10 IT Security Questions Every Business Should Ask

In this face-paced, ever-changing, technological world, small and growing businesses must be prepared, now more than ever, to not only address the danger of cyber-security threats, but also to have the in-house expertise to implement information security programs that handle these types of issues. This means going far beyond simply having anti-virus software and creating strong passwords.

While this can sound overwhelming, every organization that intends to stay on top of and serious about security should take this into consideration. To help you get started, we outline 10 simple questions to ask yourself when establishing a strong foundation for information security programs:

1. Has responsibility and accountability been assigned for IT security and data privacy? As a business, there should always be someone in place who is designated (and qualified) as the IT Security Officer (ISO).

2. Have you identified, and do you understand, all regulations and standards that apply to you? A sampling of standards includes, but is not limited to:

  • Sarbanes Oxley (SOX)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Gramm-Leach-Bliley Act (GLBA),
  • Payment Card Industry Data Security Standard (PCI-DSS)

3. Do you have documented information security policies and procedures? Doing so will help you define goals for the organization in regards to information security, as well as provide an outline for how your organization will meet these goals.

4. When looking to prevent security breaches and fraud, how do you monitor the systems you have in place? If you haven’t already done so, start implementing network intrusion detection systems that regularly review system logs and activities. This will allow you to investigate any suspicious activity before it becomes a big problem.

5. If a security or data breach were to take place, do you have a response plan in place? Data and security breaches often blindside people and organizations, and make it difficult to respond in an efficient matter. Having a detailed, emergency plan in place will not only allow you to act quickly and with confidence, but will also provide a blueprint for how to manage:

  • Containment
  • Investigation
  • Legal actions
  • Public relations

6. Do you have a patch management strategy, and if so, what does it look like? A thorough and comprehensive patch management process allows businesses to protect themselves from newly discovered threats – both internally and externally. It is important to note that in order for this to be effective, all software and systems should be covered.

7.  Do you perform initial and periodic security checks on new vendors?
In order to stay ensured that your data is being adequately protected by your vendors, it’s always a good idea to review the security controls they have in place. If gaps are found, you can then take action to correct them before damage is done.

8. Have you identified and protected all sensitive data? 
As a business, always identify any and all sensitive or confidential data, make note of where it is stored, and look into the adequacy of the processes protecting the data.

9. Have all high-risk technology systems been identified? Utilize a basic IT risk assessment and focus your resources on high-risk areas to help you evaluate your security control efforts.

10. Do your employees receive adequate security training? Unfortunately, some of the most common security breaches are a result of employees accidentally divulging sensitive information. Continual security awareness training and testing will not only protect your systems, but also help your employees identify and avoid attackers utilizing social engineering techniques.

Only 10% of Hospitals & Clinics Keep Their Patients’ Data Safe

According to privacy researchers at the Ponemon Institute, “Recent numbers show 90% of health care organizations have exposed their patients’ data — or had it stolen — in 2012 and 2013.” The implications of this research are far-reaching and unsettling for most consumers.

Most attacks are caused by hackers who want to acquire medical records due to their extreme value. The information in medical records (name, birthdate, addresses, phone numbers, medical history and social security numbers), can be easily used for identity theft, fraudulent medical billing or acquiring prescriptions to resell on the street. Hackers can use the medical information to accomplish just about anything once acquired. This flaw in IT security is not a series of isolated incidents but an incredibly widespread problem now affecting millions of people across the nation.

In August, Community Health Systems reported that Chinese hackers had allegedly stolen a staggering 4.5 million patient records in what could be the largest breach of patient data to date. The company is treating the breach as a violation of HIPPA, even though the hackers didn’t gain access to medical records (only names, addresses, birth dates, phone numbers, and Social Security numbers were stolen). The breach happened between April and June this year, and was discovered in July. According to cyber-security firm Mandiant, which helped investigate the breach, the group responsible for the attack is known as “APT 18,” and may have links to the Chinese government.

The majority of hospitals and health organizations are using outdated technology on a single network making the job of hacking into networks even easier for criminals. IT security is often a large oversight for healthcare organizations because their objective is to save lives. Unfortunately, lack of internal IT expertise and outdated technology plagues the healthcare industry making it an easy target.

The challenge here is that doctors are inherently more interested in saving lives, instead of upgrading their IT security. This a great thing for society and we believe that’s exactly what doctors should be focused on! The only thing is that IT security must be addressed too. Over the years, we’ve learned exactly what it takes to protect health organizations and we love being a part of the solution to this problem. It’s unfortunate when something like this happens but it brings much needed education to the issues at hand. We consider it our duty to educate our market and provide doctors with the technology tools they need to do their jobs, protect their  patients and spend their time focused on saving lives, instead of firewalls. That’s our job.

Video and Telemedicine

For businesses, bringing people together face-to-face leads to advantages like improved communication, better, faster decision making and more effective team work.

In the case of telemedicine, high-quality video conferencing can save lives. Telemedicine can mean many different things, but often it involves connecting patients in small, remote clinics to specialists in large urban health care centers.

Telemedicine makes it possible for patients who need acute, chronic or emergency care to meet face-to-face with highly-trained specialists without the expense, inconvenience and delay associated with travel. Local providers perform assessments and provide care under the guidance of the specialists.

For patients, this means improved access to high-quality care. For local clinics, it means the ability to serve more patients locally and for specialists, it means being able to efficiently deliver more care to more patients from a single, centralized location.

When Renown Health (Northern Nevada’s largest integrated healthcare network) decided to implement a comprehensive telemedicine program to serve rural residents, they evaluated solutions from a number of video conferencing vendors including Cisco (Tandberg) and Polycom. In the end, Renown selected Scopia video solutions from Avaya. The result is the highly successful R-TeleMed program, currently covering 25 specialties with more on the way.

Scopia video solutions offer a number of advantages over competing solutions. Scopia video is the only option that provides HD-quality in both the data and the personal-interaction channel. For a specialist, the ability to view a diagnostic image, for example, in HD is critically important. Scopia solutions also offer important advantages in terms of security, ease-of-use and interoperability with existing systems.

You can learn more about Avaya and Renown Health’s R-TeleMed program here.

The Four Key Performance Indicators of Customer Experience

You know customer service is important. Yes, you can compete on price and offer more features than your competitors. But to really build business, it all comes down to service. That’s what keeps customers coming back. Customer service is expensive, but losing customers and being forced to always attract new ones is even more costly.

If you agree with this—and most smart people business do—then you have probably realized something else: when it comes to costs, customer service can be a major sinkhole. You keep investing in creating a better customer experience, but your level of investment does not seem to bear any relationship to your outcomes.

How can this be? Why does investment in most business processes drive improved outcomes, but not in customer service?

A big part of the problem is that most businesses—even very small ones—take a fragmented, silo’ed approach to customer service and engagement. In fact, it’s almost inevitable that this is the case. Yes, delivering great customer service is a simple, straightforward idea. But getting a holistic view of how to really make it happen in your company? Not so simple. Today, most businesses have:

Multiple ways of delivering service, i.e. a web site, e-mail, social media as well as a traditional customer service center.
Various applications: pricing, order processing, scheduling.
Different people with different job functions, all pitching in.
The result is that customers can contact your business and get a different, inconsistent experience each and every time. Also everyone in the business looks at the customer service problem differently. The contact center manager is concerned with hold times or repeat calls. The customer service department is worried about complaints. Top management is worried about sales. Also, it’s easy to fall into the trap of measuring activities that really don’t have an impact on your business.

Where do you start? Boil things down to four key performance indicators (KPIs):

The level of customer satisfaction, interaction-by-interaction: Don’t make the mistake of thinking that you are meeting customer needs simply by being “multichannel.” It’s not about the channel. It’s about creating a great experience on every interaction, regardless of the channel. Start by looking at the interaction level and work up, rather than the channel level and working down. Look at metrics for the different communication channels to identify discrepancies.
Cost of the interaction: it’s always amazing to discover how few companies really track the cost of their interactions. Overall data is not enough. To make judgments about what’s delivering value, and what’s not, you need to know your level of investment.
Revenue produced through the interaction: Service is a cost center. It also generates revenue, either indirectly by creating the basis for repeat business or directly through upselling and cross-selling. Find out what revenue you are getting.
How well does each interaction comply with company and (if appropriate) industry or governmental policies: You have standards and values as an organization. In addition to what your customers say and the actual dollars and cents of revenues and costs, establish some metrics of how each interaction measures up to the standards that you have set, or that are established for your industry.
Your overall goal is to compile a set of indicators that in effect make up a scorecard. It’s your starting point to reverse the trend of higher costs and declining customer satisfaction and profitability.

Interested in learning more about the challenge of delivering great customer experience without sacrificing profitability, get the Avaya Contact Center Consumer Preference eBook at https://www.avaya.com/usa/registration/contact-center-consumer-preference-ebook-solutions-for-balancing-business-objectives-against-customer-demands/

Adapt Your Business Technology to Management 2.0 or Risk Becoming Extinct!

In the current issue of Selling Power Magazine (April/May/June 2012), there is an interesting article with management guru Gary Hamel. He is thought to be one of the most influential management thinkers today.

Hamel describes two types of management- Management 1.0 and Management 2.0. Management 1.0 is the management style that we all have been taught for the past 100 years- standardization, specialization, hierarchy, alignment, control and the use of extrinsic controls.

On the other hand, Management 2.0 is based on developing adaptive, innovative and engaging places to work. The allows companies to meet the increase in competitive intensity worldwide. It allows companies to outgrow competitors or the economy by encouraging innovation and making it a systemic capability across a company’s processes.

Hamel makes some predictions:

  • We are moving to a world where everything in configurable by the ultimate consumer.
  • As our economy becomes more of a service economy, value gets created in the interaction between employee and customer.
  • In order to make organizations more innovative we need new practices and new principles.
  • The most efficient companies will be the most democratic.

Okay. So what does this have to do with technology? Basically, everything.

You will need to set up processes that are extremely customizable and that involves a lot of flexibility. Let me give you an example- as the population ages, more and more of your employees may have a parent or spouse to care for. You will need to adapt your infrastructure and work practices to accommodate employees who, for obvious family issues, will have to work from home. Your communications infrastructure will have to adapt to this, your connectivity will have to adapt- your space and energy requirements will change – and so too will your corporate policies on security.

As interactions between customers (a.k.a clients, patients, guests,patrons etc…) become more important, you will have to adapt and perfect the art of customer interaction. You will need tools to measure performance, evaluate employee interaction, and standardize the customer experience to ensure that it creates value.

With a more distributed workforce, you will need to ensure internal communication to make sure that there is a cohesive esprit de corps. Mobile workers, tele-workers, remote offices need to be part of the total corporate body- not far flung fiefdoms or domestic exile. Remember, discipline from goofing off is a Management 1.0 principle. Management 2.0 companies rely on peers as motivators. The logic is simple- if what you do is transparent to your peers, they can see whether or not you are adding value.

The whole area of the technology cloud is an enabler for transforming your company from a Management 1.0 to a Management 2.0 company. Hosted PBX allows your remote employees to communicate freely, easily and cohesively. Hosted Call Center gives you the tools to enhance customer employee interactions and monitor performance. Managed wide area networks and managed cloud security give you the ability to connect your remote locations securely.

See how some of our clients are adapting their business to Management 2.0 with our technologies!

Marque Medicos

A Healthy Way to Expand Your Medical Practice

On paper, expanding a medical practice with new locations often looks like a good idea: it will build on your existing reputation (perhaps your most valuable business asset) and make it possible to offer more services and reach more patients. The cost, while it may be significant, is still incremental to the expense of operating one location.

But it is also possible for just the opposite to take place. If you underestimate the logistical challenges involved in expanding a medical practice you risk tarnishing a reputation that has been years in the making.

To get a better sense of these challenges, analysts from Avaya (the global leader in business communications systems) recently spent time talking to owners, managers and employees of a range of healthcare practices that are undergoing expansion.  To capture what was observed, Avaya created an e-book about a health care clinic (a composite of many clinics) undergoing a difficult expansion in which it risked losing both staff and patients. The e-book highlights the potential risks, including losing staff and patients, and the important role that next-generation communications and collaboration capabilities can play in addressing these challenges, including:

  • Reducing the amount of staff time required to handle growing patient call volumes
  • Providing patients with better, more personalized service through efficient record look-ups and automated information services for things like lab results
  • Improved appointment compliance through automated reminders
  • Innovative new services, such as video conferencing, that make it easier to provide specialized care and respond to emergencies

This e-book is part of a series Avaya has created that focuses on the day-to-day impact that today’s communications solutions are having on small and midsize businesses.  To get it now, go to; https://www.avaya.com/usa/registration/day-in-the-life-physician-s-practice

Communications and Healthcare: Lower Overhead, Higher Care

Communications can help achieve the goals of better, more cost-effective healthcare.  By cutting through communications barriers and making it easier for doctors, nurses, hospital staff and more to connect and collaborate, today’s new IP-based solutions are helping to improve healthcare  outcomes.

Today’s new communications systems are ideally suited for the world of healthcare. Based on the IP protocol, they are more like computers than traditional phone systems:  more versatile, able to accept applications, ready to become integrated into everyday health care operations, becoming a “go-to” resource for:

  • Enhancing collaboration by simplifying interactions between doctors and other medical professionals
  • Taking advantage of applications specifically designed to enhance health care operations, such as nurse communications and patient appointment confirmations
  • Integrating communications directly into business processes, such as patient record and billing systems
  • Lowering overhead costs

Avaya recently took an in-depth look at the way in which today’s new IP-based communications systems can help lower overhead costs and deliver better care. See the Avaya White Paper: Revolutionizing Patient Care Through Communicationshttp://www.avaya.com/usa/resource/assets/premiumcontent/revolutionizingpatientcarethroughcommunications.pdf