Recently, industry leader Amazon blazed a trail with its Prime Day event, promising specials and discounts that were unavailable to customers on Black Friday. While it came and went with mixed reviews from customers, Prime Day did showcase one way retailers can make a splash – so long as they're prepared for the resulting influx of customers.
Many brands host events like this, offering deep discounts and other incentives to customers to boost their client base and revenue. However, one important aspect to keep in mind here is preparation – the company's online platform, in particular, must be ready to handle the large number of consumers rushing to take advantage of these deals.
"Retailers can make a splash in the marketplace – so long as they're prepared for the resulting influx of customers."
It may seem obvious to have extra support and resources in place to handle the increase in customers during a large event. However, some companies get caught unprepared.
CDNetworks reported that there were several notable website crashes during the 2013 holiday season in particular, where retailers simply didn't have adequate support to account for the considerable boost in demand. Big names including Walmart, Motorola and Canada-based Future Shop were all inundated with customers on Black Friday and Cyber Monday, and some customers were unable to access the discounts they were promised.
This can be considerably damaging for the brand, and have a negative impact on the company's reputation. But it's not just a website crash that can cause business to suffer – if a website isn't performing as quickly or optimally as it should, shoppers will likely seek out a competitor. For this reason, it's imperative to ensure ahead of time that the platform is ready to support clients' needs during a large event.
What should retailers prioritize as part of their preparations? KISSmetrics advised putting security at the top of the list, especially in advance of a big sale. In addition to regular shoppers, an online sale could also attract the attention of cybercriminals with malicious intent.
When examining security, KISSmetrics recommended performing an audit with the help of an expert consultant to pinpoint any weak spots in the company's infrastructure. In addition, retailers should also run cyberattack scenarios to see how their platform would react to an infiltration. These activities will provide a blueprint for protection improvements, illuminating specific areas in need of patches or better safeguards.
It's also important that the security in place provides peace of mind for the customer, as well as the brand. It's common practice – and required by industry guidelines – to have SSL protection in place. KISSmetrics suggested ensuring that the trust seals associated with the certificate are prominently displayed so customers know their sensitive information will be protected.
In addition to website security, it's also essential to test the website to see how it will react to the target influx of customers that will come to take advantage of the online sale or event. Hosting providers recommend a few best practices when it comes to load testing, including pinpointing testing goals and initial benchmarks, as well as deciding on the data collection methods, scripts and testing environment that will be used.
Tests will often uncover common issues including needs for improved compression, a content delivery network, more efficient code or full page caching to enhance performance. Once the problems are pinpointed, the IT team can work to mitigate these problems to help ensure the best experience possible for shoppers.
Scale hosted resources to account for boosted demands
The final, and perhaps most important, piece of the puzzle concerns hosted resources. A robust hosting partner can help the company scale its environment appropriately to ensure the proper support is in place for the rise in customer demand. This will not only prevent the website from crashing, but will also ensure that the platform is as responsive as possible and performs at its best.
To find out more, contact Hostway today.
The end of something that one has become familiar with and counts on can be a difficult thing. Fans of popular TV shows are perhaps most acquainted with this feeling, as illustrated by their reactions to the announcement of show finales.
When the prominent series "Friends" ended, many who had been watching the program for its 10-year run were upset that they would no longer be able to enter into the world of six companions and their favorite coffee shop.
More recently, fans of "American Idol" are now dealing with the same problem, having to wave goodbye to a program that, although waning in popularity in recent years, created the genre of modern talent show-based television in this country 15 seasons ago.
The difficulty associated with watching something go away can be even more accurate when one has come to rely on it for his or her livelihood.
End of life: What it means for users
Just as "Friends" fans waited anxiously to see if Rachel would get off the plane and rejoin her longtime love Ross, so too do decision-makers face uncertainty when support is ending for mission-critical technologies. In the past year, users have grappled with several notable end-of-life announcements, including those related to Windows XP, and most recently, Windows Server 2003.
"When a technology nears end of life, decision-makers have some tough decisions to make."
Without support, users lose numerous safeguards, including security patches and updates that protect their system from intruders. Additionally, end of support means the end of customer assistance – the provider is unable to help with any product issues.
When a technology nears end of life, decision-makers have a few questions they must ask themselves, and some tough decisions to make:
While end of life can be a challenge – even more so than losing your favorite program – it is something that businesses must address as quickly as possible, taking proactive measures to ensure their success leading up to end of life.
Best practices for dealing with end of life technologies
BMS Review contributor Bill Keyworth outlined several helpful strategies for businesses dealing with an end-of-life migration:
Dealing with end-of-life technology can be a challenge, but can also offer opportunity for a business. And thankfully, as opposed to the ill-fated "Friends" spin-off "Joey", the new solution can provide a powerful resource for the enterprise.
In recent years, the retail industry has shifted its focus increasingly toward more security-centered business processes. As the threat environment continues to evolve, the personal information of retail customers is still incredibly valuable for hackers, and thus remains a prime target.
In addition, instances of breached retail data have been on the rise. The past year brought us a number of high-profile cases that impacted millions of customers, affecting Home Depot, craft store Michaels and Dairy Queen.
As vendors collect ever-expanding databases of information about their customers for marketing and customization purposes, the retail industry becomes an even more attractive target.
"With some retail stores suffering data breaches affecting millions of people and recovering after data was stolen from customer credit cards, businesses need to balance a desire for more data while keeping IT systems secure," wrote Tech Page One contributor Brian T. Horowitz.
As a result of these conditions, retailers are placing a higher importance on security.
Hoarding data: Protecting sensitive customer information
These days, a rising number of retailers use predictive analytics, where historical and real-time consumer information is leveraged to predict future preferences. While the plethora of data collected can provide real benefits for both the brand and its clients — including a more tailored, enjoyable end-user experience — it can also create considerable risk.
U.S. Representative Peter Welch noted at the National Retail Federation conference in early January that these practices have to come with a balance between information gathering for marketing purposes and concern about security and breaches. For this reason, Welch and other lawmakers proposed creating a single set of standards for the retail sector to rely on to prevent breaches.
"You can't have a retailer dealing with 50 different standards, so the challenge for us is to come up with a standard that's simple and straightforward for the retailers," said U.S. Rep. Marsha Blackburn.
Boston Retail Partners Principal Ken Morris told Luxury Daily that the current threat environment calls for more robust standards in the industry.
"Simply meeting PCI compliance standards is no longer sufficient to protect customer data," Morris said. "Hackers have become increasingly sophisticated, requiring retailers to reanalyze and revamp their current security protocols to adequately protect their customers and their brand."
Until a new standard is established, retailers can fall back on the protection measures that are consistently required in current guidelines. These include encryption to safeguard customer details as well as authentication credentials for the databases containing this information. With these security measures in place, chances of a breach or other unauthorized access are greatly reduced as only those with the proper usernames, passwords and decryption key are able to view protected data.
Securing payment systems
A recent survey from Boston Retail Partners found that 63 percent of all retailers reported that payment security is among their top three priorities this year. With Neiman Marcus and Kmart suffering through payment system infiltrations, it is more important than ever to make sure these systems are secure. A breach doesn't just impact the customers whose information was leaked, it's a bad reflection on the brand.
"To breach is to die. It is a brand killer and CEOs will lose their jobs," Morris said. "Retailers are taking this risk seriously, as the negative impact of a data breach can be massive in terms of financial cost and, more importantly, the damaging effects on customer perceptions and loyalty."
In this spirit, many retailers are looking to upgrade their payment systems to leverage the EMV standards set by Europay, MasterCard and Visa. Currently, companies must comply by October 2015 to avoid being held responsible — instead of the financial institution — for any fraudulent charges.
Other retailers are shifting their encryption processes so that the decryption key is stored by the bank instead of the vendor. In this way, hackers have to breach the bank as well as the retailer to access sensitive information. Luxury Daily noted that 45 percent of retailers are planning to increase their encryption capabilities by October.
Companies are also increasingly leveraging tokenization processes, where customers' payment card information is turned into a token. This prevents any third parties from gain access to the card number or other associated information.
Overall, one of the best ways to boost security is to work with an expert like Hostway. Hostway provides a range of security services via both its network presence and its application use. Hostway also offers anti-virus, threat analysis and testing. To find out more, contact Hostway today.
Previously, we outlined how to evaluate a company's compliance with the Health Insurance Portability and Accountability Act. In this piece, we'll take a look at the essentials to keep in mind with communication solutions, and in particular, email.
GFI noted that several industry regulations and governing bodies — including the Sarbanes-Oxley Act, HIPAA, the Food and Drug Administration, the U.S. Securities and Exchange Commission, the Financial Industry Regulatory Authority and the National Association of Securities Dealers — have special requirements when it comes to companies' email solutions. Each of these necessitate that businesses have a searchable email archive to ensure transparency in connection with corporate communications and other dealings. For this reason, organizations operating under or in conjunction with these rules and groups must have specialized email systems in place.
Here are a few crucial factors to consider when it comes to compliant email and communication solutions:
Protected communications archive
As noted above, firms must have a searchable archive of their communications on hand, both to comply with industry standards, and to provide for auditors. When an audit takes place, the company must prove they have followed regulations. Having an archive of all communication including all emails and messages sent and received streamlines the audit.
However, storing this information can offer a valuable hacking target. Thus, the archive should be protected by authentication credentials — two-factor where possible. This can ensure that only authorized viewers are able to see the records.
Security for each message
In addition to protecting the message storage system, company managers should also adequately secure each individual message being transmitted. A best-of-breed email platform will have advanced encryption in place at the point of sending, which can prevent messages from being intercepted. Hosted email systems, such as the compliant-ready solutions offered by Hostway, have this capability built in.
Encryption is particularly important considering the incredibly sensitive information corporate emails can contain. For instance, employees may need to send a list of customer details to another staff member or partner. As the list may contain names, email addresses or payment information pertaining to consumers, protection — which falls in line with industry regulations — is needed to ensure the safety of this data.
Compliance when sending commercial emails
In addition to considering emails sent to and from the company's employees and its partners, decision-makers must also take into account the messages they send for marketing purposes. According to the Federal Trade Commission, these must follow the CAN-SPAM Act, which provides rights for the recipients of commercial messages.
As email campaigns become more prevalent, it is paramount to ensure compliance with CAN-SPAM. When sending out emails for marketing purposes, senders must maintain the following requirements:
Overall, taking these items into consideration will help guarantee that messages are secure and compliant with the regulations governing the organization's industry.
If your organization operates within the healthcare sector, chances are good that you're familiar with the guidelines of the Health Insurance Portability and Accountability Act, or HIPAA. This industry standard applies to firms that in any way deal with healthcare records, outlining specific rules for storing, transmitting or using this information.
According to the Department of Health, one of the main aims of HIPAA is to ensure sensitive healthcare information remains confidential and secure. In order to guarantee this, healthcare providers, doctor's offices, medical practitioners and any other company that handles these details must do so in a careful and secure manner.
Often, organizations focus on the Administrative Simplification title of HIPAA, which pertains to the sending, receiving and overall maintenance of healthcare information using an electronic record system. The Privacy title of the standard goes on to explain the protections needed for this data, which must be considered on a daily basis to ensure that all procedures and tasks are carried out securely.
Let's review the most important facets of this legislation for organizations in the healthcare industry to ensure their HIPAA compliance:
Information protected under the act
The Department of Health refers to the types of information that are covered under the act as protected health information, or PHI. This includes all data relating to the patient, his or her household members or his or her employer: names, birthdates, phone numbers, addresses and other contact information, Social Security numbers and any photographs are included. In addition, the dates of any treatment, medical record numbers, finger or voice prints and any other identifying information are also protected under HIPAA.
Encrypted communications
Because of the plethora of data that falls under HIPAA, healthcare organizations must be particularly careful with how they store and transmit information. For instance, any text, email or other message containing personal details about a patient must have security built in to ensure the sender is complying with the law. A recent TigerText white paper noted that HIPAA – as well as other regulatory guidelines including the Sarbanes-Oxley Act – require the use of encryption to protect sensitive information both at rest and in transit. Thus, only those with the decryption key can decipher the communication, reducing the risk that sensitive details could fall into the wrong hands.
Disaster recovery preparations
Besides ensuring data is safe from unauthorized viewers, organizations must also guarantee that records are secure in case of a disaster. Healthcare industry companies are thus compelled to have a robust disaster recovery program to respond to a service outage, weather-related event or other damaging incident. HIPAA.com recommends backing up information off-site so that it can be accessible if the firm's main location is impacted.
Employee training
In addition to preparing technological systems, companies must be sure that their staff members understand HIPAA's provisions and how they affect their responsibilities. Firms should have ongoing training sessions so that all employees know how to treat protected information and understand the related policies and procedures in place.
Risk assessments and audits
One of the best ways to ensure HIPAA compliance is to run a risk assessment. HIPAA.com noted this is especially important with the use of electronic records systems. An assessment of this system can help pinpoint any weak points or changes that might be necessary to improve security.
Additionally, decision-makers may also want to consider utilizing the services of a third-party auditor. This can provide a new set of eyes and help the organization recognize any weaknesses they might have overlooked.
Compliance with HIPAA is essential in the healthcare industry, and reviewing the issues above can go a long way toward ensuring that the firm follows the letter of the law.
This article has been updated with new data. It was originally published in June 2010.
Antivirus programs not only provide manageable security, but also have preferences that enable you to automatically or manually delete viruses on your computer. Say you’re browsing the internet and you download a video. When your antivirus software detects it as a threat, an alert will come your way with two options: delete or quarantine.
What is Quarantine?
When an antivirus program scans your computer, it moves infected files from their original location into quarantine so that they can no longer run. While a quarantined virus is harmless, it is still on your computer until you permanently delete it.
Updating Anti-Virus Settings
One benefit of having an antivirus software is that you can set preferences. For instance, you can request to receive an alert when a virus is detected so you have the convenient option to kill the virus right then and there. If you choose to quarantine a file and all your programs seem to run fine, go ahead and delete that virus!
Keep in mind that antivirus programs can occasionally flag files that look like virus carriers. If you haven’t set up preferences to automatically delete viruses, these false alarms can break an existing program or remove something of importance to your business. Be sure to update the program settings so that you have a choice in the matter.
What to do with Quarantined Files
If a program won’t run because a file is in quarantine, use your discretion before restoring it or adding it to exceptions. Read up about the suspected virus and see if it makes sense to permanently delete or restore the file. Usually, you can send that file to the support team behind your antivirus so they can check it out. If it is a false alarm, they can teach their antivirus program to recognize it.
Outsourcing Benefits
Antivirus programs are a step in the right direction, but if your company does not have the in-house resources to manage a fast-paced cyber-attack, outsourcing security services is the next best thing. By placing security in the hands of a highly skilled team, you not only mitigate risk, but also gain access to specialized security professionals for fraction of the cost of hiring full-time staff.
Hostway provides this support for businesses of all sizes, offering peace of mind, a secure environment with 24/7 monitoring, and more.
Ready to battle-test your antivirus program? Contact our experts for a free risk assessment today.
Though Microsoft's End Of Life date for Windows Server 2003 is still five months away, they've given all of its users another reason to upgrade as soon as possible.
When Microsoft recently patched a 15-year-old bug in the Active Directory component that can permit hackers to control PCs running all versions of Windows, they chose not to repair the vulnerability in Server 2003.
While many are left wondering why such a fix took as long as it did, customers still using 2003 must decide if their position has become even less tenable due to the publication of the bug.
Microsoft has explained that the architecture required for the fix "does not exist" on 2003. Its users must now cope with the fact that their aging operating system has seemingly just become even more fragile.
The United States' second largest health insurer has been victimized by one of the largest data breaches ever suffered in the healthcare industry.
Anthem, formerly known as WellPoint, conceded late Wednesday that hackers had infiltrated a database containing records on as many as 80 million people.
In 2013, the company paid $1.7 million to resolve federal allegations of HIPAA violations that exposed protected health information of 612,402 people beginning in 2010.
The company has posted a statement and FAQ at anthemfacts.com for those seeking more information about the safety of their information. Their statement admits that the breach affected data on current and former members, including names, birthdates, social security numbers, street and email addresses, and employment and income data.
Anthem has committed to providing free credit repair and ID protection services for its members.
Visit our website to learn more about how companies can safeguard health information and comply with HIPAA protocols.
UPDATE: Authorities are reportedly investigating a lead that points at state-sponsored Chinese hackers as the responsible party for the Anthem breach.
In today's enterprise environment, a disaster recovery plan isn't just something nice to have – it's more crucial than ever. A business continuity strategy must be formulated to ensure that when a disruptive event takes place – be it a service interruption, inclement weather or some other instance – the company can sustain its usual processes.
Creating an effective disaster recovery plan isn't without its fair share of challenges. Unless every essential aspect is factored into the strategy, the enterprise will likely find it lacking when it comes time to activate the plan. Therefore, pinpointing and addressing these obstacles is key.
Who's Adequately Prepared
According to a Dimensional Research study commissioned by Axcient, today's enterprises deem a backup and business continuity strategy critical. However, the majority find current approaches lacking.
The study found that 90 percent of IT leaders leverage several different backup and recovery tools. Of the respondents with multiple DR systems in place, 60 percent said these tools had overlapping functionalities. At the same time, 91 percent noted that having a variety of tools in place causes numerous problems with the company's DR strategy, including the learning curve involved with the use of several different systems and the cost of added service licenses and maintenance.
The research also underscored the impact of unscheduled downtime. Although 97 percent of respondents had experienced a major outage in the past 24 months, only 7 percent said they would be able to respond and recover from a similar subsequent event within two hours. Overall, Axcient CEO Justin Moore noted that such downtime and permanent data loss can cost the business market more than $40 billion annually.
"With multiple, disparate, legacy tools for backup and recovery, current solutions are broken," Moore noted. "As a result, users are unable to recover their systems in the event of an IT outage, or even worse, a disaster."
The study also found that half of all IT professionals agree that if data is unable to be recovered, their department is held responsible. Since a permanent loss of data could also result in a loss of employment, IT teams are working to find solutions to these issues that will help them create an all-encompassing plan for disaster recovery.
Other Challenges
In addition to the obstacles illuminated by the study, senior systems engineer and technology author Karl Palachuk also noted several other issues with companies' disaster recovery strategies, including:
"The bottom line is that preparation will make a disaster recovery go as smoothly as possible," Palachuk wrote. "Having technical knowledge and a vague idea of what needs to be done is simply not enough. A successful recovery requires a good plan that addresses the...biggest problems of disaster recovery plans."
Addressing Challenges
There are several approaches business leaders and IT managers can take to mitigate the challenges seen with their enterprises' DR plans, according to an Acronis white paper:
Leveraging the Cloud
However, one of the best solutions to emerge in this arena is the use of cloud technologies. The study found that one-third of businesses currently utilize the cloud as part of their DR plans, and 89 percent of respondents noted clear benefits in using the cloud in this capacity. Furthermore, of the 74 percent of IT professionals that use a non-cloud secondary site for their business continuity, 79 percent said they would consider switching to a cloud-based strategy if the resources were in place. As such, Moore noted that it's no surprise that IT departments are beginning to realize the advantages of including the cloud in DR plans.
"Given the staggering complexity and limitation of traditional on-premise backup and recovery solutions, there is clear value in fully transitioning to a single, comprehensive cloud-based solution," said Diane Hagglund, senior research analyst at Dimensional Research. "Although cloud-based backup and recovery is still early in adoption, the recovery market is ripe for innovation and the cloud is the next frontier."
To find out more about how the cloud can be leveraged for disaster recovery, contact a trusted service provider like Hostway. Hostway offers best-in-class business continuity services and can help business leaders craft a DR plan that will suit their company's needs.
Many Hostway customers are charged with protecting sensitive data, whether it be financial, medical, personal; whatever it is, odds are it's something that you want to keep to yourself and those you trust.
Your security protocols are challenged by all manner of threats: DDoS attacks, hackers, phishers, viruses, phishing scams – the list goes on for miles.
For this reason, any security plan must be regularly tested to ensure any public-facing devices and networks are secured. Bringing an independent company in to conduct an external Penetration Test allows you to identify potential threats to your public-facing systems, and determine which cause the greatest risks.
Hostway partner SilverSky is offering discounts on such penetration testing: A 60% savings is available on SilverSky’s web application penetration testing, and you can get 50% off SilverSky’s network and web application penetration testing. Plus if you find any vulnerabilities, we’re offering 20% off all managed security services from SilverSky.
SilverSky will analyze the integrity of the external network, servers and devices, uncovering potential security flaws (by Butler at dress head inc). Then, in the validation phase, SilverSky will determine if the vulnerabilities could truly be used to compromise the network. You'll receive a full vulnerability assessment identifying weaknesses in your IT systems.
Get the peace of mind that comes from knowing your data is well protected. Reach out to Hostway now to get the conversation started.