As a part of its ongoing efforts to maintain digital security, Microsoft publishes an annual list of actions that users and administrators can take to prevent cyberattacks. As other reports have recently noted, ransomware has dropped significantly – by nearly 60%. After several high-profile attacks in 2017, improved detection and education made it much more difficult for cybercriminals to profit from this action.
Conversely, cryptocurrency mining increased exponentially. Supply-chain attacks, or when an attacker uses a supplier or business partner to spread an infection, also grew substantially. These are in response to the changing economics of cybercrime – the culprits always use the most profitable tactic that can easily be completed.
While digital and network security is an ever-present concern for all organisations and individuals, Microsoft also has recommendations and best practices that outline activities that can be taken right now to protect against the unique cyber security threats that we will see in 2019.
Maintain Security Hygiene
Hygiene, or regular maintenance, can go a long way in securing networks. This includes the following actions, among others:
teaching employees to recognise and report suspicious communication
use caution when clicking on unknown links
look for suspicious files if you notice a change in the performance of your PC
Implement Access Controls
Access control apply the principle of least privilege, ensuring that only those who need access are granted it. To this end, administrators can implement network segmentation, remove local administrator privileges, and use extreme caution when granting any permissions to applications running on the computer. Downloads can also be limited to only those from reliable sources. Code integrity policies can be strengthened, which will restrict the applications that users can run by whitelisting them. If possible, some organisations may consider adopting a solution that will restrict the code that runs in the system core and block unsigned script or other forms of untrusted code.
Keep Backups
This security measure has always been recommended and the importance of this step has not diminished at all. In many ways, it’s easier than ever as storage becomes more available and affordable. When possible, cloud storage services can automatically back up data. If data is physically located on-premises, the standard is to have at least 3 backups of data – 2 on different storage types and one offline backup.
Be Vigilant
Detection and response are key steps in any organisation’s overall cyber security plan. And it’s no longer good enough to simply be aware of tactics that have been used successfully in the past. You must be aware of anything that looks suspicious. This includes using caution when clicking on links or downloading files, practicing secure web browsing habits and implementing solutions that warn users or block access to sites that may be associated with malicious content. You may also reach out to external websites, such as Virus Total, that will analyse content for you. You can do this by either providing a link or uploading a file that you believe to be suspicious, then the website will scan it quickly and return a result on whether it is safe to open or if additional analysis is necessary. Int Tec Solutions recommends this action for all files that clients may receive.
It’s also important to spread this knowledge throughout the organisation. Education that teaches users how to spot suspicious communication and report it provides the security operations team with the knowledge they need to enhance specific security measures that may prevent a certain type of attack.
The measures that you can take to protect your account information have evolved greatly over the last several years. This includes the introduction of biometric verification and two-factor authentication. This week, another big leap in security protocol was taken when the World Wide Web Consortium (W3C) approved WebAuthn as the authentication standard that will be used for online account verification.
Moving Beyond Passwords
Passwords are not a part of WebAuthn, which is a great benefit since there were huge drawbacks to password protection. The average individual is registered to 90 online accounts, many of which have different password requirements. This means that users struggle to remember them all or they continually use one password, which puts all of their accounts at risk. The average user forgets a password after 2 weeks and 25% forget a password at least once a day.
Ditching passwords is a big leap forward, and WebAuth does that by using biometric data or hardware tokens. Most smartphones and modern devices already have the ability to use biometric data, such as a fingerprint or facial recognition, so extending this verification to online sites is an extension of the existing technology.
Hardware token verification is a little bit more complex. Essentially, the user would possess a hardware token that functions as a FIDO security key. This can then be plugged into the USB port of your PC to gain access to your accounts. YubiKeys or Titans are two examples of current keys that can be used.
Simply put, this key is essentially a highly complex password that you keep with you at all times. If lost, you can notify the vendor who will deactivate the key and issue you a new one. While there may be drawbacks with the model as well, it will be a vast improvement over the current system, which generally results in the widespread implementation of weak passwords. Recent data breaches, such as those of Collections 1-5, which included usernames combined with the corresponding passwords highlight how important a more secure alternative is.
The WebAuthn Process
WebAunth is already supported by most browsers, including Safari, Chrome, Firefox, and Edge, although the W3C adoption will be a compelling reason for individual websites to begin using it. It is an Application Programming Interface (API) that sites and browsers can used that enables the use of public key cryptography rather than passwords. Users are authenticated using JavaScript code embedded into the webpage that asks the browser to create credentials when signing up or get credentials when you log in. The code is downloaded with the web page, meaning that you do not have proved any information to the website itself.
This means that the site or browser asks that the authenticator verify your identity and once that is done (by biometric data or hardware token), you are granted access. The big benefit here is that none of your personal data or unique information is stored on the website itself – unlike our current environment where nearly all of your passwords are stored on the sites themselves. This environment is vulnerable to data breaches that can have huge consequences
for both the consumers and the companies themselves. WebAuthn provides a method that makes both the user and the site more secure.
Now that most browsers have adopted WebAuthn, the next step will be for websites to adopt it, which is very likely to happen over the coming months. Dropbox and Microsoft have already done so, and it will not be long before other sites realize the value in this type of authentication and the greater level of security it can provide. We may see an interim phase in which some sites retain the password data as a backup method for identity verification, but it is clear that the future of digital sites will be one without passwords. The reality of this will likely be here sooner than we expect!
What is the new ISO 27017 standard and why should cloud customers and cloud services providers care?
ISO 27017 is a relatively new publication from the International Organization for Standardization (ISO) dealing specifically with cloud computing.
Context
ISO 27017 works alongside with several other ISO standards. These include:
ISO 27001: guidelines for managing an overall information security management system
ISO 27002: a list of specific security controls an organisation could use
ISO 27017: general security guidelines for operating in the cloud
ISO 27018: guidelines specifically addressing how to protect personal data in the cloud
In practical terms, ISO 27017 builds on ISO 27002: it gives extra detail for some of the security controls and adds some new controls, both to increase relevance to the cloud computing sector.
The guidance in ISO 27017 is designed for both providers and customers of cloud services. It notes that the way cloud computing works means its possible to have a supply chain in which the same organisation can be both a cloud service customer and a cloud service providers.
Rationale
ISO 27017 was developed to reflect what it lists as “significant changes in how computing resources are technically designed, operated and governed.” It also notes that it’s not just a matter of cloud service providers maintaining security. Instead, customers will need to assess the provider’s security controls and it’s possible the customer may then have to adjust its own activities to meet its security requirements.
Structure
ISO 27017 has a similar structure to ISO 27002, namely a checklist format of possible security controls. Individual organisations may need to decide which of these controls are relevant to their situation, which may depend on their status as cloud service provider, customer or both. Some controls apply in the same way to providers and customers while others have separate entries.
Key Differences
The most significant cloud-specific guidance that ISO 27017 adds to ISO 27002 addresses backups. It says that:
cloud service customers should specify what backup capability they require from the provider, verify that the offered service meets their need, and make their own arrangements if the service isn’t sufficient; while
cloud service providers should provide “secure and segregated access to backups” and also provide a specification of the backup capabilities.
Some of the suggested points to address in the specification include
The most significant new control in ISO 27017 regards segregation in virtual computing environments. The key principle is that the customer’s virtual environment be protected from unauthorised access, including by other customers. This requires “appropriate logical segregation” of data and resources as well as taking into account the risks of allowing customers to run their own software.
Protecting valuable things has always been a challenge and in today’s digital age, data is an incredibly valuable commodity. In fact, learning that your email and other account information has been breached is on of the biggest concerns for most individuals today. And while there are aspects of your security that you cannot control – such as data breaches at major companies – there are some actions you can take to keep your information and accounts safe in the event of a data breach.
It is no longer enough to simply use a password. Ninety percent of employee passwords can be cracked within six hours, and nearly two-thirds of individuals indicate they use the same password everywhere. Moreover, many huge companies have suffered breaches on a massive scale – such as Yahoo’s 2016 breach in which 3 billion accounts were hacked. Often, these breaches provide hackers with usernames as well as passwords. This was recently highlighted by the release of Collections 1-5, which provided hackers with the password and username combinations for billions of accounts. This means that accounts without two-factor authentication are currently extremely vulnerable.
What is two-factor authentication?
The primary method for increasing the security of your digital information is two-factor authentication. Two-factor authentication (or multi-factor authentication) provides an extra layer of security by double-checking log-in attempts to make sure that it is really you who is trying to access the account. When you log into an account with only a password, you would be using single-factor authentication, which requires you to only have one thing (the password) in order to access the account. With two-factor authentication, you must provide something in addition to your password before access is granted.
How does it work?
At the time of log-in, two-factor authentication will prompt the user to provide something in addition to the password; this can be information that you know, something interacting with a physical device that you have, or a biological indicator to confirm your identity. These three categories are broken down further below.
Information
The second factor in two-factor authentication is often an additional piece of information, such as a second password, a PIN code, or the answer to a personalized question. This is the simplest form of two-factor authentication. This may also work by sending a one-time authorization code to a secondary account – such as through SMS, an email address, or a voice call.
Physical Device
When two-factor authentication relies on physical devices, the second factor will allow you to confirm your identity using something like a token, a SIM card, or a USB stick. It will also allow you to have standard alerts sent to your registered devices that will provide a prompt for you to confirm any new log-ins. Software tokens may also install when you generate an account or
enable two-factor authentication. These are sometimes present without the user even knowing, but if the account has an attempted access from another device that isn’t owned by the account owner, the log-in will fail.
Biometric Data
This is the most-sophisticated type of two-factor authentication and it is generally reserved for users that can afford the equipment. In this type of two-factor authentication, a biological trait that it unique to you will be requested to confirm your identity. This could be a fingerprint, a facial scan, voice recognition, or even a retinal scan. Smartphones are increasingly adding biometric features, and in the future, this type of two-factor authentication will likely be more popular.
What accounts should I enable two-factor authentication on?
Two-factor authentication is crucial for any accounts that have access to financial data, such as online banking or shopping and email accounts. It is also beneficial to enable two-factor authentication on accounts with companies that are frequently the target of hackers, such as Google, Amazon, Facebook, and any other social media accounts you may have.
How can Int Tec Solutions help you increase your security?
Two-factor authentication is a crucial element in improving your data security plan. However, in today’s digital environment, security practices are evolving every day to meet the growing threat posed by hackers. Int Tec Solutions would be happy to help you assess your current security measures and develop a plan to enhance them. While there is no guarantee that the threat of a data breach can be entirely eliminated, the chances of suffering one can be greatly reduced when you place your trust with us.
Security in the workplace is more vital than ever. It is something that should be taken into consideration for all aspects of work-related activities. This is especially challenging in today’s modern workforce, which typically extends far beyond the physical office and can include digital communication that originates from nearly any location and from a variety of devices.
Security measures taken by specific organisations can be quite complex at times, which is why it is so crucial to remember some of the most basic actions you can take to ensure security at all times. It’s a great idea to review this information periodically and share it with employees as a part of your cyber security best practices.
1. Lock Up Anything You Can
When possible, it’s important to use any resources you can to restrict access to devices and information. This may mean using physical locks, such as locking up your office or putting devices in a lockbox when they are not being used. But it should also be extended to locking the devices themselves with passwords, passcodes or even by using biometric data such as retinal scans or fingerprints. This means that even if you forget or lose your device in a coffee shop or any other public place, the risk of compromising data is still minimized.
2. Use Two-Factor Authentication
While passwords and codes are a great first line of defense, two-factor authentication provides an additional layer of security. Passwords can be hacked – there is a ton of evidence to show how common this is, and we need not look any further than the recent leak of several billion username and password combinations, known as Collections 1-5, to realize how prevalent our sensitive information might be to the public at large, including hackers. Multi-factor authentication means that having your password won’t be enough to gain access – they must also have something you own or something you know. This may be tokens that are in your devices that verify your identity, or they may be security questions or additional passcodes that can be delivered via SMS or by email.
3. Put your VPN to Work
Virtual private networks, or VPNs, provide a connection between a secure server and your computer. Wi-fi hotspots found in public areas are high-risk due to the possibility of having your connection and information hijacked. Additionally, internet service providers can sell data collected during these sessions about your online habits. VPNs hide your IP address, which makes it hard for 3rd parties to track your online behavior. They also help to protect you from identity theft, access content privately and bypass firewalls. Browsing the internet seems like a relatively benign activity, and many individuals don’t fully understand the risk of doing so without proper security measures. A VPN should be used whenever a PC or other device is accessing the internet for business purposes.
4. Use Work Devices for Work. Period.
This particular issue is becoming increasingly complicated as our world becomes more interconnected. It’s simply easier for many people to use whatever device is available to them easily when they need it. However, there is a danger in intermingling personal and business devices. To maintain the highest level of security, users need to remember to use their work devices for business purposes and nothing else. Further, they should not use personal devices to conduct work on; these should be reserved for their personal use only.
5. Think Twice if Something Seems Off
Even though security measures are evolving and becoming more stringent, there are still a huge number of digital scams, especially those that target email use. This includes phishing, spoofing, and even the hijacking of executive-level emails in order to obtain sensitive (often financial) information. Over ¾ of organisations reported phishing attacks alone in 2017 and nearly half of all organisations report that these types of scams are growing.ii Many businesses will hold refresher courses for their employees that teach them how to spot a suspicious email or other form of fraudulent communication. While these can help greatly, the best action you can take is to just pause, then ask questions internally if you do receive something that doesn’t seem quite right.
The rollout of the national broadband network, or NBN, is a landmark milestone for connecting many Australians to the new higher-speed digital landscape. On the global stage, this high-speed connectivity will become increasingly necessary for businesses in any industry to compete internationally. It will also make it easier to deliver exceptional service to clients within the country. Despite the promise of the NBN, many organisations struggle when determining the best path for moving forward with a migration, since much of it will not happen automatically. The migration also represents a huge opportunity for businesses to take stock of their current IT systems and processes to make sure that they are effectively utilizing the best tools to meet their goals. With a strong track record in IT consulting, Int Tec Solutions is committed to working with any organisation to develop a migration roadmap that will meet the diverse needs of businesses in all industries. This comprehensive plan will provide assurance that the migration process will go as smoothly as possible, no matter how complex.
Planning and Analysis
Planning for the migration and assessing your current technologies and processes will be the first step for all businesses. Int Tec can assist with every step of this process, from setting target dates for the migration, to conducting a thorough audit that will take into account the full scope of business processes that will be impacted. With the potential to impact all of the following devices and services, NBN migration can become quite complex, especially for businesses operating in several locations.
Internet connection
PBX systems, phone lines, and IP telephony
Fax machines/lines
ATMs
EFTPOS (electronic funds transfer at the point of sale)
In addition to addressing the needs of devices and systems, Int Tec Solutions can also help clients take a comprehensive assessment of their unique network requirements to ensure that the migration plan accounts for these needs.
Creating Strong Partnerships
Migrating to the NBN is going to take a colossal amount of effort, even for smaller organisations. Int Tec Solutions realises that the foundation for a smooth transition will lie in creating solid relationships with digital strategy partners. Reaching out to these partners early on can save an incredible amount of time and resources during the actual migration.
These partner organisations have the knowledge to share best practices and recommend crucial actions that should be taken during both the planning and migration process.
With Int Tec’s ability to forge and navigate these partner relationships, clients can be sure that they are leveraging the entire breadth of knowledge within their network.
Though the NBN migration process will likely be complex and require huge amounts of resources in order to be coordinated in a way that meets your unique business needs, with the knowledge that Int Tec professionals can bring to the process, clients can be assured that the transition will be made using the safest, most-efficient and cost-effective approach.
Today’s communications market is more complicated than it has ever been, and it is continuing to evolve quickly. The largest challenge for most organisations’ communications systems and infrastructure is often related to its fragmented nature.
This is simply explained by the timeline in which communications technologies were introduced and implemented.
For the bulk of its history, telephone has existed as a stand-alone service that required dedicated equipment and services. As other communications technologies, such as web conferencing and instant messaging, were introduced and adopted, they often existed within their own framework, with sometimes their own architecture. The nature of technology at the time which many new innovations were adopted simply didn’t allow for interoperability.
Now, however, there has been a convergence of mobile technologies and data capabilities that allows for the operation of many different communications platforms and equipment to standardise on an IP architecture – allowing for centralised management and resource consolidation. This includes Voice over IP, or VoIP services.
The Benefits of UC
When VoIP technology is adopted, it opens up an opportunity for the entire organisation to achieve a Unified Communications architecture, which offers many business benefits. The range of functionality is also expanded with many new or enhanced applications, including the following.
Instant Messaging
IM simplifies communication between colleagues by making it easy to ask someone a question or provide them with information in real time simply by sending the message from the computer.
Centralised Functions
When communication is completed using several, disparate devices or platforms, it is easy to become burdened with the need to have additional equipment or miss a message that is time-sensitive. With UC, it does not matter what device you use (computer, smartphone) or how you use it (email, IM, digital fax, videoconference) – the communication will be handled more effectively and efficiently.
Presence
On a UC platform, physical presence can often be conveyed in real-time, allowing employees to select the most appropriate method for communication. The capability to see everyone’s status simply by looking can enhance collaboration and make scheduling much easier.
Conferencing
In an increasingly mobile society, employees are able to complete critical work from almost anywhere in the world. With both on-demand and scheduled conferencing available, this improves collaboration even when physical distance may have made it impossible in the past.
When these applications are used by employees, several key outcomes are generally found. UC can work to facilitate information much more efficiently, optimise team work, strengthen collaboration and increase productivity.
Unified Communications Services
UC and the Cloud
Migrating data and operations to the cloud has been the focus for many companies in the last few years, and for good reason. The cloud offers scalability and flexibility in a cost-effective way. This allows companies to pay for only what they need now and expand their cloud as their network needs grow. These efficiencies can also be found when UC is moved to the cloud.
The cloud will be in integral part of the workplace moving forward. With the shift to service-based, scalable and flexible solutions, even the most riskaverse organisations are considering a cloud migration. However, these migrations can be incredibly complex, requiring a huge amount of planning, preparation, and testing. Despite this, the end result of greater centralised management of digital resources coupled with huge operational efficiencies and financial savings. Moving the entire UC architecture along with other digital resources capitalises on additional efficiencies. Int Tec Solutions has extensive experience with these migrations, as well as creating a complete UC system that can meet the needs of any organisation.
UC Challenges and the Workplace of the Future
While these benefits are huge for any company, there are significant challenges in ensuring that implementing a UC solution goes smoothly. The professionals at Int Tec Solutions recognise the fact that there is no such thing as a “standard” UC solution and that the needs of their clients can be dramatically different than one another. Despite this, the trends toward greater mobility and the need for more immediate access with communications are present in almost all industries.
The Journey to a Unified Communications System
With all of the aspects of creating, managing and maintaining digital networks, many organisations can easily feel overwhelmed – especially when this is combined with another challenging task, such as a move to Unified Communications. Int Tec Solutions has the knowledge and skill to assist with every step of this journey, from start to finish.
Assess your current resources
The first step in any Unified Communications plan is to take stock of what you currently have. Int Tec Solutions can help you determine the costs and capabilities of your current assets, while also making sure that they meet the organisation’s needs. If they do not, we can help you identify key service improvements that can be made.
Analyse your needs
Knowing your resources is one thing but being able to identify the best resources to meet business objectives is quite another. Int Tec Solutions works with their partners to create a needs-based service plan that will be forward looking, accounting for business growth and workforce changes that are expected in the upcoming years.
Compose your vision
In order to truly deliver the network resources and services needed for an organisation, we understand that we need to work with you to create the best possible design. By leveraging the knowledge found at Int Tec Solutions, organisations can be assured that the best possible products and providers are selected, creating the optimal conditions for an extremely effective and efficient IT architecture.
Reconstruct your Communications Systems
With your vision guiding us, Int Tec Solutions will take care of the rest of the planning, implementing and testing that needs to occur to ensure that all IT functions are operating as they should be. We will be there for every step in the journey, making sure that there is minimal impact to operations, while also striving to reduce downtime.
The role of the CIO has changed dramatically over the past few years, pushing the expectations of the modern CIO to not only ensure that the technology is running as it should, but to also create business value. Processes and equipment are now evaluated by their ability to achieve the goals of the company, and are related to every aspect of corporate functionality, from strategic planning to opening up new markets. In today’s everchanging, highly-competitive global market, making the right technology choices becomes an imperative in meeting both long and short-term objectives.
Int Tec Solution’s CIO Advisory services can provide the right level of mentoring to assist in securing success for any organisation. The Int Tec team embraces the philosophy that selecting and implementing the right technology is central to the success and long-term accomplishments of all organisations. This is done by fostering a strong understanding of how their partners define success and identifying what tools they need to achieve it.
A Comprehensive Solution
With thousands of clients that work in a diverse range of industries, Int Tec Solutions is able to provide decades worth of valuable knowledge and experience to meeting their clients’ needs. When used to form a strong partnership with clients, this knowledge and experience can be leveraged to provide IT advice in an understandable format, while still providing a comprehensive action plan to meet any strategic and developmental goals.
The consulting services offered by Int Tec Solutions can provide expertise in IT consulting solutions that can assist with the following business functions, amongst others.
While it’s clear that CIO advisory services can help to tackle problems found in any organisation, the reality is that this is becoming essential for all organisations that wish to remain competitive. New ways of implementing and using technology are leading to greater efficiencies and enhanced performance for all industries. With this in mind, using all tools available in the most efficient and strategic way is becoming increasingly important for any business to remain prosperous. CIO Advisory services function to provide benefits in several key areas.
Strategy – As a strategic tool, these services can assist with the big-picture question of ‘what can we do better’? This can range from alignment of business processes, ensuring more effective governance, implementing results-based policies and procedures, developing key relationships, opening new markets, assisting with contract negotiations and developing strong action plans.
Risk Management – As one of the most pressing concerns of any organisation, assistance with data threats can range from developing cybersecurity policies, implementing antivirus solutions, managing patches, responding to incidents, planning for business continuity, and having a data backup and recovery plan.
Efficiency – Complex planning and implementation of the right systems often saves time and money. With advances in AI and machine learning, more complex processes are capable of being automated. Selecting critical technologies to meet identified business development goals will become increasingly important moving forward.
Decision-Making – With a high level of expertise, advisors can often provide key insights that will help drive data-based decision making. By analysing performance and reviewing it with clients, a strong foundation of trust based upon honest communication is developed. This level of responsiveness will lead to better decisions, made faster, that have a genuine impact on the organisation’s bottom line.
Profitability – By identifying and prioritizing business objectives based upon their impact on profitability, advisors can often help any organisation increase their bottom line.
Peace of Mind – By working with a partner who is genuinely committed to helping your organisation select and implement the right solutions will help any C-suite leader breathe a little bit easier.
Small businesses today are inundated with information—including content created internally as well as documents and files received from customers, partners and suppliers. Without an information management framework, time is wasted searching through file folders and various business systems for business-critical documents. This is often compounded by the proliferation of multiple versions of the same file, which results in errors and repeated work.
When it comes to managing vast amounts of information—such as proposals, plans and contracts, product and inventory catalogues, order forms, invoices and receipts, building plans, support tickets and personnel records— small businesses simply cannot operate at maximum efficiency without the ability to easily search, share and protect their critical files and documents.
In addition to the sheer volume of files being produced by a variety of sources, today’s “content chaos” challenge is further compounded by the fact that the data typically resides across an increasingly complex landscape of applications, network folders and devices. Dedicated or “best of breed” information management solutions abound, adding to the complexity because of their limitations, instead of alleviating it on an organization-wide scale. The ability to effectively manage and harness business-critical information at any time and from anywhere—using a single, centralized system—is essential not only to day-to-day operations, but also for long-term growth and small business success.
The Information Management Challenge
Similar to larger corporations, it has become increasingly vital for small businesses to devise processes that facilitate smooth operations and ensure consistent workflows across the entire organisation. But often, as these processes are implemented, new information silos are created, which further complicates the task of managing an organisation’s collective data.
Simply put, empowering employees to quickly and easily locate the exact content they need, regardless of which business application it resides in, leads to better decisions, faster results and improved collaboration. When small businesses can ensure that the right content is in the right hands at the right time, they can focus on using information to drive growth, value and innovation.
This post will explore real-world examples of how small businesses are using the ICM enterprise information management (EIM) solution to eliminate information silos and breaks down the barriers between employees and their information, in order to facilitate growth. In all of these cases, a strong need existed for scalability in order to start small with their EIM initiative and expand gradually. At the same time, these smaller organizations also demanded simplicity and ease of use to drive company-wide adoption, along with the sophistication required to support the long-term needs of their growing businesses.
Finance: Automate Billing Processes
The finance department is the epicentre of a business’s operations, ensuring that accounts are properly billed and paid in a timely manner. One of the greatest benefits small businesses can experience as a result of implementing EIM is to automate accounts payable and invoice processing workflows. Automation not only eliminates manual handling of payables and receivables, but also the human errors that manual processing can cause. In addition, automation reduces the time and cost of financial operations, helping small businesses maximize existing resources and do more with less.
American Solutions for Business (ASB) is a fast-growing print and promotional products distributor with hundreds sales associates and thousands of suppliers throughout the US. Using ICM, ASB was able to provide access to invoices by authorized individuals directly from other business applications, such as PeopleSoft. As a result, they were able to optimize vendor invoice processing times, execute quicker returns on record requests and streamline the movement of documents throughout the organization. ASB estimates having cut invoice-processing times by three days, with the added ability to monitor the entire process with great precision.
Another area that can benefit from automating via an ICM system is the process for managing corrective and preventative actions (CAPAs). Auditors look for the gap between what a company does and what the procedures say they do. Unavoidably deviations occur, ranging from minimal to calamitous—and when a deviation occurs—the related CAPA must be defined, documented and communicated. The CAPA must then be tracked to verify that the impacted individuals have read and understood the new SOPs associated with the CAPA. The right ICM solution will provide updated tasks as needed for improved corrective management and ensure all affected staff members have read and understood the updated SOP. It takes the guesswork out of the process.
HR: Streamline Hiring Practices and Collaboration
In human resources (HR), managing employee records and learning requirements can be made easier, faster and more secure using an EIM solution. Also, EIM provides organisations with a centralized platform for managing all of the processes and paperwork that support the HR function including recruitment, on boarding, training and performance management.
SRSI is a small business, located in Andorra that provides HR services to clients all over the world, managing everything from hiring processes and employment contracts to payroll and membership insurance. For every client project, SRSI handles between 15 – 20 documents per employee, all of which are managed by an administrative staff of only five. In total, this team creates, sends, shares, updates and stores more than 7,000 documents each year.
Without a centralized system in place to track and manage documents, the process of completing employee paperwork was both time-consuming and prone to manual errors. SRSI tapped ICM to organize all of its existing business information, and the company can now process a document four times faster than it did prior to implementation. Having made a complete transition from paper to electronic document management, SRSI reduced file-processing times while also optimizing hiring procedures and employee collaboration. Administrative staff can now quickly and easily access all necessary HR documentation, which remains secure in a controlled environment and with a versioning system that tracks and timestamps all modifications. Using ICM, SRSI also automated highly repetitive tasks such as pay slip sending, and streamlined HR-related workflows to improve administrative efficiencies.
Legal: Simplify Contract Management
The process of managing contracts can be challenging, particularly when you consider how many different organizations, departments and individuals are typically involved. Today, there are a number of ways in which companies are completing the task of contract management. Some organizations use an end-to-end business system such as SAP, while others rely on Excel spreadsheets. But regardless of the approach, the process of contract management can be simplified, automated and improved using EIM.
Krogius is a Finland-based company of independent claims managers, loss adjusters and surveyors, providing claims management, surveys, recoveries, IT and related services to clients throughout nine European countries. The easily configurable architecture of ICM allowed Krogius to build a customized system designed to meet their unique case management needs. With ICM, Krogius has overcome the challenges of organizing and sharing information across globally distributed offices and client locations, and the company’s employees now have instant access to the latest versions of ongoing case data and information, including all related claims documents and email correspondence. In addition, they can securely publish information and collaborate with clients about the latest claims status update. Data is securely stored and replicated to all offices in nine countries, and with sophisticated previsioning capabilities, employees only have access to the information associated to their assigned cases.
Another example of the benefits experienced by automating contract management is demonstrated at R-kioski, a Finland-based grocery and convenience store chain with approximately 650 outlets throughout the country. Approximately two thirds of R-kioski’s shops are located in rented properties, while the remaining are owned by the chain. Contracts for all 650 stores are managed by the chain’s Establishment and Construction Business Unit, which has deployed ICM for contract management to organize documents and simplify the process of working with and reporting to retailers.
Prior to 2013, R-kioski’s contract documents were typically stored as hard copies in various folders and file cabinets, or they were scanned and the electronic versions were saved in network drives. On occasion, documents even resided with just a single employee, making access difficult for others across the organisation. Manual processes also made it time consuming to locate business information and added additional layers of complexity for R-kioski’s retailers.
With ICM, the management of all documents – everything from purchase and leasing agreements to articles of association and general meeting minutes – is now handled in an automated fashion. Simple retrieval by R-kioski’s Establishment and Construction Business Unit is made possible through the use of uniquely identifying search criteria, such as retailer, address, rental period, price, floor area and contact person. This level of automation has not only saved time and improved operational efficiencies, but it has also enabled R-kioski to monitor all of its retail stores in real time and respond faster to changes (such as rental agreement expirations) with custom alerts and notifications. With more than 65,000 square meters (700,000 square feet) of stores to manage, ICM has helped Rkioski tame its sprawling web of contract documentation to operate faster and in a more proactive manner.
Customer Service: Optimize Accuracy and Response Times
Utilizing EIM to automate front and back-end office processes ultimately has a positive effect on the customer experience. When employees have fast access the right customer-related information, issues can be resolved expeditiously and satisfaction improves.
For example, Stearns Bank processes more than 1,000 loans throughout the U.S. every year, but its existing document management system was outdated, drawing on disjointed and inconsistent data and creating inefficiencies across the workforce. As a result, much of the bank’s loan approval processes were still completed manually, which resulted in longer than necessary loan approval cycles.
Now with ICM, bank employees have accurate loan application information at their fingertips, and consequently, Stearns Bank is now able to process loans faster and respond to their customers with greater speed and efficiency.
Another example of how EIM can positively influence the customer experience is demonstrated at Microbiologics, a Minnesota-based biological controls company.
The company selected ICM to automate all of its customer account-related documents. By scanning its historical records into ICM and transitioning from paper to pure electronic processes, Microbiologics’ customer service representatives can now immediately address incoming inquiries from its global customer and distribution partner base. In the past, records resided in different formats and locations, making it difficult for customer service personnel to gather all the necessary data to resolve outstanding customer issues in an efficient manner. Now, representatives can instantly locate the needed records from their desktops by conducting a simple search from within ICM or NetSuite. As a result, the customer service department runs faster and is more responsive, replacing paper-based processes with new streamlined approaches to information management. ICM also provides the necessary evidence of document control and process management necessary to maintain compliance with FDA regulations and ISO 9000 quality standards.
How to Get Started: Next Steps for Small Businesses
Small businesses have more agility to respond to changes in the market, but doing so effectively requires fast employee access to business information, along with the ability to automate manual business processes.
While dedicated or “best of breed” solutions can address this challenge department by department, they are limited in scope. Only EIM has the capacity to provide a single, centralized solution that serves as a cross-departmental workhorse that benefits the entire organization.
EIM supports the information management and expedited workflow automation needs that are critical to ensuring quality and consistent levels of service as the company grows. With the ability to organize, search and manage the vast universe of business information, businesses can streamline workflows and create efficiencies across accounting, HR, legal, and customer service teams, improving the speed at which business is conducted, as well as the end customer’s experience.
What is the Victorian Protective Data Security Framework (VPDSF)?
The Victorian Protective Data Security Framework (VPDSF) was established under Part 4 of the Privacy and Data Protection Act of 2014 and took effect on 1 July 2016. This framework, created by the Office of the Victorian Information Commissioner, provides information to Victorian organisations operating in the public sector about requirements that are specific to this sector. There are 3 components to the framework, including the Victorian Protective Data Security Standards (VPDSS), the Assurance Model, and supplementary security guides and supporting resources.
This framework was developed as a means to help public sector organisations improve their data security practices and policies, manage risk and promote innovation that can lead to increased productivity. On a very broad scale, the VPDSF emphasises a cultural change that moves information security from being an autonomous activity to one that is incorporated in every aspect of the organisation’s operations. It builds in security measures related to the people, the buildings, the systems and the processes of the organisation.
The VPDSF also includes a 5-step action plan for implementation that requires the following:
Identification of your information assets.
Determination on the ‘value’ of this information.
Identification of any risks to the information.
Application of security measures to protect the information.
Management of risks across the information lifecycle.
In addition to the 5-steps, there are activities that must be conducted throughout the process to ensure that the steps are completed thoroughly and rigorously. These steps include:
The completion of a detailed Security Risk Profile Assessment (SRPA).
The completion of a VPDSF self-assessment.
The development of a Protective Data Security Plan (PDSP).
A mandatory review of the PDSP every 2 years, or sooner if there is a significant change to the organisation.
OVIC oversees the compliance and monitoring activities related to the VPDSS, which may include audits.
What are the Victorian Protective Data Security Standards (VPDSS)?
The Victorian Protective Data Security Standards, or VPDSS, were created as a tool that would outline the path to a consistent application of security measures across the information network for the Victorian public sector. The VPDSS consists of 18 high-level mandatory standards, each with 4 protocols that work to protect data across 4 domains – information, personnel, ICT and physical security.
Security Governance (12 standards) – Executive sponsorship of and investment in security management, utilising a risk based approach
Information Security (Three standards) – Protection of information, regardless of media or format (hard and soft copy material), across the information lifecycle from when it is created to when it is disposed.
Personnel Security (One standard) – Engagement and employment of eligible and suitable people to access information
ICT Security (One standard) – Secure communications and technology systems processing or storing information
Physical Security (One standard) – Secure physical environment (eg. facilities, equipment and services) and the application of physical security measures to protect information
The Assurance Model
In the efforts to monitor and measure the efficacy of the protective security measures found in the VPDSF, OVIC has designed with Assurance Model to outline the activities that their agency will engage in while overseeing the data practices across the public sector.
The Assurance Model is comprised of four parts:
Security Planning that addresses the activities that assess risk and the development of an action plan.
An Organisational Compliance approach that supports the continuous improvement mandate of the BPDSS.
The Risk-Based Assurance approach used by OVIC to assess the effectiveness of the VPDSF across the public sector.
The Assurance Reporting obligations for OVIC.
The 6-Point Approach to Comprehensive Cyber Security
Navigating the requirements of the VPDSF is no easy task. However, Int Tec Solutions embraces a cyber security strategy that permeates the entire cyber landscape of an organisation and actively involves personnel in establishing and maintaining the highest level of security possible. While these activities can benefit organisations in any sector, they can be especially valuable for those in the public sector as they provide the assurances necessary in meeting the requirements of the VPDSF.
Beyond the VPDSF
Achieving the goals laid forth by the VPDSF can be intimidating for any sized organisation, which is why the professionals at Int Tec Solutions can assist with every component to ensure full compliance is achieved. This service can begin during the planning process with the Risk Profile Assessment and carry through the entire process, during which only reporting and mandatory reviews are required. Despite the low level of requirements that are formally dictated by the VPDSF once the Protective Data Security Plan has been adopted, Int Tec Solutions will continue to be a proactive party that seeks out new vulnerabilities in a rapidly changing data landscape and working to ensure that these threats are properly accounted for.
