Improve Healthcare Communications with SMS Solutions for Hospitals & Clinics

Posted On 31 January 2023 By Patryk Patej In Articles / 11

From hospitals to clinics, healthcare institutions are on the front lines of protecting citizens and communities across the globe. The need for accessible healthcare continues to be prioritised, with governments going a long way to ensure patients have seamless access to the doctors, facilities and care they require. A tougher challenge, however, resides in the microeconomics of these institutions and facilities, where ineffective communications continues to plague both patients and health workers alike. As we speak, thousands of appointments are being made over physical helpdesks and calls – appointment management alone remains a manual process requiring tedious direct telephone work.

Unlike dedicated apps or telephone calls, SMS provides healthcare institutions with a seamless medium to communicate with patients. By utilizing SMS communications solutions integrated with existing patient management systems and databases, healthcare institutions can automate patient engagement and reachout activities. Not only is SMS accessible across all types of handsets, it also requires absolutely no patient training and produces greater response rates than external apps or patient helplines.

Problem of missed appointments

The statistics for missed appointments are not positive. For example, in Poland there were 19,500 “empty” visits to specialists in year 2022 just in in the West Pomeranian province (an area with a population of 1.7 million people). These “empty” appointments occur in cardiology, endocrinology, orthopedics, ophthalmology specialists and even in family doctors. Missed appointments simply means longer queue to specialists and family doctors. It can also have a significant impact on operating profits by under-utilising doctors and medical facilities. These missed appointments affect also the capacity of healthcare institutions to develop and deliver new patient services to their existing customer base.

SMS is the simplest solution to use

With SMSEagle SMS/MMS Gateway, hospitals and clinics can send SMS messages to patients reminding them of their upcoming appointments. Patients can then reply to the SMS message to cancel their appointment if necessary. This saves time and resources for both the patient and the hospital or clinic. SMSEagle device provides a web-based graphical user interface (GUI) that allows hospitals and clinics to easily integrate it into their existing workflows. The GUI simplifies the process of creating and sending messages, making it quick and easy for staff to use. The SMSEagle GUI also allows hospitals and clinics to manage their messages in real-time. They can monitor message delivery and track responses, ensuring that patients receive the information they need when they need it.

Easy integration into existing appointment systems (optional)

By integrating the SMSEagle SMS/MMS Gateway via API or Emai to SMS with appointment scheduling applications, patients can effectively manage their appointments by sending SMS requests to cancel existing appointments or even change the appointment date. These requests are then automatically updated in appointment systems without the need for human intervention. Likewise, healthcare institutions can easily contact and remind patients of upcoming appointments, minimizing the number of missed appointments. Together, this allows for a faster allocation of appointment slots and better utilization of healthcare resources.

Keeping patients in the loop

SMS is not just for proactive patient management – hospitals and clinics can leverage it to keep patients and former patients updated on new services and facilities, ensuring that they are kept in the loop of the latest healthcare advancements while expanding their own reach and influence. Likewise, by connecting patient databases with the SMSEagle SMS/MMS Gateway, institutions can easily spread the word when there is a vaccine rollout or new doctor in town. They can then follow up with this by pushing proactively for appointments.

Healthy patient communications

Using SMS messaging to communicate with patients takes the cost and complexities out of appointment scheduling, patient management and reachout campaigns. SMSEagle’s latest partnership with Nexus Polska, for example, greatly automates the transmitting of healthcare information between doctors, patients and other healthcare workers. With seamless integration and nearly no additional staff training required, SMSEagle SMS/MMS Gateway is the perfect low-cost, high-impact solution for your patient communication needs.

Create the right solution for your operation

Your obstacles are unique, and the solutions for them should be too. The functions of SMSEagle allow critical operations units to incorporate SMS communications into their systems in a way that makes sense to them. To find out how SMSEagle will allow you to create the solution you need, get in touch with our team.

Try Demoor

Patryk Patej

Patryk Patej is the Marketing and Sales Manager at SMSEagle. He has over 10 years’ experience as a communications professional specializing in business development, marketing and customer engagement. Patryk attended the Keiser University-Sarasota, in Florida, USA for Business and Computer Graphics.

Order Management Systems: Adding SMS to the Cart

Posted On 9 January 2023 By Patryk Patej In Articles / 5

This holiday season, shopper footfall has reached an all-time high – whether it’s Cyber Monday or Panic Saturday, stores have been inundated with year-end orders and last-minute holiday purchases.

As such, order management systems that support this kind of retail activity have never been more crucial, especially with e-commerce overtaking in-person sales. Merchants need to be able to communicate with customers across multiple touchpoints, and at every phase of the order lifecycle. From placing an order and issuing invoices, to fulfilling delivery and sending billing reminders, keeping customers in the loop not only reduces the risk of dispute, missed deliveries and non-payment, but also improves ease of fulfilment and customer satisfaction.

Efficient customer notifications via SMS

The incumbent in this regard is clear – as we speak, thousands of SMS messages are being sent to customers to notify them of new orders and deliveries. Not only is it the channel of choice, it also best fits the concise nature of transactional messages and boasts extremely high read rates. Furthermore, rapidly evolving e-commerce systems mean that online customer identification is increasingly tied to unique phone numbers, which SMS serves as a natural extension to.

How to lower the costs of SMS in e-commerce?

Using a comprehensive SMS-based communications solution such as SMSEagle Hardware SMS Gateway, retailers can reap great cost savings by investing in a single hardware rather than subscribing to a PAYG model, while leveraging lower rates provided by local SIM cards. It also offers multiple useful features including phonebooks, message templates and Email to SMS, where retailers who choose to ping customers via email can now extend this effortlessly to SMS messages.

From-store-to-door messaging

Every purchase begins with placing an order. Whether customers order in-store or online, they want to be assured that their order has been received and processed. By connecting e-commerce systems such as Amazon Seller Central to the SMSEagle SMS Gateway via third-party automation tools such as Zapier, retailers can notify customers every time a new sales order is placed, with SMS messages automatically sent to the customer’s phone number. This can include a wide range of order information such as the expiry date for a subscription, or expected delivery times and tracking updates.

Achieve the highest open-ratio

According to ezyCollect, it takes up to five reminders to achieve a 96% rate on bill settlement, clearly indicating the importance of SMS communications in ensuring high payment rates. Retailers can use SMS to not just deliver invoices and statements, but to also send payment reminders. They can leverage SMSEagle’s ready-to-use APIs for integration into any accounting software, where such reminders can be programmed based on the billing cycle. For invoicing, they can integrate for example with Zoho Inventory (via Zapier) to trigger an SMS whenever a new invoice is created. This can be used for content subscriptions, postpaid plans, utility services and even credit repayments.

Thank you for shopping with us!

With m-commerce continuing to flourish, user identification increasingly relying on mobile identities, and the need to engage customers more pronounced than ever, SMS has never been a better channel for order communications and billing reminders. SMSEagle SMS/MMS Gateway makes this simple and cost-effective with its range of ready-to-use APIs, local charges and bulk messaging capabilities, empowering retailers regardless of their existing systems, offerings and size.

Create the right solution for your business!

Your obstacles are unique, and the solutions for them should be too. The functions of SMSEagle allows businesses to incorporate SMS communications into their systems in a way that makes sense to them. To find out how, get in touch with our team.

Contact usor

Try demo

Patryk Patej

Mission Possible: Connecting Citizens, First Responders and Critical Operations with SMS

Posted On 5 December 2022 By Patryk Patej In Articles / 3

Mission critical systems underpin operations and industries that form the essential backbone of economies and governments. Notable examples include first responders such as the police, firefighters and paramedics, as well as sectors such as the utilities and railway. Nevertheless, these systems are susceptible to various performance, operational and security issues, requiring real-time communications to ensure that the slightest disruption can be addressed and mitigated in time.

As critical operations tend to be sparse and may sometimes involve thousands of personnel, detecting and communicating issues within these environments can be an uphill task. In the case of first responders, for example, army personnel, firefighters and emergency workers may need to be deployed at a plane crash site within minutes, involving the coordination of many different teams and departments.

Given that all critical operations are essentially ‘critical’, and most often happen in scenarios where default networks such as the Internet may not be the fastest, safest and most easily available option, SMS offers a superior communications method that ensures immediate reach, boasting not only high read rates but also an omnipresent channel that is accessible to all.

Integrating in-silo response systems into a single communications channel

For large scale operations involving multiple taskforces or units, SMS can address a fragmented communications framework where proprietary and disparate radio networks are used by different teams, resulting in delays and miscommunications. SMSEagle SMS/MMS Gateway, for example, addresses this by integrating all touchpoints involved in a critical mission into its database of recipients, allowing key updates and commands to be broadcasted to everyone involved. This enables operations to be scaled accordingly, with messages cascaded quickly to team members, for example the entire field force of a power plant.

In the case of IoT and IIoT, sensors and third party devices linked to SMSEagle SMS/MMS Gateway can enable the real-time monitoring of critical facilities such as nuclear plants and oil rigs. For example, routine power grid inspections and monitoring of metro trains can leverage SMS-based communications to enable sensors to deliver operational logs to the controlling unit on information such as transmission load or journey times. Likewise, operational and maintenance updates can be sent to the team on the ground and also relayed to the sensors directly via SMS. SMS-based surveillance and management also helps in detecting disasters such as fires. For example, the SMSEagle integration plugin with AVTECH Room Alert or Pfau LISA enables fire and rescue departments to detect fires and floods in real-time where sensors alert them via automated SMS notifications. Where advanced API-based application links are in place, these notifications can be returned with automated responses that trigger, for example, connected sprinklers or water pumps to turn on automatically.

Keeping everyone informed

SMS plays another key role in mission critical communications. It enable vital instructions and information to reach the most affected parties – the victims. Using dedicated SMS channels, victims can send messages to first responders and establish communications where all other means of reaching out are exhausted. For example, first responders can get in touch with members of a local community during a breakout of a pandemic. Likewise, in the case of a heist where residents are locked up in an apartment or dormitory, solutions such as SMSEagle SMS/MMS Gateway provide a ready means for passing updates and keeping the victims informed, and also enable critical information provided by a single victim to be looped back into the system and broadcasted to all other victims affected by the same emergency.

SMS on a mission

SMS messaging via SMSEagle SMS/MMS Gateway not only makes the most out of existing cellular infrastructure and investments, but provides an easy to integrate, forward solution that is compatible with automated response systems and is highly configurable to the needs of any critical mission.

Suggested reading: Maximizing Emergency Response Efficiency: VERDI’s Successful Deployment of SMSEagle Hardware SMS Gateway

Create the right solution for your operation

Try Demoor

Patryk Patej

Acing School Communications with SMS

Posted On 7 November 2022 By Patryk Patej In Articles / 8

Critical weather updates sent over email and contest invitations pinned on bulletin boards are just a few of the many communication mistakes schools tend to make in delivering important information to parents. When it comes to school communications, traditional methods like these are losing their appeal. Schools need an alternative that is both cost-efficient and can get the attention of parents immediately. Even dedicated school websites and information portals do not fit the bill – parents hardly have the time to check their emails, let alone updates published on obscure third party platforms.

Another message from school

School communications encompass a diverse range of matters, from trivial updates such as open days and carnivals to critical alerts such as floods and disease outbreaks. With 55% of K-12 parents preferring texting over other channels, SMS messaging offers schools the best of both worlds by combining speed and scalability. SMS can be used for both regular and critical updates, boasting minimal costs, higher reach and substantially higher read rates.

The many types of communications

SMS is the perfect tool for one-to-one, one-sided notifications such as reminders to pick up children after class. SMSEagle SMS/MMS Gateway can be used for example, to inform parents that registration for a karate classes has been completed or that the child has successfully enrolled into a chess competition. This enables SMS to become an integral part of the student registration pipeline, removing the need for third-party platforms which are often deployed to track enrolments. By linking up student data apps such as QuickSchools.com with the SMSEagle gateway, notifications are automatically triggered every time a new record is added.

Broadcast of critical alerts

SMSEagle SMS/MMS Gateway broadcast service can provide crucial security and safety for schools. Emergencies such as a fire breakout, an armed attack or a sudden snow storm can be communicated to all parents at once, along with safety instructions and other important information. This prevents miscommunications during hours of panic and removes potential mishaps. SMSEagle SMS/MMS Gateway can also serve as an internal broadcast tool, keeping teachers and school staff informed whenever typical loudspeaker and traditional bell messages fail to reach them.

Last minute notices

SMS communications supports unlimited recipients and allows last minute notices and updates to reach students and parents in any location reliably and punctually. Integrated with the school’s student database, it can be used for fast reach to different recipient classes for customized messages and targeted communications. Schools can alert parents of upcoming events, remind them of school breaks, holidays and results collection days.

Given its scalability, cost effectiveness and easy-to-deploy form factor, any school can benefit from SMSEagle SMS/MMS Gateway. All a school needs is a single hardware and a local SIM to set up a reliable and robust medium of communication that can greatly alleviate their administrative burden while keeping parents and students well informed.

Create the right solution for your school

Your obstacles are unique, and the solutions for them should be too. The functions of SMSEagle allow schools to incorporate SMS communications into their systems in a way that makes sense to them. To find out how, get in touch with our team.

Contact usor

Try demo

Patryk Patej

Powering Public Sector Communications with SMS

Posted On 10 October 2022 By Patryk Patej In Articles / 7

When one thinks of internal government communications, several legacy systems come to mind. Memos. Pagers. Fax. Noticeboards.

Acknowledged as archaic and ineffective, many administrative bodies across the world have begun to phase these out in favour of newer technologies. Much like regular enterprises, when it comes to selecting the right communication channel, the emphasis is often on accessibility, prevalence as well as efficiency and reliability. For the public sector, another important consideration that often weighs in on these decisions are data protection laws and confidentiality. Combined, these requirements render popular means of communication such as emails and chat apps unfitting, leaving employees to grapple with chunky proprietary communication systems that are difficult to access, use or integrate.

Boasting unparalleled accessibility and reach, SMS messaging presents the public sector with a great alternative to these systems. Delivered over cellular networks, SMS messages are able to reach all types of mobile devices and Internet-inaccessible areas. With read rates of over 90%, they make a good fit for critical operations and important announcements.

To meet public sector requirements, however, SMS communication must be supported by a solution that ensures data sovereignty and confidentiality. This is where SMSEagle SMS/MMS Gateway comes in. As hardware that is deployed on-premises, government and public sector departments have full control over their communications gateway. Without having to connect to the Internet, SMSEagle SMS Gateway is shielded from cyber-threats. With all data stored locally in a secure relational database, the gateway is especially useful where employees are required to maintain communication records.

Breaking the rules: SMS for government organizations

Whether it is healthcare information or identity records, government data is often strewn across various repositories which make information retrieval an arduous process. By connecting internal applications to the SMSEagle API, important information can be sent via SMS to employees requesting it. By putting automated systems in place, employees can request, for example, updates on status reports by simply sending a code such as YES to a particular SMSEagle number.

Given that there are plenty of locations with cellular connectivity but no Internet, SMS messaging makes a good fit for remote operations such as wildlife preservation or rural development. Alerts can be sent via SMSEagle SMS Gateway to many employees all at once, notifying them of, for example, a reported illegal logging activity. This can be extended to field workers who cannot attend to desktop applications for updates, and regular employees who share similar tasks but are geographically dispersed – for updates on shift schedules, submission deadlines or requests for meetings.

Being able to deliver timely alerts makes SMS an apt means for critical communications. During emergencies, SMSEagle SMS Gateway is able to disseminate critical information instantaneously, and keep planned actions confidential so that internal efforts are not undermined by malicious third parties. Furthermore, during disasters such as floods or fires, other forms of connectivity are likely to go down, leaving SMS as the only available solution.

Accelerating digital government transformation

Public sector communications can greatly benefit from SMS. SMSEagle SMS/MMS Gateway in particular, is easy to understand and deploy and can be used by any department or unit. It enables the public sector to leverage existing mobile infrastructure and advancements in digital applications to deliver real-time communications – routine, strategic or critical – to keep their teams connected and their services running excellently.

Create the right solution for your operation

Your obstacles are unique, and the solutions for them should be too. The functions of SMSEagle allow government and other organizations to incorporate SMS communications into their systems in a way that makes sense to them. To find out how SMSEagle will allow you to create the solution you need, get in touch with our team.

Try Demoor

Patryk Patej

How You Can Use MMS to Drive Business Growth

Posted On 23 June 2022 By Patryk Patej In Articles / 1

A picture is worth a thousand words! Have you ever wondered why? A picture conveys information more effectively than words and can tell a story as well as many, many words.

How can you leverage the power of the visual medium to grow your business?

MMS messaging can help you grab your audience’s attention and help your business get an edge over the competition.

What is MMS?

MMS is the acronym for Multimedia Messaging Service; a technology built using the same technology as SMS to allow users to send multimedia content. You can use MMS to send pictures, audio, phone contacts, and video files.

Benefits of MMS for Business

Global coverage: You can reach 100% of global mobile phone users, including 620 million global users who use feature phones.
High open rates: Messages sent via MMS have stratospheric open rates of up to 98%.
Longer message lengths: With MMS, you can send longer messages with up to 1600 characters. The limit on the MMS message size varies with the service provider.
A richer customer experience: With multimedia content, you can grab the viewer’s attention.
Increased engagement: Multimedia messaging leads to higher engagement levels: not only do more people read the messages and interact with the content, but they are also up to 8 times more likely to share it with friends.
Branded messaging: You can send a message that includes your brand logo.

Let’s discover how businesses in different commercial sectors can use the power of MMS to drive business growth.

Retail

Coupons and promotions: You can use MMS to share scannable QR codes and coupon picture messages that customers can redeem in stores and rich messaging features like GIFs, videos, and sound clips add to the experience.
Product registration: You can invite buyers to register their products the easy way: by sending a photo of a bar code associated with the product.

Insurance

Customers can speed up claim processing by sending photos through MMS.

Customer Support

Customers can send pictures of defective products. Your support team will immediately know what is wrong and can suggest a solution or send the right team to solve the customer’s problem.
You can send audio with instructions on how to install a product. This helps the customer and reduces your support costs.

Travel and Tourism

Airlines can send tickets and boarding passes via MMS. Customers don’t have to worry about losing these documents as they are safe on their phones.
Travel agencies can use custom imagery during marketing for special deals and promotions.

Food and Restaurants

Marketing messages with images of new products can increase anticipation and drive sales.

Automotive

Automotive companies can use personalized images for marketing new and existing products and driving sales.

Conclusion

With text, your creativity is limited. Unless you are Shakespeare, there is only so much that you can say with words.

With images and video, your creativity is unleashed. There is no limit to what you can communicate through a properly designed image or video.

Use MMS to unleash your creativity and use the power of the visual medium to drive business growth.

Create the right solution for your operation

Your obstacles are unique, and the solutions for them should be too. The functions of SMSEagle allow businesses to incorporate SMS communications into their systems in a way that makes sense to them. To find out how SMSEagle will allow you to create the solution you need, get in touch with our team.

Try Demoor

Patryk Patej

Notification of Legal Entity Changes

Posted On 2 March 2022 By Radosław Janowski In Articles / 1

Dear Valued Customers & Suppliers,

We are excited to share important news regarding the evolution of our company and how this change will impact you. We are pleased to announce that on March 1, 2022, the business activity under the name PROXIMUS Radosław Janowski was transformed into Proximus Sp. z o.o.

What does that mean for you?

Due to the transformation, the legal name and the VAT-EU number have changed. The address, bank account numbers, telephone numbers, and e-mail address remain unchanged.

Your contracts and contact persons remain unchanged. The change does not influence the continuation of business activities and the validity of contracts concluded in the past. Proximus Sp. z o.o. takes over all the rights and obligations of the transformed entrepreneur PROXIMUS Radosław Janowski.

New business correspondences, orders, invoices, delivery sheets, new contracts, and changes to existing contracts between you and our company must be carried out under the new business name Proximus Sp. z o.o. following with this change.

Therefore, we ask all our business partners to make this change in their records and to use only the new company name, Proximus Sp. z o.o., for all future communication with our company.

The current company data:

Proximus Sp. z o.o.
ul. 163 Piątkowska
60-650 Poznań
Poland
VAT-EU: PL7812032643

Radosław Janowski

Protect Your Home and Business by Securing Wi-Fi and Connected Devices

Posted On 14 October 2019 By Michael O’Dwyer In Articles / 3

In the last ten years or so, securing our local area networks has become more difficult, thanks to ubiquitous high-speed broadband and a proliferation of internet-enabled devices. Some of these are branded ‘smart’ but their widespread adoption could be considered less so. Some, like smartphones, add convenience but most introduce security risks. Whether it’s at home or at work, smart devices vary widely in terms of security. Some devices operate on Bluetooth, others connect to wireless networks and via cable. Whatever the connection protocol, it’s important to ensure that all are monitored as part of a cybersecurity policy or if at home, a common-sense attitude to security.

But, where do you start? How do you identify potential security threats?

In the same way that you protect your home and business, any worthwhile security system will start with access points; all exits and entries are protected first. For networks, initial perimeter defence is controlled by the routers that distribute your broadband connection.

Securing Routers

Most routers offer a combo of LAN ports and a wireless option (with or without antennas). Router configuration is key to enforcing security. I recommend changing all default options. Make sure your default gateway is changed. Ditto, the IP address range for your domain or workgroup. 192.168.1.x will be the first avenue of attack for hackers. Ensure that a complex password and username is in place. ‘Admin’ and other defaults are not acceptable. It’s also important to name your router as leaving the default name will provide clues to hackers sniffing your network. I’d suggest your favourite Klingon entrée or perhaps the name of the dumbest president to ever hold office. Finally, use an encrypted connection (at least WPA2).

Thanks to BYOD (bring your own device), guests at work and at home often request your Wi-Fi password. Many routers offer a ‘guest network’ option that prevents temporary users from accessing shared resources on the network. Enable this function.

If not available, claim ignorance of the password (passwords are assigned by our IT admin only) to prevent unauthorised access to company resources or suggest they upgrade to a higher data plan for their mobile device.

The Internet of Things and Smart Devices

Granted, it’s much easier to add new workstations or devices using wireless. It saves time and there are no trailing cables. Office disruption is also minimised as no building alterations are required. Convenience is the name of the game and portability comes a close second, with tablets, laptops and smartphones in common use.

With the Internet of Things came a recognition that we were running out of IP addresses and IPv6 became necessary to allow for the predicted billions of internet-enabled devices. Everything from fridges to toasters and webcams became smart… or as smart as their manufacturers made them. The key security element for connected devices is to remember one thing – many are not built in a security-first manner.

Hard and Fast Rules for Connected Devices

Before purchasing an IoT device, you should consider all, but not limited to, the following questions:

Is it REALLY needed? We all love buying gadgets but if there is no efficiency benefit then why even bother? Check out this 2017 list from Gizmodo.
Is the device secure? The blind assumption that the router will protect all devices connected to it is a dangerous one. I consider an IoT device secure if:
1. I can modify the security settings from the defaults. Hardcoded settings are exploited by hackers.
2. I can stop unnecessary features.
3. The device supports future firmware updates or security patches that are installed locally (via USB or SD card, for example) or remotely.
4. The device does not rely on SMBv1, which has known weaknesses. Microsoft has published a list of some affected manufacturers and related products. YOU need to check all connected devices for this vulnerability by reviewing manufacturer websites. Bear in mind that healthcare, medical and industrial products are also vulnerable so this condition does not only apply to consumer products but for every industry.
How invested is the company in security? In other words, how would you assess their expertise? If a smart coffeemaker is in your future, is it fair to say that the company knows domestic appliances and is totally new to securing smart devices?
Is the primary function of the device enhanced by being ‘smart’? In the case of a coffeemaker, I’d have to say no but in the case of health-monitoring equipment it’s an emphatic yes. Maybe it’s just me but communicating with or receiving alerts from a coffeemaker or other domestic appliance seems a little pointless. But, health monitoring can detect anomalies and perhaps save lives.

Of course, despite security risks, some devices are worthy of connection. In such cases, why not use a different workgroup or domain? Segregating all IoT devices makes perfect sense and protects the rest of your network from attack.

In conclusion, the use of Wi-Fi and a multitude of connected devices adds convenience. However, awareness of security risks is crucial when selecting devices. Regular auditing of existing devices is necessary as well. In the meantime, perhaps it’s worth policing connected devices to ensure your network is not compromised by smartphones with vulnerable OS versions, cheap imports or wearables. What do you think? How vulnerable are your smart devices and sensors? Have they been hacked before now? Smart locks certainly have.

Michael O’Dwyer

Michael O’Dwyer is a Hong Kong-based business and technology journalist, independent consultant and writer whose stories have appeared on Forbes.com, The Street, IBM’s Midsize Insider, HP’S Pulse of IT, Dell’s Tech Page One and other IT portals, typically covering areas where business and technology intersect. He writes for both US and UK audiences and acts as a technology and open source advocate. Twitter: @MJODWYERHK

Network Security: Shadow IT Risk and Prevention

Posted On 9 September 2019 By Michael O’Dwyer In Articles / 2

Contrary to many opinions discovered online, shadow IT (a.k.a. rogue or stealth IT) is not down to the IT team saying no or refusing to provide required productivity tools necessary for a specific job role. In truth, it is often down to restrictive budgets and senior management decisions on same. Speaking as an IT pro, we do not care what software users need and would happily supply it if the budget is available and the software need is indicated. WE are not responsible for users installing unauthorised software, using unapproved cloud services or adding their own hardware such as memory sticks and external drives to company systems. BUT, as always, we are expected to assume the responsibility and the blame for such practices.

What are the risks of Shadow IT? How can they be reduced?

As Przemysław Jarmużek, systems administrator & support expert at SMSEagle was quick to point out: “The level of risk will depend on the type of Shadow IT and the motives of the user involved” with common dangers including but not limited to the following:

BYOD

The rise of BYOD in the workplace has tied IT’s hands in cases where IT do not have control of the device. Device owners are free to install whatever they wish on their own device and rightly so. In an ideal world, the device would mobile device management (MDM) to segregate work and personal use by using a virtual partition. This work ‘partition’ could be managed remotely and the partition could be erased or deleted if the device is lost or stolen or if the employee leaves the company.

Consumerisation of Software

Anyone with a credit card can purchase a cloud service or online subscription to a wide array of software and collaboration tools. Many are free and only need an internet browser to access. This is an obvious problem when trying to control the flow of company data, making it almost impossible to track the impact of a data breach. These unauthorised activities could also have an impact on compliance requirements, especially in relation to data protection and requirements for storage of personally identifiable information (PII). The risk of intellectual property loss also increases if third party service providers are breached by hackers.

Licensing

Users installing licensed software from home is also a danger. Note that this activity is sometime used by malicious employees seeking financial gain. They install illegal software on company systems and then send a ‘tip’ to organisations responsible for copyright theft to obtain a percentage of the high financial penalties levied. This point is demonstrated accurately in a TechCrunch article: Software piracy claims can ruin your business and reward those responsible. An old article but all the points raised are still valid today.

Productivity Aims

Many users install or use unauthorised software and tools to improve productivity and lack any malicious intent. They are just unaware of the possible dangers of installing freeware and paid solutions that are not approved or monitored by IT.

Preventing Shadow IT

Radosław Janowski, product manager at SMSEagle said that “IT cannot be expected to have psychic powers and each department head should provide a list of software and tools that they need to fulfill their roles in a productive manner. This will allow IT to supply it and eliminate the requirement for Shadow IT.”

An excellent point. Tell the IT team that you can’t do your job effectively without software X and tool Y. We will listen and respond with updates.

In fact, there are several ways to reduce shadow IT while enforcing the fact that IT are responsible for security on company equipment and on BYOD devices when the owner has signed an agreement allowing remote administration.

Admin Access – There is no reason for users outside the IT team to have the ability to install programs. Any and all programs should be installed and managed by IT.
Network Inventory Management – IT will regularly monitor hardware and software assets on the network, automatically detecting any additions and reacting accordingly based on potential risk. There are many tools available to accomplish this task and some will aid security patch and update management.
Network and port monitoring – to prevent access to unauthorised cloud services.
IT will provide a software repository for all approved software and tools. If additions are required by a user or department, it is formally requested.
IT will foster an environment of security awareness to include the potential dangers of Shadow IT and ensure that there is an onboarding process for new employees.

However, without senior management support, none of the above will work. Available budgets and claims of IT interfering in all departments no longer hold weight as IT is needed in all departments. IT are responsible for security and if identified security risks are not acted on, then future problems that result from inactivity cannot be blamed on IT. When you consider that a recent Forbes Insights report finds that more than one in five organizations have experienced a cyber event due to an unsanctioned IT resource, is it worth checking if shadow IT is a potential risk in your business? I think so.

Michael O’Dwyer

Document Security — Does Your Security Policy Protect Digital and Physical Documentation?

Posted On 9 August 2019 By Michael O’Dwyer In Articles / 2

Disclaimer: As there are books about document/data security, consider the following as an introduction. Discuss the points raised and estimate how your company would be rated if tested by an ethical hacker or penetration tester. Perhaps you might want to hire a penetration testing company to evaluate your digital and on-premise security?

Digital transformation is simplified as the aim to eliminate paper-based documents and go ‘fully digital’. As much as we would like to, it’s generally impossible to achieve a paperless office. Barriers include financial, accounting, legislative and compliance requirements that require retention of original paper documents for a specified number of years. Some industries (legal, for example) have yet to make all their processes digital and physical form-filling is common in many situations. Therefore, any worthwhile security policy must consider both physical paper-based documents and their digital counterparts.

How can companies ensure adequate protection of physical and digital files? What are the common attack vectors involved? Does your security policy consider remote and onsite attacks?

Risk Management

The first step in creating a security policy is to identify risk. Attack vectors include but are not limited to:

Remote hacking – Industry best practices recommend a comprehensive cybersecurity strategy. Many companies use industry standards such as HIPAA as a guideline. Recent requirements in Europe in relation to data privacy (such as the GDPR) also force a strategy as part of compliance. The key message is that companies are responsible (and can be penalised) for failing to protect data adequately as most jurisdictions have corresponding data privacy regulations, especially for medical and financial data and any other personally identifiable information (PII).
Internal threats – disgruntled employees are a viable attack vector. In addition, employees can unwittingly allow a hacker to breach your network after falling victim to phishing, ransomware or other remote attack based on social engineering techniques.
A combination of the above – where the remote attacker has a willing accomplice onsite.
Decommission, donation, recycling or theft of onsite equipment such as PCs, laptops, smartphones optical media, hard drives and memory cards can all introduce risk. This is true because even when wiped, forensic techniques can successfully recover data.
Insecure storage areas – when filing cabinets and digital backups can be accessed by anyone.
Sharing – consider the numerous ways we can share or capture data. Our smartphones can act as personal computers, take photos, share via chat program, upload to any number of free cloud storage providers, share on social networks and, of course, use the internal storage of the phone to store files for later review. Shadow IT, where users install their own unauthorised programs, could also allow dispersal of confidential data.
Security Updates and Patches – Prompt updates prevent hackers from exploiting security vulnerabilities. Best not to ignore them.

Okay, so now you have an idea of the potential threats. It’s worth noting that hackers will take the easiest route to acquire data. In film and TV, sophisticated hackers acquire passwords and systematically break through all cybersecurity defenses, but the reality is very different. It’s much easier to hack the user or use ‘low-tech’ or ‘no-tech’ methods than breach firewalls and other security features.

Social Engineering

As reported in MeriTalk, citing ISACA’s survey STATE OF CYBERSECURITY 2019, PART 2, cyber threats remain consistent but have increased in volume in 2019, with the top three most prevalent attacks coming from cybercriminals, hackers and non-malicious insiders. All three accounted for 70 per cent of all attacks reported by survey respondents. 44% said phishing was the most common attack, 31% said malware and 27% claimed social engineering was most prevalent.

However, since phishing is a form of social engineering, and malware creators often use social engineering techniques to fool the user, the truth is that social engineering of the human factor is the most lucrative option for any hacker. We are the weakest links in any security system.

How to Protect All Your Files

Firstly, be paranoid. Then, be very paranoid. Be aware that the size of your company does not matter. You may be in an industry attractive to hackers or be a client or supplier of a target company. In addition, it’s generally a numbers game, with cybercriminals, hackers and wannabe hackers all launching volume attacks using easily acquired tools and hacking packs. Being a hacker doesn’t necessarily mean you need skills. The “as-a-service” model also applies to the hacking community and on the Dark Web, you can acquire all you need to start hacking. Clearly, to protect your files and documents, a detailed security policy is necessary or perhaps, different security policies for each process. The SANS Institute offers a wide variety of free security policy templates that can be personalised for your company, which saves time in policy creation.

I’ll save you some more time… Assume that your company is a viable target and protect files and documents accordingly. The following is not an exhaustive list but will offer some suggestion to enhance your security posture and protect confidential data.

Identify potential risk and create the appropriate security policies.
Ensure OS and software updates are promptly installed. Likewise, security patches and firmware updates if appropriate.
Use antivirus, malware and spyware tools.
Use permission/user management to control data access. The aim is to prevent unauthorised data access.
Use device level monitoring to prevent the install of unauthorised software (shadow IT) and ensure all company-owned mobile devices have a remote wipe feature if lost or stolen.
Ensure security awareness training is an ongoing process, where users are informed of the latest attack methods. Basics include not clicking on links within emails from unknown parties.
When disposing of equipment, ensure data is destroyed by sending to a certified recycling company. Ensure data recovery is not possible by shredding or incinerating the device.
When disposing of paper-based documents, fine cross-cut shredding or incineration is best. Low-tech hackers are not above searching rubbish bins for clues.
Ensure non-employees cannot sneak onto your premises.
In public areas, be aware that shoulder-surfing (looking over your shoulder) is possible. It’s an easy way to gather info directly from your screen. Similarly, visual hacking is a threat, with smartphone cameras allowing easy capture of information.
Confidential documentation should be locked away, with on-premise security essential.
Consider the many ways files are shared online and aim to restrict as many as possible. Some companies operate using a whitelist of essential websites, blocking any that allow sharing of data.
Protect your hardware – Some companies use tamper evident labels to prevent low-tech hacking using memory sticks, cards and other solutions to directly acquire data from target systems.
Consider Wi-Fi access. Do you allow guest access or segregation from your network or even prevent it entirely?
In electronic manufacturing, all employees and visitors are scanned with a wand (just like in the airport) and must store all electronic devices in a provided locker before access is granted. Is this worth considering?
Social Media – Ensure employees are aware that social media info posted is often used in convincing spear phishing campaigns. Never post anything that will aid social engineering or disclose company workings, even something as innocuous as a planned vacation or lunch times can help a hacker.
Encryption and password management – both are highly recommended. It’s also important to remove data access promptly if an employee leaves the company.

By no means a complete list, but still difficult to implement securely. NOW consider how difficult it is to prevent against an insider threat, when that user already has access to your network…

In conclusion, cybersecurity is an ongoing process, but it is very important that paper-based documents are also considered. Ensure printouts and other files are disposed of correctly and not thrown out with the general rubbish. Security awareness is not limited to cybersecurity but must also consider real-world activities such as copied ID cards, premises security and storage and disposal of physical documents. Penetration testing is a worthy exercise that will highlight any insecure areas in your organisation. With the number of data breaches increasing each year, ethical hackers can identify problems and close off any vulnerabilities. How confident are you that all documents are secure?

Michael O’Dwyer