In our recent blog, we talked about the data security concerns that BYOD can bring to your workplace. There is another factor that needs to be considered before adopting BYOD. How much Bring Your Own can your IT department support? Supporting too many different operating systems, hardware models and software versions can be a real drain on the resources of your IT staff. Supporting BYOD can become very expensive.
You will need to consider placing limits on the BYO part of the issue. There are a wide array of possible devices out there. Supporting all of them would be overwhelming. Users don’t just BYOD, they bring their own Operating System and their own software applications and all of those applications’ multiple versions. Trying to support and control an almost limitless list of entry points into your data is both unwise and impossible. IT will need to place limits on which devices and operating systems it will support.
Another point to consider is how much the company will rely on the individual user to install and upgrade company-required applications? Will IT be responsible for those duties? By placing the burden on IT, you ensure all the proper versions are being used, but you increase the labor requirement, which may become impractical.
In summary, there are a lot of issues regarding BYOD that create concerns. BYOD policies have a lot of moving parts which makes supporting them a difficult task. Make sure you are recognizing all the areas that will require IT support.
You have probably come across the term multi-factor authentication of late. It is an IT buzzword today and is fast becoming one of the best practices of cybersecurity. So, what is multi-factor authentication, exactly? Read this blog to find out.
Multi-factor authentication, as fancy as the term sounds, is just multiple barriers to data access which adds to the security component. In simple terms, imagine, your data in a box and that box fit into another, and then into another–all with locks. It is basically adding layers of security to your data. In fact, we are already experiencing multi-factor authentication on a regular basis. For example, when you want to make a transaction online using your banking portal, chances are, it sends you an OTP (one-time-password) to your mobile number that’s registered with your bank. Some banking portals also ask you for the grid numbers on the back of your debit card, some online transactions using credit cards ask for CVV or expiry dates.
Even Gmail, Facebook, and LinkedIn use multi-factor authentication when they see unusual activity in your accounts such as a first-time log-in from a device you haven’t used before, or a log-in at a time that you don’t usually access your Gmail, Facebook or LinkedIn accounts. Going beyond OTPs, Facebook takes multi-factor authentication a notch higher by asking you to identify a couple of your friends on Facebook or your most recent profile picture.
According to Wikipedia, Multi-factor authentication (MFA) is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user and only the user is). In simpler terms, that means,
As the first layer of security, we have passwords, answers to security questions, PIN numbers etc.,
The second layer includes authentication methods such as OTPs, security tokens, access cards, etc.,
The third, and final layer is something personal to the user. Examples include biometric validation such as an eye scan, fingerprint scan, voice commands or facial recognition.
You are probably aware of the most common benefits of signing up with an MSP such as
On-demand IT support: Having an MSP ensures that you get priority IT support when you need it.
Scalable IT infrastructure: With an MSP by your side, you can scale your staff structure up or down without worrying about the IT aspect of it. Need to add 20 people to your workforce? You focus on the hiring, while your MSP will work out the IT logistics
Lower IT costs: Overall, having an MSP gives you a lot of cost savings vis-a-vis having an IT team in-house. Even if you have an IT team in-house, you can have them work in tandem with your MSP for the best results. Or, have them focus on research and optimization of your IT environment instead of focusing on mundane tasks like backups or software updates.
But, here are a few more benefits that are often overlooked.
An MSP has the expertise needed to analyze your IT infrastructure and identify problems that impact your workforce’s productivity negatively. Whether you sign up with an MSP or not, you should definitely hire one to analyze your existing IT infrastructure. They will be able to identify possible IT glitches, security lapses and hardware or software problems that can trigger a breakdown of your IT architecture.
Better deals on IT purchases
MSPs often have agreements with software or hardware vendors and will be able to get you a better quote on your IT purchases. Plus, with their knowledge and expertise, they are in a good position to help you choose the hardware or software that will work best for you.
As a business, you have certain IT rules and regulations to adhere to. An MSP can help you meet these effectively. With an MSP on board, you can focus on running your business without worrying about meeting regulatory requirements.
Staying ahead of the curve
An MSP is an expert at what they do. They are in the industry, working closely with hi-tech companies, analysts and vendors. They are more likely than your internal IT team to be aware of newer technology and tech-related market trends. By making them a part of your business, you benefit from their knowledge and your business stays ahead of the curve from the technological point of view.
Working with an MSP offers numerous benefits to an organization, especially, to an SMB as it allows them to divert their resource investments to more productive assignments.
The dark web is essentially a marketplace for cyber criminals. If your data has been compromised, the dark web is the place where it is traded. It could be sold by miscreants, to miscreants, who can later hack into your system or extort money from you to prevent a data leak and so on.
What can be the implications for your organization if you are on the dark web?
If your data is on the dark web, it puts your business and your customers at risk. For example, as a business, you possess a lot of the Personally Identifiable Information (PII) of your customers, which, if leaked can even shut down your business by
Attracting lawsuits that require you to shell out large sums of money in the form of fines or settlements
Causing serious damage to your brand
Resulting in the loss of customers and new business
What are dark web monitoring services?
One way to mitigate the risks of the dark web is by signing up for dark web monitoring services.
As a part of the dark web monitoring service, a company may keep an eye out for any information you specify or that is related to you that may be present or traded on the dark web. There are various avenues where such information may be made available on the dark web. Examples include
Social media platforms
Online marketplaces (Dark web’s equivalent of eBay or Craigslist)
Another service offered as a part of dark web monitoring includes vulnerability alerts. On the dark web, there will be entities who will be willing to give away information about vulnerabilities in certain systems/software for a price. A company that offers dark web monitoring will keep an eye out for such information and alert its customers of such threats.
Companies offering dark web monitoring services may also be able to offer you industry insights, trends, and benchmarks that can help you proactively tighten your cybersecurity.
What you can do: Safeguarding your data against the dark web
With dark web monitoring services, you will know if there has been a data breach. Let’s say you come to know your e-commerce website’s user IDs and passwords have been stolen, or your customer’s credit card data has been leaked via your database, you can take the necessary steps to mitigate a possible ransomware attack or data leak before it happens. But, that’s reactive. That’s damage control after the damage has been done. While dark web monitoring services can warn you if your data has been compromised, here are a few things that you can do to keep your data safe in the first place.
Follow good password hygiene and industry best practices. Establish clear password policies and rules and regulations regarding password sharing. For example, discourage the use of the same passwords for multiple accounts or use of passwords that are too simple or obvious such as user’s name, date of birth/date of joining organization or numbers in sequence, etc, establish policies regarding password update at regular intervals.
Train your staff
Train your staff to identify spam, phishing, and other malware traps. Conduct tests and mock drills and re-train those who don’t pass them. Provide updates when there’s a new threat in cyberspace that may affect you.
If you allow your employees to bring their own devices to work, establish a clear BYOD framework that will help you manage the risks associated with this setup.
Access permissions and roles
Establish different user roles for your staff and give them role-based data editing, copying or sharing permissions, so that each employee only has as much access to information as they really need.
Being exposed in the dark web can be exhausting, scary and life-threatening to a small or medium-sized business. Teaming up with an MSP who specializes in cybersecurity or offers dark web monitoring services can help keep you safe.
Employers know that employees prefer BYOD policies and that they can increase productivity. However, BYOD can have some downsides. Probably the most prominent concern among those who have to address the BYOD issue is the increased risk to data security. Obviously, the more devices you have with the ability to connect to your data, the more opportunities you create for a breach. Simply put, a house with 20 doors and 50 windows with multiple lock styles is a bit more vulnerable than a house with one door and one window.
BYOD increases risk to the organization. Data breaches bring a few layers of concern. First, the loss of proprietary data can affect your competitive status in the market. However, the real high-visibility concern is the theft of your customer’s personal data. Theft of personal data brings three serious consequences.
First, data breach laws require informing all victims of the data breach and in some cases, the media must also be informed. This public visibility can have long-lasting implications for brand value.
Second, you face a short- and long-term revenue hit. Customers angry and frustrated, as well as others who learn about the breach through social media, word-of-mouth, and traditional media sources, may move their business to the competition.
Third, data breaches can bring civil penalties. In the case of the General Data Protection Regulation (GDPR) in the European Union, these penalties can be extremely severe. ( And keep in mind, the GDPR doesn’t just apply to entities physical operating within the EU. It applies to the data of any user who is a citizen of the EU.)
In summary, given the severity of the consequences and the increased vulnerability created by BYOD, it is important to create a BYOD policy with strict parameters. It cannot be a “wild west” of anything goes.
Have you come across the term, dark web, recently? As a business, you might have heard that you need to keep your data safe from the dark web. So, what is the dark web anyway? Read on to find out…
What is the dark web?
The cybercrime landscape is evolving fast. The “Nigerian” email scams are now old. Cybercriminals are smarter and more organized now–almost functioning like professionals. In fact, there’s a sort of a parallel universe where they all operate in a very corporate-like manner. And that parallel universe is called the Dark Web.
The surface web, the deep web and the dark web
Essentially, the internet can be categorized into 3 parts.
The surface web, which includes your ‘regular’ websites–the kinds that just show up on web searches. For example, you type, Dog Videos and links to a bunch of dog videos on YouTube shows up. YouTube, in this case, is an example of the surface web.
The deep web, which shows up in web searches, but requires you to log in to view specific content. For example, your internet banking page or your netflix subscription.
Then comes the dark web.
The dark web is part of the internet that isn’t visible to search engines and requires the use of an anonymizing browser called Tor to be accessed. The dark web offers anonymity and hence is the hub for all sorts of illicit activities in today’s internet age. Strictly speaking, the dark web typically hosts illicit content. The kind of content that you find in the dark web include
Credit card details, stolen login credentials for something as serious as internet banking accounts to something as trivial as Uber or Netflix,
Contact details/communication platform for striking deals with hitmen, drug dealers, weapon dealers, hackers, etc.,
Marketplace to buy malicious codes to help corrupt or jam IT systems and even RaaS (Ransomeware as a service!)
All of the above and more, for a fee of course. In short, the dark web is like the underworld of the internet.
What to consider before hiring an MSP for your Dental Practice
No doubt, having an MSP to manage the IT requirements of your dental practice offers multiple benefits. But, be sure to consider the following before you sign up with one.
Check how experienced your MSP is in their line of business. How long have they been providing managed services? How many clients are they serving currently? What kind of managed services are they well versed with? Getting answers to these questions is very important before you proceed with them.
Ask your MSP to provide you with references of existing clients. Preferably, ask for a couple of references from clients that belong to your own industry–medical/dental practices. Sometimes, there are certain IT challenges/requirements that are very industry specific and you want to be sure that your MSP will be able to handle them for you.
When your IT system breaks, it can virtually bring your whole dental practice to a grinding halt. What you need is quick, timely support. Signing up with an MSP who is close to your location and can be at your office on short notice is a huge plus.
Check if your MSP offers cyber insurance or downtime guarantee. When your IT shuts down, you lose business. Many MSPs provide downtime guarantee, that is, a commitment that your downtime will be limited to a certain number of hours–sometimes even zero. In the event this guarantee is breached, the MSP will compensate you. Opting for an MSP that offers such guarantees is simply safer.
Hiring an MSP to manage the IT needs of your dental practice is a great decision that can save you both– time and money. The right MSP partner will help you grow and grow with you.
When we talk about the benefits of hiring a Managed Services Provider–an MSP for businesses, the kind of businesses we think about are retail, shops, restaurants, etc. We often tend to overlook the healthcare industry and particularly, dental practices, when, in fact, there’s a lot of value that an MSP can add to a dental practice. This blog discusses how a dentist’s office can benefit from hiring an MSP.
Having an MSP on board ensures you get timely IT support. It is like having an IT team at your beck and call. On the other hand, if you don’t have a service level agreement with an MSP, there’s no guarantee that you’ll get the IT help you need when you need it. MSPs tend to give preference to their SLA customers over one-off calls.
Reduced IT costs
Signing up with an MSP can help you cut your IT costs drastically. Here’s how it works.
Cheaper than the fire-fighting approach to fix your IT problems An SLA with an MSP is always cheaper in the long run than adopting a fire-fighting approach to IT problems. When you rely on an IT technician to resolve your IT problem on-call, you are charged for the service on an hourly basis. Usually, the per hour rate is also quite high. If you sign up with an MSP, depending on your contract, you will be paying a fixed amount monthly or annually and they bound to fix your IT problems for you at no additional charge–irrespective of how long it takes.
Cheaper than getting full-time IT staff on board Having an IT team in-house can be quite expensive and the cost is often not justified. For example, your in-house IT team may be working to its full capacity only in the event of an IT emergency or during certain times of the week or month when you require back ups, maintenance, etc., So,if you hire IT staff to fulfill these requirements, you may not be able to justify the costs related to them. Plus, having employees on payroll increases your liabilities from the legal angle, which is not the case when you sign up with an MSP.
Legal and regulatory requirements such as HIPAA and PCI
Being a dental practice, you will be governed by the HIPAA regulations. You also need to adhere to Payment Card Industry Standards (PCI). You need to ensure you comply with these regulations at all times. Failure to do so can attract severe legal penalties and fines. Partnering with an MSP who is well versed with the IT regulations related to your industry can be of immense value add.
Technology is changing the landscape of medical practices, including dental. Your MSP can guide you when it comes to choosing hardware or software, procure it for you, and also provide assistance with its installation and repair, if need be.
Better focused in-house IT team
Even if you have an in-house IT team, having an MSP to manage your routine IT tasks such as data backups, antivirus upgrades, system updates, etc., allows your in-house IT personnel to focus on more strategic aspects of IT.
Your IT staff is not the only one who needs IT training. Everyone in your office does. An IT training checklist serves as a good process document for any new staff or for any staff working on new hardware or software. Following the IT training checklist can help cut down the learning curve, and ensures the hardware/software is leveraged in the best possible way, thus making your staff more efficient. Here’s what your IT training checklist can offer.
Rules and regulations regarding software and hardware use
Links to user manuals/instruction videos with how-tos for the software and hardware in use
Information about whom to contact if there’s a need for troubleshooting
Training schedules for each hardware/software, cyberthreats
Information about whom to contact if there’s a perceived cybersecurity breach
Your IT staff is not the only one who needs IT training. Everyone in your office does. An IT training checklist serves as a good process document for any new staff or for any staff working on new hardware or software. Here’s what your IT training checklist should contain.
Data backups checklist
There are a number of factors that can affect the accessibility and quality of your data. Data backups are key to ensuring your data is not lost. You should maintain a checklist or a policy document that covers this aspect. Your data backups checklist should cover
What are the different data sets that need to be backed up
How often do each of those data sets need to be backed up
Where (location/device) will the data backup occur
How will the data backup happen
Who will be responsible for the data backup
BYOD policy checklist
In the current business environment where companies allow their employees to use their own devices for work purposes, a BYOD (Bring-your-own-device) checklist is a must. This checklist should answer questions like
Who is allowed to bring their devices to work (employees of some departments that deal with sensitive data like, the HR/accounts may not be allowed to do so)
What kind of devices are allowed/approved? For example, you can specify a version below which a certain OS may not be allowed, as it may be outdated, exposing your entire network to any security threat that it may be vulnerable to
Who is responsible for ensuring the security patches and antimalware protection is up-to-date
Having these checklists/policy documents do not ensure your IT infrastructure is always safe and secure, or never suffers a downtime. These checklists merely help in cutting down instances of security breaches or downtime and go a long way in helping you respond positively to any IT crisis that may befall your business. What we have discussed here is just the proverbial ‘tip of the iceberg’. Your checklists have to be comprehensive, in-depth and cover every angle with a clearly defined action plan for any IT contingency. Reaching out to an experienced MSP for assistance will ensure you leave no loose ends.
Employee convenience is touted as one of the primary drivers for adopting a BYOD policy. However, just because it can make life easier doesn’t mean employees don’t have serious concerns about the implementation of BYOD in the workplace. From the employee perspective, there are downsides.
One particular issue that arises with BYOD are employee’s concerns about the privacy of personal data and applications. Because these are their own devices, they have an enormous amount of personal data, including health information, photos, texts, emails and other information stored on the device. Also, apps they may have installed could potentially reveal information about their religion, politics, sexual orientation or other characteristics that they may consider private and off-limits. Concern that their employer could see their personal data is a legitimate worry; there are Human Resource implications here. Knowledge of certain data about an employee could make an employer vulnerable to discrimination laws. What about GPS tracking? Can the employer track employee whereabouts? The employer has a compelling interest to track the device in case it is lost or stolen, but the employee has similar competing concerns about privacy.
There are no absolutely correct answers here, but a perception of overstepped boundaries could lead to an atmosphere of distrust that can be counter-productive. It is also important that these decisions be made with knowledge of all applicable local, state and federal regulations. In short, just be aware BYOD is a complex matter that can’t be handled within the silo of IT.