Blog Banner

SPTechCon: SharePoint Compliance & Security, Chris McNulty Book Signing & More

Logo of SPTechConSharePoint security continues to be an ever present concern for organizations. Consider some recent stats on content security:

  • 46%, out of the 60% who indicated that their companies support BYOD, say that their companies do not use tools or policies to protect corporate data. Survey results reported by Bank Systems & Technology
  • Only 15% of respondents said their information governance plan is “in place, it’s important and it’s communicated and enforced.” AIIM survey of 548 members of its community

Next week, join HiSoftware at SPTechCon: The SharePoint Technology Conference in San Francisco to discuss these issues and how to keep SharePoint secure while maximizing your investment in the collaboration platform. Head on over to the HiSoftware Booth (605) to learn more about our award-winning solutions for secure collaboration and have some fun Sheriff style!

Heartbleed OpenSSL and HiSoftware Products

heartbleed1By now many of you have heard about the open “Heartbleed” vulnerability in the OpenSSL encryption used by many public websites and technology services.  The zero day exploits exposed by Heartbleed allow attackers to retrieve ID’s and password from compromised servers – and many common providers (Google, Amazon, Oracle, and Apache) have been exposed by the exploit.

The good news is that HiSoftware’s products are not directly exposed by these exploits.  HiSoftware uses different encryption technologies (principally SCHANNEL) which were not impacted by the breach.

BBC Reports: 2014 the Year of Encryption

decorative image of padlockThe BBC reported that 2014 is the year of encryption. The article points out government surveillance and the threat of attacks from hackers as the main cause. Dave Frymier, chief information security officer at Unisys, a Pennsylvania-based IT company advised in the article:

Rather than encrypting everything, Mr Frymier advocates that companies identify what he believes is the 5%-15% of their data that is really confidential, and use encryption to protect just that.

He says employees should then be barred from accessing this data using standard desktop and laptop machines or their own smartphones or tablets, which can easily be infected with malware. Access would be restricted to employees using secure “hardened” computers.

Outside threats are a huge concern, but effective content security needs to be handled from the inside. Forrester reported that 75% of data breaches come from within a company. Of these, 63% result from an employee losing or misplacing corporate assets; 12% were breached with ill intent.

HiSoftware on How to Avoid SharePoint Governance Mistakes

Decorative image of Most Wanted logoLast week our very own Kurt Mueffelmann joined Ruven Gotz, SharePoint MVP, Avanade alongside Jill Hannemann, Practice Director for Advisory Services, Portal Solutions and Gail Shlansky, Director of Product Marketing at Metalogix in a best of breed webinar “Most Common Governance Mistakes In SharePoint (and how to avoid them).”

Kurt gave some tips during the webinar that CMSWire included in a write up of the webinar:

On the topic of putting governance plans in place, the panelists said no template is automatically right for you organization. Kurt said, “Try not to boil the ocean. Decide what’s important to your organization.”

Asked if the [governance] plan belongs to the IT department or business managers, the panelists agreed that there shouldn’t be a single owner. “We look at it as being a team sport,” said Kurt. “I think it’s multifaceted. It not just whether IT or business owns it. It’s both.”

HHS to Survey 1,200 HIPAA Covered Entities

Healthcare networkThe Department of Health and Human Services’ Office for Civil Rights (OCR) announced it will survey up to 800 covered entities and 400 business associates to gather information as part of the first step in selecting organizations for the next round of HIPAA audits. The survey “will gather information about respondents to enable OCR to assess the size, complexity and fitness of a respondent for an audit.” OCR intends to collect information that includes “recent data about the number of patient visits or insured lives, use of electronic information, revenue and business locations.”

In a blog by Robert W. Liles, Esq., he writes:

This latest survey may point to a revitalization of the HHS OCR HIPAA Audit Program, which has not been active since the conclusion of the pilot audit program in December 2012. It will provide another opportunity for HHS OCR to examine different mechanisms for compliance with HIPAA/HITECH, identify best practices, and discover new risks and vulnerabilities.

What can providers – as well as business associates – expect in the next round of HIPAA audits?  Providers should anticipate that HHS OCR will focus more specifically on many of the problem issues identified in the pilot audit program – timely and thorough security risk assessments, effective and ongoing risk mitigation plans, breach notification procedures, encryption, training, and policies and procedures.

Most Common Governance Mistakes In SharePoint (and how to avoid them)

Decorative logo of Metalogix Best of Breed ShowcaseYesterday I joined Ruven Gotz, SharePoint MVP, Avanade alongside Jill Hannemann, Practice Director for Advisory Services, Portal Solutions and Gail Shlansky, Director of Product Marketing at Metalogix in a best of breed webinar “Most Common Governance Mistakes In SharePoint (and how to avoid them).”

The discussion focused on the mission critical role SharePoint plays in an organizations content management and collaboration efforts and as a result, the important role governance plays in securing information integrity. We also touched on optimizing the value of content stored, accessed and shared within SharePoint. Despite the fact that governance is considered critical, most organizations suffer from a governance gap.

During the webinar, host Ruven Gotz asked panelists a series of questions. Some are summarized below.

Privacy Breaches Must Stop!

Decorative image privacyIf you think content security is a nice to have; think again. Just last week, it was reported that Stanford Hospital & Clinics and two of its vendors are set to pay more than $4.1 million to settle a class action claim. The claim said they violated a state privacy law by allowing the medical information of approximately 20,000 emergency room patients to be posted online for nearly a year.

According to a statement released by Stanford:

  • Multi-Specialty Collection Services and Corcino & Associates will pay $3.3 million
  • Stanford Hospital & Clinics will pay $500,000 for a program to educate vendors on recent regulations that hold them accountable for privacy breaches
  • The hospital will also pay $250,000 to cover the administrative costs of the settlement

Stanford’s breach of protected healthcare information (PHI) was unknowingly and illegally displayed on a public website for nearly a year, beginning on Sept. 9, 2010 before it was discovered. With such steep financial settlements and/or government penalties possible, not knowing that someone in your organization accidentally published PHI or other personally identifiable information (PII) is not a defense. This isn’t an isolated case, a Forrester report shows that a surprising 75% of breaches come from within the company, not outside threats like hackers.  Data from CyberFactors shows a similar picture, where 50% of the reported incidents were caused by an external actor, 40% by someone inside the organization, and 6% by a third-party contractor or vendor. 

HiSoftware Welcomes Chris McNulty as CTO

Headshot of Chris McNultyThe increased demand for our SharePoint and Office 365 solutions for secure collaboration speaks to the many challenges organization’s face when it comes to managing governance and security on the platform.

As part of our commitment to work with outstanding experts in our space, today we announced that former Dell CTO and Microsoft SharePoint MVP, Chris McNulty joined the company as Chief Technology Officer (CTO). He will be responsible for driving the company’s overall technology strategy across all product lines and market verticals.

I’m pleased to announce the addition of Chris to the team to help shape how our products will continue to solve these issues as SharePoint evolves, as well as how we extend our solutions to other technologies.

Did the Renewed Australian Privacy Act Take You by Surprise?

Australian FlagEarlier this month, on March 12, 2014, the renewed Australian Privacy Amendment Act (PAA) took effect. It now requires businesses and government agencies to notify citizens when their data has been stolen or lost, or their privacy has been violated. The Act is applicable to data breaches where there is risk of serious harm.

The new legislation dictates that both private and public sector data breaches must be reported to the Office of the Australian Information Commissioner (OAIC), and consumers must be informed so they can take proactive steps to protect their data. To help enforce the legislation, the Privacy Commissioner can impose penalties for a breach of up to $340,000 for individuals and $1.7 million for companies. Now add to that number the total organizational cost of a data breach in Australia: $4,104,932[1]. As you can see, the penalties that can be levied under the new Act have the potential to increase the total cost of a breach significantly for an organization.

Complete Solutions for Making Web, Office and PDF Content Accessible

Decorative image of Keyboard key with handicap symbolIdentifying issues is an important first step to accessibility; making the necessary fixes to the content is the key to achieving compliance. This is why we have now partnered with NetCentric Technologies, makers of the popular CommonLook suite of software and services for accessible electronic documents. Working together, we will provide our customers complete solutions for making Web, Office and PDF content accessible.

This partnership makes a lot of sense for our customers who are looking for a way to easily identify and fix problematic Office and PDF documents. When used together, Compliance Sheriff and CommonLook can ensure that all digital content within the organization is compliant.

Powered by WordPress