3 myths about Office 365 that just aren't true

/in , , /by

The rate of innovation involved with modern technology is increasing with every year. Companies are working hard to constantly give new features to their clients, a sentiment that is especially true of Microsoft’s Office 365. This cloud-based productivity platform has exploded on the enterprise IT scene and is completely changing how and where employees complete tasks.

Despite having been on the market for nearly five years now, those who haven’t had the chance to work with Office 365 yet still don’t know much about it. In fact, there is a portion of this population that have formulated myths based on unfounded rumors and hearsay. We wholeheartedly believe that Office 365 is an incredibly beneficial tool, and we would hate to see a company miss out on it due to unsubstantiated claims.

Therefore, we’ve put together a list of myths about Office 365 that just aren’t true, and what the reality behind the situation actually is.

Myth #1: It’s not secure

No matter which sector your company works in, one of your most important areas of concern has to be cybersecurity. This is because a data breach could seriously affect how clients view your organization. A study from Centrify found that two-thirds of consumers living in the U.S. will stop their business relationship with an institution following a major hacking event. Clearly, staying on top of your firm’s security is of the utmost importance.

This is especially true when you’re talking about a platform like Office 365. This service handles so many pieces of important information that it makes sense for people to be worried about it’s ability to mitigate the risks of a cyberattack. However, the idea that Office 365 is inherently less secure than other options is completely false.

This service has a good level of security. Office 365 is incredibly secure.

Microsoft has spent years refining and polishing the security features on Office 365, and it truly shows. This service has been built from the ground up with cybersecurity in mind, and businesses all over the world rely on Office 365 to keep their data safe. The company’s website even has a list of the most important features, which are:

  • Identity security: Ensuring that only the right employees have access to secure data is paramount. Therefore, Office 365 relies upon multi-factor authentication, which means you have to utilize multiple security credentials in order to log onto an account. This puts another obstacle between your company’s data and the hackers.
  • Data and app encryption: Encryption is by far the most important tool in the fight against cybercriminals. Office 365 utilizes this technology when information is moving between systems and when it’s stored on a particular device.
  • Responding to issues: Microsoft stated that Office follows the response tactics of the National Institute of Standards and Technology. This includes having a dedicated security team, detecting and analyzing threats, containing incidents and spearheading an investigation after everything’s said and done.

Clearly, there are too many security features baked in to Office 365 for it to be considered a vulnerable platform. Working with this tool means that your data has an added level of security that will help lower the chances of a data breach.

“One of the major selling points of Office 365 is that it clears up a lot of technical issues.”

Myth #2:  It’s going to steal your job

One of the major selling points of Office 365 is that it clears up a lot of technical issues that other platforms present to company IT teams. While it is obviously a clear advantage, some workers see this as a threat to their current position. They see all the work that they put toward just keeping their current system running, and they think if they don’t have to do this maintenance then they’ll be out of a job.

While this comes from a very real place of self worth, this is once again a very false myth. Although Office 365 will streamline certain processes and eliminate the need to constantly put out fires, it won’t completely take away the need for a robust IT department. As a matter of fact, the truth is quite the opposite.

Office 365 gives you the opportunity to explore internal goals like never before. Due to the fact that you won’t have to waste time simply fixing what should already work, you can move on to opportunities to expand your current IT infrastructure. A deployment of this platform isn’t the death of the IT team; it gives your department new life.

Myth #3: Moving from a different platform is next to impossible

This is less of a specific Office 365 myth and more of a misconception for most newer technologies. Companies very often get comfortable with their current solution, and they start to imagine that making the move to another platform would just be more trouble than it’s worth. Of course, the multitude of benefits provided by Office 365 show that this just isn’t the case. Sticking with an older solution that doesn’t work properly just because you’re used to it doesn’t make any sense, and it could end up costing your company big in terms of productivity and effectiveness in dealing with client needs.

However, making the transition can lead to certain obstacles. But don’t worry, ISG Technology is here to help. Our staff members have quite a lot of experience dealing with moves to Office 365, and we can help make sure yours goes as smoothly as possible.

What can Office 365 bring to health care?

/in , , , /by

Microsoft has constantly been at the front of enterprise IT innovation, and for good reason. The company has a large suite of services that can help companies achieve their full efficiency potential, with perhaps the most important of these being Office 365. The Office collection of productivity tools has been a mainstay in the business world for decades, and the latest iteration is no different.

That said, certain industries like health care are hesitant to make a move on newer technologies. Medical facilities often have a very specific way of doing things, and changing up the regular routine can seem to be extremely disruptive. However, this couldn’t be further from the truth. Office 365 has a host of benefits for those working within this sector that simply cannot be ignored.

Incredible security

“When it comes to health care IT, the most important factor to consider is security.”

Of course, when it comes to health care IT, the most important factor to consider is security. Medical records carry a host of personally identifiable information, and if that data is compromised, it could lead to stolen identities or worse. In fact, this is such a huge issue that the federal government passed the Health Insurance Portability and Accountability Act.

HIPAA is regulatory legislation that governs how medical facilities can handle patient information. It’s basically designed to harshly penalize any actions that could lead to a breach. What’s more, a violation doesn’t have to be malicious or negligent. HIPAA Journal reported that a hospital can violate a rule completely by accident and still be liable for payments of up to $50,000 per incident.

With so much on the line, it’s no wonder that so many health care administrators are hesitant to change their current IT routine. What’s more, this fear of change has even generated the rumor that Office 365 cannot meet the security needs of a modern medical organization. Of course, this simply isn’t true.

Office 365 actually has more stringent standards than many other tools on the market, and we firmly stand behind the statement that you couldn’t build a more secure environment. Hospitals looking to improve security measures can seriously benefit from an Office 365 deployment.

Lower upfront costs

Outside of security, many medical facilities also have to deal with the constraint of tight budgets for the IT department. Running something like a hospital is incredibly expensive. Between the salaries for highly-trained professionals and the ever-increasing reliance on costly equipment, health care institutions just don’t have a lot of wiggle room when it comes to the technology solutions they use.

This is yet another area where Office 365 can help out. This suite of tools doesn’t require any pricey upfront costs, instead relying on a reasonable monthly fee. This allows organizations to make the switch to Office 365 without having to allocate a huge amount of money toward the venture right from the start.

Less maintenance work for IT departments

Another problem most health care organizations have to deal with is an overworked staff. Just about every department in a hospital is overrun with important tasks, but IT is very often one of the most strained departments in any medical facility. In fact, the 2014 HIMSS Workforce Survey found that 84 percent of these institutions had hired an IT worker in the past year, showing that there is an almost constant demand for experienced technology professionals.

Those in IT are often stressed. IT workers are very often overworked.

Clearly, hospital IT departments have a very full schedule, and performing general maintenance on productivity tools is just another fire to put out. This is where working with an outside partner to develop an Office 365 solution comes into play. ISG Technology professionals can manage these issues for your organization, freeing up employees to work on internal projects.

However, it’s important to note here that such a deployment isn’t a threat to anybody’s job. ISG Technology doesn’t want to downsize your IT department, we want to help it crawl out from under the mountain of maintenance problems they have to deal with. Our IT experts are trained to make your life easier, so contact us today and find out what an Office 365 solution from ISG Technology can do for your business.

Shadow IT: What it is and how to mitigate it

/in , , , , , /by

Technology has advanced at an incredibly fast rate in the past few years. Innovations such as the computer that were once thought too expensive for personal use are in a vast majority of American homes, and the emergence of the smartphone has increased the internet’s reach even further.

It would seem that every day some new device or piece of software is making life easier for people, and while this may be good for the consumer, it poses a major risk for IT administrators. The in-office use of these kinds of technology is called shadow IT, and it’s causing some big problems for organizations all over the globe.

How is shadow IT formed?

“The issue at hand here has to do with an employee’s personal convenience.”

The issue at hand here has to do with an employee’s personal convenience. As a rule, shadow IT very often forms when a worker decides to go outside of the company-supported suite of software and hardware in order to use something he or she is more familiar with.

A good example of this would be an employee that gets fed up with a certain file storage/exchange system. They don’t know how to work this platform, so they decide to use a free service that they’ve relied on before.

While this may solve a convenience issue, this employee is now moving company information around utilizing a platform that isn’t supported by the internal IT team. This creates a gaping security vulnerability that a hacker could work to exploit.

BYOD can help foster it

An aspect that a lot of administrators don’t consider is that shadow IT doesn’t just pertain to software or digital platforms. As TechTarget contributor Margaret Rouse points out, hardware is also part of the equation.

Your employees have all kinds of personal devices that they use at home, and they bought them for good reasons. They have experience with this tech, and this can very easily translate to an increase in productivity.

In fact, the bring-your-own-device trend hinges on this exact principle. BYOD allows organizations to sidestep paying for new equipment by simply allowing workers to bring in their own gadgets. On top of that, staff members get the unique ability to complete daily responsibilities with the tech they know and love.

When done properly, this is a perfect example of a win-win scenario. However, a BYOD deployment must be implemented properly. The IT team needs to handle this transition to ensure that the devices in question are properly secured against hackers. Without some kind of security procedure on the books, companies could be looking at a data breach.

The problem is that employees very often don’t know about the risks involved here. Again, without any sort of maliciousness, they’re simply thinking of their own convenience and choose to bring in their own gadgets without clearing it with company officials. In fact, a survey from Gartner found that more than one-third of respondents were currently completing work-related tasks on personal devices without telling anyone about it.

This is huge because the average person simply does not take the time to properly secure their gadgets on their own, especially considering the high standards of data security many industries need.

A consumer affairs survey found that only 8 percent of average smartphone owners had software that would allow them to delete the information contained on their phone should it be stolen. While most people would worry about the photos and other irreplaceable memories in the event of a theft, a stolen smartphone can easily turn into a major data breach should the wrong person get their hands on the gadget.

Smartphones used for work must be secure. Smartphone security is incredibly important in a BYOD plan.

Companies must take action

Clearly, shadow IT is no laughing matter, and organizations must take decisive action in order to mitigate the risks of a data breach. So, what would this look like?

First and foremost, set up a meeting with employees to explain the consequences of their actions. As stated, it’s not that these workers are actively trying to sabotage the company. Rather, they simply don’t understand that using a personal device or outside software could cause serious harm. These people simply need to be educated about what can happen when they step outside the approved systems.

Second, to attack unlicensed BYOD directly, administrators must come up with a plan. This could include banning these gadgets outright, but doing so is nearly impossible to enforce, and completely misses all of the advantages BYOD has to offer when done correctly. A better option may be to simply work with a vendor that knows how to implement a secure system to regulate these devices.

Finally, it might be important to figure out why employees were using outside tech to begin with. Are current solutions not doing what they’re supposed to? Do you need to implement training sessions? Would it be best to simply move on to a different platform? Answer these questions and you can work to find the root of the problem.

The presidential debate and the future of American cybersecurity

/in , , /by

Cybersecurity is becoming less of an individual problem and more of an issue that entire states need to deal with. Due to the importance of this issue, both presidential candidates were asked in the recent debate to discuss the current state of cybersecurity within the U.S. as well as what they plan to do when they get into the Oval Office. Their responses – as well as their previous actions – could very well foretell the future of America’s cybersecurity efforts.

Both candidates need to study up

During the debate, moderator Lester Holt asked the candidates about their opinions concerning the current state of U.S. cybersecurity. Hillary Clinton was quick to jump on Russia as a major antagonist. In fact, she went so far as to blame Putin himself for the hack levied against the Democratic National Convention. She also took a very hard line against anyone considering a cyberattack against America, saying that the U.S. would not “sit idly by” and allow foreign entities to breach private American data.

That said, Clinton has certainly had trouble with cybersecurity in the past. She set up her own private email server against State Department regulations, which was eventually compromised by a hacker.

Clinton has been hacked before. A hacker was able to gain access to Clinton’s private email server.

Donald Trump was also adamant that America needs to improve its defenses, although his response was slightly different. As Government Technology’s Eyragon Eidam pointed out, Trump brought up the uncertainty of cyberattacks like the one that befell the DNC. When discussing this attack, the candidate said it could have been anyone from Russia to Iran or even “somebody sitting on their bed that weighs 400 pounds.”

While it’s certainly true that America’s enemies are no longer visible on a map, broadly painting hackers as obese people downplays the importance of this issue.

New federal CISO’s job hangs in the balance

Although both of the candidates will continue to duke it out, the current president has decided to take action. President Obama has created the position of federal chief information security officer, and he’s appointed retired Brigadier General Gregory J. Touhill to the post. Touhill has more than 30 years of experience in the U.S. military, much of which was spent within IT. He’s also been awarded the Bronze Star Medal, according to his biography on the Air Force’s website. This position is meant to come up with a uniform cybersecurity plan for federal government organizations.

“The federal CISO is an appointed position.”

While it’s certainly good to see the White House attempting to tackle the widespread security problems present across the government, the federal CISO is an appointed position. This means the current president is allowed to choose who can fulfill the role, which puts Touhill in a tenuous position. The next president will enter office on January 20, 2017, which means Touhill has around four months to implement some changes.

Whether the next president keeps Touhill will depend entirely on who wins. If Trump is voted into office, he’ll most likely want a fresh slate and appoint his own CISO. There’s a good chance that Clinton will do the same – however, she’s probably Touhill’s only hope at job security. He’ll have to make some huge leaps in the next few months if he hopes to impress.

Data dilemma: Where does police body camera footage go?

/in , , , , /by

As recording technologies get smaller and cheaper, giving police officers cameras to wear on their bodies at all times is quickly becoming a reality. These devices have incredible implications, both for average citizens and for officers, as they allow the courts to cut through all the drama and hearsay in order to get to the truth of what exactly happened. That said, there are a few obstacles standing in the way of widespread body camera deployment.

One of the biggest issues currently facing departments wishing to bring these gadgets to the field is the storage of the video itself. Having a camera running at all times during an officer’s shift creates a lot of footage, and simply deleting this because “nothing happened” isn’t an option. After all, an officer could have recorded something of import without even noticing it. So how extensive is this storage problem, and what can police departments do to ease such a transition?

How much data can a police department generate?

Before delving into the more nuanced discussions of data storage, it’s vital to first understand exactly how much data the average police station can create. Each department will obviously have its own special needs, but a good place to start is the analysis of the Chula Vista, California, police department’s data storage given by Lieutenant Vern Sallee in Police Chief Magazine.

Sallee stated that his station had 200 sworn police officers that were using body cameras in their daily rounds. After playing around with their current setup, Sallee’s department found that a 30-minute video demands around 800 MB of storage. Accounting for all officers with cameras, Chula Vista could generate around 33 TB of data annually. To put this in perspective, Sallee stated that this is roughly the same size as 17 million photographs.

Again, it’s important to remember that this is a rough estimate for a single town. Chula Vista has just over 265,000 citizens, making it larger than the average American city. That said, such a population pales in comparison to the 8.5 million people living in New York City, and implementing a police body camera initiative in this kind of metropolis would be a whole different ball game. What’s more, these larger cities are the ones that need body cameras the most, as they generally have more violent crime requiring forceful police intervention. Clearly, simply finding a place to put all this data is going to be a challenge.

Data storage has its woes. Keeping large portions of data for long stretches of time can be difficult.

Privacy and security are huge concerns

Another major concern with these body cameras is the privacy of the people involved in the recordings. As stated, departments can’t delete a video until they are absolutely sure that nothing on it could possibly be useful in the future. This means that the actions of a lot of innocent people are going to be recorded and stored, and this has certain civil rights groups worried.

In fact, a coalition of the National Association for the Advancement of Colored People and the American Civil Liberties Union presented some guidelines to legislators in 2015 attempting to govern how these recordings are treated. The group wanted to prevent an overreaching use of facial recognition software, as well as ensure officers were only allowed to watch their videos from the day after filing a report, according to CNN.

“Police officers have the right to discuss personal matters without being listened to.”

On top of that, it’s important to remember that police officers have rights, too. These men and women will be recorded at all times during their shift, which means any private conversations they’ve had with their partners could easily be viewed by a third party. These people have the right to discuss personal matters without being listened to after the fact, and officers shouldn’t live in fear that their superiors will eavesdrop on some conversation that they don’t agree with.

Finally, and perhaps most importantly, all of this is for naught if police departments can’t keep the video files secure. A malicious individual or group could do a lot of damage with the ability to map out an officer’s day-to-day duties, and departments must therefore do everything in their power to ensure these criminals are kept at bay.

Partnering with the right company is crucial

Clearly, there are a lot of challenges to overcome when implementing a body camera initiative. That said, the pros definitely outweigh the cons if police administrators are willing to find the right partner for the job. Any officials looking for a company to assist them in their transition should definitely check out the data storage services offered by ISG Technology. We have years of experience storing information for companies from all kinds of industries, and we pride ourselves on our ability to keep our clients’ data safe. Contact us today and find out what an ISG Technology solution can do for your department.

What does an ISG network assessment look like?

/in , , /by

Business technology has become incredibly complex in the past few years. Companies often fall victim to their own success, growing so quickly that the IT department can’t keep up. This can often lead to the network infrastructure being put on the back burner while employees work daily just to keep operations afloat.

Organizations often don’t have the time or expertise to evaluate their own infrastructure, which is why ISG Technology offers comprehensive network assessments. But what do one of these examinations look like, and what can companies get out of them? Let’s take a look:

“No two companies are going to have the same needs.”

What’s the first step?

The problem with laying out a first step for such a complex process is the fact that no two companies are going to have the same needs. A network assessment could mean checking the local compute environment, but it could also have to do with looking at a business’s circuit load. One section of the assessment could be as simple as determining whether or not a physical system has single points of failure.

This is why ISG recommends that companies that come to us looking for a network assessment should first determine what their end goals are. Administrators may not be able to completely vocalize what they need, but they should at least have an idea of what they’re after. Basically, the point of this exercise is to get the organization from its current state to its future state. If we know what a company’s intended future state is, we can recommend clear and decisive actions officials should take in order to get there.

What kinds of issues does the average company run into?

Although each organization is going to have its own unique situation, there are some pretty common problems that our engineers run into on a regular basis. One of the most apparent has to do with mobile devices and their use for work purposes. The Pew Research Center found that just under 70 percent of American adults currently own a smartphone, which means a majority of office workers currently have such a device in their pockets at all times.

Due to the advanced capabilities of these devices, workers are increasingly using their smartphones to access company data. The problem with this is that these employees very rarely take any measures to protect their phones. An infographic from Consumer Reports found that 34 percent of smartphone owners didn’t take any sort of security measures with their phones, and that’s including a screen lock with a four-digit password. Therefore, companies that aren’t taking proactive steps to secure private data from stolen or lost phones are at significant risk of a data breach.

Another major issue we often see is businesses not controlling network physical access in the right way. Many companies are now relying on voice-over-Internet-protocol technology, which allows workers to speak to clients via the Internet. It’s an amazing technology with multiple uses, but IP phones can also be an access point for criminals. These devices require a cable connection in order to get on the Internet. This means that anyone with the ability to get into the office could potentially plug a laptop into one of these cords and instantly access the entire network.

Cybercriminals often break into offices to steal data. Hackers don’t just use computers to commit their crimes.

This is of course a very specific example, but it shows that companies often aren’t thinking of network security correctly. The reality of the situation is that hackers really don’t care how they gain access to a business’s information. Whether it’s by stealing an employee’s phone or dressing up as a janitor to plug into the network after hours, a criminal with enough initiative will find whatever holes exist in current security standards and exploit them.

ISG has the experience needed to do the job right

An ISG network assessment has one major component that sets us apart from other companies: experience. The average ISG engineer has been with the company for eight or nine years, which means they know our network assessment playbook backward and forward. They’ve seen all the classic mistakes – as well as some unconventional ones – and they know what the modern business needs to solve these problems.

When you work with ISG, you can rest assured that you’re dealing with some of the most experienced professionals in the field. If you’d like to see what this wealth of knowledge can do for you, contact an ISG network expert and set up your free IT infrastructure assessment today.





Join the ISG Technology Team




Office 365 and the value of cloud-based solutions

/in , , , /by

Microsoft’s Office 365 has made a huge splash within business IT. In fact, a study from security firm Bitglass found the service to hold 25.2 percent of the enterprise market in 2015, which was a 300 percent increase over the previous year. This even beat out Google Apps, hoisting Office 365 above the competition and showing just how valuable this solution is.

That said, many organizations are hesitant to make the switch to cloud-based platforms for a number of reasons. To that end, we’d like to dispel some rumors about Office 365 and get to the heart of what makes this service great.

Cloud-based solutions make sense for multiple verticals

“The cloud’s many advantages simply cannot be ignored.”

The cloud’s many advantages simply cannot be ignored at this point. The technology’s ability to increase innovation and flexibility while also keeping costs low is an incredibly central part of its selling point. In fact, Matthew McClelland of Blue Cross and Blue Shield of North Carolina has stated that these exact reasons were the drivers behind his organization’s switch to Office 365.

“We were often stuck in the old way of doing IT,” said McClelland, who is the manager of the information governance office at BCBSNC. “Slow waterfall-style projects that took a lot of time to roll stuff out. When you add up the cost of everyone’s time, impact to our operations, the impact on the day-to-day work of users, it’s expensive.”

Of course, health care isn’t the only sector seeing the benefits of cloud-based solutions like Office 365. Fortune quoted Curt Kolcun of Microsoft as saying that the number of Microsoft Cloud for Government users is around 5.2 million, which includes Office 365 as well as other cloud services.

Regulatory compliance is a must

Of course, many sectors have more to worry about than cost and flexibility. Regulatory standards, such as those imposed by the Health Insurance Portability and Accountability Act, come down hard on institutions that can’t follow the rules. In fact, a violation of HIPAA carries a maximum annual penalty of $1.5 million.

HIPAA has strict rules. Violating HIPAA could result in massive fines.

Again, this is where Office 365 shines. McClelland also reported that HIPAA used to be a “hurdle” for medical cloud migrations. However, Office 365 is now HIPAA-compliant, ensuring McClelland’s organization stays on the right side of the law.

ISG Technology can help with your transition

While Office 365 clearly has many benefits for all kinds of institutions, making the transition can sometimes be difficult. To that end, it makes sense to partner with an experienced company that knows all about what a move to the cloud means for an organization. ISG Technology is more than happy to be that partner for you.

Our trained professionals have the experience necessary to help you navigate the tricky waters of transition, both in terms of overall cost and regulatory standards. We know how important this move is to you, and we’re here to help you every step of the way. Contact an ISG Technology representative today and find out what your organization can get out of Office 365.

ISG Partners With WSU's ATAI on Data Center and ITaaS

/in , , , , /by

ISG Technology and Wichita State University’s Applied Technology Acceleration Institute (ATAI), announce a new partnership to provide daily end-user support, from desktop application and operating system support, to network administration and dispatch services.

ISG Technology is a full spectrum data center and information technology (IT) infrastructure company that also provides bandwidth, and an array of IT support services designed to help reduce costs, improve efficiency, and safeguard business critical data. A key component of that service is a support center based in Wichita.  Through the partnership with ATAI, ISG Technology will expose students to high engineering technical resources and learning experiences.

“We’re excited to team with WSU to give students in the ATAI valuable real-world experience in our support center,” said Ben Foster, president and CEO of ISG Technology.  “Technology is cresting an innovation wave right now, with increased storage capacity, faster data speeds and virtualization driving advances in cloud computing. It’s exciting for WSU students to experience the many facets involved in IT service delivery first-hand.”

“The timing couldn’t be better,” said ATAI executive director, Kenneth E. Russell, “ISG brings an incredible opportunity for our students, and we look forward to utilizing their expertise.”

Russell believes ISG Technology will be especially helpful as the institute strengthens its key capabilities, including social knowledge and dynamic data analysis.

In addition to providing student learning opportunities, ISG will support ATAI’s internal IT needs and provide ongoing support for projects including on-premises data center support and physical security system design and implementation.

The Applied Technology Acceleration Institute promotes a practical approach to solving complex technology problems and is focused on building strong industry partnerships and providing experiential learning opportunities for students. The institute includes four centers focused on social knowledge; applied research and technology consumption; dynamic data analysis; and commercialization and inventor collaboration. ATAI is a key component of Wichita State University’s Innovation Campus strategy.

Lessons learned from the Bangladesh Bank hack

/in , , , , /by

Years ago, bank robberies were a very physical affair. Criminals donned ski masks and shot automatic weapons in the air, shouting for tellers to step away from the silent alarm buttons. That said, it would appear thieves have decided that this is just a little too much work. Hacking banks in order to steal money allows for the same reward without having to deal with a hostage negotiator.

In fact, the most recent cyberattack levied against Bangladesh Bank shows just how lucrative these schemes can be. The hackers involved in this scenario made away with around $81 million, which is more loot than any ski-masked thug could ever carry away. However, perhaps the most interesting part of this whole debacle is that this is nowhere near what the culprits originally intended to get. Investigators have discovered that the original plan was to take close to $1 billion when all was said and done, according to Ars Technica.

Unfortunately for the individuals involved, a simple typo wrecked what could have been the biggest criminal act of all time. A transaction meant for the Shalika Foundation was spelled as “Fandation,” which tipped employees off that something was afoot. Regardless, this is still a massive undertaking that demands intense review.

“Bangladesh Bank isn’t completely free of blame.”

How did they get in?

To understand how this whole scheme began, it’s important to comprehend how Bangladesh Bank sends and receives funds. Institutions like this rely on SWIFT software, which basically creates a private network between a large number of financial organizations. This lets them send money to each other without having to worry about hackers – or so the banks thought.

Gaining access to the transactions within this network was basically impossible, unless someone were to be able to compromise a bank’s internal IT systems. This is exactly what the criminals did.

However, Bangladesh Bank isn’t completely free of blame here. The only reason that hackers were able to gain entry was because the financial institution was relying on old second-hand switches that cost about $10 each. Considering how much was at stake, pinching pennies in such a crucial department seems incredibly irresponsible in hindsight. What’s more, the bank didn’t even have a firewall set up to keep intruders out.

Once hackers bypassed this low level of security, they were given free rein to do as they pleased. Accessing Bangladesh Bank’s network allowed them to move on to SWIFT, as the cheap switches didn’t keep these two separate. However, the really interesting part of this whole criminal act was how they took the money without anyone noticing.

Why weren’t they discovered sooner?

In order to make off with the cash, the criminals had to access a piece of software called Alliance Access. This is used to send money, which allowed the hackers to increase transactions in order to make a profit. However, Alliance Access also records transactions. This was a big problem for the thieves, as they couldn’t make money if someone knew they were stealing it.

To fix this, the hackers simply inserted malware that disrupted the software’s ability to properly regulate the money that was being moved. On top of that, this malicious code also modified confirmation messages about the transactions. This allowed the criminals to continue to operate in obscurity, racking up millions of dollars without anyone being the wiser. In fact, they would have gotten close to $1 billion if one of these altered reports didn’t have a spelling error.

A small error cost these hackers hundreds of millions. The hackers could have made so much more money if they’d checked their spelling.

However, understanding so much about how Bangladesh Bank’s system worked has pointed investigators to the notion that this was an inside job. In fact, The Hill reported that “people familiar with the matter” know that a major suspect is a person who works at the bank. No one has been named yet, but getting an employee in on the job certainly makes sense.

Network assessments are a must

Regardless of whether or not this turns out to be an inside job, the fact still remains that Bangladesh Bank was incredibly vulnerable to a hack like this. Relying on cheap network switches is bad enough, but not having any sort of firewall is a major hazard that modern institutions simply cannot allow.

This is why every company should consider receiving a network assessment from ISG Technology. Our skilled experts know how to spot glaring vulnerabilities such as these, and can suggest fixes to ensure the security of private data.

How ISG handles HIPAA compliance

/in , , , , /by

Health care data is heavily monitored in the U.S. The Health Insurance Portability and Accountability Act has very strict regulatory standards about how this kind of information can be handled. One wrong decision could result in some hefty fines, even if the person or organization didn’t know they were making a mistake. The American Medical Association has stated that even accidentally violating HIPAA could cost a medical facility up to $50,000 per violation.

Clearly, making a mistake when handling medical records isn’t an option, which is why ISG Technology works with health care providers to ensure they don’t stumble. But what exactly can ISG do for you?

“Accidentally violating HIPAA could cost a medical facility up to $50,000 per violation.”

Issues with security aren’t always apparent

The main advantage of partnering with ISG is that we can help you get ready for an actual HIPAA compliance audit by zeroing in on problems you might not even notice.

One of the main issues our engineers run into when assessing a hospital’s network is the fact that security credentials often aren’t taken as seriously as they should be. Basically, employees who only need to view certain kinds of data are often able to access information they shouldn’t be able to see. In an average hospital network, only about two or three employees should be given admin privileges. However, ISG experts often come into an assessment and find that 100 workers in a 700-user system will have domain admin accounts.

This is a problem because it creates a huge number of entry points for a hacker who can socially engineer her way into accessing one of these accounts. According to past experience recounted by security firm Social-Engineer, more than two-thirds of employees will provide a stranger with their information such as their birthday, Social Security number or their personal employee ID. A hacker could easily call into this hospital and use this information to trick a staff member into giving them login credentials to an admin account, thereby allowing the criminal free reign over a network.

Hackers use social engineering to get data. Sometimes, accessing private information is as easy as asking for it.

ISG can help you fix these problems and pass an audit

HIPAA audits are extremely comprehensive, and getting a perfect score is next to impossible. In fact, as the above example shows, health care facilities often have numerous issues that they don’t even know about, which can decrease an organization’s standing if an auditor were to discover these problems.

ISG can help these facilities decrease the number of red flags to a manageable and reasonable number, thereby increasing the chances of passing an inspection. Health care data is extremely private, and ensuring its safety should be a top priority.


Join the ISG Technology Team