receives personal information on behalf of clients,
  • Processes personal information on behalf of clients,
  • Or holds personal information

Then they can be impacted by the NDB scheme.

If a breach occurs, the organisation and everyone involved in the chain can be affected, including marketers, data providers, brands, agencies, and similar partners.  In addition, if an organisation has clients, those clients may impose notification requirements to make sure they are in compliance with their own NDB obligations.

What Is an Eligible Data Breach?

Data breaches refer to unauthorised access of, the disclosure of, or loss of an individual’s information. If a data breach involves an individual’s personal information and this breach is likely to result in serious harm to said individual, then that breach must to be reported. This type of data breach is referred to as an eligible data breach.  Note that there are, however, some exceptions to the notification obligations.

What Constitutes Serious Harm?

While no hard and fast definition of “serious harm” has been provided, it is reasonable to assume that any type of harm – be it physical, psychological, or financial – would likely fall under the category of serious.  This is especially true of information of a sensitive nature or involving an individual’s health.  For example, loss of information involving medical allergies could result in life-threatening circumstances for an individual in a serious accident, or unauthorised access to financial information could result in identity theft and financial loss.

What Should Be Done When a Data Breach Is Suspected?

If a data breach is suspected, there are four key steps to be followed: contain, assess, notify, and review.  Of course, as soon as a data breach is suspected it should be contained to prevent any additional compromise of information.  Next, it should be thoroughly assessed by determining who was affected and what data was compromised, followed by risk assessment and, if possible, remediation.  The third step is notification. The final step is a review of the incident and developing a plan of action to prevent a similar breach from occurring again.

Who Needs to be Notified?

According to the Office of the Australian Information Commissioner,

“The NDB scheme introduced an obligation to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm.”

In addition, the Australian Information Commissioner must also be notified of the breach, and this information can be submitted via an online form.

When Must Notification Take Place?

Notification must take place as soon as the organisation can determine what information was compromised and who was affected.

What Information Must Needs to be Included?

The following information must be included as part of the notification:

  • The identity and contact information for the organisation
  • A description of the data breach that took place
  • The type of information that was involved in the breach
  • Recommendations as to what steps the affected individual should take as a result of the breach

In terms of notifying individuals, there are two basic options available as to how the notification should take place: either notify all individuals or notify only the individuals who are at risk of serious harm.

If it is not practicable to notify individuals, then a statement about the breach can be published on the organisation’s website and then publicised.

What Happens When an Organisation Fails to Notify?

If an organisation fails to notify the affected individuals and the Australian Information commissioner of an eligible breach, fines of up to $2.1 million are possible.  However, there is also the possibility of compensation for affected individuals if there is a privacy compliance failure.  Compensation averages between $10,000 and $15,000 per individual if their complaint is successful.

Conclusion

Mandatory data breach notification is a critical part of the Notifiable Data Breach scheme, and failure to comply with notification requirements can result in hefty fines and compensation for those affected.  If you are an organisation in Australia that deals with any type of personal information, then you need to know what your responsibilities are and how to respond should an eligible data breach occur under your watch.

Posted on

Centers for Medicare and Medicaid Services (CMS) Propose Reducing Submission Requirements for Health IT Security Under MIPS

Medical insurance

As providers are all too well aware, their payments from Medicare are affected by their score in the Merit-based Incentive Payment System (MIPS). MIPS imposes a number of requirements; if these are not met, payments may be reduced or denied.

Medical insurance

The MIPS requirements apply to all Medicare claims, even those whose performance is not necessarily affected by a MIPS constraint. Among these universal requirements is the meaningful use of electronic health records (EHRs). Within the EHR requirements, we have the promotion of interoperability with other EHR systems, and within that, we have the security requirements. Among the security requirements is an annual security risk assessment.

What Has Changed?

In the Federal Register of July 27, 2018, the Centers for Medicare and Medicaid Services (CMS) proposes that the current security risk assessment requirement in MIPS be replaced. The suggested replacement will be an attestation to the activities included in the security risk assessment standard that has been performed in the past MIPS year.

This essentially switches the scoring of the security risk requirement from the equivalent of a numeric grade to a pass/fail scoring system. A practice or institution passes if it has done the assessment; how well it has done on the assessment falls by the wayside. The requirements are stated in a bare-bones fashion in the Code of Federal Regulations at 45 CFR 164.308.

CMS states that their rationale is, in part, a result of the realization that a risk assessment is done well, or not at all.

What A Serious Risk Assessment Entails

The thinking behind this can be found in the Office of Civil Rights (OCR) newsletter for April 2018.  This newsletter distinguishes a gap analysis (“find the holes”) from a security risk assessment (“make sure there are no holes”). It is a highly useful guide to discerning the scope and the level of effort required for a serious risk assessment.

An article on the HHS website goes into greater detail explaining what is subject to the security rules and why:

All e-PHI created, received, maintained or transmitted by an organization is subject to the Security Rule. The Security Rule requires entities to evaluate risks and vulnerabilities in their environments and to implement reasonable and appropriate security measures to protect against reasonably anticipated threats or hazards to the security or integrity of e-PHI. Risk analysis is the first step in that process.

The guidance issues from OCR noted that the CFR requirements are divided into two categories: required and addressable.

The addressable requirements are not optional. Rather, if the approach specified in an addressable requirement is not feasible, the provider organization must develop an effective alternative to approach to achieve the same end and document this. The tendency to document-but-not-implement should be firmly resisted.

Did You Really Do A Risk Assessment?

Experts suggest that OCR has significantly underestimated the time required to do a serious risk assessment. Obviously, you have to look at hardware-associated risks. Are the BIOS files in your desktops and laptops updated? Has router firmware been updated?

 

You must take a hard look at software-associated risks as well. Are operating systems patched? You must strategically assess administrative risks: are you enforcing complex password requirements? Are you using biometric identifiers? Is data access truly on a need-to-know basis?

A Helicopter-Level View Is Not Adequate

The reader may protest that those concerns are nowhere to be found in the guidance. True. The point is that an adequate risk assessment will have revealed these as questions that need to be asked on a day-to-day operational basis. A risk assessment that is not dynamic misses all the critical points of vulnerability.

A risk assessment should point out any unnecessary risks and then offer a solid plan to eliminate them. It’s good to remember that the whole point of the endeavor is to make sure that the government (and all organizations) move toward the better Internet and network security. With cyber breaches occurring on almost a daily basis, there’s every need to be more cautious about how we handle, store, and transmit Big Data.

The current cost of a data breach has reached between $1.3 million and $3.5 million. The number one most sought-after data that hackers are vying for is healthcare information. On the Dark Web, 30,000 up-to-date healthcare records will fetch a pretty price.

Conclusion

Under this proposed rule change, you will no longer be given a percent of compliance score on your risk assessment. You will simply be in or out of compliance. The upside is less administrative hassle; all you have to do is carry out the activities and attest that you did this. The downside is that this may lead to a relaxation of vigilance at a time when threats are constantly increasing.

Posted on

Unified Endpoint Management (UEM): Can This Help Streamline Cloud Security?

What Is UEM and Cloud Security?

As technological devices continue to diversify, there is increased demand for streamlining control systems for security. According to Techopedia, Unified Endpoint Management (UEM) is a new digital system that integrates the range of devices that are available for use now, combining this wide range of software within a single organized program for increased efficiency and effectiveness.

Endpoint Protection

The system can, therefore, be used to improve control over computer systems used in workplaces, smartphones integrated with business systems and other “Internet of Things” (IoT) or online devices that may be used for some aspect of business or system operations. Combining all of these controls into a single system makes it more convenient for administrators to use and oversee, thereby making them safer.

With concepts such as “bring your own device” (BYOD) now in existence for increased employee convenience analogous to the introduction of “plug and play” technology in the past, there is a greater potential for attacks and thus, an increased demand for better security.

UEM systems have increased capacity to control endpoints in comparison to previous system designs and can work to have more proactive strategies in place to accomplish this. UEM practices now include security embedded within request processes, cross-functional strategies, cross-platform designs, and increased capacity to streamline cloud security. UEM can, therefore, be highly useful in helping to simplify a diverse range of security needs in the cloud.

The Origin of Cloud Computing

Cloud computing has been around for some time, and its security demands continue to diversify. According to Pianese’s 2010 study, cloud computing, as the practice of using remote rather than local servers in a network hosted online to manage information, has demanded programs emphasizing control. It requires policies that provide improved information integration.

In the past, there was no system capable of integrating the range of cloud resources in existence. Therefore, system administrators were unable to experience the extent of flexibility and efficiency available with streamlined systems. The author of the study reported on his research team’s efforts in assessing the significance of establishing and improving virtual distributed operating systems for cloud computing. UEM can now address these through meeting the demands for elasticity, fault tolerance, and autonomous decentralized management.

Can UEM Better Address Modern Cloud Security Demands?

As both cloud security demands and technological diversity increase, UEM can help to streamline cloud security and its growing needs. According to SecurityIntelligence, cloud computing, the diversity of technological devices, and the IoT continue to expand in both hardware and software types. This has increasingly given hackers new opportunities for exploitation. There is an ever-growing need for better security all around.

With this, it has become more difficult for business leaders and IT specialists to maintain tight security over the extent of otherwise effective new programs and efficient integrations of hardware that can be networked through a cloud. In addition to the software security demands, the technological improvements challenge the development and maintenance of relevant policies that are developed for these purposes.

Businesses generally require policies to address technological aspects before software is installed that address specific security needs. It can be challenging for businesses to keep up with the extent of new devices that are available for networking, especially when projects or outsourcing changes frequently.

UEM has been increasingly sought to address all of these demands, because it was designed to streamline old and new software and hardware capacities within an IT network, combining the entirety of endpoints. The system, therefore, allows organizations to integrate desktop systems, networked laptops, smartphones, tablet devices, and the range of users and apps (including relevant content) that potentially operate within a network into a single security system for network administrators or others supervising and securing the company technology.

Improved Productivity and Efficiency

With UEM, in addition to the increased efficiency in streamlining cloud security, organizations can experience improved productivity or output. Infrastructures previously considered complex through wide distribution can be more efficiently managed through the centralization, thereby freeing company resources to focus on output. Through this, end-user productivity can be increased as IT management costs are reduced. This approach is regarded as superior to other strategies or models focusing on disparate point solutions, as the latter involves greater demands for costs and resources amid lower levels of efficiency.

Beyond these fundamental advantages, UEM:

  • Uses containment technology that can better protect device information while reducing the potential for it to leak
  • Can better facilitate software currency though patching and updating capacities
  • Increases the user-friendliness of apps
  • Help organizations track flaws in data
  • Limit app and resource access
  • Implement streamlined organizational needs for logic, auditing, and reporting

Conclusion

According to SecurityIntelligence, over 80 percent of organizations are expected to use a form of cognitive computing or AI for these endpoint demands in the next two years. Just over half are expected to have the current UEM model as their model for centralized management.

Cheuvront explained other potentially beneficial UEM capacities include:

  • Containerization
  • Identity and access management (IAM)
  • Increased balance of critical functions of user productivity and corporate security
  • Easier enrollment

If your business needs include any of the above, then you may benefit from increased examination or integration of UEM as research and development in the area continues.

Posted on

Bralin Technology Solutions Ranked Among Top 501 Global Managed Service Providers by Channel Futures

11th Annual MSP 501 Identifies World’s Most Forward-Thinking MSPs & Leading Trends in Managed Services

Computer Services

August 21, 2018: Bralin Technology Solutions ranks among the world’s 501 most strategic and innovative managed service providers (MSPs), according to Channel Futures 11th-annual MSP 501 Worldwide Company Rankings.

The MSP 501 is the first, largest and most comprehensive ranking of managed service providers worldwide. This year Channel Futures received a record number of submissions. Applications poured in from Europe, Asia, South America and beyond.

As it has for the last three years, Channel Futures teamed with Clarity Channel Advisors to evaluate these progressive and forward-leaning companies. MSPs were ranked according to our unique methodology, which recognizes that not all revenue streams are created equal. We weighted revenue figures according to how well the applicant’s business strategy anticipates trends in the fast-evolving channel ecosystem.

“For the past 24 years, Bralin has been one of the leading IT providers in Saskatchewan and Alberta” says Brad Kowerchuk, CEO of Bralin Technology Solutions, “and now we’re honored to officially be named one of the leading IT managed services providers in the world! We are privileged to have Clients that trust and value our experience and solutions. Our Team is obsessed with ensuring the technology used to run our Client’s businesses is reliable and cost-effective. The daily rise of cybersecurity threats demands that businesses have a dedicated partner to keep them protected and secure. We look forward to facing the challenges tomorrow brings and growing with our Client’s success.”

Channel Futures is pleased to honor Bralin Technology Solutions.

For the first time, Channel Futures will also name 10 special award winners, including MSP of the Year, CEO of the Year and one Lifetime Achievement Award for a career of excellence in the channel.

The MSP 501 winners and award recipients will be recognized at a special ceremony at Channel Partners Evolution, held this year October 9-12 in Philadelphia, as well as in the Fall issue of Channel Partners Magazine.

“This year’s applicant pool was the largest and most diverse in the history of the survey, and our winners represent the health and progressivity of the managed services market,” says Kris Blackmon, Channel Futures content director and editor of the MSP 501. “They’re growing their revenue, expanding their customer influence and exploring new technology that will propel them for years to come.”

The full MSP 501 report, available this fall, will leverage applicant responses, interviews, and historical data to identify business and technology trends in the IT channel. Highlights will include:

  • Revenue growth and business models
  • Hiring trends and workforce dynamics
  • Business strategies
  • Service deliverables
  • Business tools and automation investments

The complete 2018 MSP 501 list is available at Channel Futures.

Background

The 2018 MSP 501 list is based on data collected by Channel Futures and its sister site, Channel Partners. Data was collected online from Feb. 28 through May 31, 2018. The MSP 501 list recognizes top managed service providers based on metrics including recurring revenue, growth and other factors.

About Bralin Technology Solutions

Since 1994, Bralin Technology Solutions has been providing leading IT Solutions and management for Clients in Saskatchewan and Alberta. Bralin’s slogan “We Manage Your Technology… So You Can Manage Your Business” is far more than a slogan. It drives the decisions they make, and focuses each Team member on helping their Clients move their businesses forward, further, faster.

About Informa

Channel Futures, Channel Partners Online, Channel Partners Conference & Expo and Channel Partners Evolution are part of Informa, the international business intelligence, academic publishing, knowledge, and events group. Informa serves commercial, professional and academic communities, helping them connect and learn, and creating and providing access to content and intelligence that helps people and businesses work smarter and make better decisions faster.

Informa has over 10,000 colleagues in more than 20 countries and a presence in all major geographies. It is listed on the London Stock Exchange and is a member of the FTSE 100.

MEDIA CONTACT:
Kris Blackmon,
Content Director, Channel Futures
Editor, MSP 501
Kris.Blackmon@knect365.com

Posted on

Welcome Rabia Tinna

North Battleford SKBralin Technology Solutions is excited to welcome Rabia Tinna to the team! Rabia is joining us as a Help Desk Technician, based in our North Battleford Office.

Rabia brings a wealth of education and experience to our company, holding a Master’s of Computer Applications degree along with various other academic distinctions.  Rabia previously worked with Oracle as a Technical Analyst and at IBM as a Senior Software Engineer.

We’re confident that the professionalism and dynamic skillset Rabia brings, will be a great addition to our team. We’re very much looking forward to working with Rabia, and know that our valued clients will be served, by her and the rest of the team, based on Bralin’s core values of Caring, Excellence, Responsibility, and Trust.

Welcome aboard Rabia!

Posted on

You’re A Health Care Organization. You’ve Just Had A Data Breach. Now What?

Healthcare Data Breach

Of course, you will be living in a kicked anthill for days. The trick is to make sure that all the scurrying around is not just mindless motion, but actually protects the organization by:

  • Meeting legal responsibilities,
  • Protecting the organization’s reputation to the extent possible,
  • Immediately stopping intrusions and mitigating the damages,
  • Finding out how the breach occurred,
  • Repairing the vulnerabilities, and,
  • Making sure your risk assessment, security plans, and operating procedures reflect any necessary changes.

Healthcare Data Breach

Meeting Legal Responsibilities

The Health Insurance Portability and Accountability Act (HIPAA) breach notification rule essentially requires entities that have had a breach to inform the Department of Health and Human Services (HHS), the affected individuals, and in some cases, the media, within 60 days. There are exceptions, but these are best handled by lawyers. Since there are stiff penalties for not reporting security breaches that should have been reported, but no penalties for reporting security breaches that did not need to be reported, it’s best to err on the side of caution.

Protecting the Organization’s Reputation To The Extent Possible

It is unfortunately not true that there is no such thing as bad publicity. Your organization’s reputation is going to take at least a small hit. Perhaps the worst example possible is the behavior of Experian, a credit reporting service, in response to its massive data breach. They failed to report it, they did not notify affected individuals, they dribbled out information, repeatedly contradicted the information they dribbled out, and immediately tried to monetize the breach by selling protective services to those affected. Everything that could have been done wrong in the early phase was done wrong. Apply the Golden Rule here. Look at things from the perspective of those whose data has been exposed. What would they want to be done? Figure that out, and at least pledge to do that much.

Immediately Stopping Intrusions and Mitigating the Damages

The first step is to get the affected devices off the network and isolated, so they can no longer serve as points of entry. The next step is to check the system and audit logs to identify the source of the penetration. Thirdly, it’s important to force an immediate password change for everyone, if passwords are still being used. Of course, if the source of the breach is the medical director’s smartphone, which was left in an Uber, the only way this data can be remotely deleted is for companies using a Mobile Device Management plan.

Finding Out How The Breach Occurred

In some cases (see above), the source of the data breach will be glaringly obvious. In others, it may be very hard to find. Your own IT staff may be too close to the problem to see it. In those cases, bringing in a computer forensics firm may be useful or even essential. Determining the root cause of the breach, once the details are known, requires thinking through policies and procedures. You’ll need the skills of a good detective, combined with those of an excellent IT specialist.

As illustrated above, there is always a tradeoff between ease of access and security of access. Does everyone really need remote access to patient records at all times, using devices that can be lost or stolen? Depending on the organization and how it delivers services, the answer may be yes or no. But if it is “no,” serious consideration should be given to limiting remote access. Of course, if you’re working with a managed IT services provider, they can set you up with a Mobile Device Management plan so that any lost or stolen devices can be remotely wiped of all data.

Repairing The Vulnerabilities

Once the source of the breach and the root cause have been identified, the vulnerabilities need to be repaired. The issue of 24/7 remote access from stealable devices is one example. Use of cloud services is another. Having data in the cloud is wonderful. Having unprotected data in the cloud is not. Several recent breaches have occurred because, even though access to the cloud from an organization’s network was protected, the server in the cloud itself was totally open – no password in place. Granted, this defies imagination, but it has happened more than once.

If something like this has occurred, every policy and procedure that relates to the root cause needs to be looked at. This has to be done slowly and carefully; it is not an exercise to be carried out in panic mode. In most cases, this type of error will not occur if you’re working with a managed IT services provider. They have too many checks and balances in place to allow such a glaring mistake.

It most often happens to companies who employ poorly trained in-house IT staff who spend all day playing games and talking with friends on social media. Again, though this scenario is shocking, it is occurring across the nation with more frequency. Don’t let your CEO find out the hard way that his in-house IT people actually don’t have much network and computer experience. Their last job was serving up hamburgers at a local fast-food chain.

Making Sure Your Risk Assessment, Security Plans, And Operating Procedures Reflect Any Necessary Changes

Having a credible, annually updated risk assessment is part of the HIPAA Security Rule. A breach presents an opportunity here. If it occurred, your risk assessment either did not identify it or did not prioritize it; your security plan did not encompass it; your operating procedures ignored it, or some combination of the above occurred. The breach gives you a chance to rethink the security assessment, the security plan, and your operating procedures. Take advantage of it.

Conclusion

A data breach is painful, but it is also an opportunity for health care organizations to assess their security approaches and make improvements. Never waste a crisis. If you have onsite IT staff members, they may need more thorough training in security protocols. In fact, this is probably a good time to ask a local managed IT services provider to come out and hold security awareness classes for your entire workforce.

Posted on

Microsoft Launches $4 Million Global Competition For Female Founders

Microsoft’s M12 has recently announced the launch of the Female Founders Competition, a startup initiative aimed at rewarding startup companies founded by women. It will not only identify top female talent within the startup industry but also seek to accelerate venture capital funding for companies headed by women entrepreneurs across the globe.

Female In Technology

Female Founders Competition

According to recent studies, it has been proven that female entrepreneurs receive a significantly less amount of funding within the venture capital community, with figures pointing to only 2.2% of the total amount of funds invested in startups. Ironically, some studies have demonstrated that female-founded companies deliver higher-than-average returns.

The competition will strive to raise awareness for the companies of both finalists and winners in hopes of attracting future funding.

The program, which is accepting applications through Sept. 30, 2018, is open to companies across the U.S., Mexico, Canada, Europe, and Israel.

Companies must meet certain stipulations before they are eligible to apply. This includes having at least one female founder, as well as plans to release a product or service with the potential to improve the business world by helping solve one of many issues.

A group of finalists will be selected to pitch their product or service in person in hopes of winning one of the two top spots. Winners will receive a $2 million investment in their company, in addition to other support, such as technical resources.

Finalists will be judged on a variety of factors. A panel of judges will be compiled from M12 and other VC firms within each region. They will evaluate competitors based on the problems/needs their product or service addresses: These include:

  • Market size
  • Growth potential
  • Performance
  • Traction with customers
  • The ability of the founding team to execute their vision

MC12 has contributed millions to the startup community. Within the past couple of years alone, they have invested in more than 50 different startup companies, demonstrating a particular focus on those dealing with artificial intelligence.

AI Contest Encourages Innovation

Last year, M12 launched an artificial intelligence contest with an investment of over $3.5 million. The organization joined forces with other organizations like Notion, Vertex Ventures, and Madrona Venture Group for the AI contest. They received hundreds of submissions across a range of industries including healthcare, retail and financial services, among others.

How Is Artificial Intelligence Used Today?

In healthcare, a number of startups are using the power of artificial intelligence for personal health assistance, conducting drug research and spotting abnormalities in tests. In the financial services realm, AI is used to power research and insights to help professionals invest their money more wisely. For human resources, AI is used to help departments understand candidates’ skills and strengths in order to match them with the schools and jobs best suited for their personalities.

Four finalists were chosen from each region. Envisagenics, based in North America, is a biotechnology company that applies AI to the genetic sequence of cancer and/or genetic disease patients in hopes of discovering new therapies. The company’s proprietary cloud-based discovery platform, named SpliceCoreTM, prioritizes new drug target candidates based on patients’ RNA utilizing innovative machine learning techniques.

ZenCity, a company based in Israel, partnered with Vertex Ventures. They built an app that uses artificial intelligence to analyze key data from countless public interactions across city hotlines, social media, and other channels. This data is then evaluated to determine how residents view the city. With this information in tow, city officials are able to further understand the needs of the people, and therefore make better decisions regarding important issues.

Hazy, a company based in Europe, helps companies meet the standards of the European Union General Data Protection Regulation (GDPR) with their innovative data structures. The company uses a range of innovative technologies and data to help identify and classify sensitive information, all while interpreting that data with a human-like understanding bound to elevate data security in new, interesting ways.

Voiceitt, the winner of the “AI for Good” award, is committed to making technology available for everyone. The company’s voice recognition technology allows the more than 100 million people suffering from diseases like autism, cerebral palsy, ALS, and Parkinsons to overcome communication barriers. This hands-free voice recognition application allows for face-to-face communication, and can even be integrated into smart homes and assistive devices, along with other technology. Their prize includes $500,000 in VC funds and up to $500K in Microsoft Azure credits and prizes.

M12, formerly known as Microsoft Ventures, is committed to empowering innovative new companies. M12’s rebranding is part of a common theme for today’s oldest tech companies. The name change came perhaps in hopes of creating an edgier, more appealing persona apart from its reputation as one of the first in the tech game. Google has done something similar in the past with their rebranding of Google Ventures to “GV”, as did Nokia’s rebranding of Nokia Growth Partners to “NGP Capital”.

Conclusion

As you can see, Microsoft and other big tech giants are working toward improving our world. They’re also involved in helping female entrepreneurs gain a stronger foothold in the tech and AI industries.

Posted on

Are You Ready for the Future of Business?

Ushering in the Modern Workplace with Microsoft 365

Do you think your team has the liberty to do their best work? Are they engaged and satisfied on a day-to-day basis? Are you providing your team with the tools that enable them to have a digital, adjustable workplace in today’s modern age?

Every business leader wants to be able to provide a work environment in which their team can enjoy secure and reliable platforms. This type of collaboration encourages the exchange of ideas, creative thought, and better workflows. The bottom line is that when you give your teams the tools and resources they need to do their jobs correctly, the whole business just runs better.

That’s the thought process behind Microsoft’s innovative new program.  The tech giant is now making it possible for businesses to provide their employees with the ability to have fluid communication while utilising several different devices at the same time.

When Microsoft Core Services Engineering (CSE) planned a redesign, this is what they envisioned to provide each company that used Microsoft 365:

  • Inspiring employees
  • Engaging customers
  • Optimising operations
  • Changing the nature of the company’s products, services, and business models

They knew that if they incorporated Microsoft technology and products fluidly together, they could provide a valuable and familiar resource for both employees and customers. Microsoft wanted to present the possibility to businesses that Microsoft 365 could be the vehicle that could deliver their products and services to consumers in the modern world.

What is a Modern Workplace?

Employee expectations are always changing and evolving at a rapid pace. Business leaders sense the demand to keep up with a widening skills gap, diversity in their employees, and a need to think globally when assembling their teams. These pressures require a business to provide a reactive, modern workplace to meet the evolving needs of its consumer base. The modern workplace requires continuous communication while using multiple devices and platforms. All this must be accomplished while simultaneously being able to incorporate top-notch security that keeps your data safe.

A Modern Workplace Provides Seamless Collaboration

The modern workplace requires businesses to train their employees to be less static, and more dynamic. They need to assemble groups of people who come together to solve a problem, which shifts the focus from “me-centric” jobs to “we-centric” jobs. When a team can unite quickly, solve a problem, and collaborate with other teams, a business succeeds, and the employees feel empowered.

A Modern Workplace Provides a Multi-Device Experience

Enabling employees to utilise the devices they love is a way of letting personnel know that the company’s bottom line is for the employees and the consumers to come out winning. Microsoft mobile application management and mobile device management solutions decrease complexity and make for a happier environment.  For example, an employee can start a meeting on an iPhone at a coffee shop and seamlessly end the meeting back at the office on a desktop computer. The user experience is no longer bound to a device—it travels with you.

A Modern Workplace Provides Intelligent Security That Protects the Company and the Customer

Having IT that is focused on protecting corporate data is crucial in today’s business. With the turn toward an intelligent cloud, a company can no longer just concern themselves with securing the perimeter. Their security stance must evolve or die.

Microsoft 365 protects both a company’s and consumer’s identity on your apps, data, and devices with comprehensive enterprise security. Also, the emerging cloud causes companies to ensure security for their customers. Microsoft 365 security stack works to proactively defend against malware, phishing, and zero-day attacks. Microsoft 365 security addresses business challenges that deal with intelligent security, such as:

  • Identity, app, data, and device protection using Azure Active Directory, Microsoft Intune, and Windows Information Protection.
  • Innovative protection with Office 365 Advanced Threat Protection and Windows Defender Advanced Threat Protection.
  • Data archiving, control, and detection with Advanced eDiscovery.

Instead of protecting companies by looking at dealing with an asset or device, they incorporate their intelligence systems to counter threats at a fundamental level.

A Modern Workplace Changes the Culture

A company’s culture begins with their values and vision and then translates to their practices, teamwork, and relationship building. Facilitating employees so they can be flexible and not afraid to make mistakes, but learn from them, is what a dynamic and successful company should strive to do.

Modern Workplace

Wrap Up

The modern workplace empowers your personnel to embrace change and be a part of shaping the culture of the company. A culture shift takes place when a team is empowered. Microsoft 365 gives you the tools to make it easier for you to build experiences like this. This makes it possible for teams to be more productive and successful in their jobs. It’s a win-win for both the employer and the employee.

Digital transformation is just as much about people as it is about technology. You will succeed when you show employees that they are vital to your company’s success. With the familiarity and ease of Microsoft 365, your team can place an emphasis on providing excellent goods and services to your customers.  The complexity and challenges brought on by the advancement of rapidly evolving technology shouldn’t be an obstacle to employees. It should be an opportunity for them to display their creativity while adding value to your organisation.

Posted on

Why Education Should Outsource IT Support

Education IT Support

EdTech has a long history of being misunderstood, underutilized, and of lacking support in every way. It is one of those bugaboos in education that seems like such a wonderful idea, but often falls apart in execution as money fears cause administrators to scale back. Lacking proper follow-through lessens the efficacy of even the best in educational technology – and that’s just a plain old waste of money.

Education IT Support

Educators need support, but it’s nearly impossible – and very expensive – to put together an in-house ed-tech support team. And with 80% of schools now using cloud-based data storage, adequate tech support is crucial. Districts are limited by their budgets and the size of their staff. Any large-scale upgrades or maintenance can take forever and tie up literally every member of the IT support team. When there isn’t anything big going on, layoffs have to come down. Otherwise, there are too many people drawing salary and benefits for almost no work. That’s obviously untenable, so the default is to simply under-staff and makes do (which never works out optimally).

It’s an unenviable position to be in as an educational administrator. The solution is third-party tech support services.

Schools Are Already Doing It, And It Works!

Transportation, software support, substitute teaching, accounting…the list of third-party contractors in education keeps growing. Utilizing a third-party support contractor makes even more sense than some of the other contracts your district may have. IT gets highly technical and specialized. The skill set necessary to cater to a school or district’s needs is worth more than most schools can afford – especially in the public school system.

Plus, districts usually have SaaS applications – “software as a service.” These are applications licensed by schools that have native help sections. SaaS as part of licensing contracts gives districts the ability to call for tech support via phone, email, chatbox, or scheduled in-person service calls. Contracting out for IT services in general works in much the same way.

Scalability

Imagine having extra staff available when needed who just disappear when the need is gone. Contracting with a firm gives the school access to additional staff in emergencies or planned maintenance. Jobs with a large scope can be planned ahead with the IT contractor, with funds set aside for the additional hours and workers needed for projects. Having a contractor already on the books makes it easier to plan and bring in more people. It makes communication stress-free because the third-party will already be familiar with the school.

Using a third party allows administrators to:

  • Order staffing as needed.
  • Expect efficient, effective response to emergencies like outages, virus threats, and data breaches.
  • Ensure smooth, quick execution of planned upgrades with minimal disruption.
  • Support staff by offering assistance to individual faculty members.
  • Give faculty and staff immediate remote or in-person assistance.

Cost-Effective Expertise On Speed-Dial, Not On Staff

Even if a district is fortunate enough to have more than a skeleton crew of knowledgeable IT support staff, they likely won’t keep them long enough to become well-acquainted with the ins and outs of the district itself due to the comparatively low pay in school systems.

In Ron Schacter’s “Building An Ed Tech Dream Team” (District Administration March 2012), now six years old, school IT staff might expect to start at about $55,000 for basic support, but staff such as network architects will earn somewhere around $75,000-$80,000. Those IT workers could make a lot more if they went into the private sector, so they’re not going to stay long.

Thus, the supposed benefit of having someone in-house (i.e., their familiarity with the district’s needs) disappears. High turnover rates make for poor planning, disruption of services, and yearly retraining of a person or team upon whom everyone relies. It is poor planning that costs too much.

Moreover, with demands on educational technology growing, having a fully functional team able to respond to small and large-scale emergencies quickly grows too expensive for even larger districts. How can smaller districts or private, parochial, and charter schools possibly keep up? The reality is that many tried-and-true methods and educational tools simply won’t cut it anymore. The world is changing, including the field of education. Districts must find cost-effective ways to keep up.

Third-Party Support Supports Teachers

Teachers are not IT specialists. They are educators and must have the resources to teach. Put the power in their hands to use Ed Tech tools the way they were meant to be used. Stop using tech experts to restart computers and advise teachers to use Internet Explorer rather than Mozilla for their new application. Don’t make a teacher ask a kid from 4th hour to fix a problem with the desktop. Being reactionary rather than planning ahead always costs more. Sound planning that includes using third-party tech support offers flexibility and cost savings that maximize the educational benefits of rapidly evolving educational technology.

Conclusion

Reluctance to change leads to wasted time and money. By hiring less than the bare minimum IT staff and paying professionals well below their value, schools open themselves up to larger scale losses in the long-run, including:

  • High turnover requiring extensive, repeated searches for competent staff
  • Purchasing the wrong tech for a school’s needs
  • Purchasing something that is technically correct, but then cannot be fully utilized because the IT support is not there
  • Inefficient research carried out by non-tech staff
  • Network outages and unreliability cost time and money as well as loss of teaching time
  • Loss of staff and faculty due to frustrations over a poorly maintained infrastructure

When it comes to schools, you simply don’t have the resources to waste.

Posted on

Security: Focus On The Fundamentals

Healthcare IT Security

Every day, it seems, another security threat is in the news. The latest one involves some flaws in Intel chips that actually introduce a new vulnerability. The patches are out to address this, and hopefully, someone in your IT organization is tracking and applying them. But this is only one of the many ways your company can be vulnerable to cyber-criminals.

Healthcare IT Security

Good Security Is Proactive

Patches have to be applied. That’s good. But it’s also reactive. Doing whatever the news of the day tells you to do in regards to security is not a security plan. So, what is? And what does a good plan look like? Proactive security measures address every potential threat.

Human Factors

The biggest risk to security, by far, is human actors. These include your own employees and bad actors outside the organization. Humans, as the story of former White House Chief of Staff, John Podesta’s hacked email shows, make mistakes. To review, Podesta got an email he found suspicious, asking him to change his Gmail password. He sent a memo to his IT department. The IT staffer involved meant to tell him it was suspicious but made a typo in his reply email and told him it was okay. So, Podesta went ahead and click on the link exposing his database to Russian hackers. What went wrong here?

Facepalm Moment!

There are lots of things, but the most fundamental of them is that if security is a real concern, one does not use a free, public email service for email. Whatever else was in place, this episode shows that the DNC’s approach to security was flawed at the most fundamental level. People working at the White House should not use free, public services for sensitive email. It is a safe bet that, if you examine your organization’s security posture closely, there is at least one such facepalm moment lurking somewhere.

People do stupid things. One of the jobs of IT security professionals is to anticipate those things and make sure they don’t happen. Moving from passwords, which can be insecurely stored, to biometric identifiers, is one way to do this. People can’t easily steal your fingerprints or iris.

Portable devices are another issue. Having 24/7 access to a business device is great. But is it necessary? Laptops and smartphones are eminently losable. Ask whether every employee who has remote access needs it. Make sure you can remotely erase your company data from their device if it is lost or stolen.

The boundaries between work and non-work life grow ever thinner. There is no need to deny employees access to personal email. But on the company email server? Have them take personal mail to a browser-based service. Keep work and personal accounts firmly separated. This is a basic step that every company could and should be doing.

Auditing (Gently) The Vendors

There are good reasons to outsource many IT functions. Day-to-day operations rarely require high level IT expertise. It can easily be obtained from IT consultants and managed outsource providers and used as needed. Moreover, using outsourced IT providers who have many clients allows your organization to take advantage of the mistakes that their other customers have made. Most IT professionals have seen and heard it all. Use of consultants is a very inexpensive means of knowledge transfer, far cheaper than developing the same experience with in-house techs.

Make sure the IT provider knows their stuff. You may find a few whose security is really no better than yours. This is where it’s so important to check the company out before hiring them. Check their feedback online. See what their customers are saying about them. Do they really know how to secure your data and records so that you don’t get hit with a ransomware virus? Will, they set up both onsite and offsite backups so you’re never without your data even if disaster strikes?

Needing To Know

Transparency is, in general, good. But when dealing with health information that is protected by regulations like HIPAA, less is more. That is, less access is better insurance against risk. No one should be deprived of the data they need to do their job. But with protected health information, no one without a need to know should have access. Coders may need to see the physician’s notes in order to properly bill for services rendered. Billers do not. All they have to do is charge for the codes that are given to them. They do not need access to clinical data.

Conclusion

These considerations are very basic. They require no esoteric knowledge. But thinking through them will help you arrive at your own conclusions about whether your data is really safe. Remember these basics:

  • Be proactive about security.
  • Never take lightly the human factor.
  • Ensure third-party vendor security.
  • Apply the “need to know” concept.
  • Get help from a professional IT managed services provider if you still feel uneasy about your data’s security.