Lacking privacy laws aid growing CISO role in data privacy management

PROVIDENCE, R.I. -- According to a group of data privacy experts, enterprise information security teams are increasingly being asked to take on challenging data privacy management responsibilities, but technicalities in outdated data privacy laws are helping diligent organizations avoid legal entanglements.

It doesn't take 9,000 words to protect your privacy.

Steven J. McDonald,
Rhode Island School of Design, on Facebook's privacy policy

"There are many things we want to do in our lives simply without being intruded upon," said attorney and author Robert Ellis Smith, one of several speakers at a colloquium held by Brown University's Information Security Group, marking National Data Privacy Day on Jan. 28.

While Smith said individuals' greatest privacy threat is the government's ability to track people in real time using cell phones, GPS, ATM transactions, automobile toll systems and the like, companies are increasingly pushing the envelope on personal data collection. He noted that Facebook Inc. founder Mark Zuckerberg and Google Inc. Chairman Eric Schmidt have disparaged privacy in an effort to downplay their companies' growing efforts to collect and monetize the often-private information their users share.

Attorney Steven J. McDonald, general counsel for the Rhode Island School of Design, said Facebook is the perfect example of a company that claims to care about the privacy of its users, while its actions suggest otherwise.

For instance, McDonald said the company goes to great lengths to publicize the privacy choices it provides its users, but in order to effectively safeguard their data, users must decipher well over 100 specific privacy options, which Facebook changes often.

Similarly, the company makes its privacy policy difficult to read and understand. McDonald noted that in 2005, Facebook's privacy policy was 1,000 words long. As of 2010, it had grown to 5,830 words; more than 1,000 words longer than the U.S. Constitution. Today, Facebook's privacy policy tops 9,000 words.

"It doesn't take 9,000 words to protect your privacy," McDonald said.

Enterprise CISOs and data privacy management

From left: Steven J. McDonald; Robert Ellis Smith; David J. Sherry. Photo credit: Eric B. Parizo

Brown University CISO David J. Sherry said he is among the many CISOs he knows whose organizations have charged them with data privacy management duties in addition to the traditional responsibilities that come with information security management. Despite an industry trend among large organizations to install a chief privacy officer to work alongside the CISO, Sherry said he's embraced managing both disciplines.

"Back when I first got into information security, it was about building a firewall and installing anti-malware. Now, it's a broader risk management environment. Privacy is just another new thing that's emerging," Sherry said. "Holistically, the way security and privacy officers think, it's the same mindset: It's all about protecting data."

Sherry said he's sought to augment Brown's information security program with new wrinkles that address data privacy. For instance, the Ivy League school's executive committee now holds a regular meeting that focuses on ways to foster processes that emphasize data privacy throughout the organization.

One of many byproducts of those discussions is the manner in which Brown now evaluates third-party contractors. Even when arranging something as seemingly inconsequential as a paper mailing to students, Sherry said that printing companies are queried about their backup capabilities, business continuity plans, and asked to provide assurance that sensitive data will be used properly and then returned or destroyed.

"Privacy is now a showstopper. If a contractor pushes back on us, we say we don't want to do business with them right now," Sherry said. "You'd be surprised how often they're willing to take another look" at their contract requirements.

Weak, outdated laws ease data privacy management

Fortunately for enterprises -- and unfortunately for consumers -- the weak and outdated jumble of privacy laws in the U.S. often help limit a private organization's liability when managing data privacy.

McDonald said privacy is regulated by the 4th Amendment, by acts of Congress in the Electronic Communications Privacy Act (ECPA), the Family Educational Rights Privacy Act (FERPA), and a variety of federal and Supreme Court decisions. Yet, these laws and decisions often contradict themselves, even in fundamental matters such as the definition of an electronic communication.

What makes all that moot, McDonald said, is contract law. By using legal disclaimers and privacy policies, and requiring consent on the part of users and customers, organizations can bypass virtually all laws on the books today instead of falling back on the private contract laws first created hundreds of years ago to forge legal agreements between two parties.

In other words, as long as someone has consented to grant an organization use of his or her data, whether they realize it or not, an organization can greatly limit its legal liability in the realm of data privacy.

"When it comes to contract law, consent is a defense," McDonald said. "We are giving up our privacy through contracts and ignoring any pretense of privacy law. It's really kind of a depressing scenario at this point if you care about legal protections for privacy, because there really aren't any."

Still, the speakers advocated for organizations to be good stewards of data privacy. Smith encouraged enterprise privacy managers to undergo their organizations' business processes as an outsider, such as calling the customer service line or using its website, to evaluate how it handles privacy in specific, real-world business situations.

"The 'golden rule' always works," Smith said. "See what it's like to be a customer. That'll give you perspective."

McDonald advocated for the concept of privacy by design, namely investing in what's needed to affirm data privacy when business processes are created and systems are built. He said fixing data privacy problems after the fact is always harder, more time-consuming and more expensive than planning for it beforehand.

"It's a pain… but if you think about it," McDonald said, "It's not that hard most of the time."




Online Shopping is on the Rise: 4 Tips To Ensure Your Small Business Is Ready

Customer shopping behavior is changing, thanks to the escalating popularity of smartphones. People are gradually moving toward using their cell phones for everything, including shopping.

Up until recently, businesses needed only worry about setting up an online shopping site with easy-to-use checkout options and e-mail confirmations. Preparing a shopping site for mobile shopping is an all new proposition, with businesses challenged to optimize a shopping experience for tiny smartphone screens and touchscreen keyboards.

According to the New York Times, spending via smartphone increased 81 percent between 2011 and 2012, with total spending equaling $25 billion worldwide. This massive increase could be in part due to the fact that more users than ever are tossing out PCs and laptops in favor of tablets and smartphones as their sole computing devices. With so many users gravitating toward these devices, it’s more important than ever that small businesses develop a strong mobile strategy that includes easy online shopping. Here are a few tips to help beef up your mobile strategy to help out these customers.

  • Avoid mobile frustration. Customers expect mobile sites to work as well as the web version. In the past, frustrated shoppers would simply set a device aside and complete their shopping on a PC or laptop. Once a consumer only has mobile devices, this is no longer an option, increasing the likelihood your customers will leave your site in favor of a competitor with an easy-to-use mobile shopping site.
  • Save payment information. Entering credit card numbers on a smartphone or tablet can be an exhausting experience. Large shopping sites like Amazon are able to give customers one-click ordering technology, thanks to stored credit card information. You’ll have to ask the user’s permission and make sure your security is to the strictest industry standards, but for customers who agree, make ordering as easy as possible to maximize purchases.
  • Use technology tools. Services like Shopify are designed to translate e-commerce websites to mobile shops, complete with shopping cart technology and 128-bit SLL encryption. These services charge monthly fees and transaction fees, but for small businesses, this may be a great alternative to paying expensive hourly fees to software developers.
  • Think outside the box. Consider different ways to combine your various purchasing options to work together. If you’re a bricks-and-mortar location, QR codes can allow customers to easily order items online that may be out of stock in your store. Offer free shipping to these customers to help compensate for the inconvenience. Promote your new mobile shopping experience to customers who visit your store and website. If you offer products or coupons via catalog or print mailers, include QR Codes to take customers directly to your mobile store, where htey can buy the items.

As the New York Times pointed out, those who use tablets are more likely to be online while in a shopping mood. Tablet shoppers may use tablets while lounging on the sofa, increasing the chance they’ll happen on something they want to buy. By making this kind of shopping easier, you’ll ensure your loyal customers can make those purchases before they forget about them.

For an informative radio interview about what your small business needs to do to develop and nurture a mobile strategy, click here.



3 iOS Screen-Sharing Apps To Die For

For a long time, the laptop has been the pinnacle of productivity, enabling people like you and I to communicate and share in the beautiful experience of the information superhighway. After the introduction of the tablet, the laptop has slowly been gaining the reputation of being impractical to carry around. However, there were still some very strong reasons why one would still want to lug around one of these devices. For one, you can’t share your screen so elegantly on a tablet as you would on a laptop, right Wrong!

Let’s have a look at three of the most revolutionary screen-sharing apps for iOS!

  • join.me - This web service offers collaborative screen sharing for all sorts of platforms. With the free version, you get to share your screen and files to up to 250 viewers. To use the iOS app, however, you must get the “pro” version, which costs slightly under $20 a month. The cost is cut nearly in half if you pay an annual sum. Aside from the big perks, you also get internet calling, file sharing, and instant chat. The platform is easy to use and elegant. It’s a good app for people who don’t want bloated learning curves.
  • Air Sketch - This nifty little app will turn your tablet in to a fully-functional whiteboard with many different features such as multiple pages. You can set the background of the board to something from your image library, use any of five different drawing tools, and open PDFs, all within an environment that shows actions as they take place in real time. This kind of collaborative user-friendly whiteboard app will turn your meetings into the mediums for the exchange of creative ideas!
  • Conference Pad - If you’re looking for something with a couple of modest features that gives you clarity and lets you just present a PDF with a couple of taps on the screen, you need not look any further than Conference Pad. This app prides itself with how it handles zooming, allowing you to zoom into aspects of your presentation without sacrificing image quality. Besides that, it’s a run-of-the-mill presentation app that serves its purpose with near perfection.

Now that you’ve got three new toys to tinker with, I’m just wondering why you’re still reading this. Get out there and test them out! Make sure you try stretching each app to its limits to get a grip on what it can really handle. Happy conferencing!



3 Photo Apps to Optimize Your Social Media Posts

According to a study by Internet marketing company Hubspot, Facebook posts with images attract 53% more “Likes” and 104% more comments than posts with links or text only. For businesses, this means including an image in every post in order to increase engagement and thus brand reach.

To spice up the images in your social posts, check out the  mobile photo apps below. Do you use any of them Which other image apps do you recommend

1. Diptic for photo collages: available for $0.99 on iOS and Android


Diptic is my favorite photo collage app for several reasons. The app allows you to choose from 165 collage layouts, customize the frames, apply filters, add text captions, and edit basic photo elements like brightness and saturation. You can upload photos from your phone’s camera roll or pull from your Flickr or Facebook albums. Once you’ve finalized your collage, Diptic produces a very high-resolution photo that you can share to your social networks.

2. Photosynth for panoramic photos: available for free on Windows Mobile and iOS

stanford stadium3

Powered by Microsoft, Photosynth is a panorama photo app that allows you to shoot multiple perspectives of a given scene. In the photo above of the Stanford University football stadium, I shot from left to right to create a panoramic image, but you can also snap photos from any direction, e.g., up and down or no direction in particular. The app is a bit tricky for snapping seamless panoramic views but with practice, it gets easier. Once you’ve completed your panorama, you can share it to your social networks

3. Red Stamp for photo greeting cards: available for free on iOS

RedStampI’ve been a longtime fan of Red Stamp Cards, an app for creating personalized photo cards, holiday greetings, notes, invitations, and announcements. Red Stamp can be a great business tool, e.g., for thanking your customers. Send cards â€" with or without photos â€" electronically via email or social networks.



Small Business Events Roundup: InfusionCon, GROWCO, Crowdopolis NYC + More - January 28

Welcome to this week’s roundup of events, conferences and webinars for growing companies and entrepreneurs, brought to you every other week by Small Business Trends and Smallbiztechnology.com.

Get a jump on the new year and register for one or more of these great conferences, webinars and seminars in 2013.

If you are organizing a great event that small businesses should know about or just attending one, please let me know about it.

******

2013 Women Entreprenuers’ Small Business Boot Camp
February 7-9, 2013, Scottsdale, AZ

Join ASBA and Women Entrepreneurs Small Business Boot Camp to soak up the knowledge and experience of fantastically successful local business experts who will share relevant, valuable tricks, tips and tools to help your business grow and make money.

Crowdopolis New York 2013
February 27-28, 2013, New York City

Learn how Fortune 500 Corporations are using crowdsourcing to out-innovate, out-process, & out-engage their competition. Companies like GE, Microsoft, Walmart, eBay & many others.

Produced by the leading voices in crowdsourcing, David Bratvold and Daily Crowdsource, Crowdoplis was created to show both corporate leaders and small businesses that crowdsourcing is replacing outsourcing to translate millions of words in mere minutes, invent products that sell out before any costs are incurred, and create national award winning TV commercials for $20.


SMX West
March 11-13, 2013, San Jose, CA

The landscape of search and search engine marketing changes constantly.
To keep up, stay ahead, grow your business, and get more (and better) traffic to your site, you need the right help.
Search Marketing Expo is a conference that offers more than 50 cutting-edge sessions (as well as invaluable networking opportunities) covering the search marketing strategies and tactics you’ll need to thrive in 2013 and beyond.
Whether you are a beginner or a search marketing expert, whether you work at (or with) an agency or manage search marketing in-house, SMX West has programming to fit your needs.

InfusionCon 2013
March 27-29, 3013, Scottsdale AZ

InfusionCon is a must-attend event for all Infusionsoft customers. There are a variety of sessions geared towards business owners, marketing and sales strategists, developers, administrators and more. Session topics cover a diverse range of topics relevant to small businesses, including Infusionsoft training, marketing strategy, social media, company culture, business management, automation, branding, copywriting, affiliate marketing and more.

Social Media Marketing World
April 7-9, 2013, San Diego, CA

Join 1,000 fellow marketers at the mega-conference designed to inspire and empower you with social media marketing ideasâ€"brought to you by Social Media Examiner.

Inc. GROWCO
April 11-12, 2013, New Orleans

Inc. created GROWCO, a three-day conference, for business leaders who want brass tacks advice to achieve the next level of growth. GROWCO speakers include founders and CEOs of fast-growing companies, icons in the business community, and authors of definitive business tomes. Learn how to develop a vision, manage a team, create a brand, get the most for your marketing dollar, connect with customers, close deals, and find capital.

2013 Black Enterprise Entrepreneurs Conference + Expo
May 15-18, 2013, Columbus OH

The Black Enterprise Entrepreneurs Conference + Expo attracts more than 1,200 attendees annually. Entrepreneurs from all over the country come together to take in everything the conference has to offerâ€"from informative sessions, high-powered speakers, networking opportunities, to essential tools for emerging and established entrepreneurs. As the country’s premier business conference and networking event for African American entrepreneurs, corporate executives, and professionals, The Black Enterprise Entrepreneurs Conference is the only venue where leaders of the nation’s largest black-owned businesses gather at one place, one time, and with one purpose.

Web.com Small Business Forum
Various locations and dates in 2013 including:
Lafayette, LA March 21, 2013
Midland, TX April 11, 2013
Valdosta, GA April 25, 2013 … and more

Web.com will be traveling to cities near you during 2013, in partnership with SCORE, for 2-hour sessions designed to help local small businesses learn how to successfully market their businesses online. Various dates and cities during the year. Sessions are free.

The Small Business Expo
May 16 - New York
June 20 - Dallas
October 17 - Boston
November 7 - Los Angeles
January 16, 2014 - Miami

Small Business Expo is the largest nation-wide B2B tradeshow, conference & networking event for Small Business Owners. Business Owners browse & meet in our huge exhibition hall filled with exhibitors showcasing valuable products & services to help their businesses grow, attend small business workshops, seminars & meet-ups, network with other small business owners & entrepreneurs in the cyber lounge & speed networking areas, & watch exciting product demos.

Internet Week New York
May 20-27, 2013

Since 2008, Internet Week has taken place all over the city, thanks to our many partners hosting diverse events in different locations.The result is a critical mass of web-focused events that raises the profile of NYC’s industry as a whole, as well as the partners who participate.

2013 Black Enterprise Entrepreneurs Conference + Expo
May 15-18, 2013, Columbus OH

The Black Enterprise Entrepreneurs Conference + Expo attracts more than 1,200 attendees annually. Entrepreneurs from all over the country come together to take in everything the conference has to offerâ€"from informative sessions, high-powered speakers, networking opportunities, to essential tools for emerging and established entrepreneurs. As the country’s premier business conference and networking event for African American entrepreneurs, corporate executives, and professionals, The Black Enterprise Entrepreneurs Conference is the only venue where leaders of the nation’s largest black-owned businesses gather at one place, one time, and with one purpose.

Internet Week New York
May 20-27, 2013

Since 2008, Internet Week has taken place all over the city, thanks to our many partners hosting diverse events in different locations.The result is a critical mass of web-focused events that raises the profile of NYC’s industry as a whole, as well as the partners who participate.

To find more small business events, contests and awards, visit our Small Business Events Calendar.

If you are putting on a small business contest, award or competition, and want to get the word out to the community, please submit it through our Events & Contests Submission Form. (We do not charge a fee to be included in this listing â€" it is completely free to list your event.) Only events of interest to small business people, freelancers and entrepreneurs will be considered and included.



9 Small Business Marketing Practices Making a Big Splash in 2013

What newer, technology-fueled small business marketing practice do you think is going to make the most buzz in 2013 and why

The following answers are provided by the Young Entrepreneur Council (YEC), an invite-only nonprofit organization comprised of the world’s most promising young entrepreneurs. In partnership with Citi, the YEC recently launched #StartupLab, a free virtual mentorship program that helps millions of entrepreneurs start and grow businesses via live video chats, an expert content library and email lessons.

1. Photos

With visual platforms like Instagram and Pinterest getting so much attention, businesses are going to want to know how to use these to connect with their audiences in more sophisticated ways. This means that marketers will begin posting ‘how to’s', hosting webinars, and selling packages to help them with demand for better brand imaging.

- Caitlin McCabe, Real Bullets Branding

2. Metric-Based ESPs

Metric-based email service providers have really started to come into their own and have become much easier to implement as of late. I’m not talking about just sending emails, I’m talking about sending an email based off of actions your users take. So if they haven’t been visiting your site for a week you can email them saying, “Hey come back!”

- Liam Martin, Staff.com

3. Data-Driven Markteting

2013 will be looked at as the year that marketing became less about the anachronistic “Mad Men” creative types and will instead be driven by the “Math Men” who relentlessly optimize their messaging. Much the way Billy Beane’s stats driven culture change the way baseball operates, you can see the roots of similar transformation in marketing all around.

- Erik Severinghaus, SimpleRelevance

4. Gamification

Forget search engines, social marketing, and paid advertisements. It’s now all about how to influence consumer behavior through game mechanics. Gamification leads to more loyal customers, more customer referrals, and positive brand association, which are current challenges that many brands face. I expect 2013 to be the year Gamficiation consultants become the new “it” title on LinkedIn.

- Jun Loayza, Passport Peru

5. Localized Content

When we think “localized” content today, we think global websites that customize their offerings for each country or market. What marketers will be doing soon is refining that same process for more specific geographic regions. For example, businesses will not only create landing pages for their advertising campaigns, but may deploy IP logic to serve up different versions for each city and state.

- Logan Lenz, Endagon

6. Hypertargeting

Hypertargeting is here, and it’s here to stay. While the Romney campaigns ‘Orca’ system didn’t make the big splash they hoped it would â€" others are faring much better. Companies like Gil Elbaz’ Factual are a testament to this- serving up rich, accurate data to thousands of business eager to understand their customers better.

- Nanxi Liu, Enplug

7. Things That Can Be Meme-fied

Major brands will successfully release ads and images with the express purpose of remixes, memes, and more coming from them. It’s an increasing lack of control â€" but, for the right product/campaign, lack of control can lead to enormous reach.

- Derek Flanzraich, Greatist

8. Personalization

Personalization, the practice of tailoring messaging and choices to consumers based on their unique characteristics or purchase histories, is going to be the shining star of marketing in 2013. Not only does personalization promise higher ROI on advertising spends, now more than ever, there are also new technologies that marketers can deploy for personalizing emails, sites and in-store experiences.

- Doreen Bloch, Poshly Inc.

9. Mobile Tools for Small Biz

I’m anticipating an explosion of mobile tools, especially brandable and customizable mobile apps, to help connect and provide selling opportunities to the digital communities and blog readers of small businesses and independent entrepreneurs in 2013. But whether its big or small biz, mobile will remain a major focus of marketing and business innovation throughout 2013 and beyond.

- Dave Ursillo, The Literati Writers



3 Reasons To Fire Your Web Developer and Build Your Own Website. 4 Reasons You Need A Web Developer.

Wix website service

Wix website service

Last week I used Wix.com , a “do it yourself” (DIY) web development service to build a website.

I’ve used these DIY type of web services a few times in the past but was always dissatisfied with how complicated they were or how they were TOO simple.

The other problem I noticed is that the templates they offered were lacking - not looking to good (or modern) at all.

Wix.com is different and is one of the best web development services I’ve really played with.

Hat’s off to Jimdo, Intuit Website Builder, GoDaddy, Network Solutions and others who also have web building services.

So here’s what I realized as I was using Wix.com to build a web site.

  1. For basic and simple web sites a web developer is not needed
  2. What you need for today’s web sites, is a smart professional with an eye for good layout
  3. You don’t need a web developer who is simply adding plain vanilla WordPress widgets to your blog - you or your staff can do this

So you might then ask, what do I need a web developer for

You need a web developer for their expertise. Here’s the things a web developer (or online agency) should be hired for:

  1. Ensure your web site is optimized for search engines
  2. Once you outgrow a “simple” web site, a good web developer can customize your web site (menus, colors, navigation, speed)
  3. Your web developer can serve as a consultant to help you ensure you reach your online goals (sales clicks track)
  4. Make your web site LOOK good. Sometimes it takes a professional web designer to make a web site that looks great. You can only do so much yourself.

So if you’re paying lots of money for a web developer who is a glorified typist - save your money and fire your web developer. However, if you want to leverage your web site (and other online content) to GROW YOUR BUSINESS (video, ecommerce, social media and more) a web developer can help tremendously.



Become a Marketing Powerhouse With Vocus All-in-One Marketing Suite

Online marketing can be a difficult area for many business owners due to the fact it is a vast field which requires constant attention to ensure everything is functioning properly.  From social networks, email campaigns, and traditional search management, ensuring everything is working smoothly can be a full-time job at times. Fortunately, the leading marketing firm Vocus is now offering an all-in-one marketing suite for small business owners which integrates social, search, publicity, and email, all in one application to streamline the business owners marketing workflow.

In terms of social signals, the Vocus suite allows businesses to pinpoint social media users looking for products similar to what is offered by their company and then allow the company to directly engage the lead. Vocus provides customers with a powerful social media management panel within the suite, which allows tracking of metrics such as word clouds, influential tweeters, tone of the conversations surrounding a brand, and much more. All these features are accessible from a simple to use interface.

Email marketing is another crucial area for virtually all business owners to get solid returns. According to Vocus, in 2011 the average return on investment (ROI) for email was $40.56 for every $1 spent on email marketing. In 2012, email accounted for over $60 billion in sales. Although the market is filled with many tools claiming to offer email marketing services, the marketing suite by Vocus provides an effective way for users to manage subscriptions, target and segment lists, amplify messages, create professionally designed emails, and set up auto-responders while tracking their success.

A crucial  area which the Vocus marketing suite assists with is local marketing. By helping to streamline getting businesses listed on all major local business listing sites from a central location ensures that businesses are visible and  are able to keep the information accurate since Vocus provides control from a single location rather than the usual scenario of a business paying a firm to scour the internet for listing sites and then update the information accordingly.

Finally, Vocus provides customers with the ability to promote their press releases to a network of over 30,000 journalists so when a company launches a new product or service, they are instantly able to get the word out to existing customers and  journalists covering the beats pertaining to the companies offering.

Aside from all these features being packaged in a central website, Vocus also provides users with mobile capabilities allowing them to manage their marketing campaigns while on the go. Does this offering mean that you no longer need to retain a marketing firm to handle your companies marketing efforts Overall the service is very promising and is worth a shot, however as every business is different the decision must be made on an individual basis.



The Best Technology for Small Clinics and Doctor’s Offices

As talk of tablets and Cloud computing hits the small business sector, one industry that is left out of discussions is the medical field. But doctors, dentists, and their staff members need access to the best tools available to serve their patients.

To avoid falling behind the competition, small clinics and medical offices must stay on top of today’s top medical technology. Thanks to a wide variety of hardware and software solutions, even the smallest office can automate processes for more efficient operations. Solutions range from products designed to give the best possible care to apps designed to comply with regulations.

“Medical offices need to reduce costs and improve efficiency and I.T. is one of the vehicles to achieve this,” I.T. security expert Leo Bletnitsky of LBA Networking states. “Many offices I visit have ancient computers and their staff spend hours looking for lost patient charts. This costs the practice real money and now with stringent HIPAA enforcement, can put a practice out of business for not safeguarding patient records and data.”

Compliance with HIPAA regulations is a high priority for any doctors office. As HIPAAAudit.com’s John Brewer says, “For every medical office, HIPAA compliance is one of the most important issues they have to deal with each day. The big deal with this is data security, more specifically, computer security. Every electronic device that touches PHI is now tainted and must be considered a controlled item.”

One software solution relates to the way medical records are transmitted to patients’ doctors. In the current medical environment, medical records are no longer transported back and forth. Medical offices are able to deliver images and video online for demonstrating to patients. This new technology brings a few requirements with it, however.

“With the rise of online medical record and imaging delivery and online video consults, doctor’s offices should have at least one high-end computer that can handle high quality imaging output, video conferencing and 3D rendering,” Tim Lynch of PsychsoftPC says. “The ability to handle 3D virtual walk-throughs will also become increasingly important as medical technology continues to advance. And as diagnostics become more technology-driven, fast, high-end computers will become vital to data analysis in the practice of medicine.”

One thing is clear: for small medical offices filled with rows of filing cabinets, scanning is not only a nicety, it’s a must. “While great strides have been made with electronic medical records, doctor’s offices, clinics and others are still swimming in paper.,” Digitali’s Billy Cripe says. “Clinics and doctor’s offices should seriously consider cloud based storage software paired with a desktop scanner that has OCR capabilities. When these are combined, those necessary but onerous pieces of paper can be easily and immediately scanned by front-office staff then automatically stored in a Cloud-based content archive.”

As Cripe points out, this scanning and storing process frees up office space, protects documents in the event of a disaster, and ensures patient data is safely secured behind firewalls. This, in essence, is the future of medical offices. When combined with Cloud-based patient scheduling and claims software like MediTouch, medical offices can operate more efficiently, while better serving patients.



Two Solutions That Turn Your Smartphone Into A Conferencing System

The fact that companies haven’t focused much attention into creating solutions that take advantage of smartphones and transform them into conferencing systems is kind of puzzling. A vast amount of smart business owners around the globe use smartphones. The trend now is to replace land lines with these portable and easily accessible devices. So, why not also replace land-line-based conferencing equipment with devices that are based on smartphones

So far, two companies have taken the plunge! It’s time to introduce you to a new, revolutionary conferencing technology that will make you throw your land lines out the window in favor of smaller, portable, easy-to-use, and versatile hardware. Here are the two brave souls that have thus far gone through the painstaking process of developing a solution for you:

  • Phoenix Audio Technologies Quattro3 USB, SIP, and IP Telephone - The Quattro 3 MT303 is a particularly intelligent device that attaches itself to your smartphone through an interface cable and lets you establish a true conferencing environment with HD audio. With this device, you get a crisp-quality sound that eliminates the need for you to stay close to your phone to hear or be heard. This device is ideal for conference room settings as much as it is for personal office use. The price tag for the MT303 runs at a bit under $600 with most distributors, and it’s compatible with any smartphone you use that runs iOS or Android.
  • Invoxia’s AudiOffice - With the AudiOffice, you transform your workplace and conference room into a very all-encompassing audio heaven. AudiOffice is basically a dock that attaches to your smartphone, allowing you to place quick calls, switch over to video conferencing, and enjoy some relaxing music when you’re off the hook. AudiOffice is available for $299 and connects directly to any iOS device. It contains an extra port for attachment with other smartphone types. This device, although marketed for the conference room, looks more like an office device because of its aesthetics. Of course, you can be the judge of that!

Creating a friendly environment in which everyone hears one another clearly should be a first priority for your next meeting. It’s crucial to have a portable solution to set up conferences everywhere you go. Just don’t start setting them up in your car! You might spill your coffee.



Online Shopping is on the Rise: 4 Tips To Ensure Your Small Business Is Ready

Customer shopping behavior is changing, thanks to the escalating popularity of smartphones. People are gradually moving toward using their cell phones for everything, including shopping.

Up until recently, businesses needed only worry about setting up an online shopping site with easy-to-use checkout options and e-mail confirmations. Preparing a shopping site for mobile shopping is an all new proposition, with businesses challenged to optimize a shopping experience for tiny smartphone screens and touchscreen keyboards.

According to the New York Times, spending via smartphone increased 81 percent between 2011 and 2012, with total spending equaling $25 billion worldwide. This massive increase could be in part due to the fact that more users than ever are tossing out PCs and laptops in favor of tablets and smartphones as their sole computing devices. With so many users gravitating toward these devices, it’s more important than ever that small businesses develop a strong mobile strategy that includes easy online shopping. Here are a few tips to help beef up your mobile strategy to help out these customers.

  • Avoid mobile frustration. Customers expect mobile sites to work as well as the web version. In the past, frustrated shoppers would simply set a device aside and complete their shopping on a PC or laptop. Once a consumer only has mobile devices, this is no longer an option, increasing the likelihood your customers will leave your site in favor of a competitor with an easy-to-use mobile shopping site.
  • Save payment information. Entering credit card numbers on a smartphone or tablet can be an exhausting experience. Large shopping sites like Amazon are able to give customers one-click ordering technology, thanks to stored credit card information. You’ll have to ask the user’s permission and make sure your security is to the strictest industry standards, but for customers who agree, make ordering as easy as possible to maximize purchases.
  • Use technology tools. Services like Shopify are designed to translate e-commerce websites to mobile shops, complete with shopping cart technology and 128-bit SLL encryption. These services charge monthly fees and transaction fees, but for small businesses, this may be a great alternative to paying expensive hourly fees to software developers.
  • Think outside the box. Consider different ways to combine your various purchasing options to work together. If you’re a bricks-and-mortar location, QR codes can allow customers to easily order items online that may be out of stock in your store. Offer free shipping to these customers to help compensate for the inconvenience. Promote your new mobile shopping experience to customers who visit your store and website. If you offer products or coupons via catalog or print mailers, include QR Codes to take customers directly to your mobile store, where htey can buy the items.

As the New York Times pointed out, those who use tablets are more likely to be online while in a shopping mood. Tablet shoppers may use tablets while lounging on the sofa, increasing the chance they’ll happen on something they want to buy. By making this kind of shopping easier, you’ll ensure your loyal customers can make those purchases before they forget about them.

For an informative radio interview about what your small business needs to do to develop and nurture a mobile strategy, click here.



Microsoft takes new Office to the cloud

Microsoft is selling a retooled version of its Office software to consumers as an online subscription service for the first time in an attempt to extend one of the company's key franchises beyond personal computers.

This week's news release comes six months after Microsoft previewed the new-look Office, which includes popular word processing, spreadsheets and email programs.

"This is a fundamental shift in our business that began a several years ago," Microsoft chief executive Steve Ballmer wrote in a blog post.

The revamped Office boasts touch controls, just like the redesigned version of the Windows operating system that Microsoft released three months ago. The company, which is based in Redmond, Washington, is trying to ensure that its products retain their appeal at a time when people increasingly rely on smartphones and tablet computers instead of PCs.

To tap into that trend, Microsoft is promoting Office 2013 as a program tailor made for using over the internet. All information is automatically stored in Microsoft's data centers, allowing for access to the same material on multiple devices. The content also can be stored on the hard drives of devices.

Yet Microsoft still isn't trying to get Office on the largest number of devices possible. Office 2013 doesn't include an option that works on Apple's iPhone and iPad or smartphones and tablets running the Android software made by Google. That leaves out the majority of smartphones and tablets sold in the past two years.

Microsoft is offering Office 2013 in a US$100 annual subscription package, called 365 Home Premium, which includes online access on up to five Windows devices or Apple's line of Mac computers.

The company believes Office 2013 is currently best suited for Windows devices, said Chris Schneider, Microsoft's senior public relations manager for Office. Microsoft is limiting Office's reach as it tries to grab a bigger piece of the mobile market with its own operating system for smartphones and tablets.

Office will still be sold under a one-time licensing fee that allows the software to be installed on a single machine. Prices for that option start at US$140 and range up to $400. People who don't need the entire Office bundle can buy individual programs such as Word, Excel and Outlook for $109 apiece. Microsoft outlines its pricing options in its online store.

Office 2013 is the first overhaul of the software suite in three years.

The bundle of programs has become a staple on desktop and laptop computers, providing a rich vein of revenue for Microsoft.

The company has reaped most of its Office sales from licenses allowing buyers to install the suite of programs on individual machines, a very lucrative strategy. The Microsoft division anchored by Office generates about $24 billion in annual sales, accounting for nearly one-third of Microsoft's total revenue.

Revenue in the Office division fell from the previous year during the three months ending in December, partly because many prospective buyers have been awaiting the latest version.

Microsoft's stock dipped a penny to $27.90 in Tuesday's afternoon trading. The shares are stuck around the same price as when the company released Windows 8 to great fanfare three months ago. Meanwhile, the benchmark Standard & Poor's 500 has climbed by about 7 per cent.

Besides getting access to the suite's programs, 365 Home Premium subscribers receive 20 additional gigabytes of storage on Microsoft's SkyDrive to supplement the 7 gigabytes that the company gives away to account holders for free. Subscribers also will get 60 minutes of free international calls on Microsoft's Skype service for internet phone calls and video chats.

College students and teachers will be able to buy Office 2013's online product for $80 for four years, which works out to about $1.67 per month. This option requires proof of student status. A variety of Office subscriptions are also being offered, with monthly fees ranging from $6 to $20 per user. More information can be found at: http://www.microsoft.com/en-us/office365/compare-plans.aspx .

The online push reflects Microsoft's recognition that people want access to documents and email on whatever internet-connected device they might have, wherever they may be, whether it's at work, home or a store while running errands.

"The technology needs to be able to move with you," Schneider said.

It's the first time that Microsoft has tried to persuade consumers that a recurring online subscription is the best way to buy and use Office. Microsoft had previously sold online Office subscriptions primarily to small businesses.

"Over time, the majority of the billion plus people using Office will be using the Office 365 service," Ballmer predicted in his blog post.

The attempt to sell online Office subscription to consumers comes nearly seven years after Google unveiled its own internet bundle of word processing, spreadsheet and email programs. Google gives away a basic version of those applications, and charges subscriptions for more sophisticated packages aimed primarily at small businesses.

Microsoft's decision to reshape Office into an online service makes sense, although it may take customers a while to embrace the concept, said Edward Jones analyst Josh Olson. He suspects major companies that rely on Office probably will be among the last users to make the switch.

"This is a good innovation, but the uptake may be slow to begin because it is so different," Olson said.

-AP



US military plans major boost for cyber force

The US plans a major expansion for its cyber security force, increasing the headcount from 900 to 4,900 in the next few years.

The expansion plan by Pentagon officials recognises the growing threat in cyber space. The cyber threat has been highlighted by a string of sabotage attacks, including one last August in which a virus was used to wipe data from more than 30,000 computers at a Saudi Arabian state oil company.

While yet to be formally announced, the enlargement comes at the request of General Keith Alexander, head of the US military’s cyber command, according to the Washington Post.

The expansion plan was approved late in 2012 and is intended to protect national infrastructure such as electrical grids, fortify military networks and support "offensive operations" abroad.

Although the US cyber command was established three years ago, it has largely been occupied with developing policy and legal frameworks, and ensuring military networks are defended.

Current and former defense officials said the expansion plan will allow the command to better fulfill its original mission.

Although generally agreed to by the military’s service chiefs, the plan has raised concerns about how the Army, Navy, Marines and Air Force will find so many qualified cyber security personnel and train them.

A lack of people with the appropriate skills is widely acknowledged on both sides of the Atlantic as being a major challenge to bringing national cyber defence capabilities up to standard.

Last October, the UK government announced a new Global Cyber Security Capacity Building Centre, which will be hosted within the UK’s network of centres of excellence for cyber security.

Currently eight universities which have been awarded this status based on their world-class research capability in this field.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy


Quora Gives Bloggers Built-In Readership

Question and answer site Quora just announced the release of a new blogging platform. Clearly there is no shortage of these around the Internet, but this one is a bit different. Quora plans to take the posts published on its platform and distribute them to users who follow certain Q&A topics.

For instance, if you decide to write about politics, then those who follow political topics on Quora’s Q&A platform have the potential to see your posts in their feed.

quora

The benefit of this to bloggers is to have a built-in readership of people who are interested in your particular topic of discussion. Many entrepreneurs use blogging as a way to reach new consumers or even as a main source of income, so this new tool could provide some help when it comes to building a following, especially in the early stages. But even established bloggers or entrepreneurs could potentially use the platform to reach new people.

Quora has over 300,000 topics that fit into five categories: Business and Tech, Food and Entertainment, Politics and Social Sciences, Health and Life Advice, and Other. So within one of these general categories such as Business and Tech, there are more specific topics users can choose such as startups, science, and entrepreneurship.

So when users choose a topic or topics to follow on Quora, they’ll see both Q&A posts and blog posts within their Quora feed. Users can also search particular topics to find posts that are relevant to their interests at any given time.

This is quite different from traditional blogging platforms in that you can gain an audience for your posts without having a large following personally, though users can also choose particular Quora blogs to follow.

Quora accounts are free and so is creating a blog. Upon starting a blog, you can add topics that fit your blog as a whole, and you can include other topics for each post you create. Currently, there are just two basic themes for Quora blogs so they all look fairly simple, but they include post topics, views, and followers, as shown in the photo above.

Blogs are also visible within Quora’s iPhone and Android apps.




Quora Gives Bloggers Built-In Readership

Question and answer site Quora just announced the release of a new blogging platform. Clearly there is no shortage of these around the Internet, but this one is a bit different. Quora plans to take the posts published on its platform and distribute them to users who follow certain Q&A topics.

For instance, if you decide to write about politics, then those who follow political topics on Quora’s Q&A platform have the potential to see your posts in their feed.

quora

The benefit of this to bloggers is to have a built-in readership of people who are interested in your particular topic of discussion. Many entrepreneurs use blogging as a way to reach new consumers or even as a main source of income, so this new tool could provide some help when it comes to building a following, especially in the early stages. But even established bloggers or entrepreneurs could potentially use the platform to reach new people.

Quora has over 300,000 topics that fit into five categories: Business and Tech, Food and Entertainment, Politics and Social Sciences, Health and Life Advice, and Other. So within one of these general categories such as Business and Tech, there are more specific topics users can choose such as startups, science, and entrepreneurship.

So when users choose a topic or topics to follow on Quora, they’ll see both Q&A posts and blog posts within their Quora feed. Users can also search particular topics to find posts that are relevant to their interests at any given time.

This is quite different from traditional blogging platforms in that you can gain an audience for your posts without having a large following personally, though users can also choose particular Quora blogs to follow.

Quora accounts are free and so is creating a blog. Upon starting a blog, you can add topics that fit your blog as a whole, and you can include other topics for each post you create. Currently, there are just two basic themes for Quora blogs so they all look fairly simple, but they include post topics, views, and followers, as shown in the photo above.

Blogs are also visible within Quora’s iPhone and Android apps.




Two Solutions That Turn Your Smartphone Into A Conferencing System

The fact that companies haven’t focused much attention into creating solutions that take advantage of smartphones and transform them into conferencing systems is kind of puzzling. A vast amount of smart business owners around the globe use smartphones. The trend now is to replace land lines with these portable and easily accessible devices. So, why not also replace land-line-based conferencing equipment with devices that are based on smartphones

So far, two companies have taken the plunge! It’s time to introduce you to a new, revolutionary conferencing technology that will make you throw your land lines out the window in favor of smaller, portable, easy-to-use, and versatile hardware. Here are the two brave souls that have thus far gone through the painstaking process of developing a solution for you:

  • Phoenix Audio Technologies Quattro3 USB, SIP, and IP Telephone - The Quattro 3 MT303 is a particularly intelligent device that attaches itself to your smartphone through an interface cable and lets you establish a true conferencing environment with HD audio. With this device, you get a crisp-quality sound that eliminates the need for you to stay close to your phone to hear or be heard. This device is ideal for conference room settings as much as it is for personal office use. The price tag for the MT303 runs at a bit under $600 with most distributors, and it’s compatible with any smartphone you use that runs iOS or Android.
  • Invoxia’s AudiOffice - With the AudiOffice, you transform your workplace and conference room into a very all-encompassing audio heaven. AudiOffice is basically a dock that attaches to your smartphone, allowing you to place quick calls, switch over to video conferencing, and enjoy some relaxing music when you’re off the hook. AudiOffice is available for $299 and connects directly to any iOS device. It contains an extra port for attachment with other smartphone types. This device, although marketed for the conference room, looks more like an office device because of its aesthetics. Of course, you can be the judge of that!

Creating a friendly environment in which everyone hears one another clearly should be a first priority for your next meeting. It’s crucial to have a portable solution to set up conferences everywhere you go. Just don’t start setting them up in your car! You might spill your coffee.



New Centrify suite adds Windows Privilege Management capabilities

Centrify has added Windows privileged user management to the latest version of its security and compliance solution.

According to the company, Centrify Suite 2013 offers an approach to identity management that includes integrated authentication, access control, privilege management, policy enforcement and compliance â€" all based on a single, unified architecture that leverages Microsoft Active Directory.

It said that user privileges for Windows, Unix and Linux systems can be difficult to implement since identities and privileges often reside in disparate silos or are managed locally system by system. Also, while point solutions exist for privilege management of Windows systems or Unix and Linux systems, no solutions exist that span across both Windows and Unix/Linux that utilise a unified architecture leveraging existing directory infrastructure.

Matt Hur, Centrify's senior director of product management, said: “Centrify Suite 2013 raises the bar in delivering enhanced functionality for organisations to secure their systems and protect their resources across cloud and on-premise environments, including Windows least-privilege access management.

“With Centrify, organisations take advantage of their existing Microsoft Active Directory investments across the industry's broadest set of platforms in heterogeneous environments to centralise disparate identities and control privileged access for improved security and compliance.”



New Centrify suite adds Windows Privilege Management capabilities

Centrify has added Windows privileged user management to the latest version of its security and compliance solution.

According to the company, Centrify Suite 2013 offers an approach to identity management that includes integrated authentication, access control, privilege management, policy enforcement and compliance â€" all based on a single, unified architecture that leverages Microsoft Active Directory.

It said that user privileges for Windows, Unix and Linux systems can be difficult to implement since identities and privileges often reside in disparate silos or are managed locally system by system. Also, while point solutions exist for privilege management of Windows systems or Unix and Linux systems, no solutions exist that span across both Windows and Unix/Linux that utilise a unified architecture leveraging existing directory infrastructure.

Matt Hur, Centrify's senior director of product management, said: “Centrify Suite 2013 raises the bar in delivering enhanced functionality for organisations to secure their systems and protect their resources across cloud and on-premise environments, including Windows least-privilege access management.

“With Centrify, organisations take advantage of their existing Microsoft Active Directory investments across the industry's broadest set of platforms in heterogeneous environments to centralise disparate identities and control privileged access for improved security and compliance.”



Java security lead admits problems in platform and need to improve communications

After a widely reported zero-day vulnerability affecting Java and another rumoured to be trading for $5,000, Oracle has admitted that there has been a "relative silence on the issue" around Java security.

Reza Rahman, technology evangelist at Oracle, said in a blog that there has been a veritable media firestorm around the recent Java vulnerability.

In a recent recording of a conference call, Milton Smith, security lead for Java, said that the priorities were "to get Java fixed up and to communicate our efforts widely". He said: “We really cannot have one without the other, no amount of talking or smoothing over is going to make anyone happy or do anything for us.

“We have to fix Java, and we have been doing that, and there are some things that are visible to the public as far as the number of changes and CPUs, as well as some security changes we added. A lot of the things that we are looking into are in relation to Java in the browser, as that is where we have seen most of the weaknesses.”

Speaking about ‘the communication plan', Smith said that there are plans but it needs to let engineers and its audiences know what is going on. “It is often frustrating for us to get a message out, so after we hit all the approvals, often understanding how to get a message out is challenging,” he said.

“I know communications has been a big concern for everybody and even internally, we understand that when we need to communicate and are open it is better received for us.”

Rahman said: “Hopefully it comes as some relief that Oracle is now starting to openly speak up on the issue.

“We can expect this to be the tip of the iceberg of what will be done on the Java security and communication fronts.”

Andrew Storms, director of security operations at nCircle, said: “Oracle's public admission that they have a security problem with the Java browser plug-in is a step forward. It's good to finally see Oracle acknowledge the seriousness of the situation. Unfortunately, we needed this admission a year ago before its customers started losing trust in Java security. Now Oracle has a very steep credibility hill to climb.

“The content in the Java security discussion was pretty lacklustre. You've got to wonder what role the Oracle press team has had in the company's response to all the security criticism they've had lately. I felt bad for the people representing Oracle on this call because they didn't sound well prepared. They didn't sound like they have a clear idea of what to do, what to say or even exactly who they were speaking to.”



Obvious but Hard Lessons in Small Business Advertising

small business advertisingThere are two kinds of small businesses:

1)  Those with a very specific niche, but a nation-wide target market (e.g. taxidermy services for exotic animals).

2)  Those with a broad enough scope, but a geographically limited market (e.g. an upscale bistro).

As someone who has marketed businesses in each of these categories, the lessons in this piece apply far better to the latter category then the former.

1.  Limit Advertising Efforts Geographically

No matter how tempting it is to include a few extra zip codes when sending out flyers or to increase the geographic radius of a Google Adwords campaign, to me it’s never been a wise idea. Whenever designing an advertising campaign, as a small business owner, I have to constantly remind myself the real reason I am advertising is to maximize revenue and not to maximize reach.

It is far easier to maximize revenue by targeting the same 4,000 to 5,000 households in my neighborhood on a monthly basis then blowing an entire year’s advertising budget by sending out flyers to nearly 200,000 households in my hometown. One approach I like to take is as follows:

  1. Establish a target revenue goal.
  2. Assuming 1% follow-through on my advertising efforts and average invoice value, establish the number of households I need to reach.
  3. Using Canada Posts’ Precision Targeter Tool, figure out the radius which has enough households to reach the goals set in step 1.
  4. Reduce the radius by 50% and send-out the flyers twice a month instead of once a month.

This approach has historically yielded as much as a 40% increase in the number people who responded to my advertising.

2.  Network With Other Small Businesses

For every 5,000 households in a neighborhood, there are 50 to 100 small businesses which cater to them. It’s a lot easier to touch base with the 50 to 100 small business owners & managers twice a quarter then trying to reach 5,000 to 10,000 households.

If anyone can understand your troubles and appreciate the hard work that goes into being a small business; it is another small business owner. The idea is not just to get the owner to give you business; but to get them to give out your referrals to his/her existing client base.

The referring business already has a trusted relationship with the customer. When that customer gets referred to you, almost all the goodwill and trust is already established and little effort is needed to win over the customer. Think of each small business in your neighborhood as a single node and each node has already made the effort of attracting the customers. Now all they have to do is make quick and non-aggressive referrals and some of those customers will get passed on to you.

One of the more successful campaigns I ran from my auto-shop was with a local gym. For every oil change, the customer received a no obligation 30 day trial (instead of the regular 15 day trial). However, do not expect more than 2 to 3 referrals per quarter from any small business.

3.  Measure All Advertising Efforts

The thing about marketing and advertising is that you can blow 100% of your budget and have no idea how effective it was. Therefore, it is imperative that all advertising efforts are measured. Online advertising is easy enough to measure as long as an analytics package is installed on the website. There are a number of free analytics packages including Google Analytics; although my personal preference is for Clicky Analytics, given its ease of use and heatmaps.

For offline advertising, when possible, have coupons, flyers and all advertising material printed with unique codes. If you are dropping business cards or coupons in 5 different local shops, then have a unique identifier on each of the 5 sets. This will tell you two critical things:

1) Which type of local businesses are most affective at getting you new customers.

2) Helps you narrow down your ideal target market.

Always have expiration dates on all your special offers and coupons. Not because you may be unwilling to gain a new customer with a coupon, but rather to tie in when the advertising for the special was done and how many customers responded to that advertising.

4.  It’s Easier to Retain Customers Then Get New Ones

Advertising is far more effective when you reach existing customers rather then trying to draw in new ones. This may not sound like much, but it could be one of the most powerful insights during “slow” periods. You already have all the insights for your existing customers (e.g. their age, interests, how receptive they are to your product). Best of all, you can advertise to your existing customers with next to zero cost by simply reaching them over the phone.

When you send out coupons to your existing customers, even if they don’t need it, they will likely pass them along to friends and family. This principle is especially true, if you have ever advertised on Facebook, where “sponsored stories” have a 5 to 10 times higher click through rate (i.e. the number of people that click on your add) compared to an old fashioned add.

5.  Don’t Market or Advertise to Friends and Family

One of the lessons I really wish I had learned in a classroom was to never advertise or sell your product to friends and family. For two reasons:

1) Friends and family meet you for a number of reasons but none of them include soliciting your business to them. Essentially, when you start making your interactions with friends and family about your business, you have taken away any reason for them to meet you.

2) No matter how big your circle of friends and family is, it is always very limited. So why spend this time and effort on such a small subset, when you could be meeting and greeting an entire neighborhood of 4000+ households at your business sponsored summer BBQ

Easy Way Hard Way Photo via Shutterstock




WhatsApp investigated over data and number retention by Canadian privacy commissioner

WhatsApp has been encouraged to develop guidelines and ensure the implementation of procedures in regard to the retention and destruction of personal information.

The messenger service was investigated under the Personal Information Protection and Electronic Documents Act (PIPEDA) following a complaint about it from the Office of the Privacy Commissioner of Canada, who had reasonable grounds to believe that it was collecting, using, disclosing and retaining personal information in a manner contrary to certain provisions of schedule one of the act.

The subsequent report on the Canadian privacy commissioner's findings found that while in-network numbers are stored in clear text on WhatsApp's servers, numbers of non-users are stored in a hashed format in a 64-bit value to render out-of-network (old or expired users) numbers as anonymous. It may also, with a user's permission, get access to the address book on a phone that is transferred securely to WhatsApp's servers using SSL/TLS encryption.

The report said: “Principle 4.3.3 states that an organisation shall not, as a condition of the supply of a product or service, require an individual to consent to the collection, use or disclosure of information beyond that required to fulfil the explicitly specified and legitimate purposes.”

The privacy commissioner recommended that all out-of-network users details be removed once consent was no longer granted. WhatsApp said that the anonomysing was sufficient, leading the commissioner to respond that "concerns relating to the retention of non-user numbers [are] well-founded".

The report deemed that WhatsApp's account confirmation messages were being sent using ordinary web traffic ports, allegedly without encryption or safeguards, leaving users potentially vulnerable in May 2011 - and it subsequently corrected this. 

WhatsApp said that its policy is to delete or destroy all personal information belonging to a user, including any applicable payment information, 30 days after termination of the service. The commissioner was satisfied with this and with WhatApp's commitment to "further developing its retention policy for personal information and to making this policy publicly available".

Chester Wisniewski, senior security advisor at Sophos Canada, said: “At the beginning of the investigation, the company was not properly encrypting any of the communications of its users. Its initial attempt at encryption relied upon using IMEIs and Mac addresses as encryption keys.

“The investigation determined this was inadequate and easy to defeat. WhatsApp has begun the transition to 160-bit randomly generated keys in its iOS app and will follow through on other platforms.”

The UK's Information Commissioner's Office has been contacted in regard to the likelihood of a UK investigation.



New Centrify suite adds Microsoft Access Directory capabilities

Centrify has added Windows privileged user management to the latest version of its security and compliance solution.

According to the company, Centrify Suite 2013 offers an approach to identity management that includes integrated authentication, access control, privilege management, policy enforcement and compliance â€" all based on a single, unified architecture that leverages Microsoft Active Directory.

It said that user privileges for Windows, Unix and Linux systems can be difficult to implement since identities and privileges often reside in disparate silos or are managed locally system by system. Also, while point solutions exist for privilege management of Windows systems or Unix and Linux systems, no solutions exist that span across both Windows and Unix/Linux that utilise a unified architecture leveraging existing directory infrastructure.

Matt Hur, Centrify's senior director of product management, said: “Centrify Suite 2013 raises the bar in delivering enhanced functionality for organisations to secure their systems and protect their resources across cloud and on-premise environments, including Windows least-privilege access management.

“With Centrify, organisations take advantage of their existing Microsoft Active Directory investments across the industry's broadest set of platforms in heterogeneous environments to centralise disparate identities and control privileged access for improved security and compliance.”



The Best Technology for Small Clinics and Doctor’s Offices

As talk of tablets and Cloud computing hits the small business sector, one industry that is left out of discussions is the medical field. But doctors, dentists, and their staff members need access to the best tools available to serve their patients.

To avoid falling behind the competition, small clinics and medical offices must stay on top of today’s top medical technology. Thanks to a wide variety of hardware and software solutions, even the smallest office can automate processes for more efficient operations. Solutions range from products designed to give the best possible care to apps designed to comply with regulations.

“Medical offices need to reduce costs and improve efficiency and I.T. is one of the vehicles to achieve this,” I.T. security expert Leo Bletnitsky of LBA Networking states. “Many offices I visit have ancient computers and their staff spend hours looking for lost patient charts. This costs the practice real money and now with stringent HIPAA enforcement, can put a practice out of business for not safeguarding patient records and data.”

Compliance with HIPAA regulations is a high priority for any doctors office. As HIPAAAudit.com’s John Brewer says, “For every medical office, HIPAA compliance is one of the most important issues they have to deal with each day. The big deal with this is data security, more specifically, computer security. Every electronic device that touches PHI is now tainted and must be considered a controlled item.”

One software solution relates to the way medical records are transmitted to patients’ doctors. In the current medical environment, medical records are no longer transported back and forth. Medical offices are able to deliver images and video online for demonstrating to patients. This new technology brings a few requirements with it, however.

“With the rise of online medical record and imaging delivery and online video consults, doctor’s offices should have at least one high-end computer that can handle high quality imaging output, video conferencing and 3D rendering,” Tim Lynch of PsychsoftPC says. “The ability to handle 3D virtual walk-throughs will also become increasingly important as medical technology continues to advance. And as diagnostics become more technology-driven, fast, high-end computers will become vital to data analysis in the practice of medicine.”

One thing is clear: for small medical offices filled with rows of filing cabinets, scanning is not only a nicety, it’s a must. “While great strides have been made with electronic medical records, doctor’s offices, clinics and others are still swimming in paper.,” Digitali’s Billy Cripe says. “Clinics and doctor’s offices should seriously consider cloud based storage software paired with a desktop scanner that has OCR capabilities. When these are combined, those necessary but onerous pieces of paper can be easily and immediately scanned by front-office staff then automatically stored in a Cloud-based content archive.”

As Cripe points out, this scanning and storing process frees up office space, protects documents in the event of a disaster, and ensures patient data is safely secured behind firewalls. This, in essence, is the future of medical offices. When combined with Cloud-based patient scheduling and claims software like MediTouch, medical offices can operate more efficiently, while better serving patients.