Implementing your security plan to protect your data and network

In its 2013 global data breach study, the Ponemon Institute reported that data breaches experienced by U.S. companies continue to be the second most expensive in the world at $188 per record. The study also reported that U.S. companies had the second greatest number of exposed or compromised records per breach at 28,765, resulting in an average total organizational cost of more than $5.4 million per breach.

By beginning the implementation phase of a newly established security plan, your team can take an important step forward in preventing data breaches.

Smart Business spoke with Stephan J. Cico, managing director of All Covered Pittsburgh, about implementing a security plan, which follows his last article about building a security plan.

Where’s the best place to start?

A good place to start the implementation is to have a company meeting. This serves a dual purpose. First, it communicates to employees that the implementation of a new security plan and/or revised policy is underway. It allows them to ask questions and feel like they are part of the bigger plan.

It’s also an opportunity to provide a brief security training. The session needs to talk about how to create strong passwords, identify questionable email attachments and avoid potentially troublesome websites. Employees can take these ideas home as well. Once employees understand how the plan will work and how they can help keep the network secure, they’ll be more diligent moving forward.

How should documenting be handled?

Document all the agreed-upon policies, procedures and installation information, and then distribute the documentation to all interested parties. This document should always be on hand in a centralized location in case sections of the protection plan require an update or disaster recovery plans need to be put into action. Have employees acknowledge in writing that they reviewed and understand the policies.

What else do employers need to know?

When it comes to the physical work, images of servers and desktop configurations should be updated regularly. In case an emergency recovery is required, an old desktop image is likely missing critical security updates. This means additional time for the IT team to update each unit individually to keep it on par with the overall protection plan.

The selected endpoint protection software should be installed on all computers, servers and mobile devices. This software should be updated on an ongoing basis. A minimum of two IT team members (for redundancy purposes) should remain active on the email notification list for critical updates and alerts. It’s not uncommon to have ‘emergency’ patch alerts to plug security holes against a recent threat. By staying up to date on security best practices and current threat news, the software is kept current and the network remains protected.

Regardless of the business’ size, a solid firewall is a key part of keeping networked computers and business data safe and secure. A firewall serves two main purposes — it filters what traffic comes into the network, and controls what users may send out of the network. The specific firewall settings will vary based on the other security-related processes and your business needs.

What’s important to know about mobile devices?

Mobile devices are possibly the biggest variable when it comes to a business protection plan. According to a 2013 global security study, mobile malware exploded by 400 percent over 2012. Additionally, on average, today’s employee utilizes three different devices for work-related tasks.

One of the biggest potential threats is a public network. Whether at the airport or coffee shop, the potential for malware and other threats are ever present.

When implementing the mobile device portion of the plan, especially in a bring-your-own-device model, sit down with each employee to review the new security policy and how it affects mobile devices. They may not be aware of all the security holes that exist in today’s apps and connection points. For example, according to documents leaked from the Government Communications Headquarters, the National Security Agency has used Angry Birds, Google Maps, Facebook, Twitter and LinkedIn as ‘entry points’ to private mobile devices.

Insights Technology is brought to you by All Covered Pittsburgh

How to protect your data and network by building a security plan

As companies grow, it’s easy to miss technology changes that can expose your business to vulnerabilities. No one is immune and protecting your business against breaches is not a “set it and forget it” situation.

According to a 2014 Forbes article, small and midsize businesses made up more than half of all targeted attacks in 2013 at 61 percent — up from 50 percent in 2012 — with medium-sized (2,500-plus employees) businesses seeing the largest surge.

This problem is only getting more serious and widespread, but there are key steps a business can take to help protect not just their data, but also their entire network.

Smart Business spoke with Stephan J. Cico, managing director of All Covered Pittsburgh, about building a security plan. All Covered will follow up with three more articles on keys to protecting your business.

Why is it critical to build a security plan?

Building a security plan is the first, and arguably the most important step, in protecting a business network. It should be a methodical process that includes the IT team and key business stakeholders. Businesses need to not only understand current security trends, but also the current state of security within their own data center. Building a plan identifies current security lapses so the team can create a comprehensive approach.

How can companies get started?

Start with fact-finding to get answers about:

Current policies — Assess all IT and security policies. Policies should be reviewed regularly to make sure they are current with the business’s plans and goals.

Device and software inventory — Every device should be part of an inventory, in order to clarify the scope of the environment and the devices, software and systems in a security plan. You also want to include hardware configuration, installed business software and current security patch levels. If it’s not possible to inventory and check each mobile phone, at least check the devices of C-suite members, the IT team and those most likely to use their devices for business.

Regulations — If your business is in a regulated industry, there may be additional requirements to keeping data secure and available for industry audits. You’ll want to speak with an industry expert.

Physical structure — Nothing should be overlooked. Do the server room doors have security card access or programmable keypad door locks? Is there an independent air conditioning system, power protection with battery backup or a backup generator, and proper fire suppression? Look at the physical space with a critical eye. Everything from building key cards to authorized access to server rooms to power is important.

How should the team build the actual plan?

Just like the initial research, the process must be comprehensive. Don’t forget to consider:

Physical servers — Develop a written backup and recovery plan. It should include the ability to restore from an image with confirmed and tested recovery points. Copies of the backup should be kept off-site to protect against a catastrophic failure.

Virtual servers — Virtualization provides wonderful benefits, but just like physical servers, they require a thoughtful plan for management and security. This should include monitoring and reporting on backup and replication, fault tolerant design and carefully planned capacity implementation.

End-users computers — Every time a computer is added, it needs to include local endpoint protection software (anti-virus, anti-malware) set to auto-update. Implement policies regarding internet and email usage, installing software, downloading attachments, etc. If possible, consider desktop virtualization or thin client computing, which provide a flexible and more secure solution for end user access.

Bring your own device (BYOD) — Top concerns for BYOD deployment is related to security. Approximately 22 percent of mobile devices will be lost or stolen during their lifetime, and more than 50 percent of these will never be recovered. Will that device contain your business data? It’s important to consider application risks, password strength, possible encryption and remote wiping for lost or stolen hardware.

Employee security training — Employees should be trained on company policies and procedures as well as best practices for email and Internet usage, handling corporate data and compliance-related requirements.

Insights Technology is brought to you by All Covered Pittsburgh

Give your employees the right tools for remote technology access

The day of the briefcase is gone. Workers are carrying around smartphones, tablets and PCs — resulting in an increased need for remote access to daily documents and processes.

If your company doesn’t have a mobility solution, your employees — who now have mobile devices on them at all times — will be less productive. And if it’s a hassle for staff to remotely access documents and processes, not only will your employees lack the tools to do their jobs anytime, anywhere, delays can transfer to waiting customers.

Heather Stump, applications delivery manager at Blue Technologies Smart Solutions, says companies are focused on getting information to people quickly and easily, such as adding bring-your-own-device policies. But you need a mobility solution that can work with a variety of devices.

“The information that employees are working with often needs to be seen by multiple people. The need for collaboration through the company’s network is huge, regardless if you’re in the field or sitting at your desk,” Stump says.

Smart Business spoke with Stump about business mobility needs and how employers can find the best-fit technology.

Where are mobility needs currently growing most for businesses?

Employees today need access to critical information while on appointment, traveling or working remotely. And companies must keep processes moving while these employees are on the go.

It hits a variety of industries and jobs, especially those that operate in the field with clients, such as health care, or on location like in a courtroom, as with legal. For instance, insurance adjustors travel to different accident scenes to take photos while on-site. With a mobility solution, they can upload them directly to the system’s workflow to enable their home office to process the claim immediately.

Executives who need to approve payments and invoices also can benefit from mobility solutions. If a business owner heads south for the winter, it’s a good idea to implement technology where he or she can log on to a mobile device to review and approve something, rather than mailing or emailing copies, which slows down the workflow.

Key processes(s) that commonly bottleneck without mobility solutions include invoice approvals, payables and anything to do with sales or other client-facing activities. If it takes longer to process an order, complaint, claim or even answer a question, it impacts customer satisfaction and your ability to meet deadlines.

How can businesses meet these needs?

On-premise business solutions like document management often can be extended and reconfigured to allow for mobility within your network, without adding multiple pieces of technology. Whether it’s a cloud or on-premise solution, vendors have developed apps that can be downloaded and utilized with different mobile devices. This provides built in mobile support and security, while also making it less time consuming and more cost-effective to get a mobility solution up and running.

Some mobility features include printing from a mobile device, uploading photos and adding notes, or taking a photo of a document where optical character recognition turns that text into editable and searchable data.

Another trend is electronic forms that allow employees to gather information remotely. A sales person can sit down with a client at his or her location, fill out the form, get an electronic signature and submit an order immediately.

Are these solutions difficult to implement? How can employers determine the right mobility solution?

Mobility solutions aren’t difficult to implement because they are often integrated with existing platforms and processes.

If you have the need — demonstrated by pain points like mobile employees who can’t access your network — it’s worth the investment, which will provide increased productivity and cost saving, among other benefits. The ROI doesn’t have to be monetary, either. Are your customers satisfied? Are your employees satisfied? Are you giving your staff the tools they need, or servicing customers in a timely manner?

Your technology partner can help you evaluate your needs, determine the right fit and assist with implementation.

Insights Technology is brought to you by Blue Technologies Inc.

Uncork the bottlenecks: Streamline your workflows with scalable technology solutions

Every organization has workflows. But do you proactively try to improve your workflow processes, or only consider them as you’re scrambling to fix a problem?

If your company has people-intensive processes, where documents and tasks touch and affect many, you need to be evaluating them proactively.

Workflow technology solutions can help — uncorking bottlenecks, adding efficiency and streamlining the whole process, says Nano Zegarra, chief technology officer at Blue Technologies.

“Picture someone’s desk with a stack of papers on it,” Zegarra says. “That process owner has to get through all of those documents to get to the finished product, whether that’s billing a customer or manufacturing something. And that final product is how your company makes money for what it does.”

Smart Business spoke with Zegarra about how scalable workflow solutions can make it faster and easier for your organization to get where it needs to go.

How do workflow solutions help?

One of the biggest pain points for organizations is a loss of productivity. You may have people sitting around and waiting to get to the next step, doing a lot of unnecessary investigation into a task or perhaps wasting time searching for documents.

With the right interface, you can eliminate those inefficiencies. You can enable multiple people to see a document at one time, or to easily find and view everything related to a project through a singular interface. You can also automate administrative tasks, and set alerts to keep things moving through your process.

That adds a level of accountability, as well, because a business leader has an overview of where a particular project or order is sitting in the organization at any time — and he or she can jump in to add efficiencies as needed.

The technology can even be set up so that if a certain person doesn’t handle a task in a given amount of time, it’s moved to another person to ensure completion in a timely manner. This enables you to guarantee deadlines.

Can these solutions accommodate a company that’s growing?

A flexible, enterprise-based solution can be expanded over time, so that you can plan for the long term, and continue to do more as you grow, without having to add resources.

The backbone of a workflow solution is always document management, but on top of that you need to understand the structure of your organization. How is everything going to be stored and accessed? How will changes to documents and redactions be handled? How are the changes in retention period or compliance going to be handled?

After the first six months to a year, you and your employees will likely notice additional inefficiencies that can then be improved upon with the software investment that has already taken place.

For example, if your accounts payable solution is working so well that you want to add in the human resources department, it can be a matter of simply reconfiguring the workflow solution to handle another area. Rather than buying an entirely new product.

Or you acquire another company and need to integrate their system with yours. The right, scalable workflow solution will either work upfront with the other system, or allow you to easily add pieces to communicate data back and forth.

How can a company determine the right, scalable fit?

Make sure you ask your technology vendor about what will happen if you go from handling 500 pieces of information to 1 million. You don’t want a workflow solution that’s driven by volume or task.

You also don’t want to look for a solution specific to a problem you’re trying to fix, because investing in a canned solution could hold you hostage later.

The key is not to limit yourself, to think proactively and choose flexible technology that aligns with your future business goals.

That’s why working with a technology partner to help you find the best-fit, scalable solution is critical to streamlining your workflows. The right partner can help you grow by identifying your inefficiencies and uncorking bottlenecks through a thorough analysis and workflow design.

Insights Technology is brought to you by Blue Technologies Inc.

How to diagnose the real problem with your business technology

If you hurt your arm, you wouldn’t have a surgeon just cut it off. First, you’d figure out what’s wrong with it. Then, you’d seek the proper medical treatment for the actual cause of the pain — which probably wouldn’t cost you an entire limb.

Why should business technology be any different?

“When you’re working in your business, it’s not easy to work on your business. You’re so focused on putting out the daily fires, which by definition limits your perspective and ability to see the whole picture of what’s going on,” says Paul Sems, general manager at Blue Technologies Smart Solutions.

Someone has to observe and document the current situation — which includes your employees, their behaviors, processes and the technology itself — before making any adjustments.

Smart Business spoke with Sems about diagnosing business technology pain points, in order to find targeted solutions that fix the underlying problem.

Where do organizations trip up with their technology and infrastructure?

Many business owners highlight that they spend a huge percentage of their budget on technology, and don’t get the business results they expect. But it’s often because they buy new technology without factoring in other critical elements — people and processes.

Think of it like this: If you were stuck on an island and you could pick one thing to survive — a high-tech multi-tool, a detailed survival book or a survival expert like Bear Grylls — what would you choose?

You might choose the seemingly handy multi-tool — despite having little idea how to use it — just like companies who often go for the latest and greatest technology, hoping that it will increase revenue or decrease costs. Or you might choose the survival book, packed with instructions, where it may take a lot of time to find or understand an answer or which may be missing key or updated information.

Instead, it’s best to choose the expert who already has hands-on survival experience. Partnering with a technology expert ensures your people, processes and technology all align — to thrive, not just survive.

How does a business technology diagnostic work?

A diagnostic follows a rigorous methodology that takes a holistic approach to people, processes and technology. It allows you to see and communicate what the problem is.

For example, a management team thought it had specific needs due to technology issues. A diagnostic, however, determined that 90 percent of the problem was people and processes — and only 10 percent the technology itself. This more accurate analysis resulted in a different needs list.

A diagnostic also allows you to work with facts. If you anonymously ask employees whether they are satisfied or dissatisfied with your IT and technology, that’s not that helpful. To get to the heart of the issue, get specific and ask stakeholders: ‘What are your business goals and top priorities? Where is the technology helping and where is it not helping you achieve those?’

What are common problems related to people, processes and technology?

An example of a people problem is an IT director and business director who don’t communicate. That trickles down to the relationship between the two departments, where the employees are working on the same thing in isolation. Building relationships and clearly defining roles is a great place to start in solving these problems.

As for process issues, a common problem is no IT governance. Regardless of your size, a technology steering committee should evaluate — in a systematic way — investments in technology. Then, the key stakeholders take ownership and say yes or no to projects, while IT weighs in on whether the proposed technology works. The committee takes the pressure off the IT person, just like the CFO helps the executive team make good decisions about finances.

In the process bucket, you also find alignment issues. It is the CIO or IT director’s job to understand the business and exactly where IT can help that business meet its goals and objectives. IT should never spend a dollar unless it understands how that corresponds with business objectives.

Ultimately, no matter the issue, it’s important that organizations work with their technology partner to step back and develop a comprehensive view of the entire problem before making technology decisions.

Insights Technology is brought to you by Blue Technologies Inc.

How to enhance your office operations for 2016

Thirty years ago, Bill Nelson, vice president of Cleveland Sales for Blue Technologies, was selling typewriters and copiers door to door. People kept telling him that print was dead and everything would be paperless. Fast-forward to today, and print hasn’t gone anywhere.

“People are always going to need to print,” Nelson says. “It’s not that they necessarily print less; it’s that companies store less paper. People print the physical documents, use them and then can shred as necessary. They don’t need rooms or warehouses anymore to be able to store documents.”

Smart Business spoke with Nelson about how he’s seeing offices learning to print smarter with flexible solutions that better fit their ever-changing needs.

How have business print needs changed?

Companies require flexibility first and foremost, because their business needs change faster than ever today. As you scale operations up and down, your organization and its print solutions have to adjust.

Organizations still need high-speed color and black and white devices to print on demand. But where before they might have printed 10,000 documents and put them on a shelf, now they print them only as needed.

More areas of a company’s workflow can be optimized with a paperless solution. This is key because mobility is also a growing trend, with so many people working remotely. Employees need to be able to retrieve and archive documents electronically on the go, as well as connect to office printers with their portable devices.

What are the latest technologies employers can use to optimize their operations?

Office hardware has become more centralized. Nearly all machines have the ability to print, scan and copy, which means companies have more flexibility with their documents. And these advanced machines work more closely with software for added functionality. For example, technology solutions allow employees to walk up to any machine and print from a tablet or phone.

Multifunction devices can easily choose what venue to push documents out to. They integrate with document management software that allows companies to store, index and retrieve documents quickly and transparently in a central database. For example, law firms still print a lot because they need physical paperwork, but they use a comprehensive document management solution to scan the document in, index it for easy retrieval within their system, distribute it, mark it up and collaborate on it electronically. Also, you can set up automated workflows within the system.

Another technology solution to use with print hardware is managed print services (MPS), which deploys print management software to help businesses evaluate usage and streamline their needs with maximum flexibility. It’s an area that’s typically not managed well or ignored all together in most businesses.

MPS providers proactively manage and service the print hardware fleet, reducing the burden on your IT staff while eliminating costly inefficiencies. Frequent reviews of print equipment’s volume, service and supply history also enable these consultants to offer suggestions for improvements and ways to meet business and printing goals.

Additionally, they can assist with applying rules-based printing across your organization to help further eliminate unnecessary print waste. For example, if someone tries to print 150 pages to his or her desktop printer, a prompt might ask him or her to print to a centrally-located machine that operates at a lower cost. Or you could limit certain job types to print only in black and white.

As organizations plan for next year, how can they improve their printing operations?

You need to assess your office infrastructure, including the print fleet and business process and goals that you want to achieve with your documents — regardless of whether they are paperless or physically printed out. What are you trying to achieve with that document? Where does it go next? Who needs to see it? Who needs to edit it?

The market’s technology solutions have never been more affordable or flexible; there are different options that can be tailored to what you want to do. Your office technology partner can help you evaluate your current processes and design a solution to ensure your operations are as efficient as possible in the coming year.

Insights Technology is brought to you by Blue Technologies Inc.

How to cut waste by standardizing your printer fleet and supplies

Office printing consumes about 1 to 3 percent a company’s annual revenue. The average employee spends anywhere from $1,000 a year to up to $10,000 on document output. For every dollar you spend printing, it involves another $9 to manage it. And 23 percent of help desk calls are printer related.

These are just a few eye-opening statistics from Gartner, a technology research firm, about business printing and its related costs.

Something that has this much impact needs to be actively managed — but is it?

“Many times, printing is handled by a company’s internal IT team, who are very busy. The executives assume IT is actively managing the cost of printing, when most of the time that’s not the case,” says Matt White, a subject matter expert on managed print services at Blue Technologies.

At the same time, you may have more than one department procuring various supplies from different vendors.

One way to better manage printing more efficiently is standardizing — standardizing your fleet to best optimize space and number of machines, and standardizing your supplies to cut costs and waste, White says.

Smart Business spoke with White about the benefits of standardizing your fleet and supplies with managed print services.

When you’re managing your printer fleet and supply efficiency, is it just a matter of costs or is there more at stake?

You want to look at managing your fleet, whether that’s just printers or also multifunction printers, two ways:

  • Hard costs, which are quantifying the number of supplies you’re buying, the number of parts you’re using for replacement, the amount of service calls if you’re calling for outside service, etc.
  • Soft costs, which include your internal IT staff’s time and the end user’s interaction. Are the printers up or down? Is that hurting your productivity? How much time is your administration or procurement department spending shopping around, looking for the best price or the best quality of supplies?

You also need to understand why people are printing and what they are doing with it. What does the ink on paper mean to your business? For example, is it part of a shipping label or pack slip that is vital to your operations? How does downtime impact your overall productivity?

Everyone has talked for years about going paperless, but at this point paper is just far too useful to eliminate from the workplace. So, with that in mind, everybody can benefit from managed print services — you just may get more or less benefit depending on the volume of printing.

How can standardizing your printer or copier fleet help?

Usually the typical ratio is 3-to-1 — three employees for every printer. So, if you have 100 employees, you might have 30 printers. With 30 different printers, you could have anywhere from five to 10 different types of printers, which means five to 10 different types of cartridges — or more if some of those devices have color, too.

By standardizing, you minimize the number of cartridges that you’re stocking. You also can put the right-sized printer near the people who need it, or even consolidate down in certain areas.

At the same time, the end users only have to deal with a few types of devices, so they can feel more comfortable with the displays, controls and overall feel of the units. This in turn cuts down on the number of printer related calls that go to your help desk.

Why does managed print services make sense to achieve this?

You might be surprised how many times the CEO gets tired of hearing from his or her employees that they hate the machines, so the company just buys them all new machines. You don’t want to waste resources in this manner.

It’s better to take the time to create a strategic plan by thoroughly understanding your workflow with input from your employees. Then, you can put in a process to slowly improve your printer management. It’s often best to outsource that management to technology experts, because they have the insight and experience to help you create a plan tailored to your organization’s unique needs, follow through on that plan and then make adjustments to hit goals along the way with regular reviews.

Insights Technology is brought to you by Blue Technologies Inc.

How to collect cash quicker and fuel growth with document management

Business owners need cash to grow. That’s why it’s critical to streamline your receivables process to ensure you’re collecting cash as quickly as possible. Developing a document management strategy can help you do just that.

Having these technologies and efficiencies in place to manage the growth also enables you to do so without adding bodies.

“For receivables, order processing and applying payments, if you’re growing and need to add bodies, this is a no brainer,” says Heather Stump, business process analyst at Blue Technologies Smart Solutions. “Software doesn’t go on vacations or need medical benefits. That’s an instant ROI, if you’re interviewing to hire more people.”

In addition, your high-paid employees may be doing low-paid tasks right now. You can automate many tasks so they spend more time processing and less time shuffling paper or filing, she says.

Smart Business spoke with Stump about how efficient document management will improve your accounts receivable processes.

What are pain points for companies when it comes to accounts receivable?

You want to limit your DSO, or days sales outstanding, and collect money quickly. Some of that is dependent upon customers, but you can minimize the time it takes to process orders, apply payments to those orders and follow up on troubled accounts.

Also, if your company has a manual or paper-based process for processing and applying payments, it lowers the visibility — and cash flow projections aren’t as accurate.

When you’re shipping goods or delivering services, your business needs to be able to respond in a timely manner to customer inquiries or payment disputes. Quick and responsive customer service will result in repeat orders, referrals and more business.

How can document management help?

Document management solutions are able to streamline the entire order to cash process. Documents are stored in a central, digital repository, linking all documentation associated with an order, such as the invoice, proof of delivery and check remittance. This comprehensive view allows staff to respond to customer disputes quicker and focus more time on processing and applying payments.

Additionally, electronic forms can replace the paper forms that you may be using today. Distributing the data entry responsibility throughout your organization, such as your sales staff for orders, ensures real-time information to your order processing department and faster billing turnaround.

Finally, you can proactively stay on top of late payments through automated searches and notifications to the receivables team.

How does this tie into existing software?

Document management technology is not meant to replace your existing line of business systems; it’s used in conjunction with what you already have. For example, advanced capture technology can be used to extract critical information from incoming documents, validate that information with data in your accounting system and then post it to the correct account. This helps to avoid multiple cases of data entry, which takes time and increases the possibility of errors, such as misapplied payments

There are many levels of integrations you can explore. Once you’ve identified your process bottlenecks and business needs, you will need to work with a technology expert to find the right solution.

What are best practices for using document management with your accounts receivable?

Document management, like any technology, should be phased in slowly. Focus, first, on taking your file cabinets and paper folders digital. Once you’re storing documents electronically, users must be trained to access them. Then, you can add process automation and integration.

Management should identify the top problems within the department. Then they can work with a technology adviser to determine where it makes sense to begin.

Document management can provide efficiencies for any sales organization run on orders. Distributors, in particular, find it useful because their invoices may be low cost, high volume; but a professional service firm also can benefit. In those instances, it may be less about collecting cash quickly and more about processing orders and delivering products correctly, quickly and efficiently, to generate repeat business — and growth.

Insights Technology is brought to you by Blue Technologies Inc.

How companies big and small are protecting their business information

With Sony, Anthem and Home Depot all recently experiencing data breaches, fear is generating interest in data life cycle management.

It can be easy to dismiss the recent data breaches as something that only happens to large companies. All businesses, regardless of size or industry, however, possess valuable information, such as strategic plans, customer financial data, and confidential personal data such as Social Security numbers, employee medical data, wills and trusts. If that information is lost through a data breach, the consequences could be catastrophic.

“We’re living in a time where people are taking a lot of things for granted in terms of privacy and protection,” says Douglas C. Williams, CEO of Williams Data Management. “Losing sensitive business information can lead to a company going out of business.”

Smart Business spoke with Williams about the sensitive information businesses may not realize they need to protect and the consequences of inaction.

Where are the common threats of a breach of business information coming from?

A breach of sensitive business information usually happens within the storage, retrieval and destruction phases of the data life cycle. The misconception is that company staffers are following the enterprise security policy to protect sensitive information throughout that life cycle, and they typically aren’t.

This is because employees are accessing company servers through personal mobile devices and sharing information through cloud services. Once information is stored off-site in a shared ecosystem, it’s difficult to defend against leaks because information governance can’t exert any control.

Some companies think that documents are destroyed when they’re recycled. There is, however, a time before they’re shredded and put in collection units that documents can be recovered. Unless the information is destroyed by a certified vendor, it can’t be certain that a breach has been avoided.

And guess what? Companies that lease copy machines may not recognize that inside each one is a hard drive that contains images of all the documents they scanned, faxed or copied. At lease end, the machine goes back to the lessor along with all the information transacted on it. This creates another opportunity for a breach to happen.

Should a breach of sensitive business information occur, what could be the fallout?

In the Sony breach, for example, the fallout was that the private conversations and opinions of company employees were made public. That resulted in more than an embarrassment, it was a complete breach of trust that’s been difficult to repair. Sony CEO Amy Pascal shined the light on the risk to CEOs for an incident that could have been easily prevented by a proactive data protection policy.

If the information that gets leaked in a breach is regulated, like HR data, job applications and private health information, there are significant financial penalties.

There’s also the chance, should the breach occur, that a company gets a visit from a government official who wants to see what policies and procedures are in place to remedy the problem. Companies that have no plan may be subject to high fines, penalties and negative publicity.

What is the average cost to an enterprise due to a business information breach?
Penalties can be significant for a breach of protected health information (PHI), which is not just a problem for companies operating in the medical field.

Manufacturers of automotive parts, for instance, could be holding PHI, possibly because they have a self-insured health care plan. That makes those manufacturers covered entities and subject to Health Insurance Portability and Accountability Act and Health Information Technology for Economic and Clinical Health Act regulations.

Generally, losing sensitive business information is costly. Target Corp., which lost confidential customer information during a data breach, may potentially have to settle a $10 million customer lawsuit and win back the trust of their customers.

Think of the impact that a breach can have on your business and plan accordingly. Call a data life cycle management expert to help your company plan, store, retrieve and destruct data for greater security. Rely on the experts to devise a business continuity and disaster plan before an incident happens. ●

Insights Technology is brought to you by Williams Data Management

How document management enhances project collaboration for legal

More than ever, law firms and corporate legal departments have multiple people, offices and teams working on the same case, as the resources inside the firm or department spread across practices areas and offices. It’s not uncommon to have attorneys in Cleveland, Chicago and Cincinnati collaborating on the same matter. And in the case of a large corporate legal department, that collaboration could stretch across the globe.

With so much electronic content flowing back and forth to facilitate that collaboration, it’s best to implement a document management solution.

“If there’s not a good solution, system or process in place to follow, then it’s very easy for something to get lost, not be properly understood or missed,” says David Cramer, manager of business development in the Legal and Professional Services division of Blue Technologies Smart Solutions.

Smart Business spoke with Cramer about document management in law firms and corporate legal departments.

What are the benefits of document management solutions for law firms and corporate legal departments?

Without a document management system, electronic content is probably in multiple places — file shares, a local hard drive, email folders, SharePoint or an enterprise content management system with no legal focus. Document management organizes all that content in one place.

Users can easily find existing content with robust full-text search capabilities. The solution collects email, email attachments, scanned images, Microsoft office documents and audio and video files, in order to organize them in a manner that makes sense for users.

The other advantages are productivity and efficiency. If there is a litigation or discovery need, the firm or department needs to be able to produce the right document quickly. Employees don’t want to have to recreate a misplaced document from scratch or look at an out-of-date version.

How does document management work with mobile devices?

More people today, including lawyers, paralegals and secretaries, work out of multiple offices, from home or when traveling. Document management solutions can provide remote access by interfacing with smartphones and tablet computers in a way that’s compatible with your security solutions. They also can provide the ability to work offline so you can access electronic content in court where there’s no Internet.

Do some document management solutions work better in the legal vertical?

You’ll want to select a document management solution that’s designed for the way law firms and legal departments work, with the language of attorneys, paralegals and secretaries.

You should work with a technology partner to find the best solution, but you can get started on research with third-party organizations like the International Legal Technology Association.

In many large corporations, IT declares that the enterprise will use only one solution; unfortunately it may not fit with the legal department. This in turn leads to poor or minimal user adoption.

If the return on your solution isn’t what you expected, what would you recommend?

Your business’s approach or practice groups may have changed. Every two to four years, do a health check of the system with the help of your technology partner to see what’s working well and what needs to be improved.

The solution’s design can be adjusted to better match business workflows. You may need a software upgrade that could provide new features or functionality. Or, perhaps it’s time for refresher training.

What else should employers know?

Some large firms have been using document management for 20 years, while many smaller firms, 100 users or less, are getting into it now because cloud technology providers handle the IT services.

Whatever your size or history, document management can help manage the day-in and day-out of drafting, editing and storing all components for a matter or case. But after a matter is closed, many firms or departments declare it a record, locking it down and applying a retention policy. Consider implementing a records management solution to manage those electronic and paper records.

Insights Technology is brought to you by Blue Technologies Inc.