Category: Uncategorized

One of the biggest problems facing American businesses today is Ransomware. In fact, it is becoming a global threat. In 2017, a ransomware attack was launched every 40 seconds and that number has grown exponentially in 2018. What are the main reasons for this type of escalation? Why can’t law enforcement or IT experts stop the growing number of cyber-attacks?

Ransomware Trends

One of the reasons involves the latest trends. The art of ransomware is evolving. Hackers are finding new ways to initiate and pull off the cyber-attack successfully. Thieves rarely get caught. So, you have a crime that pays off big financially speaking and no punishment for the crime. The methods of attack expand almost daily. Attack vectors increase with each new breach. If cyber thieves can just get one employee to click on a malicious link, they can take over and control all the files and data for an entire company.

If you go to work in the morning and find that hackers have locked up all your data and are demanding a $2,000 payment in bitcoin, do you pay it or not? Most business owners pay the ransom. It’s easier and cheaper and it gets everyone back to work much faster. One of the major keys to this cyber-attacks success is the fact that criminals keep the ransom amounts fairly low. If you can simply pay $2,000, get all your files back and move on, then why not do so?

Contributing Factors

One of the most crucial contributing factors to this crime is the cryptocurrency revolution. If criminals had to rely on bank accounts and credit cards for payment, their crimes would soon be solved and they would be caught and placed in jail. But cryptocurrency is perfect for Internet-based crimes. It’s untraceable and that makes ransomware a practically unsolvable crime.

The five major cryptocurrencies worldwide in order of their popularity are:

1. Bitcoin
2. Monero
3. Zcash
4. Ether
5. Litecoin

A recent article in The Motley Fool[1] reports that there are currently 1,658 cryptocurrencies available worldwide. That number grows each day. People love the anonymous nature of cryptocurrency. There are a growing number of questionable businesses on the Dark Web and most only accept cryptocurrency as payment. That’s because much of the sale of goods and services on the Dark Web is illegal. The only safe way to pay for illegal materials is to use a completely untraceable form of payment. The answer is cryptocurrency.

But there are other contributing factors as well:

• Social engineering
• Both known and unknown software vulnerabilities
• Poorly configured servers and workstations

Most of these vulnerabilities do have a workable solution. It’s just a matter of finding out where you are most at risk and taking steps to close up those weaknesses. A good IT managed services outfit can assess your current IT infrastructure and make recommendations for improving it. Consider it an investment in your company’s future.

It would be nice to speculate that the whole world will suddenly wake up and decide to be honest and upright in all their dealings; but that is not a realistic viewpoint. Instead, we must move forward with the resolve to create and support global internet police agencies who have the power to track down and arrest cyber-criminals. When there’s no punishment for a crime, it’s a proven fact that it will increase and even flourish.

What Can You Do As a Business Owner?

Knowing that all these things are true and things are not going to just suddenly get better, you have to ask yourself how you can protect your company from cyber thieves. The number one way that all security experts agree on is better employee training. Thieves most often trick an employee into clicking on a bad link. The human factor is the weakest link in the cyber-security chain.

But the good news is that training your employees doesn’t have to be expensive or time consuming. Ask a local security expert to come out once a month and address all your employees. The experts can educate everyone about the latest cyber threats. They can share helpful information about what phishing scams are and how to spot a suspicious email. If you don’t have the budget for it, you could even ask the security expert to do his talks on YouTube and then send links to everyone in your organization. Make watching these security briefs mandatory for all employees.

There are plenty of good resources online now about cyber theft and best practices for cyber security. If you can afford to have a local IT guru come out quarterly and speak to employees about Internet security, this will reinforce what employees have already learned.

Head in the Sand?

The problem with many organizations today is that their leaders are living in a bubble. They think ransomware attacks only happen to other people. They don’t really think they will ever be a victim of a cyber-crime. This isn’t true. Statistically speaking, your company will eventually get caught in the web that cyber thieves weave. The question is not “whether” your company will be a target, but “when” this will occur. The best course of action is simply to prepare for it.

• Educate your employees.
• Hire the best IT experts you can afford to test your network.
• Spend the money on whatever new improvements are needed to fortify your IT infrastructure.
• Make sure all software and hardware is patched and up-to-date.

Sadly, the Crypto Crime Wave is backed by huge communist governments. These countries are earning billions of dollars each year by stealing data from businesses, hospitals, charitable organizations, individuals or whoever falls prey to their scams. They sell the information online and there are always plenty of buyers for this type of data.

However, knowledge is power. Now that you know a few things about ransomware attacks and what you can do to stop them, take action! Don’t wait around until you get that awful message on your computer screen that says:

“You’ve been Hacked! Your files are frozen. Here’s what you need to do to get your computer access restored!”

Don’t wait for that day to come. Take action now to protect your company from the threat of ransomware, malware, and all the other forms of internet piracy. When business owners become more proactive about their internet security, the threat of these attacks should start to diminish. Today, American businesses are making it all too easy for cyber criminals to succeed. But as company owners become more savvy, these criminals will find it harder to earn a living stealing.

[1] https://www.fool.com/investing/2018/03/16/how-many-cryptocurrencies-are-there.aspx

Yam Jam – The Virtual Town Hall Experience That Brings Your Organization Together

If you are an avid user of Office 365 or have in some way expressed interest in Microsoft’s online environment, then you’re probably familiar with Yammer – the freemium enterprise social networking service that is used for private communication within organizations.

Also, chances are that you have come across terms such as “Yammer Town Hall,” “Yammer Power Hour,” or “Yammer Time.”  They all refer to the same thing: Yam Jam.

What is Yam Jam?

This is simply a digital meetup on the Yammer network. It provides a unique space for real-time Yammer discussions where people can exchange ideas and learn from one another. One of its strong points is that an organization’s employees have the opportunity to break the typical organizational chain of command and interact directly with senior leaders alongside fellow staff.

As such, you can look at Yam Jam as a curated virtual town hall event that is held within a designated group in the Yammer network.

Attendees within Yam Jam get the rare opportunity to interact directly with subject matter experts, company leaders, or executives as well as with one another (fellow employees). Anyone can participate in Yam Jam because it is actually an open environment on the network. They can ask questions related to the topic of discussion, learn from the experts, and share ideas with one another.

Every Yam Jam event typically lasts about an hour but they continue on after the live event is finished, which is the best part. This makes global engagement much easier and more inclusive, which can be extremely helpful for organizations with remote staff. It brings them together regardless of where they are on the planet. Yam Jam events are also scalable and measurable, in addition to being low cost and focused.

The fun thing about Yam Jam

Yam Jam is not restricted to a single shape and size. The type of event you hold on this network is determined by your specific need. There is also the option to @mention someone on the Yam Jam environment so that they get notified about an ongoing event that they can benefit from.

Thinking about hosting a Yam Jam? Here’s why you should

There’s so much your organization stands to gain from hosting Yam Jam. For starters, the events enable your employees to engage with multiple participants on Yammer, which can promote the culture of cooperation.

Participants on Yam Jam share ideas and insights with one another and receive valuable information that they can use to better their performance and productivity of the organization overall.

More importantly, Yam Jam is a means for the employees to break hierarchy and interact directly with company leadership. Participants can not only gain richer insights from subject matter experts but also get a chance to address pressing matters with the company leadership and reach solutions that may benefit them and the organization as well.

Employees can build a great deal of confidence in their senior leadership from interacting in the Yammer Town Hall. Leaders also get a good opportunity to interact directly with practitioners in a way that helps them remain connected to the massive pool of talent within the organization.

Yam Jam best practices to ensure you make the most of your events

One interesting thing about Yam Jam is that they are rather easy to organize or set up; anyone can do it. To host a successful Yam Jam, here are some tips to ensure you have your best foot forward.

Ensure your participants are Yammer savvy

Yam Jam participants need to have sufficient Yammer knowledge to effectively participate in any event on the platform. As such, it will help to do some due diligence beforehand to be certain that your team or the audience you’re targeting is well-versed on the network. Otherwise, consider offering a Yammer training session before taking the plunge.

Choose an appropriate time and topic

Participants are bound to contribute properly if the time is right and the discussion involves pertinent topics or ones with varying viewpoints. The time is right when the participants are in a position to take part. As such, it is best to consider time zones and days of the week when jobs and other similar engagements are not likely to stand in the way.

Advertise the event properly

People easily forget schedules, so it is important that you keep them properly informed about the event and the exact time, date, and topic of discussion so everyone can prepare appropriately. Remember, the more engaged the participants are, the more interaction the event is likely to achieve. The more interactive the event, the more likely it is to be productive.

Wrap up

Yam Jam can be hugely beneficial to any organization that seeks to improve and become more productive, especially if they provide participants with a proper feedback loop, or means to give feedback at the end of the live event. If you haven’t tried it yet, then no time is better than the present.

Need a quick refresher or a complete introduction to one of the most popular small business accounting packages?

Quickbooks is one of the top accounting solutions available to small businesses around the globe. However, many business professionals only use a small fraction of everything Quickbooks has to offer.

During this 30-minute on-demand online training session, you’ll discover many of the top features and tools found in Quickbooks, including:

• Invoicing
• Expense Tracking
• Bill Payments
• Customers and Vendors
• And much more

This is designed to be an introductory training session for those new to Quickbooks and those who just need to know a bit more of what Quickbooks can offer. If you’re on the fence trying to find a small business accounting package, this session will help you make your decision.

Click Here and watch this training

Have questions? Reach out to me at any time.

Vancouver British Columbia is about to experience its largest technology boom in many years. Telus Corporation, a national telecommunications provider, has announced that they will soon be rolling out a one billion dollar fibre optic network. The network will include internet access, voice, video, live streaming, healthcare, and many other entertainment venues.

The TELUS PureFibre network

The company is well-known for its TELUS PureFibre network, an innovative internet technology that utilizes flexible strands of transparent glass thinner than a human hair. Using these new fibre optic strands will allow the company to transmit information as pulses of light, thereby carrying much larger amounts of data across the internet in just seconds. Telus is also known for its speed and reliability, along with amazingly fast upload and download speeds.

In an age where everyone spends much of their lives online, speed has become a major factor. From downloading videos to home entertainment, the future belongs to those who can provide crystal clear video calls, buffer-free streaming, and the ability to capture and share photos faster than ever before. Telus is on track to deliver that and more. In fact, Optik TV from Telus offers 4x the video resolution of ordinary HD.

Plans to roll out the one billion dollars Vancouver-wide fibre optic infrastructure were recently announced by the company’s CEO.

Telus CEO Darren Entwistle commented that “Once complete, our fibre build will have an unprecedented impact on our city, transforming the way we live, work, socialize and raise our families in the digital world.”

He was speaking to an audience that included well-known Canadian politicians. Vancouver Mayor Gregor Robertson, Technology Minister Amrik Virk, and Premier Christy Clark were in attendance, among others.

Details of the billion dollar roll-out

The details of the roll-out include a promise to deliver download speeds of one gigabit per second, though, in the initial release, download speeds will be around 150 megabits per second—still 30 Mbps more than their closest competitor.

In his announcement, CEO Darren Entwistle stated that the project was designed to “future proof Vancouver’s digital demands for decades to come.”

The project is slated to be phased out over the next five years. It will begin with Vancouver’s west side, an area that is home to many popular stores, restaurants, and other business establishments. Areas like this always demand better, faster internet services.

Many city leaders and respected business owners agree that this move will positively affect Vancouver’s economy for years to come. Other technology experts chimed in saying they believed the Telus fibre optic network would put Vancouver squarely on the map in terms of its advanced fibre infrastructure.

Having high-speed internet that addresses the future needs of citizens should make the Vancouver area much more attractive to tech companies of all sizes.

The spinning wheel of death

For years, both residents and business owners have complained about the “spinning wheel of death”, that wheel that all consumers get while trying to stream a movie on Netflix. With the new Telus fibre optic network, users can expect an end to this with faster download speeds and higher capacity streaming, even with high-definition movies.

In households where there is more than one device going simultaneously, the new fibre optic network should also put an end to slow internet speeds. Family members in several different rooms can watch movies, play games, and surf the internet, all at the same time without vying for bandwidth.

President of Telus’ broadband networks, Tony Geheran, explained that the new service would be rolled out, “neighbourhood by neighbourhood.” Telus has stated that their rates will not go up for top tier services, but that internet speeds across Vancouver will increase over the next 18 to 26 months.

Though there are other internet service providers in the Vancouver area, in the past these services have only provided area-specific or building-specific high-speed services. The new Telus fibre-optic installation will include the entire city covering businesses, residents, hospitals, factories, and others.

Telus has also announced that the company is addressing slow internet speeds in smaller city centres and rural areas. Last year, they announced a program to invest $60 million toward extending their fibre optic network to 90 percent of the residential areas of Kamloops.

Extending dependable fibre optic networks into the future

It is estimated that only about 10 percent of all North Americans currently have access to a reliable fibre optic network. Many professionals believe that this is completely unacceptable in a day and time when so much business and entertainment is conducted online.

Vancouver is rated as number 20 in terms of technology for larger North American cities.  Entwistle believes the new fibre optic infrastructure will greatly improve their standing among other cities their size.

“With our Telus fibre investment, I believe Vancouver will soon be in the top 10 and thereafter, in the top five, such is the potential and competitive advantage our investment exudes for our city,” Entwistle said.

Though consumers are excited about the new changes in internet speeds, business owners are also expecting great things. As technology has increased across the globe, the world moves only as fast as local internet speeds will allow. Add to this, the significant expansion of the Internet of Things. In the future, fibre optic networks should be able to handle innovative new medical equipment, connected appliances, enterprise server networks, business requirements, home networks, and many other technology needs.

In today’s world, everyone uses information technology. This is simply the technology behind our computers and networks including software and hardware. For businesses, it includes servers, data centers, and other technology to support their IT infrastructure.

In spite of its prevalence, many people are not familiar with some of the terminologies and terms used by IT experts. Below, we offer up a few of the most common expressions and give you easy-to-understand definitions. These are by no means a thorough explanation of the terms but they do provide an overall idea of what the word means.

Glossary

Artificial Intelligence-The development of computer systems that can perform tasks that would normally require a human. They include speech recognition, language translation, visual perception, and decision making skills.

BDR – This abbreviation stands for “backup and disaster recovery”. This is a plan where all hardware and software is regularly saved in both onsite and offsite locations. This can prevent data from actually being lost. If a data breach occurs, an IT specialist can restore the whole system from backed-up copies. This helps a business to get back up and running very quickly even after hurricanes or other disasters.

Big data-This term refers to extremely large data sets used for the purposes of analysis. This complex data processing is often completed by larger companies in order to reveal trends and patterns that can help them with upcoming marketing campaigns.

Breach (cyber) defense-Any method of protecting your networking and computing resources from intruders and hackers. This can include protection for your IT infrastructure along with antivirus software and firewalls. All known threats are analyzed, then strategies are formulated to stop these attacks before they occur. Most breach defense mechanisms include a planned response to any type of cyber-attack. A good breach defense will include strong measures to safeguard company assets.

Business Continuity– The ability for a business to continue its operations even when there is a cyber breach or other disaster that would normally cripple a company.

Cyber or security breach– An internet security breach where cyber thieves hack into your computer systems and steal data or plant malware. These breaches can cripple your organization and damage your data including customer records. Cyber breaches usually cost a business over one million dollars for each event and they damage the company’s reputation, harming the brand.

Dark Web– This is the Back Alley of the Internet. It is where illegal transactions often take place. Drugs and other contraband are sold on the Dark Web. Entry into this area requires a special browser known as Tor (The Onion) and special software to protect the user from the many dangerous threats that loom on the Dark Web.

Deep Web– Any content that is not indexed by Google bots including educational sites, email programs, company intranet, etc.

Hybrid Cloud-A cloud computing environment where a mixture of public and private cloud services are created to lower operating costs and gain access to a wider range of computing resources.

IT Infrastructure-This term includes all networking, servers, computers, software, hardware, and other technology used to manage and support all information technology resources.

Machine learning-This is a subset of artificial intelligence (AI) where a computer system automatically learns as it processes data. The computer doesn’t need to be explicitly programmed to achieve desired results. This science develops computer programs that can access data and learn while they’re working so that they evolve into smarter machines over time.

Malware– A combination of the words “malicious” and “software”. This term has come to refer to any type of software that was built for the specific intent of disrupting a company’s computer network and damaging computer equipment. It can include spyware, viruses, Trojan horses, worms, adware, and many other types of malicious software.

MSP– An IT Managed Service Provider (MSP) is a company that provides a full range of services to help businesses manage all their computer and network resources.

Outsourcing-The process of hiring an outside company to manage all aspects of networking, IT, communications, computers, servers, and other information technology.

Private Cloud-A private cloud refers to a cloud computing environment where a private IT infrastructure is created for one specific organization. It is usually managed with internal resources.

RPO– Recovery Point Objective is the maximum amount of time that data should be lost due to a natural or manmade disaster.

RTO– Recovery Time Objective is the maximum amount of time a business can be without its data (due to a natural or manmade disaster) before the business is at risk.

Ransomware-A type of malicious software where a cyber thief blocks the user’s access to his or her own computers, network, and data. The thief demands a ransom in order to restore full access to all computer systems. Money is extorted from business owners usually in the form of a cryptocurrency like Bitcoin which is untraceable. Ransomware attacks have escalated due to their overwhelming success. Normally, a Trojan disguised as a legitimate file, is accidentally downloaded. These can come as email attachments or links. One of the most dangerous Ransomware programs is called “WannaCry worm” and it can travel between computers with no user interaction.

Resolution Time-The amount of time it takes to resolve an issue, most often a security, network, or IT problem.

Response Time-The amount of time it takes for a service provider to respond to a call for service from one of its clients. Most IT providers guarantee specific response times as a perk to selecting their service over others.

Scalability-A company’s ability and flexibility to scale up or down as business needs arise.

SLA- A service-level agreement (SLA) is a contract between a customer and a service provider. It outlines the duties and responsibilities of the service provider and the terms of the contract. It includes the signatures of those in management from both entities.

Software bug-An error, fault, or flaw in a computer program that produces an unintended effect. Bugs are usually the result of mistakes by programmers when developing the source code. The term “debugging” is often used to describe the process of fixing software bugs.

Virtualization-Virtual Machines (VM) are created that look and behave exactly like the real thing. This can include servers, networks, operating systems, or storage devices. This allows a company to have a much more sophisticated IT infrastructure at lower costs. It also enables a business to enjoy the benefits of scalability. With virtualization, you can easily scale up or down as needed, so you only pay for services and equipment that you need at that time.

VPN– Virtual private networks (VPN) are built over public infrastructures to provide a higher level of security to the data transmitted. Usually, encryption is used to protect apps and data from intruders as the data is processed across the internet. There are numerous types of VPN, including Advanced VPN, PureVPN, Hotspot Shield, and ExpressVPN.

Zero Day Threats– This is a threat exploiting vulnerabilities within computer security systems. The term is derived from the word “zeroth”, which is the time of the exploitation. It occurs either before or on the first day the developer becomes aware of it. Therefore, there is no security fix for the threat due to the fact that developers are completely unaware of its existence. A number of different vectors can be used in a zero day attack. These attacks are usually instigated by well-known hacker groups who take pride in being able to outsmart developers.

Check Out These Pros and Cons First.

Many of today’s business owners have decided to move their IT infrastructure to the cloud. In a large company, the number of services and workloads can be staggering, making the transformation a hugely complex procedure. Even in smaller businesses, there are pitfalls to be aware of. If you know about these before you begin, then you can avoid some costly mistakes.

Remember that all clouds do not have silver linings. Some are just big ole thunderclouds that are about to dump 10 inches of rain on your parade. If you understand the issues and complications that can crop up, then you can bring your umbrella and escape getting all wet. If not, you may be in for some rainy days ahead.

What are the benefits?

Migrating to the cloud can deliver some “big-company benefits” that small businesses need these days in order to compete in the global marketplace. However, as many business owners have learned, there can be security issues, unexpected costs, and other snafus. The most successful cloud migration approach involves careful planning. It’s often a great idea to engage with some experts in cloud technology to help you. These experts understand what’s required and they’re familiar with cloud best practices. They can help you optimize the migration process.

You also need clear heads who can keep you on the right road. Why are you moving to the cloud? Most business owners will answer that they’re hoping to reduce their infrastructure costs. That’s a good reason and the primary motivation behind most moves. The problem is that somewhere during the move, it’s easy to lose sight of these basic fundamentals. Cost reduction does occur for most companies but it’s not a guarantee.

If the process is carried out incorrectly and/or the wrong cloud management maturity roadmap is followed, you could wind up in a ditch instead of on cloud 9.

The hybrid infrastructure strategy

Digital transformation and hybrid architecture – these are terms that many business owners struggle with. Though you’re probably an exceptional CEO, manager, or small business owner, if your expertise is not in the realm of Information Technology, hire a pro. In the midst of moving to the cloud, you need to know that everything is being done according to best practices. The diverse environments of infrastructure and operations (I&O) present numerous challenges.

Before you move everything to the cloud, consider the following:

• The full cost of this process including hidden expenses
• On-premise vs. public cloud
• The security of your data
• Bandwidth availability
• Ownership of the data
• Availability of moving the data
• Developing a multi-year strategy that includes ongoing ROI

The cloud roadmap

In order to seamlessly migrate your physical infrastructures to private, public, and multi-cloud environments, you must first decide which services and applications are best suited for the cloud. Not every application is a good fit for the cloud. A good operational model will help your select the right services and apps based on their unique requirements. In other words, you need a good solid roadmap that outlines what will be moved, when it will be moved, and whether you have the right security to protect all your data throughout the process.

This is especially important in industries where compliance is a factor, such as the healthcare industry. One HIPAA violation can be expensive but a good IT specialist will make sure that all data both in and out of the cloud is well-protected.

Assess the risks

Begin your cloud journey with an assessment of your current business network and IT technology. Include your current resources, along with the maturity of your processes and people. Consider these questions:

• Which services and applications can best benefit from migrating to Azure, AWS, or other cloud platforms?
• How will you manage third-party vendors to prevent data leaks?
• Do you have an IT team or outsourced IT provider with the right experience for this job?
• Should you migrate everything at once or do it in stages?
• Have you considered whether your new cloud environment is viable for both the short- and long-term?
• Can your new cloud infrastructure support growth?

Hybrid infrastructure offers unique benefits to business owners. But it’s not a solution that will fix every IT problem you have. Instead, it’s more of a strategy for ensuring that your business can compete in a global marketplace.

Cloud solutions and hybrid architecture aside, no one can predict the future. But it’s a good bet that cloud technology will evolve rapidly and your new cloud solution should be able to grow right along with it. That means flexibility. And, it should continuously assess your network security and compliance to relevant regulations. One single data breach these days can cost a million dollars.

What to do next

Before you take the next step, it can be highly beneficial to engage with cloud experts who have completed this journey for other companies. When you work with experienced professionals, they’ll guide you down the right path. As you move your applications and services over to the cloud environment, they will advise you every step of the way.

This can eliminate a lot of the worry and stress, plus it usually helps you to complete the process without wasting precious time, money, and resources. Know where you’re going before you begin your journey and the cloud transformation can be an exciting new adventure for your business.

With the increase in social media popularity, professionals in the healthcare industry are seeing new and alarming trends. Healthcare workers often post about their workday on sites like Facebook. They may even post photos of their friends at work. We’ve all seen photos of a group of friends at a hospital or clinic goofing around.

Though everyone enjoys posting about their daily life at work, for the healthcare industry, this has become a growing problem when it comes to HIPAA compliance. In fact, the issues have escalated to where it’s a virtual minefield of compliance violations that could blow up at any moment.

HIPAA violation fines can be huge, so why aren’t employees better trained in what is and what is not acceptable?

The company Facebook page

Another area of potential compliance issues is those company Twitter and Facebook pages. Most businesses including healthcare, post daily to their social media accounts. This can be a great way to connect with your customers/patients. Social media is a unique place to interact on a personal level with people. For the healthcare industry, there are a number of restrictions about what you can share.

Some of these regulations are common sense. If you just got out of surgery, then you probably don’t want anyone posting your photo on Facebook. We should all know how important patient security is. From health plans and patient medical records to hospitals and doctors, we can’t be too careful.

Data breaches in hospitals are increasing at an alarming rate. We certainly don’t want to make it any easier for cyber thieves to break in and steal our health information.

Protecting PHI

It is never acceptable to post any type of info that is considered Protected Health Information (PHI). This includes a patient’s name, address, date of birth, social security number, financial information, photos—if something you post can in any way identify one of your patients, then it’s a violation of HIPPA. If the patient or a family member see that posted on social media, they can file a complaint and your organization may have to pay hefty fines.

PHI includes all demographic information that might, in any way, identify one of your patients. According to the HIPAA Privacy/Security Rules, you can’t use this PHI in your marketing campaigns or on social media platforms. Every precaution must be taken to avoid revealing the identity of a patient.

What can you post on social media?

Now that we know what you can’t post on social media, what types of info are safe to post? Every business, including healthcare, has a right to use social media to improve their rankings and interact with people in general. It would not be fair to take that away from healthcare organizations. Having a social media presence has become a basic human right for every company. It’s a proven way to attract new business and promote your brand.

At the end of the day, the hospital down the street is just another business trying to survive in a complex global marketplace. Healthcare professionals often use social media platforms to expand their professional network. This has become a common practice. As our world moves more into interacting on the internet, we must all know the rules to avoid making costly mistakes.

So let’s take a look at some of the information you can post on social media—things that will not get you in trouble with HIPAA:

• Upcoming events patients might find interesting
• Profiles of staff members
• Useful health tips
• Exciting new research related to your field
• Discounts and special offers on services
• Awards and honors your organization has received

You can also advertise any of your services as long as you do not include any protected health information. Remember that PHI includes photos of patients, so be careful if you and your staff are taking pictures in the lobby. Make sure there are no patients lingering in the background before you snap that photo.

HIPAA Policies and Procedures

The responsibility for using guidance concerning HIPAA most often falls to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR). Each year, this organization issues the standards and policies for compliance. They work to ensure that all healthcare organizations know and understand HIPAA regulations. In addition, they have special guidance on how health care professionals can safely use social media in their day-to-day activities.

These standards should be well-known to all the principles in your organization, but the employees must also be aware. Most organizations post the special policies regarding HIPAA standards in a breakroom. But it can also be a good idea to have monthly meetings where you discuss the regulations with employees.

Educating employees

Many hospitals and clinics have a fairly brisk employee turnover rate. Large hospitals are constantly hiring new people all the time. How will those new employees get up to speed about HIPAA guidelines? What if a new employee who does not know about these regulations, takes a photo with a friend standing in front of a patient bed and that photo winds up on his Facebook page?

Things like this are likely to occur in large facilities. The “human factor” is often the weakest link when it comes to overall internet security. Educating every new employee, however, is the responsibility of hospital administrators. You can’t simply post the HIPAA regulations on a bulletin board and expect everyone to know what to do. There must be ongoing training that’s mandatory. The HIPAA fines are just too high to assume everyone is abiding by the rules.

Take a proactive approach

Policies must be well documented and updated annually. Regardless of the size of your practice, regular training is a must. Each healthcare organization should implement high-level security protocols to prevent accidental or intentional data breaches. Last year alone, data breaches in hospitals cost approximately $6 billion. This number rises steadily each year despite all the publicity; social media issues add untold complexities to the mix.

It is essential to do everything possible to make sure your staff knows and understands HIPAA regulations, especially pertaining to social media. This can protect your medical practice from liability in the event of a violation. HIPAA social media guidelines are an important part of ensuring that PHI remains secure. Compliance is everyone’s responsibility!

Today’s advances in telemedicine are exciting. People can now track their health and fitness with a watch. Blood sugar can be monitored with small hand-held devices. The sensors on a mobile phone can monitor your blood pressure. There are smartphone apps to help people with almost every type of health condition. Though all these technological advancements are allowing people everywhere to take control of their health, there are hidden dangers lurking in the background.

Wearable technology is amazing and it can make people aware of areas where they need to make improvements to their health, but what about all the data these devices collect? Is it secure from hackers? The answer is a resounding no! Most people believe these products are secure, but they aren’t. In fact, they’re highly vulnerable to hackers and cybercriminals. Unfortunately, most apps and medical appliances have very basic internet security built in.

These are just a few of the reasons why guidelines like HIPAA were created. These regulations control the ways in which medical data should be handled. This includes the way healthcare workers gather and process healthcare information.

While mobile devices are very convenient for doctors, nurses, and technicians to use, they do present a significant risk. Along with that, health and fitness apps are helpful and convenient on many levels. Yet, they collect various types of sensitive data about people. If there’s no protection integrated for keeping your medical information safe from cyber threats, then you’re vulnerable. Unfortunately, developers are designing and manufacturing apps to help people manage their health without considering the “security factor.”

Laws like HIPAA do make a difference, but we live in a world where everyone must be diligent about handling data, especially medical information. No one wants their private healthcare info just drifting around the web.

Mobile medical security is an ongoing problem

Doctors, researchers, and their patients are only now realizing how exposed they are. This is one area that has consistently been poorly secured. Everyone loves their mobile phone. You can get so much done on one these days. So it’s only natural that doctors and nurses would use their smartphones for work. But so do medical technicians, x-ray techs, and even the administrative team at a hospital or doctor’s office. This accounts for millions of users working from a mobile device or tablet computer where they view, save, and exchange medical info with others.

Let’s say you have a very high-profile job and just found out that you have cancer. If your employer learns about this in the wrong way, this places your livelihood and reputation in jeopardy. Most people want this type of information to remain private. In fact, HIPAA guidelines ensure that we all have a right to privacy when it comes to our medical information.

It’s easy to see what a huge security issue mobile devices can be when it comes to the security of medical data. What if your doctor leaves his phone in a restaurant, store or public restroom? Maybe an honest person will pick it up and try to return it safely, but probably not. Thousands of people around the world now earn their living by stealing data from others and medical information will fetch a high price.

Instead of worrying about these escalating threats, it’s better to find out what you can do to protect your mobile medical data from intruders and thieves. Believe it or not, most of this information is rudimentary and we should all being doing these things anyway to protect ourselves.

Whether it’s family photos, text messages or important medical documents, most of us want our personal information to stay safe and private.

Below, we share 3 simple steps to safeguard mobile medical data.

Mobile device management

Many companies these days are using mobile device management (MDM) solutions. These are typically employed on an entire fleet of mobile devices. Whether you employ a dozen people or a hundred, you don’t have to worry anymore about lost and stolen phones. MDM can separate personal data from corporate data. It monitors the user’s habits. It will prevent users from visiting certain sites or downloading certain types of content. This is a good choice for many organizations. A “remote wipe” feature can automatically delete the data on a lost device. When dealing with medical records, this is a valuable feature. Though it can be expensive, it’s much cheaper than a damaged reputation and big lawsuit.

Encryption

Encryption is one of simplest methods of protecting data on any device. Whether your device is lost or stolen, if no one can tell what the information says, then it’s safe. File-level is a great way to protect specific files. Disk-level encryption protects everything on the device. It’s usually a more thorough solution and it’s cost-effective. Today’s popular operating systems like Windows 10 and Mac OS X have the ability to provide strong encryption functionalities.

Training

Healthcare workers need training as much as any other profession when it comes to medical data security. Once workers are trained on “best practices”, they’re far more likely to obey the rules and avoid risky moves. Best-practice data security procedures should be second-nature to healthcare workers. They should know what’s at stake and how to protect the data they have control over. For best results, workers should get regular data security classes at least a couple of times per year. Don’t let the “human factor” be the weakest link in your chain.

Conclusion

Though mobile devices offer so much flexibility and convenience, they may always be risky for certain professions and healthcare workers are at the top of the list. Protect your healthcare organization’s IT infrastructure with the best data security solutions available. This will help you avoid the embarrassment of a big data leak that damages your reputation and costs millions to remediate.