Our Thinking

Leverage Your Existing ITSM Investment to Do More!

Posted by Jon Fraser on Oct 25, 2016 4:10:47 PM

Most organizations have invested in some form of IT service management (ITSM) solution, like the BMC ITSM product suite or ServiceNow. These tools enable organizations to be more effective because they help save time and money by automating tasks that would normally require hours of manual work by your employees.

But if you’re using BMC or ServiceNow already, you knew all that.

The same tools that help you manage and deliver IT services can be used to save your organization money, without investing in any new products. Leveraging your ITSM investment can provide significant improvements and savings - some of these efficiencies are intuitive, but others you may have never considered before.

Read More

Topics: Service Management

The Broken Record That is HIPAA Breach Settlements

Posted by Adam Kehler on Oct 11, 2016 3:08:17 PM

Recently, The Office for Civil Rights (OCR) announced a $5.55 million settlement with Advocate Health Care in response to a breach of electronic Protected Health Information (ePHI) affecting approximately four million individuals. This is the largest OCR settlement in response to a breach to date.  Among other things, the settlement agreement indicated that Advocate failed to:

Read More

Topics: Security

Can you hear me now? Cybersecurity in the boardroom...

Posted by Michael Lines on Oct 7, 2016 9:00:00 AM

In 2015, The United States Senate introduced the Cybersecurity Disclosure Act of 2015, the goal of which being to “promote transparency in the oversight of cybersecurity risks at publicly traded companies.”

Two crucial revelations to come out of the bill are as follows:

(1) to disclose whether any member of the governing body, such as the board of directors or general partner, of the reporting company has expertise or experience in cybersecurity and in such detail as necessary to fully describe the nature of the expertise or experience; and

(2) if no member of the governing body of the reporting company has expertise or experience in cybersecurity, to describe what other cybersecurity steps taken by the reporting company were taken into account by such persons responsible for identifying and evaluating nominees for any member of the governing body, such as a nominating committee."

Proposed US Senate Bill, Cybersecurity Disclosure Act of 2015

Read More

Topics: Security

Is Your Genesys Environment Secure? (Part Two)

Posted by Alex Boisseau on Oct 6, 2016 12:37:31 PM


Well it’s the final day of Genesys G-Force 2016 and what a ride it has been so far. Thank you to everyone who has stopped by our booth in the Partner Pavilion, it was great to meet so many like-minded industry experts.

With the event nearing its end, it is time to conclude our series on Genesys CX security. Previously we covered important points related to the security of sensitive information stored on your Genesys ecosystem, along with some of the challenges “off-the-shelf” security scanning tools may have testing Genesys integration with your network stack. For this final post, we will continue to dig deeper and ask you some challenging security questions around your Genesys ecosystem.

Read More

Why Healthcare InfoSec Requires a Special Treatment Plan

Posted by Adam Kehler on Sep 29, 2016 11:56:54 AM

The year 2015 was known as “the year of the megabreach” and, given the year we’ve had so far, 2016 will undoubtedly be known as “the year of Ransomware.” These threats affect all organizations that have a computer connected to the Internet. The attacks are the same, the affected computers are the same, and the results are the same – well, mostly. Whether it’s the government, industrial control systems, or the financial, entertainment, or healthcare industries, attackers are agnostic. They don’t care what information you have or how it is stored; if they can turn it into personal gain, they will attack it.

Read More

Topics: Security

Is Your Genesys Environment Secure? (Part One)

Posted by Alex Boisseau on Sep 28, 2016 1:41:42 PM

With Genesys G-Force 2016 only days away, we have been walking you through some of the security challenges organizations face when using the world’s number one customer experience platform.

Previously we spoke about the unconventional ways that Genesys components use or integrate with existing technology. We also described how Genesys uses a combination of proprietary and industry standard protocols and configurations throughout their applications, and the challenges this presents to standard testing procedures.

Read More

The Challenges of Securing Genesys CX

Posted by Jay Gunnell on Sep 23, 2016 3:46:48 PM


As the countdown begins towards Genesys G-Force 2016, we thought it was a good time to review some of the security challenges organizations may face when using the world’s number one customer experience platform.

Today’s realities have made security and the protection of personal identifiable information (PII) of paramount importance for every organization across all of the technologies they operate. There is no shortage of methodologies and tools for testing for vulnerabilities in network environments and applications, but none of them are designed to address the unique characteristics of a fully integrated customer experience platform like Genesys provides. There are two important challenges that are often overlooked.

Read More

I've Been Pwned! Now What?

Posted by Michael Lines on Sep 20, 2016 9:30:00 AM


In May 2016, LinkedIn had 164 million email addresses and passwords exposed. Originally hacked in 2012, the data remained out of sight until being offered for sale on a dark market site four years later. The passwords in the breach were stored as SHA1 hashes without salt, the vast majority of which were quickly cracked in the days following the release of the data.

Read More

Topics: Security

Be prepared! What to do if you’re compromised

Posted by Dan Lapierre on Sep 15, 2016 9:04:40 PM

Dan Lapierre, Online Business Systems’ Senior Security Consultant, discusses Visa’s recently released and updated guide on “What To Do If Compromised” (WTDIC). The updated guide can be located on Visa’s website by clicking here.

Read More

Topics: Security

Prepare, Mon Frère, Against Ransomware

Posted by Chris Lincoln on Sep 8, 2016 10:02:51 AM

There is no question that we have become heavily dependent on computerized systems to “do more” through automation and to “do more better” by connecting and analyzing data in ways we couldn’t do previously. Ransomware takes advantage of an organization’s reliance on these systems by denying access to their systems or data for financial gain.  Ransomware attacks occur daily and are a real threat that shouldn’t be ignored.  Fortunately, there are a few techniques we can use to defend against ransomware.

Read More

Topics: Security

Our Thinking - The Online Blog is a source for insights, resources, best practices, and other useful content from our multi-disciplinary team of Onliners.

Subscribe to Blog Updates