Protected Trust Blog

Stay up to date with our most recent news and updates

Is Microsoft Teams Right for Your Business?

As a business that currently uses services such as Microsoft email, PowerPoint, and/or Excel, you may have already heard about Microsoft Teams. If you haven’t, or are unsure if it’s the best solution for your needs, we’re here to break down the basics. By outlining some of the top Microsoft Teams features, you’ll be enabled to make a well-informed decision about whether or not this tool is a suitable solution for your business’ needs.

Most Popular

Why Software is Moving to a Subscription Model, and Why It’s a Good Thing

Microsoft Office
Over the past five years, you may have noticed that more and more software is moving away from being a “one-time purchase” and shifting to a subscription-based service model instead. While, at first glance, this may appear as a tactic to get more money out of you, it also offers numerous long-term advantages. Gartner reported that, “By 2020, more than 80% of software vendors will change their business model from traditional license and maintenance to subscription.” Microsoft has caught on to this trend. Software Subscription Model vs License When Office 365 first launched in 2013, this subscription-based version of Office was available for the general public to use. Many people were confused—they saw Office software as something you bought one time. Then, only if they wanted or needed access to the latest functionality, they could pay to get the latest year version (such as Office 2019). However, this all changed with the introduction of Office 365 Home/Personal and Office 365 Business Premium. This new subscription-based software model surpasses the old version of the Office business enterprise software in several ways. As a business, if you want to stay competitive, efficient, and keep your data secure, you should embrace this change. So, this isn’t something you’re going to be able to avoid as a consumer of software—and frankly, you shouldn’t. Here is a little bit of information about why this change is so exciting. Subscription Software Model Security Recent cyber attacks like Facebook’s infamous data breach or Advent Health Medical Group’s cyber attack that lasted for 16 months are just some of the biggest incidents that have recently plagued the news. One solution for preventing these attacks? Keeping all your devices’ software updated at all times, with no exceptions. After phishing, vulnerabilities in old software are one of the most common ways for criminals to breach your company’s security, and it’s making them serious money (as in BILLIONS of dollars a year from businesses just like yours). Subscription models ensure you’re continuously running the most updated version of the software possible. With a subscription-based software such as Microsoft 365 for Business, the newest security measures are features are automatically updated as soon as they’re rolled out—minus the need to be aware that a new version exists, download it, and manually install it on your devices. Subscription Software & Microsoft Cloud One of the best examples of why this newer subscription-based software model is better than the old way of purchasing software is the massive difference between purchasing software one time, such as Office 2017, and having an Office 365 subscription. They share the name "Office," so it may sound like you are just paying for Office tools such as Word and PowerPoint over time instead of all at once. While you do have access to the whole Office Suite under a subscription-based model, you get so much more with it, too. Because Office 365 is connected to the Microsoft cloud, you’re able to collaborate on files in real time with Microsoft Teams. Do you use a file server or shared drive? Office 365, with its terabyte of storage per user, enables you to chuck that thing in the trash (it’s what we did and you should too). Backup your files? No need to spend time on that anymore. Do you have software that tracks mileage, does your accounting, manages projects, provides group chat, share files, hosts video and voice meetings with screen sharing, manages customer communication, books appointments, etc.? Office 365 combines all of these functions in one platform that you can access from anywhere in the world. By leveraging the Microsoft Cloud to not only provide you with the best suite of productivity software ever made, but a solution you can securely run an entire business with, this subscription-based model becomes a game changer. Automatic New Features Subscription software rolls out features as they are ready, not just when a new version comes out. You used to have to wait between releases of software to get new features; for example, a new version of Word only came out once a year. Not so with the subscription model—when a feature is ready for prime time, you get it immediately without any further effort or investment. Enhanced Scalability With a subscription-based model, your business only needs to pay for the software it actually uses. As your employee count fluctuates during times of seasonal scale-back or booming growth, so too do your costs and software needs. With the ability to exactly pinpoint the software that you need, it becomes less expensive to onboard a new hire when you don't need to pay for their software all up front. Additionally, when an employee leaves their position, you can simply cancel their account rather than letting it sit idle and drain resources. Microsoft's Subscription Software Model As we mentioned earlier, Microsoft is now selling Office by way of a new subscription-based product called Microsoft 365 Business. Why make the switch? It comes down to device management—and this is what has traditional managed IT service providers very nervous. Microsoft 365 Business gives even small businesses truly enterprise-grade device management tools, making once difficult IT tasks easy or simply unnecessary. These tools keep your devices safe and keep the data on your employees' devices from being compromised. If you lose a device or part ways with an employee, you can immediately revoke access or remove just your company's data from that device instantly while leaving everything else intact. In addition to truly enterprise-grade device security, deploying new devices becomes a breeze. Say you spill an extra large cup of coffee on your device, or it falls into a volcano. No problem, grab another one, enter your username and password, and in no time you’ll be back up and running—with all of your applications and data exactly how you left them. Companies that properly implement what Microsoft 365 Business has to offer see their IT demands and costs plummet. Instead of manually installing updates and tediously deploying new workstations, your IT staff can focus on the company’s mission. No longer worried about keeping you up and running, but where you’re running to. Really? If this all sounds like crazy talk, or you’re already ahead of the game and know that you are ready for a truly modern, connected office, give us a call, get a road map, and see how these changes not only bring a ton of value to your company, but can actually save you money. We’re here to schedule an introduction when you’re ready.  

HIPAA: Encryption is NOT Required…What?!?

Email Encryption and Services Healthcare HIPAA News
No, that headline is not a misprint. Contrary to common assumptions, Congress decided that the Health Insurance Portability and Accountability Act (HIPAA) should not—and, therefore, does not—require the use of encryption to secure your patients’ private medical data (aka, electronic Protected Health Information or ePHI). WARNING: IF YOU STOP READING NOW AND SIMPLY DECIDE THAT YOU DO NOT NEED ENCRYPTION, YOU MAY WAKE UP ONE DAY TO THE WORST FINANCIAL AND PUBLIC RELATIONS NIGHTMARE IMAGINABLE. SO, READ ON… Required vs. Addressable: What’s the Difference? Congress adopted two types of implementation specifications in HIPAA—“required” and “addressable.” Those labeled “required” must be implemented, or it will be deemed an automatic failure to comply with the HIPAA Security Rule. On the other hand, those labeled “addressable” must be implemented only if, after a risk assessment, the covered entity (that’s you, if you’re a Health Care Provider, Health Plan, or a Health Care Clearinghouse) has determined that encryption is a reasonable and appropriate safeguard for managing risks to the confidentiality, integrity and availability (CIA) of ePHI. A brief sidebar about the CIA triad: confidentiality protects against unauthorized disclosure, while integrity protects against unauthorized modification or destruction, and availability protects against disruptions to access and use of ePHI. Got it? Now, back to our story… However, if you determine that encryption is not reasonable and appropriate (think about this carefully), then you must document your rationale for that decision and do one of the following: Implement an equivalent alternative to encryption that is reasonable and appropriate; or If safeguarding ePHI can otherwise be achieved, then HIPAA even allows you to choose not to use encryption or any equivalent alternative measure, provided that you also document the rationale for this decision. [1] Shocking, isn’t it? Now, if you’ve thought about that carefully, you’re probably wondering something along the lines of: “What if HHS audits me and they don’t agree with my carefully documented rationale for deciding that encryption is not reasonable and appropriate to protect my patients’ private medical data?”  Perfect question! And therein lies the problem. It is difficult to even imagine a situation where it would be “reasonable and appropriate” to decide not to use encryption to protect ePHI. So, even though HIPAA does not literally require encryption, it effectively requires encryption because there is no reasonable and appropriate alternative for protecting ePHI. In other words, when it comes to using encryption to protect ePHI, there is little (if any) difference in Congress labeling it as “addressable” rather than “required.” Not using encryption is simply too risky for your patients’ ePHI and, therefore, even riskier for your business. Encryption: HIPAA’s Data Breach Safe Harbor Under the HIPAA Breach Notification Rule, there are essentially two types of ePHI—unsecured (i.e., unencrypted) and secured (i.e., encrypted). Under HIPAA, every breach of unencrypted ePHI requires you to provide time-bound notifications to: Affected patients; The Secretary of HHS (i.e., the federal government); and/or Prominent local/state media outlets. This, of course, will put you at risk of federal and/or state investigations, fines, possible lawsuits, and the worst kind of public relations disaster imaginable. This will almost certainly result in lost business and consumer trust. But there is good news… no… GREAT NEWS! Under the Breach Notification Rule, encrypted ePHI that is “breached” (e.g., lost, stolen, or accidentally/intentionally sent to the wrong recipient) is not considered a breach at all. How? Because ePHI that is encrypted cannot be read or otherwise used without the key(s) required to decrypt it. So, if you use it, encryption is your lawful HIPAA-endorsed safe harbor against everything you want to avoid in the event of a breach of ePHI. Going back to our previous segment, even if you somehow came up with that rarest of all situations—where using encryption to protect ePHI was not reasonable and appropriate, you still need to use it because doing so gives you a complete “out” when the worst of all possible ePHI scenarios—a data breach—occurs. In summary, although HIPAA does not literally require encryption, Congress nonetheless has effectively mandated its use because: It is all but impossible to think of a real-world situation where encrypting ePHI is not reasonable and appropriate; and If you choose not to use it, you are exposing your business to a plethora of regulatory, legal, public relations, and/or financial risks that are easily avoidable by simply using encryption. Encryption with Microsoft Software Security is an enormous concern for businesses in any industry—but especially in those that deal with confidential and sensitive information, such as healthcare. So, what steps can your health care business take to protect itself? You can start by ensuring the software and collaboration tools your healthcare providers and employees use have robust security measures, especially when it comes to stored medical files and sensitive communications (such as sending a patient’s records between medical professionals). With a subscription-based, continuously-updated software like Office 365 Business, all tiers come equipped with data encryption, both for data at-rest and in-transit. This way, even if a data breach does occur, malicious users will not be able to understand your data without further hacking  capabilities. With Office 365 for Business, there is no need to worry about data encryption or even make a conscious decision about it—all of your communications and data through Teams and Office 365 will automatically be encrypted. Additionally, as long as you can connect to the subscription-based business enterprise software’s server, you will always have the latest security patch for the software. Office 365 security even goes a bit beyond simply applying patches to fix security vulnerabilities. If your business is utilizing the Premium tier of the software, users will also get: Enforced multifactor authentication for users; Region-based data residency; and Phishing email protection (in the Outlook tools). These Microsoft Office security benefits help to safeguard the business against cybersecurity breaches and have peace of mind that your confidential data is always encrypted. To set up Teams and Microsoft 365 for Business so your healthcare organization can experience data encryption, reach out to the team at Protected Trust today. Sources: [1] See: 45 CFR § 164.306(d)(3) detailing the difference between “Addressable” and “Required” implementation specifications at http://www.ecfr.gov/cgi-bin/retrieveECFR?n=sp45.1.164.c#se45.1.164_1306; 45 CFR § 164.312(a)(2)(iv) labeling encryption and decryption as “Addressable” at http://www.ecfr.gov/cgi-bin/retrieveECFR?n=sp45.1.164.c#se45.1.164_1312; and the HHS HIPAA Encryption FAQ at http://www.hhs.gov/hipaa/for-professionals/faq/2001/is-the-use-of-encryption-mandatory-in-the-security-rule/index.html

Editor's Picks

Using Microsoft to Optimize Business Operations—Beyond Email

If your company has seen success using Microsoft Email, we’ve got good news for you. Microsoft ...

What is Microsoft’s Surface Hub 2 and Why Should You Care?

On April 17, 2019, the Microsoft Surface Engineering team released a video unveiling Microsoft’s ...

It’s your complete office in the cloud.

We have helped leaders at the most influential companies over the last 20 years remove complexity from technology while empowering people to connect from anywhere.

Schedule a Call

Benefits of Office 365 Business with a Software Subscription

When Office 365 first launched in 2013 (effectively replacing the Business Productivity Online ...

HIPAA: Encryption is NOT Required…What?!?

No, that headline is not a misprint. Contrary to common assumptions, Congress decided that the ...

Dial for Microsoft Surface is Effective Simplicity

If there is one car trend I hate more than everything turning into a crossover, is the loss of nobs ...

Exclusive: New email malware detection can outperform the top 60 antivirus engines

Researchers at the Ben-Gurion University of the Negev (BGU) Malware Lab in Israel have developed a ...

Microsoft Whiteboard is a dead-simple way to brainstorm with your team

Using Microsoft Teams in a Law Office

Maybe you’ve heard of Microsoft Teams, or perhaps you haven’t. I could spend a few paragraphs ...

Microsoft Teams coming to U.S. Government Cloud users starting July 17

Microsoft will start rolling out Teams to its U.S. Government Cloud customers on July 17.

Microsoft just pulled the coolest new Windows 10 feature from its beta

Microsoft Brings the Fluent Design to Office 365 For a Cleaner & Easier Interface

Starting today Microsoft is bringing the Fluent Design from Windows 10 to Office 365. This design ...