Author: Harmonic Systems

sure-1435364_1280

6 Steps for IT Security for Small and Medium Businesses

No matter how large your organization is, cyber security is something you need to be prepared for.  Security breaches can cause loss or theft of valuable proprietary or customer data, interrupt your business processes, affect your ability to communicate with employees and customers, and possibly most importantly, critically damage your organization’s reputation and credibility. While larger businesses may be more valuable targets, small- and medium-sized businesses are targeted as well because malicious actors know they often spend less resources on securing their technology.

1. Make sure the basics are covered

This includes things such as firewalls on all public-facing computers and devices, including your website and email servers. Where possible, data should be stored and transmitted in an encrypted form. All of your organization’s computers should have anti-malware software that is regularly updated with new virus definitions, and operating systems and critical software such as web browsers should be kept up to date with the latest security patches. If you don’t have a dedicated IT staff, you should consider contracting an outside provider to set up a secure infrastructure, and have them review your system at least yearly. These practices are even more important if you handle customer credit cards or medical information covered under HIPAA.

2. Ensure all critical data is backed up. 

Whether you store critical data onsite or via an outside firm, you should have a plan in place for what happens if this data is lost or inaccessible. Equipment fails, floods and fires happen, employees make mistakes, and outside malicious actors are an ever-present threat. If you store and use data on in-house servers, you should have some form of automated, regular, offsite data back-ups. This can be handled by in-house IT personnel, or by one of many outside technology providers. Have a plan in place about how your business can continue to operate in the event of your physical site being unusable for a period of time.

3. Destroy old hard drives and other storage media

hard-drive-607461_1280

Most people are aware that they should shred paper documents that have personal information, but it is just as important to destroy hard drives, flash drives, and CDs which may contain sensitive data. Simply deleting the files on a hard drive or flash drive does not erase the information, and even physically destroyed disks can still have information recovered. Best practices involve deleting all the data, and then wiping the data, which involves rewriting the entire disk with zeros, random data, or ideally one run of each. Software can be purchased to do this, and some IT firms offer this as a service.

4. Train your employees for best security practices. 

As strong as your physical and technological security practices are, the weakest link of almost any system is the people themselves. Employees should be trained on how to avoid “phishing” scams, which are among the most common entry point to a computer system. Email spam filters can cut down on this, but it is still up to your employees to be safe. You should require email and system passwords to be changed regularly, and enforce strong passwords.

Under no circumstances should an employee insert a flash drive or CD they find into a business computer. Even after training, recent studies have shown a disturbing percentage of employees will still load a flash drive they find in the parking lot into their work computer. Have your employees sign an acceptable-use policy for how data is to be used, and make it known that there will be consequences for failure to comply.

5. Physical access needs to be protected. 

safe-913452_1280

As secure as your system is to technical or social attacks, if an infiltrator gains access to your physical equipment, there is little you can do to stop them from accessing your data. This means ensuring that all visitors to your site are checked for credentials and monitored, that all locks are properly maintained and in working order, and that server access is restricted to only authorized personnel. Video surveillance may not be necessary, yet does provide an added layer of security. If you contract outside cleaning services at night, you should have protocols in place to make sure they cannot access sensitive equipment unsupervised.

6. Consider conducting a penetration test. 

Even if you think you’ve done everything right, the only way to be sure your system will stand up to a determined attacker is to test it. A penetration test (or pen test) is a service offered by IT services companies whereby they will attempt to break into your system to expose vulnerabilities. There are different levels of depth of these tests, ranging from technical attacks on your internet-facing servers and routers, all the way to social engineering (trying to gain access by manipulating your employees) and attempted physical entry. If they do gain entry, they can give you tips on how to improve your security measures and practices, and often provide those services themselves. This can be an expensive service, but if you are concerned about security and your reputation, spending money now on a pen test can be far less costly than being compromised in the future.

Photo byConnor Tarter  CC-BY-SA

4 Trends in Healthcare IT for 2016

Outsourcing IT Functions

As technology becomes more pervasive in the healthcare field, more and more hospitals and networks are outsourcing at least some of their IT functions. According to Healthcare IT News, “Nearly three-quarters (73 percent) of health systems with more than 300 beds — and 81 percent of providers with fewer than 300 beds — are shifting their focus to IT outsourcing for development and complex infrastructure services.”

The complexity of complying with new regulations means health systems and clinics are finding it more cost-efficient to contract out functions including EHR and analytics to companies that have the knowledge and full-time staff to both handle their current needs and innovate new solutions. In addition to reducing costs, outsourcing IT can help ensure that your IT professionals have all the necessary and up-to-date expertise to tackle new problems. But you should research your vendor and set realistic budgets and expectations, as failing to do so can lead to cost overruns or capabilities shortfalls.

Electronic Health Records.

Photo by Connor Tarter - CC-BY-SA

Photo by Connor TarterCC-BY-SA

EHR was supposed to help doctors focus their attention on patients instead of paperwork, yet poor implementations have often not led to these stated claims. A paper from the Harvard Business review studied this problem and developed a number of recommendations including:

  • Clearly define “the why”: emphasize a culture that places physician performance at the forefront.
  • Ensure doctors can focus on being doctors: limit physician distractions and move as much of the insurance, billing, and records tasks to administrative teams, where it can be done more efficiently and cost-effectively
  • Focus on outcomes instead of services: by tracking healthcare outcomes and incentivizing performance, it reinforces the fundamental reason for healthcare.

Big Data Analytics

Big Data has become somewhat of a buzzword in the IT industry, but expect it to continue dominating headlines as the sheer amount of data created increases as does our ability to analyze and understand it. Apple and IBM have teamed up to create as system in which iPhone users can upload their data to IBM’s Watson Health, a cloud-based analytics service. Big data is helping researchers select the best candidates for pharmaceutical and treatment trials,
and mobile phone data was used to help track and predict the spread of the recent Ebola outbreak in West Africa. Expect also to see companies develop new ways of gathering and collecting data from different sources, which currently hold information in fragmented databases that limit the effectiveness of analytics tools.

Cybersecurity

Given the amount of personal information available in patient records, healthcare is one of the leading targets for cybercrime. The Anthem breach in February 2015 compromised the data of almost 80 million customers, and in the first half of 2015, the healthcare industry was hit with 187 breaches, accounting for 21 percent of total incidents. Ensuring IT security is more important than ever both in protecting your organization from liability and helping patients feel comfortable trusting you with some of their most intimate information.

HealthIT.gov has a list of tips to help healthcare practices protect their information, the first of which being establishing a security culture. As strong as any IT strategy can be, human error can and does still lead to breaches, so training employees to do their part to prevent such attacks is critical.

Server Room by torkildr

5 Essentials to Successful IT Integration During M&A

Whether you are merging two roughly equally companies, or acquiring a smaller company, you will need to develop a solid strategy for how to integrate the IT departments. Every situation is unique and comes with its own set of challenges, but there are a few keys that every decision maker should be aware of.

1. Evaluate Both Companies’ Current IT Infrastructures
Your CIO or IT Director will need to create a detailed analysis which clearly outlines the people, roles, processes, and equipment for each company. This is the step where your team will want to document what aspects of your infrastructure work well, in addition to what is lacking. For those systems that do work well, you must also determine whether they will be scalable to accommodate the needs of the new larger company. For example, you may have inventory management software that works fine for one warehouse, but if you are expanding to multiple locations with their own supply chains, you might need an entirely new solution which is capable of handling

Server Room by torkildr

Server Room by torkildr CC-BY-SA

2. Find and Eliminate Redundancies
Much of the benefits of a merger or acquisition are due to cost efficiencies made possible by reducing staff and creating economies of scale. Based on your evaluation of each companies’ IT systems, you will want to choose the components of each that will scale best for the new company. If each company currently employs 5 technicians and help desk personnel, you may find the new company would be well-served with only 8 total. Similarly, if each company uses a different email system, you will likely need to choose one going forward.

3. Consider Outsourcing Some Functions
Particularly if technology is not a major focus of your company, a merger or acquisition might be the right time to rethink whether certain functions of your IT department might be better served by a third party. For instance, up until this point, you’ve operated out of one location, and have had all your computers networked on a local intranet. Now that you are expanding to several smaller locations across a region, it might make sense to contract that function out to a company which can handle it securely and efficiently rather than bringing on the talent needed to do it in-house.

4. Retain Unique Technologies
Especially when acquiring a smaller company, you will likely keep most of the IT infrastructure of your larger company. But part of the reason you are acquiring the smaller one is because they have done well in what they do. If they have a specific technology or process that your company lacks, you will want to integrate this into your new company. If you are acquiring an oil and gas well servicing company, they might have a great system for tracking equipment in real-time in the field. By retaining this technology and integrating it into your own infrastructure, you will make your whole organization more efficient.
You might also consider using the capabilities of the company you acquire to insource some functions which you had previously contracted through a third party. If your company purchases web hosting and application development as a service, but your target company hosts and develops in-house, you can integrate this competency into your own IT department and eliminate the need for the the third-party service.

5. Implement Your Strategy Quickly
A strategy is only as good as it’s implementation, and a strategy that is only half-implemented or executed over the course of years will not only cost time and money, but will prevent your new IT department from accepting its new culture and identity. To this end, you will want to put one person in charge of the integration, who will have complete authority to make technical decision, but also complete responsibility to ensure deadlines are met and that all systems are operational during the transition period. This person should have the flexibility to deal the inevitable difficulties that arise, being able to implement temporary workarounds while developing long-term solutions.

4 Ways to Increase Employee Engagement with HR Technology

Employees will increasingly use mobile phones and tablets to access HR software. (Photo by mikecogh/Flickr)

Employees will increasingly use mobile phones and tablets to access HR software. (Photo by mikecogh/Flickr)

Employee engagement is the new name of the game in the ever-changing world of HR Management Systems. Traditionally, HR software was used predominantly by HR staff, and occasionally other managers, with non-HR employees only using it for basic tasks such as time reporting or benefits management. As the technology has advanced, however, the possibility now exists for every employee to both utilize the resources HR has to offer and provide valuable data to maximize personal and organizational effectiveness. If your HR software solution isn’t engaging employees fully, your business may be missing out.

1. Mobile as the New Platform

One of the biggest trends in technology in general is the move from desktop and laptop to mobile. According to CNN Money (http://money.cnn.com/2014/02/28/technology/mobile/mobile-apps-internet/) as of February 2014, Americans spent more time accessing the internet through mobile devices than through PCs. This trend is only expected to continue, and the way employees will interact with HR is no different.

One of the major complaints about HR software is that interfaces are often clunky and unintuitive. This is a big reason employee engagement is not as high as it could be. Vendors are realizing this, and are devoting more energy toward developing easy-to-use mobile apps for employees to interact with HR. What previously took a dozen or so clicks (and often the need of a manual) in a desktop application can now be done with a few intuitive taps on a mobile app. This lowers the time and effort employees spend with the interface, and increases their eagerness to engage. This, in turn, leads to more valuable feedback for them and more meaningful data for HR.

2. Continuous Evaluation and Feedback
Employees and managers used to conduct performance evaluations on an annual basis. While this model worked well for reflecting on the year’s accomplishments and shortcomings, it had several flaws. First, it could take up to a year for a manager to properly notify the employee of a performance problem and help the employee find a solution. Additionally, employees and managers were less likely to clearly remember projects that had happened several months prior. This contributed to many employees dreading the evaluation discussion, so, what could have been a very useful tool for them and the organization became an obstacle to improvement.

Many HR systems vendors now offer easy-to-use platforms for employees and managers to evaluate more frequently, such as at the end of projects, monthly, or quarterly. This allows poor performers to be given the tools to succeed sooner, and also outstanding talent to be identified so they can be placed in more effective roles.

3. Learning Management Systems

This leads into the next new and exciting system–dynamic Learning Management Systems (LMS). Newer software and cloud solutions have the ability to integrate data from employee evaluations and personality tests to cater learning experiences to each employee. Analytics capabilities can tailor specific tools and training to both the learning style and specific role requirements of individual employees. This reduces wasted time and energy of employees either being trained for something they don’t need or being taught in a manner which is not suited to them.

These tailored learning systems are all the more necessary in today’s world where the amount of available training resources can be overwhelming. Along with more traditional materials, technology has created new ways of training employees. Many major universities now offer MOOCs (Massive Open Online Courses) in many general business and industry-specific topics. Easy video content creation means your employees can learn from sites such as YouTube, but also within your organization, with employees creating valuable content for coworkers or collaborating to build knowledge bases.

4. Compliance and Workflow Efficiency Software

Depending upon what industry your company is in, you will likely have to maintain compliance with company policies and a number of regulations from a number of government agencies, such as EPA, OSHA, FDA, and many others. Each of these agencies have their own standards, and may require certain documents and records to be created and submitted. Various processes exist to comply with many of these regulations, but recently, some technology companies have begun offering single-interface Compliance Management Software Solutions to increase efficiency and ensure that all regulatory guidelines are met. These solutions support compliance through training, recording, reporting, document control, and auditing, as well as providing the ability to track process ownership and drill down for detailed information.

Similarly, Workflow Efficiency Software Solutions now exist to track and schedule many routine tasks that your business must regularly complete. As an HR professional, these solutions can help track your employees’ productivity, and help identify inefficiencies in your business’s ongoing processes. This software can be especially helpful creating inter-departmental communication, which is often where key processes break down. Real-time reporting can help discover and address risks before they become larger issues which can cost your business time and money.

Bottom Line

These are just a few of the ways technology is helping employees engage with everything HR has to offer. In order for an organization to be able to effectively implement its strategy, HR has to understand the employees’ strengths and weaknesses so training be designed to develop their full potential. Part of this comes from choosing an HR software solution that works for your organization, but HR professionals must also get employees to use it. By implementing some of these systems, employee interactions with HR can be smooth and straightforward, benefiting both individual employees and the entire organization.

Powered by WordPress & Theme by Anders Norén