Will your information be safe with our vendors?
Several of our 100+ vendors/carriers offer cloud-based services such as VoIP telecom and TEAMS from Microsoft and Cisco. Several of these top-level vendors announced that they also earned the System and Organization Controls (SOC) 2 Type II certification that covers all their facilities, business processes, and cloud services. The SOC 2 Type II audit and certification, conducted by The Moore Group, LLC, an independent CPA firm, confirms that this vendor and others, meet the strict information security and privacy standards for the handling of highly sensitive customer data established by the American Institute of Certified Public Accountants (AICPA).
Two of our vendors Evolveip and Ancero just announced they are once again certified. Call us for more information 888.208.0020 or email [email-subscribers-form id=”2″]
Ancero is proud to announce the renewal of the System and Organization Controls (SOC) 2 Type II certification, which applies to all Ancero facilities, business processes, and cloud services. SOC 2 Type II certification validates Ancero’s compliance with strict data security and privacy standards established by the American Institute of Certified Public Accountants (AICPA). SOC […]
The post Why Ancero’s SOC 2 Type II Certification Has Never Been More Important appeared first on Ancero.
Microsoft Teams is transforming collaboration in the workplace. Teams is a web-based collaboration and workspace platform that brings together employees to collaborate, meet and communicate on projects no matter where they are. Teams allows participants to access many different tools and programs within a single window to assist them to work as effectively as possible, such as: creating, sharing, modifying, and storing content.
What is Microsoft Teams?
Microsoft Teams was initially designed for the U.S. market to complement the work from home phenomenon which is growing in popularity across companies in the tech industry. The Covid-19 pandemic has hastened the shift to a work-from-home business model and a trend that is likely here to stay. The Top Benefits of Microsoft Teams Because of the benefits of Microsoft Teams, more companies are taking full advantage of this cross-platform collaborative tool. For example, Salesforce has recently launched its own version of Teams, which is known as MS Teams. Salesforce has built its collaboration tools on the back of its existing video conferencing platform, which allows its members to share information with each other across multiple locations. The second major benefit of Microsoft Teams is the ease of use.
Since most people familiar with working in the office or large organizations would already be comfortable with the basic functions, there is little else to learn, especially if a business has a staff that is largely Millennial and Gen X. Plus, the majority of the functionality of the tool comes automatically installed with the program. This means that participants simply need to log into the platform and make use of all of the features, which include video calls, group meetings, document sharing, audio conferencing, online sharing of documents, screen sharing, and many others. Another benefit is the simplicity of operation. Teams have evolved to a point where it is easy for any individual to log on and start using it. The process of making a video call, for example, does not involve the use of specialized technical skills, as many organizations might find it necessary to do. In one place, all of the functionality is combined into one neat interface. Rather than being required to know how to use individual platforms at each workplace, all employees can simply make use of the same common interface, which provides a high degree of collaboration, speed, and security. Collaborate Better than Ever Before Yet, another of the many business benefits of what is Microsoft Teams is the ability to incorporate advanced collaboration tools into this productivity suite.
One of the most popular new features is what is called “task collaboration”. With this new feature, participants are able to easily work on multiple projects without being present in the same meeting. All meetings are automatically saved, and the same group can be specified to have access to specific conversations or documents. With these and other new features, it is clear that Microsoft Teams has substantially improved upon its predecessors. Of course, there are many more features that Microsoft Teams offers that make it an outstanding solution for many businesses. However, the fact that it is open source and can be used by millions of users without any fees makes it a compelling option for those who might want to leverage its technology. Those who are already using Microsoft Office would find that integrating what is Microsoft Teams with their existing systems is incredibly straightforward and easy. If you would like to learn more about adopting Microsoft Teams in your organization, then contact Applied Consulting Group today on setting up your company’s new virtual collaboration program.
Contact us here or call us at (888) 208-0020.
Man, Behind Password Requirements Admits He Was Wrong
Those annoying password requirements like ‘must have at least one special character?’ They do more harm than good.
BY AVERY THOMPSON
AUG 8, 2017
It is tough to create a good, secure password. It is tough to even agree on what makes a password strong in the first place, but most of the websites you will visit probably recommend numbers, capital, and lowercase letters, and probably a random symbol or two. This was the recommendation of Bill Burr, who created those password guidelines while working for the National Institute of Standards and Technology back in 2003.
Now, almost 15 years later, Burr finally admits he made a mistake. In an interview with the Wall Street Journal, Burr expressed his regrets for giving advice he now realizes was flawed.us Viday Next Video
rent Time 0:03
Remaining Time -1:31
The problem is not that passwords with random numbers and symbols in them are not secure. They can be, especially if a random password generator is used to create secure passwords. The problem is that humans suck at remembering passwords filled with random numbers and symbols, so they typically create simpler passwords that are easier to guess.
If you have ever had to come up with a “secure” password, you probably did the same thing as almost everyone else—pick the first word that comes to mind and substitute a few numbers and symbols for letters. An O becomes a zero, a 1 becomes an exclamation point, and now you have what looks like an impossible-to-crack password.
But you are not the only one doing this, which means that hackers routinely try to guess these common substitutions. These simple instructions double as a handy guide for attack by password crackers. Ironically, Burr’s password security guidance ended up making passwords less secure.
Burr’s admission comes at a time when “secure password advice” is becoming mostly irrelevant. There are several services like LastPass and OnePass that will generate secure passwords for you and remember them so you don’t have to. And hopefully in a few years we will have replaced passwords entirely with some other sort of tech all together.
Of course, all of this is pointless if you don’t care about having a strong password in the first place.
Source: Wall Street Journal via The Verge.
Solving the password problem article from popular mechanics
SSAE 16, SSAE18, SOC 1, SOC2: What they are and why you should care
July 11, 2017 by Editorial Team (39posts) under HIPAA Compliant Hosting
Cloud computing has revolutionized the world of software licensing, but it has also opened the gates to new security risks. In the past, if a company wanted to add new software, it had to endure long installation processes on local servers. This gave companies the opportunity to verify the reliability of their systems, while local hosting gave them more control over their data. However, it was also immensely time-consuming and costly to set up and maintain.
Risks and Opportunities of Third Party Hosting – How SSAE 16, SSAE 18, SOC 1, and SOC 2 Help
Today, adding software to your organization can be as quick as logging into an online platform. It offers a major competitive advantage, especially when coupled with flexible payment plans. Engaging a service provider enables your organization to become more efficient in record time. There is no need to reinvent the wheel and create security protocols and software installation from scratch. You can be up and running within weeks or even days. Need to host an app? Find a cloud hosting provider who already has servers set up so that your team can focus on building the app and prepare it for launch.
However, hosting in the cloud means that you have limited control over your data and knowledge of its location. This lack of control can become a significant liability to your company, especially if the data in question belongs to your end users. In the event of a data breach committed by the provider, you will be the one held accountable to your end users. Therefore, ensuring the security, integrity, confidentiality, and privacy of your sensitive data should be of paramount importance.
Question of Reliability
If you are a company that chooses to store and process your end users’ personal or confidential information with a third-party provider, you have a list of concerns to address. It is your responsibility to verify that the third-party provider is dependable, their system is functional and has proper safeguards in place.
You may think that hosting your data locally seems to be the wiser choice. The reality is the cost of building a system that integrates a variety of functions, which is what most businesses need to remain operative, can be extremely high and a headache to maintain. (See our article How to Become HIPAA Compliant to assess the scope of creating a secure HIPAA hosting environment.) It makes more sense to outsource.
The key is to employ the services of a provider that is properly certified and meets the demand for confidentiality and privacy of information. This is what you’ll need to guarantee your users’ trust, especially if you are dealing with financial or health-related personal data. To obtain this assurance, you are entitled to require from the service provider a proof that it has proper controls in place, as verified by a third-party accounting firm. This proof comes in the form of SOC 1 and SOC 2 reports.
Finding the Right Kind of Provider
SOC (‘Service Organization Control’) reports were created by the AICPA in order to set compliance standards and keep pace with the rapid growth of cloud computing and businesses outsourcing their services to third-party providers.
Before AICPA drafted the SSAE 16 standards and the SOC reports, it had a single examination for Service Providers based upon Statements on Auditing Standards (SAS) 70. This standard was launched to ensure that third-party providers had the proper controls in place to prevent the service provider from having an errant material impact on its customer’s internal control over financial reporting (ICFR). With the development of cloud computing and an increase in the number of companies entrusting third-party providers with their customer data, a need emerged for a standard that expanded beyond financial controls to also include security and confidentiality of the entrusted data. To clarify the new set of standards and include new business practices, the AICPA replaced the SAS 70 report with the SOC framework.
What Is SSAE 16?
SSAE 16 stands for Statements on Standards for Attestation Engagements No. 16. Effective in mid-2011, this new auditing standard superseded the SAS 70 standard. According to AICPA, the SSAE 16 requires companies, like data centers, to provide a written report that describes any and all controls at organizations that provide services to customers when those controls are likely to be relevant to user entities internal control over financial reporting. In May of 2017, SSAE 16 was super-ceded by SSAE 18.
What Is SSAE 18?
In the Spring of 2016, the AICPA’s Auditing Standards Board (ASB) completed the clarity project, the result of which was the issuance of SSAE 18, “Concepts common to all Attestation Engagements”. As the SOC 1 is an attestation engagement, the SSAE 18 standard will apply to SOC 1’s and supersedes the SSAE 16 standard. The SSAE 18 standard will go into effect for reports dated after May 1, 2017. It is important to note that the SSAE 16 standard was specific to service organizations and the SSAE 18 is for all attestation engagements which essentially means that referring to a SOC 1 as an SSAE 16 examination will go away and will not be replaced by the term SSAE 18 examination but will be referred to simply as the SOC 1.
What Is SOC 1?
The SSAE 18 SOC 1, sometimes just stated as SOC 1, is the report you get when you are audited for SSAE 18. The SOC 1 Type 1 report focuses on a service provider’s processes and controls that could impact their client’s internal control over their financial reporting (ICFR). The examination helps ensure that both the system and personnel responsible for these controls at the third-party provider are doing their job in a manner that will not adversely affect their client’s ICFR. This report is key with respect to services such as payroll and taxation since when performed by a third-party provider, such services will have a direct impact on a client’s ICFR. For example, if you outsource payroll management to a provider that doesn’t have the proper controls in place, you risk payroll errors in your internal data. This will come with problematic consequences since, in the end, you will be held accountable for those errors.
What Is SOC 2?
The SOC 1 and SOC 2 reports come in two forms: Type I and Type II. Type I reports evaluating whether proper controls are in place at a specific point in time. Type II reports are done over a period of time to verify operational efficiency and effectiveness of the controls.