Monthly Archives: August 2016

5 Disaster Recovery Issues to Remember Before a Crisis

5 Disaster Recovery Issues to Remember Before a Crisis

Life is unpredictable. Accidents happen. Disaster can strike when we least expect it.

When your business is on the line, the effects of these disasters are significant. Even just a few hours of downtime can drastically affect a business’s profitability and security. Every second counts, and business owners must have strategies in place to ensure business continuity when problems arise.

For legal firms storing confidential data, business continuity relies on data backup and recovery systems. And while there are plenty of recovery solutions out there these days, one type stands above the rest—cloud management.

Disaster Considerations

Disaster recovery as a service (DRaaS) is a relatively new strategy for maintaining business continuity. It is no secret that cloud-based solutions offer more flexibility and customization than most legacy systems, but legal firms looking to deploy a more advanced disaster recovery solution must remember several important considerations:

  • Cost/Benefit Analysis – Every business has a budget. Before choosing a solution, make sure it fits within the scope of your business’s need. Do you need an immediate response? What’s the cutoff point for acceptable amounts of downtime? Higher sophistication means higher cost; choose a solution financially viable for your enterprise.5 Disaster Recovery Issues to Remember Before a Crisis
  • Choose a Backup Speed – With data increasing exponentially alongside online enterprise, your recovery solution must be equipped to back up information in a timely manner. Continuous backup solutions offer the most protection, but are also the most expensive. Select a backup speed commensurate with your needed security.
  • Identify Necessary Data – What data is crucial to recovery? Disaster recovery does not have to include everything, and is more efficient when you prioritize mission-critical data. Identify the data necessary for business continuity and plan your cloud strategy accordingly.
  • Include Physical and Virtual Servers – As more businesses rely on virtual servers alongside physical ones, disaster recovery solutions must accommodate both to ensure uninterrupted workflows. Test your DRaaS solution and make sure that any cloud-based services or applications can be run without putting business on hold.
  • Remember Your Remotes – If your business has remote offices, your solution must accommodate their needs should a disaster occur. Physical backup tools that rest between your server and the cloud require replacement after an incident. Appliance-free solutions, paired with cloud-based DRaaS, get around this inconvenience and allow essential processes to be restored faster.

Cloud Solutions

Above all else, disaster recovery that protects business continuity relies on the cloud. With as many disparate systems businesses employ, physical backups aren’t enough to guarantee security. Your disaster recovery solution must be cloud-based, customized to your industry, inclusive of all essential business data, and applicable across each office you have. When you meet these goals, even the worst disaster will not keep you down for long.

Dean Van Dyke iBridge LLC

Written by Dean Van Dyke, Vice President, Business Process Optimization

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

iBridge NewsletterUnderground eBook CTA

Document Dump: How File Creation is Crushing Businesses

Document Dump: How File Creation is Crushing Businesses

We hate to admit it, but there is just too much stuff on the internet these days.

Did you know there are over 2.5 trillion PDFs created each year? And that’s just the tip of the iceberg. New documents of every style and size are filling up the empty corners of the web with each passing second.

Document Dump: How File Creation is Crushing Businesses

Image via Kotivalo at Wikimedia Commons

Naturally, controlling, protecting, and tracking these countless documents have become nearly impossible. There is just too much out there to keep up with. Add in our endless connectivity and that documents can be duplicated and distributed across the globe in seconds, and document security and regulatory compliance become legitimate concerns for businesses.

According to a survey of over 500 industry professionals by BPI Network, these concerns are on the forefront of executives’ minds:

  • The majority said that the “accelerated pace and connectivity of business” is requiring more investments of time and money into document production and storage than ever before (83 percent)
  • Many claimed that organizational pushes for better process formalization is driving the need for more documents (42 percent)
  • A third of respondents reported an increased need for documents due to advancing business complexities and industry partnerships (33 percent)
  • Over a quarter cited greater regulatory compliance and oversight as a driving force for more documents (26 percent)

What does it all mean?

There are many factors driving the need for more comprehensive documentation. Unfortunately, with increased documentation comes increased risk. According to BPIs report, the biggest document challenges faced by businesses include:

  • Maintaining document security (84 percent)
  • Inefficiency stemming from document mishandling (59 percent)
  • Increased risk and incompatibility issues when using multiple document versions (36 percent)

These challenges leave executives in a tricky situation. Industry processes are driving the creation of never-ending documents that must be stored and protected within regulatory guidelines.

Locking Down the Docs

Despite regulatory challenges that increase commensurately with the number of documents produced, CIOs are not alone in the document compliance fight. Though technology has facilitated the problem, it also provides solutions—cloud-based platforms can substantially increase document-processing visibility. Finding a solution that allows users to retrieve documents digitally, update from any location, and track changes made to each file is a good first step.

More broadly, processes should be established for verifying and authenticating each document created. While streamlining document creation and approval is no easy task, taking a hands-on approach to document security will become necessary moving forward. Each file produced must undergo a systematic review to ensure accuracy and efficiency of delivery. As these processes integrate into business infrastructure and cloud security solutions continue to evolve, handing the endless flood of new documentation will become much more manageable.

Dean Van Dyke iBridge LLC

Written by Dean Van Dyke, Vice President, Business Process Optimization

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

iBridge Newsletter10 Tips Document Review CTA

5,400 More: Providence Breach Highlights the Poor State of Data Security

5,400 More: Providence Breach Highlights the Poor State of Data Security

Providence Health and Services, an Oregon-based healthcare clinic, recently notified nearly 5,400 current and former patients that their medical data may have been exposed. A former employee reportedly accessed the medical records without “any apparent business need” between July 2012 and April 2016, according to a Providence media advisor. Affected information included demographic details, medical treatments, and possibly insurance data and Social Security numbers.

Providence_Health_&_Services_logo

The employee has since been fired in accordance with a corrective action plan, with the clinic noting that it didn’t believe any sensitive information was further viewed or disclosed.

Damage Control

Providence’s breach highlights one of the biggest problems plaguing healthcare as a whole—threat detection. With private information being transferred across multiple EMRs, external hard drives, and mobile devices daily, it’s becoming increasingly difficult for clinics to monitor all channels on which sensitive data travels. Add in human error and the complications that arise when data is handled by large teams of providers, and you have a security system that is vulnerable inside and out.

Breaches like the one recently reported in Providence can take months to detect, and in some cases, they may even take years. Unless a breach is detected immediately, unauthorized users have plenty of time to copy, transfer, or sell privileged information.

As part of its corrective action strategy, Providence is offering 24 months of free credit monitoring for all affected patients. Although damage control tactics like these are necessary after any instance of data loss, they do little to assuage the fears of patients worried about future information exposure. By the time the breach has occurred, it’s already too late.

A Measured Response

Knowing how to appropriately respond to breaches is the responsibility of all organizations handling sensitive data. In Providence’s case, the clinic didn’t believe that the data was exposed beyond the initial breach, and tailored its outreach accordingly.

The confusion following breaches makes large-scale damage control strategies difficult to apply at the drop of a hat, making it essential for breach response protocols to be in place before the damage is done. When strategies for breach prevention are incorporated into clinic policy through mandatory employee training, threat classification, and agile threat response, better security comes as a matter of course. To prevent breaches like the one affecting Providence, healthcare organizations need to build security into their infrastructure from the ground up.

Desh Urs iBridge LLCWritten by Desh Urs

Desh Urs brings more than 20 years of entrepreneurial, start-up and Global 500 corporate experience in sales, marketing, and general management to the customers of iBridge. He has led sales organizations as SVP at Qsent, Inc. and VP at Acxiom Corporation, and has focused on the usage of data in data distribution, direct marketing, fraud prevention, and law enforcement.

As a Vice President of Global Sales, Services, and Marketing at Silicon Graphics, Inc., Urs managed engineering and non-engineering functions, developing solutions in sciences, telecommunications, manufacturing, media, business, and defense intelligence, for companies with revenues of several billion dollars. During his tenure as Vice President at Think Tools AG and Brio Technology, Inc., he ran business development and alliances providing solutions in Business Intelligence and Decisions Cycle Management to Global 100 corporations worldwide. In the late 1980s, Urs founded Indus Systems, Inc., which he profitably sold to a systems integration company.

Urs serves on several Advisory Boards, as well as many company Boards, in the United States and India.

iBridge NewsletterUnderground eBook CTA

$2.7 Million: The Costs of OHSU’s Security Shortcomings

$2.7 Million: The Costs of OHSU’s Security Shortcomings

The Oregon Health & Science University recently resolved an investigation into two breaches of electronic health data occurring in 2013, resulting in a payment of $2.7 million and three-year corrective action plan to prevent future security issues.

According to Tamara Hargens-Bradley, spokesperson for the U.S. Department for Health and Human Services Office for Civil Rights, these breaches occurred across multiple channels:

“The first incident involved a stolen laptop and the second resulted from the use of an internet-based information storage service, or ‘cloud storage’ service, without a business associate agreement,” she said. “No harm was reported by patients.”

OHSU

The breaches occurred within three months of each other, both the result of improper security protocols. The stolen laptop was not encrypted at the time of its theft. And Google, the company hosting the illegally-accessed spreadsheet, features no contractual relationship with OHSU to securely store sensitive information. These failings bring to light previous security incidents in OHSUs infrastructure, occurring in 2009 and 2012 and affecting nearly 15,000 patients.

Since the 2013 breaches, the OHSU has taken steps to improve its security protocols, including:

  • Stronger computer encryption across the campus
  • Free identity theft protection for at-risk patients
  • Toll-free phone outreach for patient concerns and support

Steps to Security

Though OHSU committed itself to a three-year security action plan to prevent future data loss, its strategy may be shortsighted. Though its commitment to supporting affected patients is necessary, it’s little more than a damage control measure. Pledges to strengthen computer encryption across the university will do nothing to support cloud-based security infrastructure or prevent theft of the hardware itself.

Better security is a product of planning—reacting after the fact isn’t enough to enact meaningful change. Structures must be in place before breaches happen; and for organizations like OSHU that have suffered myriad breaches over the past seven years, these structures can’t come soon enough:

  • Preparation: Security should be delegated to a specific task force that is trained in crisis management and has dedicated plans for how to solve emerging threats.
  • Detection: Organizations must know where breaches are before they can be addressed.
  • Removal: Workflows for how data breaches will be contained and addressed help teams act efficiently.
  • Post-Recovery Response: Data must be reviewed on how the breach occurred, why it occurred, and how to reinforce security to prevent it from happening again.

While prioritizing affected patient and communication are good first steps, OHSU has a long road to travel before it’s ready to build structures that support true organizational security.

Desh Urs iBridge LLC

Written by Desh Urs

Desh Urs brings more than 20 years of entrepreneurial, start-up and Global 500 corporate experience in sales, marketing, and general management to the customers of iBridge. He has led sales organizations as SVP at Qsent, Inc. and VP at Acxiom Corporation, and has focused on the usage of data in data distribution, direct marketing, fraud prevention, and law enforcement.

As a Vice President of Global Sales, Services, and Marketing at Silicon Graphics, Inc., Urs managed engineering and non-engineering functions, developing solutions in sciences, telecommunications, manufacturing, media, business, and defense intelligence, for companies with revenues of several billion dollars. During his tenure as Vice President at Think Tools AG and Brio Technology, Inc., he ran business development and alliances providing solutions in Business Intelligence and Decisions Cycle Management to Global 100 corporations worldwide. In the late 1980s, Urs founded Indus Systems, Inc., which he profitably sold to a systems integration company.

Urs serves on several Advisory Boards, as well as many company Boards, in the United States and India.

iBridge NewsletterUnderground eBook CTA