Terminology IT is packed full of acronyms and technical jargon that can intimidate end business users. https://techterms.com/ - daily “term of the day” • •
•
• • • • • • • • • • • • • •
2 Factor authentication - adding a code to your username and password login that only you have access to retrieve, by phone app, token (physical device) or email. Auto-forwarding. You can set up many rules around your email inbox. You can automatically forward emails with defined characteristics (from, subject, etc) to another person. Zero-day attack – when a vulnerability is discovered, vendors work quickly to release a patch to fix it. The hackers go after it before you have a chance to patch (or if your patch fails), known as a vulnerability window. This is the time beginning from the first vulnerability exploit to the point at which a threat is countered. Hosted – technology that lives outside your office that you access via the internet. Server – devices that support a company’s network and “host” it’s data. Data center – A data center is a facility that houses computer and data-storage systems, including servers. Backend – everything behind the user interface (webpage, application, etc), databases, servers, etc. Virtual Private network (VPN) – a private connection to your network from outside your network. Web app – a website that looks and acts like an application. Application programming Interface (API) – helps different components of software work together – an interface between 2 applications/programs Technology stack – a layer of components that creates the network. Operating system – Webserver – Database – Coding Domain. A group on a local network with a common set of security rules. Domain Name. A unique name that identifies a website. Ex. “integrityky.com” Domain Name Service (DNS) – your domain name is translated into numbers, an IP address. The DNS is a directory of those numbers. Open Source – code that is available publicly for anyone’s use – it can be modified and freely used. Machine learning – starts with a general set of rules that are modified by use. Siri. SMS. “Short Message Service” aka Texting
Cloud •
•
•
Cloud hosting. Companies that don't lease servers may instead pay for data to be stored on virtual servers. These servers are said to be based in the cloud if they can be accessed only with an Internet connection. Businesses typically access cloud-based servers through software interfaces specific to their cloud-hosting service providers. Cloud backup. Data backed up in the cloud is transferred from a business to the datastorage provider's servers over the Internet. Cloud backup, also called online backup, can be set up to occur automatically, making it a convenient data-storage option. It does not require the use of any additional hardware on the part of the business, but requires bandwidth to and from the “cloud”. Software as a Service (SaaS). Otherwise known as "software on demand," this is a term associated with cloud computing. SaaS is a way of delivering business software via the Internet. SaaS usually can be paid for on a monthly basis, making it more affordable than other software options. Many business-management software packages, such as project management software, are now also available in SaaS form. Office 365.
Systems and operations •
•
•
•
•
•
Content management systems (CMS). These are used to manage the content of a website. They usually include a Web-based publishing feature, which allows for editing and formatting of content without the use of a Web coding language, like HTML. Many CMS also feature one-to-one marketing tools that enable targeted advertising. Custom software development. Some businesses require tailor-made software for their daily operations. Instead of using mass-produced software packages, such businesses use programs created by software development companies or in-house software development groups. ERP software. Enterprise resource planning (ERP) software allows a company to manage various aspects of a business — such as accounting, inventory and human relations — in one place. Companies purchase the enterprise software modules that are relevant to their business and use the ERP software to view all the data collected by these modules in a uniform manner. Business Intelligence (BI) software. BI is the information a business collects about itself. This can include a very broad swath of data, which is why businesses often need business intelligence software. These programs let companies keep all their BI data in one place so that it is easier to access and analyze. Contract management software. Many businesses operate based on contracts made with customers, vendors and employees. Contract management software helps businesses keep track of all aspects of their contracts, from initial negotiations to monthly billings. Performance management software. Human resources professionals often rely on performance management software to keep track of employee performance. Large
•
•
•
•
•
•
•
•
•
amounts of data can be organized and analyzed more efficiently with the use of this software. Customer relationship management (CRM) software. Customer relationship management is the term used for the way a business collects and manages data about its clients. Companies use CRM software to keep track of all the information they collect on clients, such as service calls made, or previous products purchased. This helps businesses close future deals and grow relationships with customers. Learning management system. Learning management systems are used by businesses for training employees. Such systems help human resource departments plan, implement and assess the training process. Video conferencing, discussion forums and other interactive features are usually included within a learning management system's software. Document management. Document management refers to the system of creating, sharing, organizing and storing documents within an organization. Whether it's selfhosted or cloud-based, document management software can be used to help facilitate the document-management process. Version control. Version control keeps programmers and engineers, for example, from writing over the work of their co-workers. This not only keeps historical data intact so you can backtrack and find how a task was accomplished, but also allows for progress on multiple fronts when teams are working together on systems. Having access to older versions allows for better troubleshooting as well. Managed services. Many day-to-day business activities can be outsourced as a means of cutting costs and increasing overall efficiency within a company. Such a practice is known as using managed services. Human relations activities and information technology activities are two common areas of expertise often subjected to this practice. Managed Security Services (MSS). Remote 24/7 monitoring of security events and security-related data sources; administration and management of IT security technologies. Merchant account. Merchant accounts are agreements with banking institutions necessary for businesses accepting credit and debit card transactions. In exchange for converting credit card payments into cash, banks charge merchants an interchange fee as well as other fees. Distributed systems. The bigger the business, the more it needs a distributed system to handle the data and server requests that may come in and flow out. This system uses several computers connected on a network to provide a service, compute data or accomplish tasks. CSV file. Shorthand for Comma Separated Values, CSV is the standard file format for exporting and importing databases and spreadsheets. Most CRMs use CSV files to import contacts and other data. It can be thought of as a simplified spreadsheet.
•
•
Third-party integration. The ability to connect other business solutions to CRM software to expand features and streamline business processes. For example, by integrating QuickBooks, users can automatically sync purchase orders, invoices and other financial data to simplify their accounting; users can also integrate email marketing software to utilize templates, sync contacts and add on additional campaign management features. User interface (UI). An application’s overall design, such as its layout and navigation system.
Marketing •
•
•
•
• •
•
•
Minimum viable product (MVP). When a startup team is trying to get its company off the ground, it will often work toward creating its MVP: the simplest functional iteration of its product that will be improved upon as the team goes. The purpose is to use validated learning (i.e., real feedback on the product versus beta or test input) to get the most from the minimum amount of development and effort. Email marketing. Email marketing is the promotion of products and services via email. Businesses can get creative with their emails by including images, videos and other exciting content that customers will be more likely to view. Many businesses use email marketing software to manage distribution lists, campaigns and analytics. Content curation. Content curation is basically choosing content to share online. This can be cultivated from existing content but should always be made new or "fresh" in some way to stay relevant, and to meet search engine algorithm specifications for higher ratings. Engagement. Knowing how many people use your online resources and how often people interact with your social media efforts is called tracking engagement. The more engaged your audience is on social media or your website, the more you know your message is being heard and resonating. Impressions. Along the same line as engagement, an impression occurs each time a piece of your social media content is seen. The goal is to make it a lasting one. Organic. This term refers to content that individuals have viewed because they came to it through their own natural or "organic" keyword searches instead of through paid promotions. Marketing automation. There are software or online services that measure marketing efforts through tools such as emails, social media, reporting, analytics and customer relationship management. Social media posts can be input and scheduled for release, and then data collected to measure effectiveness. A/B testing. Using A/B testing, a business can release two pieces of online content — like a marketing email, blog post or Web page — to two different test groups and see which version receives the most engagement. This kind of testing helps narrow down marketing and advertising avenues and predict which option will be more successful with the general public.
Resources Information on Healthcare IT: https://healthitsecurity.com/ (can subscribe to newsletter) Verizon 2019 Data Breach Investigations Report – executive summary: https://enterprise.verizon.com/resources/executivebriefs/2019-dbir-executive-brief.pdf
Preventing Annoying Spam Calls AT&T Spam Blocker https://www.att.com/features/security-apps.html Verizon Spam Blocker https://www.verizonwireless.com/solutions-and-services/call-filter/ Nomorobo – stop robo calls http://nomorobo.com/ National Do Not Call Registry You can register your home or mobile phones with the National Do Not Call Registry. To register: • •
Call 1.888.382.1222 (TTY: 1.866.290.4236) Or visit www.donotcall.gov
Protecting your phone 1. 2. 3. 4. 5.
Keep operating system up to date Set a lock screen with passcode Avoid un-protected USB charging in public places Use the phone’s security settings. Anti-virus for Android Phones: https://www.techradar.com/best/best-android-antivirus-app
Protecting your texts Most SMS messages are not HIPAA compliant. This is because they are not encrypted, cannot be recalled if sent to the wrong recipient, and can be intercepted on public Wi-Fi networks, are unaccountable and because copies remain on the servers of service providers indefinitely.
Although mechanisms exist to resolve these issues with SMS messages, they are rarely used. For most SMS, you cannot prevent the copying and pasting of PHI, the saving of PHI to an external hard drive, or the sending of PHI to a third party outside the organization´s network of authorized users. SMS texting is a violation of HIPAA Rules if the text messages contain any protected health information for which a patient had not given their consent. Importantly, the HIPAA regulations for SMS also apply to Instant Messaging services such as WhatsApp and iMessage, and to emails as well. 1. WhatsApp has end-to-end encryption, but if you back up the data to google or apple cloud, it is not encrypted. It’s now owned by Facebook, which has a history of sharing and selling data. 2. Signal is favored by info-security pros, but overall not with the general population. 3. iMessage (apple) has end-to-end encryption, but it’s difficult to evaluate its security because it depends on how individuals have their phone setup and unlike WhatsApp and Signal, you cannot view encryption keys. A message with a blue background is encrypted, a message with a green background is not. https://www.hipaajournal.com/hipaa-regulations-for-sms/ List of HIPAA Compliant Secure Messaging Apps https://www.g2.com/categories/hipaa-compliant-messaging A free app https://www.pmd.com/secure-messaging