E-mail integrations and phishing simulations: Two simple ways to better protect sensitive information

The saying “if you want something to be done right, you have to do it yourself” rings true to all of us for a simple reason: we know our own expectations better than anyone else possibly can.

If you have a policy (or at least a good idea) about what kind of information should not be shared over email in your business, you have taken an important step in improving your cybersecurity posture, but it’s only one of the first steps on your journey.

If you work with other people, that policy or general idea about the right way to handle sensitive information exchanges over email is not a guaranteed path to having those you work with meet those expectations.

How can you be sure that they not only know about the policy, but that they also know how to apply it to their email usage?

How can you ensure this without learning that they don’t the hard way: by falling victim to a phishing attack?

How can you tell whether they are following cybersecurity best practices in their email correspondence without having to look through their outbound mail and inbox?

If you are wondering about this, you aren’t alone; and there are simple, cost-effective solutions available to address these concerns.

Phishing simulations

The best way to tell if the people you work with would be susceptible to taking the metaphorical bait in a phishing attack before it happens is to simulate one with a trusted cybersecurity service provider.

These providers have the most up-to-date information on these tactics, and they can craft and send out a fake phishing email to people in your business and monitor whether they fall for it.

This is a vulnerability test, a form of ethical hacking, where a trusted party attempts to gain access to sensitive business information with the same methods that a cybercriminal would use to determine how well you are protected against said criminals.

If the cybersecurity service provider who runs the simulation does manage to access sensitive business information, you can gain crucial insight into where you are vulnerable and address that vulnerability before a real cybercriminal can exploit it.

Cybersecurity email integrations

Another way to fortify your cybersecurity posture is to integrate your business email with a modular cybersecurity platform. This type of service is a cost-effective way to weed out emails which show signs of phishing before they even reach the inboxes of you and your co-workers, and to detect incidents of unauthorized information sharing over email.

Naturally, the filtering of emails which show signs of phishing can drastically reduce the chance of such an attack being successful.

Furthermore, by flagging apparent exchanges of sensitive information over email, such a platform can be used to find instances of policy violations, or a need for a reminder on what should and what should not be sent over email.

Takeaway

Alongside awareness training for yourself and those you work with, vulnerability testing, and modular cybersecurity integrations with your business e-mail are great ways to rest assured of your cybersecurity posture.

Of course, when looking for a solution for something this important, taking a chance on just any service provider is understandably not something most people are willing to do. If this is the case, nobody could blame you.

If you would like to consult with us about this or another cybersecurity concern you might have, feel free to reach out to us, we would be happy to help!

Medical waste doesn't have to include time and energy

Image © 2023 Gavin George

The existing shortage in the number healthcare workers in the US is projected to worsen as demand for service continues to grow.

As healthcare providers are left with an acute concern over how demand can be met without being short-staffed, advances in automation may just be the solution in easing clinicians’ workloads.

Healthcare researchers and consulting firms are forecasting a future of considerable worker shortages in healthcare. Growing demand for healthcare brought about by an aging population is outpacing the growth in the number of healthcare professionals. This sounds quite alarming, as the healthcare industry is already notoriously demanding, with high burnout rates among staff – a burdensome issue which has only been exacerbated since the start of the COVID-19 pandemic.

Naturally, this situation is a topic of concern for healthcare administrators, who are faced with addressing the challenge of recruiting and retaining the staff needed to deliver care to their patients. However, there is no reason to despair at what little can be done by an individual healthcare firm to remedy this unfortunate macroeconomic situation. Meeting the impending explosion in demand for healthcare services is not really about the number of healthcare workers – it’s about the man-hours and woman-hours they put in. Increasing the value of these hours (i.e. through more timely delivery of care and streamlining processes), means meeting more demand with the same time and energy.

Optimizing operational efficiencies in healthcare will prove to be key in overcoming the projected shortage of personnel. Advances in artificial intelligence (AI), machine learning (ML) and Internet of Things (IoT) technologies pose exceptional potential for this.

These technologies have reached the point where they are now economically and operationally feasible for integration into healthcare processes and operations. These technologies have been successfully utilized in healthcare applications already - from asset management to patient-facing uses - demonstrating considerable efficacy in streamlining processes and optimizing delivery of care.

Medical Waste #1: Waiting-room time

Longer time spent in the waiting room was found to be associated with lower patient satisfaction with the care they received and in their overall experience according to a study from The American Journal of Managed Care. Naturally, it’s unrealistic to expect clinicians to be able to see a patient as soon as they arrive; however, time spent in the waiting room doesn’t have to be eliminated. In fact, it can be an untapped resource: what really matters is how the patient spends that time.

A case study from the International Journal of Medical Informatics found high user-acceptance among patients given Pre-Screening Forms (PSFs) in the waiting room. In the case study, the patients’ input was collected and automatically integrated with their electronic health record, and analyzed with a medical logic AI model. This functioned as part of a Clinical Decision Support System (CDSS) which provided the clinicians with pre-diagnostic information to consider before discussing the issue with the patient further and face-to-face. This technology made better use of patients’ time, as they could begin the care process upon arrival instead of waiting idly and anxiously. Simultaneously it helped clinicians overcome the tedium associated with screenings and manual entering of information recorded on forms and suggested insights that may have not been otherwise considered.

Medical Waste #2: Manual recording of vital sign data

              An article published in the online edition of the Journal of the American Medical Association reported that clinicians spent about four hours a week putting patient health information into digital records. With the inevitable impending increase in the number of patients relative to clinicians, this practice is not only going to become more time-consuming, it is going to become unsustainable.

Medical record automation strategies have already seen successful implementation in the US and in other countries. Vital sign monitoring devices that directly integrate collected data into patients’ electronic health records is one example of this, and it has already seen promising successes. A case study from the UK reported “significant time-releasing benefits” from this technology as clinicians using these devices no longer had to manually record the measured statistics.

Medical Waste #3: Manual cold storage monitoring and validation

Cold storage of biopharmaceuticals requires regimented monitoring and validation practices for quality assurance. When the task of monitoring and validation is left up to manual measurement and recording by healthcare workers, these high standards can quickly make the job tedious if not overwhelming. Automated monitoring and validation of cold storage has already seen successful deployment and use cases. The Director of technology at Northwest Hospital and Medical Center stated that their adoption of automated cold storage monitoring units helped them to streamline these quality assurance processes, delivering a significant ROI.

The capability of IoT monitoring and validation systems to take measurements continuously and in a consistent manner also reduces the risk associated with infrequent or inaccurate measurements resulting from human limitations. In 2018, NBC reported the tragic loss of hundreds of embryos due to a cryopreservation failure, which was discovered too late, resulting in hundreds of devastated families and a class-action lawsuit.

Medical Waste #4: Time spent looking for equipment

Healthcare professionals frequently cite locating missing or available equipment as a notable waste of time in the delivery of care. This problem is easily remedied with a real-time locating system (RTLS) which uses radio-frequency identification (RFID) technology to track assets’ locations and statuses; which can be viewed on a secure portal on a computer. A case study of an IoT-based bed tracking system adopted at Mt. Sinai in New York saw significant reductions in idle time waiting for beds for patients.

Why automate?

If a computer can carry out a task just reliably as a human can, it’s time to ask if it is still worth the human’s time. There are many healthcare tasks that can be automated, and when they aren’t they take up time and energy that could be directed towards a task that only a human can do instead. The time and energy spent in the four weekly hours of manually recording patients’ blood pressure and other vital signs is not being used to its fullest potential. It is time and energy that has gone to waste.

Getting started

We can assist healthcare providers in streamlining their processes, enhancing delivery of care and more with AI, ML and IoT technologies. We can connect you with reputable and HIPAA-compliant service providers who can deliver a number of solutions including: medical record automation systems, telehealth solutions, real-time locating systems, remote patient monitoring, cold-storage monitoring systems and more.

If you would like to learn more about these technologies or how your healthcare organization can benefit from them, feel free to contact us and we will be in touch!

Cybersecurity for business: Getting started

Businesses are wondering how they can begin improving their cybersecurity architecture as the Move-it hack compromises more and more systems.

The recent series of cyberattacks over the past weeks has been rated by the National Institute of Standards and Technology (NIST) as ‘critical’ with a severity score of 9.8/10. According to CNN, the hacking campaign has compromised records held by multiple US state governments, the federal Department of Energy, and other entities such as the BBC, the Boston Globe, British Airways, Johns Hopkins University (and its connected healthcare network), the University of Georgia, and more.

Naturally, this turn of events is leaving businesses wondering how they can begin to implement better cybersecurity. While the coverage of cybersecurity crisis is not lacking in volume, the media doesn’t do much demystify what cybersecurity even is or what it looks like.

However, despite this; businesses can be assured that there are real and concrete steps that they can take now to reduce their vulnerabilities. The voluntary cybersecurity framework promulgated by NIST breaks down cybersecurity into five types of measures that companies can take: identification, protection, detection, response, and recovery.

Identification

Identification means taking inventory of your system and network, knowing what your company is willing to risk, and where it needs to concentrate security and grant authorization. This is a necessary foundation for all cybersecurity practices.

Protection

Once you identify what needs to be secured and who gets access to your network, you can begin to implement policies and practices that establish the desired controls. Protection is preventative, it’s simply meant to stop things before they happen. It’s like locking the office door at night.

Detection and response

While a locked door may be enough to protect against most breaches, there is always the risk of something getting through. If a threat breaks through the first line of defense, it’s critical to know when it happens. Frequently, malware goes unnoticed until it is too late. The detection component is analogous to having security cameras or a security alarm: it allows you to know of a break-in while it’s in progress.

Knowing of a breach enables initiation of response and containment, and it’s what makes detection useful. Early detection means quicker response, thereby minimizing damages.

Recovery

While it is ideal for a breach to cause little to no damage (and even though quick detection and response can minimize harm considerably) the potential for a detrimental impact on your business is a risk that has to be considered. Backups, cyber-insurance, and disaster recovery services can be the deciding factor in whether your business can survive a breach. This is another layer of protection which can serve as the last line of defense against data loss and insurmountable financial consequences.

Takeaway: You can get started today

Cybersecurity doesn’t have to be a mystical or nebulous concept full of fear and uncertainty. Cybersecurity ultimately comes down to knowing what you are protecting, setting up specific and actionable policies and practices that help to prevent breaches, engaging cybersecurity personnel who can detect, respond and contain breaches that do occur, and having a plan for recovery and business continuity in the event of a serious incident.

For more detail on what this looks like in practice, and how your business can begin to develop its cybersecurity approach, feel free to contact us.

If you are interested, we can provide a complementary and detailed cybersecurity solutions assessment that is specific to your business and its needs. Just message us with your request, and we will get back to you as soon as possible.

Using Office 365? What's your data backup plan?

Per a recent CBS report, users of Microsoft OneDrive, SharePoint and Outlook have recently been experiencing widespread service disruptions due to a cyberattack. Here is what their Service Agreement says.

With the acceleration of the transition to remote work following the COVID-19 pandemic, Microsoft's cloud services have become mission-critical infrastructure for more businesses than ever. The recent outages in Microsoft Office services should raise the question about what Microsoft's 15000-word Service Agreement has to say about the company's obligation to its customers as far as data is concerned.

Section 6 of the agreement clearly states that Microsoft accepts no liability for the impact of disruptions and data loss due to outages of their services. The section also recommends that users back up their data using third party services.

It's as simple as that: if you lose data stored on Microsoft's platform, they state that they do not provide backups for it. This can be detrimental if your business loses mission-critical data or information that is legally regulated (such as HIPAA-covered electronic protected health information) on Microsoft's cloud platform without any backups. It can also be a pain to regularly store and update backups of your cloud data on-premise.

So what can you do?

If your business or organization is working on a back-up plan to protect against the risks and uncertainty associated with service outages and human error, you may want to consider a third-party backup service - just like the Service Agreement suggests.

There are a number of benefits to this approach (known as 'back-up as a service' or 'BUaaS') to data security in cost, quality and reliability.

  1. Automation enables more frequent backups

By backing up data from the whole range of Office 365 services that your business uses (i.e. OneDrive, Outlook, SharePoint) through an automated process - a BUaaS approach enables comprehensive and frequent updates to backups without additional strain on IT personnel.

2. Data retention capabilities enable regulatory compliance

For businesses and organizations storing data that is required by law to be retained can safeguard their compliance with robust data retention capabilities of BUaaS providers. Unlike a 'Recycling Bin' feature, which automatically deletes items after a set period of time, the BUaaS approach allows for data to be retained for as long as the client wants or needs.

3. Unmatched security

While storing back-ups on premise can meet many businesses' and organizations' needs for creating backups, this can be subject to a number of risks inherent with storing any asset on-premise. Utilizing a BUaaS approach reduces the risks to your data associated with physical security (i.e. damage to equipment, theft, and employee retaliation) and cybersecurity threats (i.e. ransomware) considerably.

How to get started

If you are interested in setting up BUaaS for your business's Microsoft Office data, want to know if BUaaS is right for your business, or have any other questions, please contact us or comment below.

Introducing our new bi-weekly informational newsletter

Briefing you on emerging trends in cybersecurity, cloud technology, IoT, AI; and what they mean for your business.

For over a decade, George Stephens, LLC has researched, sourced, and deployed telecommunications services and technology solutions for businesses and organizations of all sizes. We have helped hundreds of clients upgrade and optimize value as they forge ahead in the ever-changing landscape of information technology and telecommunications.

With the breakneck speed at which we have seen so many new innovations emerge; the volume of news and hype around cloud technology, AI (artificial intelligence), ML (machine learning), IoT (Internet of Things) and cybersecurity can overwhelm just about anyone. But it doesn’t have to be that way.

Our intention is to deliver value to the people and their businesses, by providing a bi-weekly newsletter featuring fresh insights from our solutions team and industry experts to provide useful content that goes beyond the tech buzzwords and the hype, with topics that are absorbable, applicable and relevant to your business.

We look forward to connecting with our community and hearing more about your experience with these topics as well. We’d love for you to join the discussion, and encourage you to contact us if you have any questions, or want to learn more about any of these topics and their applications to your business.