Moving your business to the cloud has many benefits (like the ability to access your files anywhere and simplified business continuity in the case of a disaster) – but moving your business to the cloud can have severe consequences if you’re dealing with sensitive data and move to the wrong platform or don’t take employee training seriously.
The passage of the HITECH act in 2009 brought about very important changes relative to breaches of healthcare patient data, including:
- Fines for losing unsecured electronic patient healthcare information
- Notion of shared risk for companies that provide services (aka Business Associates) to a HIPAA covered entity
- Use of data at rest encryption as a form of safe harbor from the breach notification requirements
The good news is that Office 365 is one of the few, if not only, cloud providers that will sign a Business Associate Agreement (BAA). A BAA is an agreement that a Business Associate (BA – any organization that provides services to a HIPAA covered entity that traffic in patient information) signs to share risk of a breach of patient information relative to the BA’s services. Microsoft will sign a BAA. Google, Dropbox and many others will not.
Office 365 certifications
Microsoft Office 365 complies with industry standard regulations, and is designed to help you meet regulatory requirements for your business. Currently, it holds the following industry certifications:
- SAS 70 / SSAE16 Assessments
- ISO 27001 certified
- EU Model Clauses
- EU Safe Harbor
- HIPAA-Business Associate Agreement
- FISMA Authority to Operate
- Microsoft Data Processing Agreement
- PCI DSS Level One
Office 365 is not, however, configured by default to meet regulatory compliance. To be clear, Using O365 does not, on its own, achieve HIPAA’s and other’s requirements. Meeting those requirements takes proper configuration and client training. It’s important for organizations to realize that they, not Microsoft, are responsible for how the enterprise users consume Office 365.
Compliance and information safety
The good news is that out-of-the-box Office 365 is delivered with the options to configure to meet your compliance requirements. Exchange Online Protection (EOP) and Data Loss Prevention (DLP), Auditing, Mobile Device Management (MDM), amongst others, are included in already purchased plans and will help you be compliant (Includes K1, E1, E3, E4, Bus. Essentials, and Bus. Premium).
Securing Office 365 so that you can safely store sensitive information on the platform translates to encrypting the data, applying access controls, and auditing access to the data. With these three technical security controls in place, you’ll be in good shape to prove to auditors that you’re protecting your data as required by your compliance security requirements.
Security and compliance shouldn’t be a checkbox or an afterthought. They should be built right into the services and solutions your organization uses every day. Security and compliance are fundamental to Office 365, but making sure that those controls are configured properly to meet your organization’s specific security and compliance needs are crucial.
Last week, TIME named Office Lens one of the Top 5 iPhones Apps for the week– and for good reason. The free app, one of the most popular Windows Phones apps and newly available on iPhone and Android, makes scanning documents, photos and even whiteboards, easy.
From the App Store description:
Office Lens trims, enhances and makes pictures of whiteboards and documents readable. Office Lens can convert images to editable Word and PowerPoint files too.
Office Lens is like having a scanner in your pocket. Like magic, it will digitalize notes on whiteboards or blackboards. Always find important documents or business cards. Sketch your ideas and snap a picture for later. Don’t lose receipts or stray sticky notes again!
We’ve been using it around the PTG office and have become big fans. Here’s a few reasons why:
1. It works and works well.
Using Office Lens is pretty straight forward without a lot of bells and whistles – and that’s a good thing. If you can take a picture on your phone, you already know how to scan something in Lens.
Here’s how to use Office Lens:
- Select what you want to scan (photo, document or whiteboard): To select, you slide between the options on the camera screen.
- Scan: Scanning works basically the same way as taking a picture with your phone. Best part? You don’t have to take the image straight on. Lens will find the edges and clean up the image for you.
- Crop the image (if you need to): This is the only editing option you have in the app (and really, the only one you need). If you need to crop anything out of the image, you can do that before saving. Lens is good at finding the edges of what you scan, so you probably won’t need to unless you only want to save part of what you’re scanning.
- Save or share your scan: Your scan can be saved in multiple places and in multiple formats (more on that below).
That’s it – incredibly simple to use and the scans turn out great. Check the end of the post for some examples.
You can export to OneNote, OneDrive, Word, Powerpoint, PDF, Mail or your photo library.
2. You can share with multiple programs, like OneDrive and OneNote.
Another reason we’re using Lens is the ability share or save our scans with programs we’re already using like OneNote, OneDrive, Microsoft Word, Microsoft Powerpoint and email.
This is a huge help for saving meeting notes. I keep all my notes in OneNote so I can access them across devices. In meetings, though, I like to write with pen and paper or on a white board. With Lens, I can scan those notes then access them anywhere and export them directly to OneNote. If I need to share my notes, I can immediately share with my team with a public OneDrive or by emailing them.
The ability to export to OneDrive is a big selling point for us, too. Our team uses OneDrive in place of saving documents to our computer, so being able to export scans directly to where we’re already storing everything without having to go through a multistep process is huge.
3. It reduces the need for a physical scanner.
No, Office Lens isn’t going to be replacing your scanner if a large part of your job is scanning multipage documents. But for a lot of people, Office Lens can reduce the need for a physical scanner.
At PTG, our main scanner is connected to our office manager’s computer since most of our employees don’t need to use one on a regular basis. That meant that when an employee did need to scan a document, both of their work days were interrupted. We’re now using Office Lens. Sure, was a small pain point, but we’re fans of anything that make our work day more productive.
Here are some examples so you can see what your scans will look like. The image on the right is the angle we scanned from and the image on the left was the final results. Click the image to expand to full size.
For many, business email is a pain point. We all get too much email and finding what you really need can be a hassle. Microsoft Outlook has several features built in that can make it easier on you: Quick Steps, Categories, and Search Folder. Using these features individually or combining them can free up a few minutes of your day and make email just a little less painful.
Categories are a great way to sort your emails within Outlook, allowing you to tag an email with one or more keywords.
To apply a category to an email, right click on the email and look for the ‘Categorize’ option. Click on a category to apply it to that message. You can rename your categories by choosing the ‘All Categories’ button.
Categories can be used alongside folders. One way to use these together is to great separate folders for specific clients, then use categories within the folders to organize the types of emails. You could use blue for contracts, yellow for invoices, etc.
Quick Steps are very similar to Outlook Rules. It’s the same functionality (applying an action to an email), but Quick Steps allow you to choose when to apply an action, rather than applying the action automatically.
To use Quick Steps, Select the message you want the Quick Step to apply to and click which Quick Step you want applied. Quick Steps are located in the top pane of Outlook.
To create or modify Quick Steps, click on the drop down in the bottom right corner of the Quick Steps box and choose ‘Manage Quick Steps.’ From here, you can view existing Quick Steps and create new ones. You can choose from default options like flagging for follow up, forward to a particular person, categorizing the message or create your own custom Quick Steps.
Search folders are a quick way to find the information you’re search for regularly by letting you save searches. Say you’re searching for emails from a particular person: Instead of typing in the user’s name at the top of your inbox, you could create a search folder with that same criteria.
To create a new search folder, right click on ‘Search Folders’ in the left pane. Then all you have to do to perform that search is to click on the search folder.
Recently, I was working on an article on my iPad that needed a specific word count. I didn’t have access to my Surface since I was traveling and needed to get the article out the door ASAP.
Since I am an Office 365 E3 user, I have access to the full version of Microsoft Word on the iPad. The word count on my PC is visible – but I had to hunt for it on my iOS device.
Go to the Review Ribbon and choose the second icon over (the icon with lines and “123″). It will show you pages, word count and even characters!
I have sounds turned off for my Outlook desktop client because I don’t like the interruption for my train of thought. Recently, I was working in the web version and couldn’t figure out where to turn the sounds for new mail off in Outlook Web App. I looked in options for OWA – but it wasn’t there.
After a little more tinkering – it’s actually in Office 365 Settings.
From here – go to notifications to set your notifications for mail and calendar reminders.
I have mine set to show the notification – but not to play the sound. Finally some peace and quiet!
End of Service
With the speed of advancement in technology, keeping up with the latest and greatest machines isn’t always feasible or practical for many companies – especially if what you’re using now is working for you. But if what you’re using now reaches end of service, there can be major headaches for you and your business.
On July 14, 2015, Microsoft Windows Server 2003/R2s will reach End of Service. To be clear, this means Microsoft will end all support for the servers. This has several implications for your business:
If your business is still running on Windows Server 2003, you’ll need to migrate your to newer servers or to the cloud before July 14. If you are unfamiliar with what to do, this can sound like a scary process. But with a plan in place (and the right IT partner), migrating your data is a painless process. The basic structure of your server migration plan will look like this:
Make an inventory list of all of your software and workloads running on Windows Server 2003/R2 that will need to be moved to new servers. This step is essential to ensure no servers slip through the cracks. It’s easy to forget about an old print server that only gets used by a couple of people - but it can still leave you vulnerable.
Categorize and analyze the applications and workloads you cataloged based on factors that will help you make informed choices about priorities and urgency. There are several different ways you can categorize your applications and workloads: by type, how critical they are, complexity and risk.
Identify the right migration destination (Microsoft Server 2012 R2, Microsoft Azure or Office 365) for each application and workload. Different workloads and applications logically lead to certain targets. Your choice will likely be driven by factors such as speed, ease of migration, cost, and desired functionality.
Make the move to your new server(s).
If you are still running any Windows Server 2003/R2 machines, even if it’s working for you right now, we urge you to start making a plan to migrate as soon as possible – before your company’s security or compliance is at risk.
Easing the cost
Microsoft has made some funding available to companies still running Windows Server 2003 to ease the cost of assessment for upgrading to new equipment. We can help you make sure your business meets the qualifications so you can claim your funding and get your migration started.
I was working with a customer last week who wanted an easy way to see all users (internal and external) who had access to their SharePoint site. There are several ways to do this – but the easiest way to see all users is by following the process below. This does not show which security groups the users belong to, it just shows what users have access to the site.
At the Site Collection level go to Settings->Site Settings:
Then go to People and Groups
You will get dropped out to the Group Membership page – change the number on the end to 0. (In the example below, it’s defaulting to 8.)
Once you change this to zero – you can easily see the names of every user who has access to this site collection.
A year ago, you never would’ve seen Microsoft develop software for any platform other than PC or Windows Phone. Microsoft was ‘all in’ on Windows. Other than the Surface, their mobile offerings have gone largely unnoticed by customers, who prefer the Android or Apple ecosystems for mobile.
Microsoft hasn’t given up on Windows as a mobile platform and Windows 10 will see their vision come to fruition. In the meantime, they’re spending at least some development efforts on going where the people already are: iOS and Android.
13 new Microsoft apps just for iOS (iPhone and iPad)
Steve Ballmer once famously quipped that the iPhone was ‘just a toy.’ You could get no ‘real work’ done on a mobile unless you were a very small organization who had all of their apps in the cloud, had zero complexity in your workflow, or were willing to accept a substandard experience.
This is rapidly changing. In just the past 6 months, Microsoft has released or updated these apps just for iOS:
- OneDrive and OneDrive for Business
- Office 365 Message Encryption Viewer
- Intune Company Portal
- Power BI
- My Microsoft Apps (a single sign on portal)
Just a few days ago, Microsoft announced AT&T Mobile Office Suite, a cloud-based bundle of apps (including some of the above) and services available on Windows, iOS and Android devices aimed at making it easier for employees to get work done from their phone.
Outlook for iOS and Android
One of the newest releases from Microsoft is the Outlook app for Android and iOS devices. This app is similar to the existing OWA app and will eventually completely replace it.
The new app is built specifically for mobile devices making for a much better user experience. With the new app comes new and updated features. Here are some of our favorites:
Customize swipe gestures
In the new Outlook app, you can customize swipe gestures in your inbox, allowing you to quickly and easily take advantage of the actions you use most. Some options include:
- delete messages
- flag the message for follow up
- mark a message as read or unread
- mark an email as archived
- respond to an email with a meeting invite
Another feature is the ability to ‘schedule’ an email. This serves a similar purpose as flagging an email for follow up, but works a little differently. When you schedule an email, it’s temporarily removed from your inbox and reappears at the time that you designate. It stays in a separate “Scheduled” folder if you need to access in the meantime.
We’ve found this useful for a few reasons:
- Getting the email at the time you’ve scheduled is a reminded to take action on it at a more convenient time for your schedule. Yes, you can set reminders on emails you flag for follow up from your desktop, but scheduling is the much easier option on mobile.
- It prevents distraction. By scheduling the message, it’s removed from your inbox, so you can focus on your current task. Out of sight, out of mind.
- It’s really, really easy to do. Scheduling an email is one of the default swipe gestures in your inbox. All you have to do is swipe right on the message and pick a time (in a few hours, this evening, tomorrow morning or a specific time of your choosing).
We’re also loving the vast improvements made to scheduling meetings. Unlike the email applications native to most phones, the Outlook app allows you to send your calendar availability to a recipient. Through the Outlook app you have the ability to view the meeting invite, reschedule, or check the attendance status of a meeting.
One of the best features of the new Outlook app for the IT minded crowd is the ability to remotely wipe it. The difference from other apps is that it’s a selective remote wipe. It only deletes the Outlook app’s information leaving the rest of the user’s device intact.
If you haven’t made the jump to the new Outlook app, we recommend it. Although the OWA app doesn’t have an exact EOL date, the Outlook app will be replacing it in the next few years. Microsoft doesn’t plan to schedule anymore updates to the OWA app but will be releasing updates to the Outlook app every few weeks.
If you’d like to learn more about how you can use these apps in your business – please reach out. Remember – if you are an Office 365 Customer – you most likely have SharePoint available for free!
A 2014 article from the Wall Street Journal states, on average, there are 394 cloud apps running inside companies! With all those apps in use, it can be heard to keep up with various subscriptions, renewals, and costs. (We aren’t even going to go into the security risks associated with this many apps!)
So a frequent question we get from customers is: “What happens to my data in Office 365 if my subscription accidentally lapses?”. This is a great question, and Microsoft has a very liberal policy on non-payment.
You can find the full language at this link, but in a nutshell:
What happens if a customers does not renew?
If a customer does not renew, they have a 30 day grace period when they can continue using the service. After that point, they have another 90 days when data is held, but functionality is severely reduced. The customer can reactivate the subscription at any time during this period and the billing will be retroactive from the expiration date. After the 120 days, the data is deleted from Microsoft servers.
(Emphasis added was our own!)
So Microsoft will keep your data up to 120 days from the time your subscription lapses (but we recommend you get on auto pay to avoid the risk!).
This document is specific to Open Licenses for Office 365 but the policy also applies to subscriptions purchased through the Microsoft Subscription Advisor program.
Hat Tip to Todd Sweetser – the best Partner Technical Strategist at Microsoft.
Today’s Post is from Zack Moody, Security Engineer
In last month’s customer newsletter, I gave out a few basic nuggets that I noticed walking through an airport, but this entire series in a nutshell is ‘Cyber Safety.’ In this post I thought I would dive a little deeper into one of the topics of discussion from last month’s article, ‘Choosing the right password’.
Protecting your identity
I think we all talk a pretty good game about thinking before we speak or not reacting so fast, but do we really think before we click? The world has become a super busy place, and with information at everyone’s fingertips, it’s only getting worse. However, we need to make ourselves take the time to make safe decisions online. Are we sure about where that link or URL is going to take us? Does that attachment in the email from your cousin’s neighbor look fishy? What about those forms you fill out for some new trial of anti-aging medicine? How about using ‘iloveyou’ as your banking password, instead of taking the time to type out something a little more complex? Is that time saved really worth the possibility of having your accounts drained or identity stolen?
Password Testing & Manager Tools
One of the easiest forms of protection, yet widely overlooked, is your common password. Yes, I said it! Some people cringe at the sound of passwords…just another something that I have to remember and keep up with! A strong solid password is your front line of security against compromised data. Here a few places to test the strength of your password…give it your best shot:
How many accounts do you have that require a password? I am sure that list gets longer and longer every week. How many of you use the same password and/or username for each of those sites? Not good…if that attacker can get into one account, more than likely they can get into the other with a little bit of research. How about using common names for passwords? In a 2013 study by Google Apps, your current pet’s name hit the number one spot! How frequently does your pet pop-up on Facebook or Instagram? Some others that made that list were place of child’s birth, child’s name, and favorite holiday destination. The best practice is to pick a unique password for each account, but wouldn’t that get even harder to keep up with? Why not make it easier on yourself and get a password manager!?
These are some of the best. Not only do they store your passwords and credit card numbers for any site, but it also has a super-secure complex, password generator.
When creating passwords, you probably know to mix regular characters with digits and punctuation. However, when acceptable, are you using spaces and underscores to construct phrases or even full sentences? Please do not get suckered into substituting letters for numbers and think that it’s a secure password! We all know that trick, so don’t you think that savvy hackers know it to? Not always are you going to get a site that gives you much freedom, but when you do…go crazy! The key here is that it won’t take you much longer to type out a long complex password than it would a simple one. However, it will take a malicious hacker an extremely long time to crack. By just using eight characters you could generate 6.1 quadrillion password combinations, according to research by Paul Lee at Deloitte. However this still does not give you a one up on how quickly super computers can sort through them. Research done at a password conference found that running password-cracking software distributed across five strong servers, were able to sort through 348 billion password combinations a second. At this rate they said a 14-character Windows XP password would be cracked in just six minutes!
As technology gets more advanced and computers get faster, the time it takes to break a password will get much easier. Biometric identifiers will become closer to the average user implementation and less expensive. With some Biometrics being biologically impossible to re-create, that will be become the new key to securing your data online.
Most Common Passwords of 2013
This is a list compiled by SplashData of stolen passwords and shared online by malicious hackers:
In the next article, we will discuss passwords a little more as something you know, but combined with something you have…Multi-Factor Authentication. I hope this has been informative for you, and as always, if there is anything you would like to know or hear about in the next or upcoming segments, then feel free to reach out to me.