Posts

Your guide to setting up a HIPAA-compliant cloud

When you put your healthcare organization’s patient data on the cloud, you enjoy a range of benefits like having to worry about computer files being erased accidentally. Furthermore, it’s simple to organize all of your data and use analytics to make the most accurate decisions possible.

At the same time, you must make sure that your cloud complies with HIPAA, the Health Insurance Portability and Accountability Act, which Congress passed in 1996. It sets forth complex rules for keeping, transmitting and using protected health information (PHI) or electronic protected health information (ePHI).

Here is an overview of things you should be doing in order to ensure HIPAA compliance.

Step 1: Finding the right cloud provider

To start, it’s helpful to obtain a copy of the online HIPAA guidelines that the Department of Health and Human Services’ Office of Civil Rights (OCR) offers. You can review them with your attorney and your IT team members.

As soon as you’re clear on those rules, you can conduct – perhaps with the help of an IT managed service provider – a thorough risk assessment. During this process, you’ll examine various cloud service providers (CSPs) to find one that guarantees every reasonable safeguard, including encryption, for your PHI. You might inspect a CSP’s headquarters yourself, or you could rely on expert security audits.

Once you’ve found a CSP you can trust, your attorney can draw up a business associate agreement (BAA). This agreement will hold your company and your CSP, which the law terms your “business associate,” to all HIPAA regulations.

You must also create a service level agreement (SLA), one that details the quality of service that your CSP will provide. For instance, how will it attempt to recover lost data? How much downtime, if any, can you expect? (The answer should be virtually none.)

Step 2: Securing your data

Under HIPAA, you’ll have to take every practicable measure to keep track of your patient data and prevent it from falling into the wrong hands.

HIPAA permits healthcare professionals to use mobile devices to access data. However, each mobile device, along with each computer and other endpoints, must be protected by multiple layers of security. Those measures should include:

  • Randomized and unique passwords
  • A powerful firewall
  • Sessions that time out
  • Two-factor authentication
  • Data encryption that meets or exceeds industry standards
  • An intrusion detection program

Likewise, you should provide regular training sessions to ensure employees are using best practices and are able to recognize the warning signs of hacks or phishing scams.

Moreover, everyone should be on a need-to-know basis. It’s illegal to share a patient’s ePHI with anyone outside of your business unless the person who’s requesting it has a HIPAA release form. (That document must include the patient’s signature.) Your cloud should also have a principle of least privilege (PoLP) security model to make sure each user only has the authority to access the information necessary for his or her job.

An automatic alert system is valuable here. You’ll receive a warning if an unauthorized person accesses your cloud data or if an authorized person does something in the cloud they’re not supposed to do.

Step 3: Reporting breaches

What happens if an unauthorized person gains access to someone’s ePHI? This could occur due to employee error or hacking.

You must tell the affected patient about the transgression within 60 days. Plus, on an annual basis, you must let the Department of Health and Human Services know about every PHI breach that happened during the past year.

If more than 500 records are breached at one time, you’re obligated to send out a press release and to tell the HHS at once. The OCR will follow up, seeking more detailed information.

Finally, as you work your way toward full HIPAA compliance, it’s wise to partner with outside IT specialists. These experienced professionals can advise and support all of your data storage efforts.

In addition to conducting the initial risk analysis, those security experts can identify and eliminate potential vulnerabilities in your network. They can also help you craft an IT budget that accounts for all security measures. As cloud technologies evolve and improve, they’ll ensure that you always stay within the law and always protect your patients.

3 things you need to do before implementing your BYOD plan

Deciding on, and then implementing a BYOD program can be a huge challenge. It may even seem like an intimidating and impossible task. While most businesses are attracted to the cost-efficiency of a BYOD program, there are certain things that must be done to ensure the plan is successful.

Understanding BYOD

BYOD (which you likely already know stands for “Bring Your Own Device“) is something that is becoming more and more common in businesses today. This type of program allows your employees to bring their own, personal mobile devices and use them for work-related purposes. This is in lieu of the company providing them with laptops, smartphones or other mobile devices.

If you are thinking about implementing the BYOD program, but you don’t know where to begin, here’s our short list of what you’ll need.

1

Establish a security policy for all devices

Before you allow your employees the freedom to access your company’s resources from any device, you need to ensure there are stringent security guidelines in place.

Most users are resistant to complex passwords and lock screens simply because they are inconvenient. However, an unsecured device can leave your business’s sensitive data prone to an attack.

To ensure everything is safeguarded, you need to make sure that your BYOD includes the following security guidelines:

  • Set the minimum required security controls for all devices, which includes password requirements and data encryption.
  • Determine where the data from a BYOD device is going to be stored.
  • Determine if your IT department can remotely wipe devices if it is lost, an employee is terminated, there’s a policy breach, disaster situation, or some other issue.
  • Are your employees going to be required to install a mobile device security application, or are workers going to have the ability to choose their own security solutions that meet set criteria?

The strictness of the guidelines that you set will depend on your industry.

Put protections in place against any legal liability

When you introduce devices owned by your employee in your workplace, then it may lead to legal issues. As a result, you need to implement policies that help you avoid problems. Some things to consider include:

  • Rights: What legal rights do your employees and the organization have? Know what these are to create the proper privacy requirements and regulatory requirements.
  • Responsibilities: Do employees who are using a device with a corporate app or data have the responsibility of providing protection for the device? What happens if no steps are taken to protect it?
  • Liability: Will the company be held liable if an action on its part results in private data loss? What liability lies with the employee?
  • Privacy: What are the steps your business is going to take to protect employee privacy?

3

Define specific and concise user guidelines

By creating acceptable use policies, it’s possible to prevent malware and viruses from getting into the system via unsecured apps or websites.

It’s a good idea to talk about the following questions with your IT team or your managed service provider to set up your acceptable use policies. These questions include:

  • What applications can an employee access from their personal devices? Make sure that you clearly outline the types of apps that are allowed and the ones that aren’t allowed.
  • What websites need to be banned while the employee’s device is connected to the business network?
  • What type of company-owned assets will employees be allowed to access on their personal electronic devices? Contracts, documents, calendars, emails, etc.?
  • What type of policies are going to be implemented to keep employees from transmitting or storing illicit materials or from engaging in unrelated activities on their devices?

A tip from companies that have implemented BYOD policies in the past is that if you block the “time wasting” sites such as YouTube and Facebook, it may seem somewhat controlling to workers. As long as employees continue to perform well, there’s no need to implement these types of restrictions.

The best way for you to successfully get your employees excited and on board with your bring your own device program is by working to create a trusting environment. If you implement excessive restrictions, then it may make your workers feel like you are actually infringing on their personal freedoms. Rather than doing this, take the time to let them know about the realities of a BYOD program, and give them the ability and opportunity to use this new freedom responsibly.

Implementing BYOD at your business: now you know

If you are planning to implement a BYOD policy for your business, then using the tips and information here can be extremely beneficial. After all, this type of policy can be extremely beneficial for your company, a well as your employees.

Devices icon

Keep in mind, you may have to tweak and alter your BYOD policy as you move forward. This is fine, just be willing to measure the success of the plans you have made to determine if changes are needed. By doing this, you will be prepared to ensure your employees have the best possible plan in place and that your company and your workers are reaping all the possible benefits that are offered by the bring your own device policy.

The cloud and your business: what you need to know

When it comes to your business, you know the value of relying on proven practices to get the job done. You also know that there comes a time when a bold, new approach is really needed to improve efficiency and meet demand. Businesses all across the country are moving to the cloud because they know that the cloud will give them a competitive edge of others in their industry.

When it comes to technology, things move at a rapid pace. We put together this guide to help you understand the many benefits of migrating over to the cloud. Learn how the cloud can transform the way you work and give you an advantage over your competitors.

Simplicity

Most businesses rely on technology to manage their daily operations. Managing on-site IT involves software installation and upgrades, security patches, and troubleshooting issues. It is a full-time job that many small businesses cannot afford to employ. Most businesses outsource to busy IT consultants, or they rely on a member of their staff to provide IT support. Either option can cost you time and money and put your business at risk. If you don’t have an IT specialist on staff, cloud-based software can simplify your life.  Choose your provider carefully to ensure you feel comfortable and confident in their ability to handle your needs. Your cloud provider will handle all updates for you off-site. This means you will have a full staff of experts working to make sure you are always up to date and secure.

Minimize downtime

When you rely on technology to keep things going, downtime can be a critical problem. Natural disasters, accidents, or theft can destroy data that is stored only on hard-drives or local servers. According to FEMA, almost 40% of businesses do not reopen after a disaster. Cloud storage keeps your files updated and your applications online in the event of a disruption, big or small. The cloud automates backups which remove the risk of human error. If your on-site server goes down, cloud services ensure that your business doesn’t miss a beat. Regardless of the cause, when interruptions hit the cloud helps to minimize downtime and keep your business going.

Mobility

One of the many benefits of the cloud is the ability for employees to work remote. As of 2017, up to 25% of Americans worked from home at least some of the time. Cloud services are a game-changer for mobility. You will no longer have to save files to a USB drive or email them to yourself for later. The cloud allows you to access your files anywhere there is an internet connection. For people who travel often, such as those in sales, the cloud minimizes the stress of working on the go. Never again will you have to worry about leaving behind the latest version of a contract or proposal. As many benefits as there are to mobility with the cloud, there are certain security risks. This is why it is vital to establish written policies about the use of personal devices by employees.

Security

It is a myth to assume that your small business is safe from online threats because of its size. In reality, small businesses are a popular target of online hackers. Businesses of all sizes must work hard to stay abreast of the latest security threats. Your business is not immune to threats like hacking, malware, and ransomware. By housing your data in the cloud you can reduce the effect of any breach. When you use cloud services you can rest assured that your data is in good hands. It is automatically backed up and protected by experts in the field of cloud security.

It is also important to understand how to prevent and respond to cloud-specific security threats. Methods of prevention include employee education, data encryption, access controls, and governance policies.

Affordability

One of the biggest benefits of moving over to the cloud is the opportunity to cut costs. This is achieved by eliminating onsite servers, software, and associated maintenance fees. You can also remove server costs and extend the life of your existing workstations. By moving over to a subscription-based cloud service, you pay only for what you need. This means significantly reduced operational and capital costs, which makes for better IT budgeting.

Flexibility and Scalability

Cloud services come in a variety of options, depending on the needs of your business.

  • In the public cloud data is easily accessible from anywhere.
  • A private cloud is a safe way for businesses to host security compliant applications. For enterprise businesses that are looking for both security and mobility, a private cloud may be the ideal solution.
  • The hybrid cloud combines the accessibility of the public cloud with the security of the private cloud. Applications and data can move across clouds or your data center with minimal downtime. Many businesses prefer the hybrid model because of its efficient use of both private and public clouds.

The cloud also offers the opportunity to scale up or down according to required storage. Unlike on-site servers, which have a finite capacity, you can easily adjust your storage space with the cloud. As your business changes and grows, you can scale the cloud to meet your needs– no more equipment purchases required.

Evolving technology

The cloud came on the scene in 2010, and in recent years it has become clear that the cloud is the future. This is an exciting time to get on board with cloud services. Latest industry trends promise great things for the future of cloud computing. We continue to see rapid advancement in cloud technology. As cloud technology matures, it is on the brink of becoming mainstream in business, the same way that the internet did around the turn of the Millennium.

Eastech Divider

Related: IaaS vs PaaS vs SaaS: Which should you choose?

Eastech Divider

6 Ways to Reduce Your Business IT Spending

The cost of implementing, managing and maintaining IT spending is one of the most challenging tasks any modern business faces. And like any expense, constantly searching for ways to minimize it is crucial to the long-term success of a commercial entity. But unlike other areas of expenditure, making significant cuts is often a highly complex process — fraught with potential for disruption and lost sales.

But there are a few quick-wins when it comes to reducing your business IT spending — you just need to know where to look for them.

1. Virtualize and Consolidate Your Servers

Don’t pay for servers that you’re not going to utilize fully — which is a mistake a lot of small business owners are still making today. Instead, adopt virtual servers that consolidate your total capacity by making applications share existing servers. This one move can slash capital expenditure within your IT department, and cut the costs of security, maintenance and repair.

2. Consolidate Systems and Software

As businesses grow, so do their IT infrastructures. Over time, these systems can become disjointed and inefficient. For example, imagine all of the employees in your IT team are expected to create their own documents. You might find that there are several word processing packages in operation, along with several different storage and email solutions. By consolidating these services within a new ERP platform, you should be able to make the processes involved more efficient — and cheaper.

3. Implement a BYOD Policy

More and more firms are slashing their IT budgets by implementing a “bring your own device” (BYOD) policy. For example, rather than splashing out on new phone contracts and laptops for your team, you can provide a small cash incentive for people to use their own devices. This, combined with a move to cloud-based business platforms, should deliver significant IT spending savings on both hardware and software.

4. Leverage Bundled IT Deals for Discounts

The average IT department has, at the very least, phone and internet charges to cover. But by bundling these together and buying them as a package from a single supplier, you might be able to secure a hefty discount. It may also be possible to add other services such as VoIP, mobile services and security to the bundle.

Related: How to Manage Your Business Technology

5. Outsource Support

Maintaining IT systems and repairing them when things go wrong is usually a complex, specialized job. A lot of firms hire employees to take care of these tasks and to oversee data security issues. But the cost of employing specialists directly is often prohibitive. In most cases, outsourcing this area of IT is the most cost-effective option for SMBs. When support is needed, help is usually available via email, live chat or a 24-hour telephone helpline.

6. Switch to the OPEX Cloud Model

There’s a cloud-based software platform for just about every business function imaginable. Whether you’re managing your business’ tax affairs or nurturing leads, the software you need is available on remote servers — for a relatively modest subscription charge. Switching to OPEX-based cloud services reduces your reliance on hardware, and cuts the cost of data security, malware protection and maintenance (all of which are included in the price).

Before you make cuts to your own IT budget, consult with an IT spending specialist from us at EaseTech. We’ll talk you through your options, based on your business’ specific requirements. This should allow you to trim your expenditure without adversely affecting your operations or the service you provide to your customers.

Business IT Expenditures: Where to Spend and Where to Cut

IT spending is always a major concern for businesses operating in competitive markets, but particularly so for small and medium-sized organizations. While it’s often easy to identify the need for cuts, however, deciding where and how to trim an IT budget can be a hugely complex process.

With expert help and some detailed analysis, identifying potential savings can grow the bottom line and streamline internal processes. But a word of caution: cutting in the wrong areas can have the opposite effect.

To help you with these tough decisions, here are a few tips that should help you to minimize business IT spending without adversely affecting customer service or your organization’s operations.

Constantly Negotiate Prices and Contracts

It doesn’t matter how small your business is, if it has IT requirements, there is usually scope for securing discounts and price reductions on essential purchases and contracts. For example, by leveraging your ability to shop around for the best deal, you might be able to secure a cheaper broadband deal. Whether you’re looking at the cost of cloud-based storage or software subscriptions, there is often room for negotiation.

Calendarize all of your contract end-dates, and make sure you look to renegotiate every time. Everything from the price of printer ink to data security subscriptions can be negotiated if you’re organized and determined.

Keep Track of Changing Technologies and Trends

The nature of IT means there is always a new and more efficient way of doing things just around the corner. Evaluate your infrastructure and processes regularly to determine whether or not you’re utilizing the most cost-efficient technologies available to you.

Eastech Divider

Related: The Evolution of Cloud Computing

Eastech Divider

For example, switching to a VoIP phone system might drastically reduce your telephony costs. Switching to mobile telephony solutions might be the way to go. Perform an annual audit of your technologies and processes, and ask yourself whether or not there is a cheaper, more efficient alternative.

Virtualize Servers

It wasn’t all that long ago that each major business IT application had its own, dedicated server.

As a result, server utilization rates were high, and hardware costs (as well as maintenance costs) were unnecessarily bloated. Now, however, there’s no need to be so wasteful. If you are still using dedicated servers, consider partitioning them so several applications can share resources.

Embrace the Cloud

More and more small businesses are switching to cloud-based applications and storage options in order to save money. If you’re hosting your own software, you’re likely to face significant capital outlay on hardware every time you upgrade or introduce new processes. But by utilizing cloud-based servers and open source software applications, you don’t need to worry about such large, one-off purchases. In addition, you can save money on administration, security and maintenance.

Eastech Divider

Related: Transform Your Work Environment with the Cloud

Eastech Divider

Outsource What You Can

Outsourcing IT when you’re trying to cut costs might seem a little counterintuitive, but it’s usually far cheaper than hiring new employees and continually training them. With the right outsourcing provider, you can leave issues such as data security, maintenance and repairs in the hands of the professional. Rather than being hit with unexpected bills, you pay a monthly or annual charge — allowing you to budget with a degree of certainty.

Eastech Divider

Related: How Businesses Can Save Time with IT

Eastech Divider

Cut Things to the Bone

Take the time to audit your IT infrastructure thoroughly. Ask yourself questions like:

  • Are there systems or purchases that just aren’t necessary?
  • Can switching from inkjet to laser printing save you money in the long run?
  • Instead of buying laptops for employees, can you provide cloud services that they can access on their own devices?
  • Can you switch to a cheaper printer paper?

Even the smallest of cuts or changes to your IT spending can add up to something significant over the course of a financial year.

Consolidate Software Solutions

A lot of small and medium-sized companies grow at a rate the incumbent IT infrastructure can’t cope with. In many cases, individuals turn to their own software and hardware solutions in order to carry out their duties. This can lead to a situation whereby several software solutions are being employed to do the same job.

Can you find efficiencies by ditching several cloud storage solutions for just one? Rather than manually merging data from several software platforms that are working independently from one another, switch to one and implement it throughout your business.

Don’t Cut Too Deeply

In most businesses, there are areas of IT spending that should be ring-fenced from major spending cuts. For example, you’ll always need security systems such as antivirus software, firewalls and data recovery. Don’t take any risks with these areas of IT. The costs associated with not having them in place can be ruinous.

Internet bandwidth is another area that you should protect from significant cost-cutting measures. The quality of your broadband connection, and its ability to host all of your IT functions, is crucial to the overall success of your business. Other areas to protect should include training and specialist staffing. However, you may be able to reduce the cost of both by outsourcing your IT requirements.

Get IT Spending Help from the Professionals

Deciding which areas of your IT infrastructure can be cut to save costs can be a minefield. Get things wrong, and it could cause serious harm to your business, and your working relationships. But by consulting with an IT spending and support specialist such as EaseTech, you can be sure you’re getting your budget perfect for your business.

How to Build an Efficient IT Budget

Technology continues to advance at a rapid rate, and every industry has been affected. IT plays a role in most aspects of doing business, from connecting with clients to producing products and services.

Allocating an IT budget is no longer optional.

You simply can’t compete without digital communication and efficiency tools, so a certain amount of investment in IT solutions is crucial to your success. However, unrestricted spending isn’t practical. The key is finding a balance between the IT expenses that are critical to your business and those that add unnecessary costs.

Category 1: Basic IT Expenses

At first glance, it may appear that your basic IT expenses are non-negotiable. Many organizations carry the costs of IT hardware, infrastructure, applications, and related maintenance over from year to year with minimal review.

Related: 3 Ways to Save Your SMB Money with Technology

However, this assumption can be costly. As technology advances, replacing obsolete systems can add efficiency and productivity with little or no additional expense.

For example, if you still use an on-site storage system, you may wish to explore the opportunities offered by cloud storage solutions. If you are struggling with an outdated software application, look into cost-efficient, cloud-based SaaS (Software as a Service) options.

The bottom line is that none of your expenses should be carried over without proper examination.

Category 2: Projects with IT Components

Once you have considered the must-haves, review your plans for developing and expanding your business in the upcoming year. As your business grows and changes, your IT needs will change as well. Avoid unpleasant surprises by budgeting for related expenses.

Some examples of project-related expenses to consider:

  • New licenses for additions to the staff.
  • Additional offices that may require improvements to your infrastructure.
  • Regulatory changes that may bring IT-related compliance obligations.
  • Branding campaigns, client engagement strategies, and upgrades to business efficiency platforms.

All of these rely heavily on your IT capabilities, and you will need to account for them in your IT budget.

Related: GDPR: How Does This New Regulation Affect U.S. Firms?

Category 3: IT Safeguards

The final group of expenses to include in your IT budget are the services that keep your systems secure and operational. No business is totally safe from cyberthreats, as today’s rogue actors target organizations of every size, in every industry. Schemes typically involve various forms of data theft, such as holding your data for ransom and stealing personal information for sale or use in identity theft schemes.

Related: 5 simple ways to achieve IT device security

In 2017, ransomware payments exceeded $2 billion – double the figure from 2016. Cybercrimes have grown more sophisticated, and the number and variety of schemes is difficult to measure. Fraud through business email is particularly difficult to combat, and associated costs are expected to exceed $9 billion in 2018. Protecting your company must be at the top of your priority list, and standard security software may not be enough. In today’s complex security environment, engaging an experienced IT support service may save you the costs associated with a data breach.

Building an IT Budget with Expert Assistance

Organizations that rely on a salaried IT professional often learn that a managed IT services firm offers more value per dollar when it comes to preventative maintenance, troubleshooting, and repairs. Such firms ensure real-time support on an as-needed basis, and they have an expert staff with diverse skill sets to ensure a fast solution to any IT-related issues.

If you’d like more information on managed IT services or IT support (including IT budgeting), reach out to us today.