Posted on

How to Stop an Email Being Forwarded (for Free)

handing a piece of paper off over the table. How to stop emails being forwarded feature image

The risk of a data breach is higher than ever and still, not many people realise that your emails can be a breach of GDPR!  

All it takes is for someone to forward an email containing sensitive data to unwanted 3rd parties and bada bing, bada boom, you’re in breach.

(there are other ways your email can breach GDPR – check those out here)

So, how do you solve this?

GDPR Email Security in the Data Protection Era

Small and micro-business owners or entrepreneurs aren’t exempt from GDPR and they must still find solutions that will make them compliant.

While large enterprises have the means to implement the newest security measures easily, smaller businesses and entrepreneurs just don’t often have access to the right technology.

The simplest way to protect the data is to encrypt your email so you retain control over all data you send. Encryption ensures that only the contents of your email are accessible by the right recipient. If somebody else gets it by mistake or because it was forwarded, they won’t be able to read the contents.

The alternative is having a ‘Do Not Forward’ function on that prohibits the receiver from forwarding the email in the first place. Best case, you have both in place for full protection

How to Encrypt Your Email Messages

You can do this with Microsoft Azure Information Protection (AIP), which helps businesses classify and protect emails and other documents with a labelling system.

This system can even automatically detect sensitive data when configured correctly. With AIP, only the rightful recipient can read the email, and they won’t be able to forward it to anyone.

Unfortunately, this solution can be pricey for smaller businesses and the tool is focused towards the larger enterprises.

Smaller businesses and entrepreneurs need to look elsewhere.

My Protected Mail Helps You Keep Email Data Confidential

This is where My Protected Mail can help you here. This solution is similar to AIP but specifically focuses on providing services to small businesses, micro-businesses, and individuals. My Protected Mail offers encryption services (EaaS – encryption as a service) for your email communication. This benefits business owners because:

  • My Protected Mail not only uses the same principle as AIP but also the same architecture – it’s powered by Microsoft 365 Azure Information Protection.
  • The encryption process is automatic and super easy to use. When emailing through My Protected Mail, it will be encrypted automatically, giving you control over all data you are sending.
  • Each email you send through the system is also automatically flagged as “Do not forward.” This ensures all contents of the email stay with the recipient and cannot be shared with other parties.

 

How to Use My Protected Mail to Encrypt Email Messages

My Protected Mail is a cloud-based solution and doesn’t require any additional software installation on your part; you just need to make a few changes in the way you send your email. Here’s how:

    1. Instead of putting the recipient address into the recipient header, you will put [email protected] in there.
    2. The recipient email address goes to the Subject line instead.
    3. When you have finished writing your email, hit Send, and that’s it!

(Plus it works on whatever device or service you’re using so can work on a MAC too)

Sending Encrypted Email From a MAC

The recipient will get an email that will require an OTP (one-time passcode) to access the email. This passcode is received once the recipient clicks the link “Sign in with a one-time passcode.”

The best thing is you can try it out for free as the Free plan allows you to send up to fifteen emails per month and includes basic reply functionality (meaning you will continue the conversation protected).

Posted on

7 Best Ticketing Software for Managing Tech Support

7 Best Ticketing Software for Managing Tech Support feature image

The best ticketing software helps tech support resolve issues faster and allows managed service providers to offer a better service! Here are seven excellent IT ticketing software solutions that will optimise your IT support:

1. Spiceworks IT Help Desk

Spiceworks is amongst the best ticketing software solutions, and all their products are free!

It’s a full help-desk system with multiple-channel ticket support and network monitoring. All systems are customisable to meet the requirements of any business.

The most prominent features include automatic ticket routing, prioritisation, and notifications for IT teams, as well as a knowledge base for most common issues that can be integrated into a ticket.

2. ManageEngine ServiceDesk Plus

ManageEngine’s ServiceDesk Plus is a solution that helps an IT managed service provider with advanced automation options of many processes.

The project management module supports tracking of any number of IT projects and helps with planning. Ticket routing, prioritisation, and escalation options make it a favorite of many IT teams. The IT ticketing software automatically informs users about any changes to the status of their tickets and reported issues.

The analytical capabilities help link recurring issues to the root cause and eliminate their occurrence permanently. The knowledge base keeps the ticket inbox decluttered through self-service for end users.

Prices range from $10 to $50 per tech per month.

3. Remedy Service Desk

BMC’s Remedy Service Desk is the best option for an IT managed service provider who caters to enterprise users. It provides MSPs with a comprehensive service management suite that can be deployed in the cloud or on-premises.

  • Their incident management with service impact analysis is their best feature. It helps IT staff see how problems and incidents affect business systems.
  • Problem management detects recurring incidents and helps trace the cause.
  • Knowledge management delivers the required information directly to users and staff.

This service desk supports a multichannel report of incidents and issues via email, web service, self-service, social, or chat. Pricing is provided per request.

4. Freshdesk

Freshdesk is a solution that can work for internal IT departments, but it’s actually an IT ticketing software that’s better tailored for an IT managed service provider. Customer tickets are processed in a swift manner thanks to ticket workflow optimisation, routing, ticket response automation options, and service level agreement (SLA) management. The IT team can collaborate on a single ticket and resolve complex issues faster.

There’s a free plan available, while other tiers span from $19 to $89 per agent per month.

4. Zendesk

Zendesk is one of the best-designed ITSM solutions out there. Asset, problem, and incident management are done via a ticketing system that includes all the tools an IT team needs: ticket priority, tracking, and resolving have powerful automation options.

Everything is available from a central interface: on-premise information and third party apps, as well as self-service options and workflows, which makes it one of the best ticketing software designs available.

There’s a free trial and five price tiers that span from $5 to $199 per agent per month.

6. Jira Service Desk

Jira Service Desk is available as a cloud-based or on-premise solution that includes problem, change, and incident management, while the self-service feature helps users resolve tickets on their own by accessing a knowledge base.

The most notable feature includes the ability to link the Service Desk IT ticketing software to software issues, so the required IT experts will be notified about the issue faster.

There are two price tiers: $10 for up to three agents, and $20 for four to five agents, and discounts for larger groups.

7. SysAid

This is a cloud-based IT ticketing software that offers a wide array of features: from help-desk automation and IT asset management, all the way to performance analysis and monitoring.

Their incident report and service request modules, as well as their remote control capabilities, are their strongest features. They help track and resolve issues quickly. Their ticketing system is extensive and includes incident management, knowledge base, and a self-service portal, and incidents can even be reported via email. The tickets can be assigned automatically to the most appropriate IT professional, while escalation rules ensure all tickets are addressed in a timely manner.

The pricing is available from the vendor per request.

The best ticketing software helps resolve IT issues quickly but also plays a proactive role: by analysing incident reports, problems can be eliminated before they cause large-scale issues by tracing the root cause.

If you need help managing your IT support, contact us to discuss a quote.

Posted on

How Much Does Azure Information Protection Cost?

How much does Azure Information Protection Cost Feature Image

UPDATE: 22/10/2020 – Azure Information Protection is now referred to as Microsoft Information Protection as they’ve updated the product. There are also ways you can save on licensing and pricing when it comes to implementing MIP, which is something we’ve learned in our years of experience. So if you want to have a free chat or consultation, please get in touch.

With increasing cyber security threats, as well as GDPR (General Data Protection Regulation), having taken effect from 25 May 2018, businesses need to protect their sensitive data.

One of the ways we recommend to our clients is by using Microsoft’s Azure Information Protection (AIP) as a way of protecting and automatically encrypting sensitive information. But, a common question we get asked from unsure businesses, is the bottom line:

‘How much does Azure Information Protection cost?’

This article explains the breakdowns of pricing, as well as the effect your business will have on the price, to hopefully make it easy to understand!

How Your Requirements Affect Azure Information Protection Price

The pricing of Azure Information Protection is different for every business, and will depend on::

  • The Office 365 Suite you have – If you don’t have an Office 365 subscription, you will have to choose one that includes Azure Information Protection or get AIP as a stand-alone subscription.
  • Your business size – Because the price is calculated on a ‘per user’ basis, the higher the number of users, the higher the price.
  • Your business requirements – This is mainly on the AIP modules you will use. The more modules you use, the higher the price.

Azure Information Protection Cost Breakdown

Azure Information Protection consists of two parts:

  1. The classification and labelling of data
  2. The encryption and rights management (RMS)

To be fully protected, you will need both.

There are several Office 365 subscriptions that include the Azure RMS option. AIP is part of the:

  • Office 365 Enterprise E3
  • Office 365 Enterprise E5
  • Microsoft Enterprise Mobility + Security E3 and E5 plans.

If you have a plan that is not included above, you can still get Azure Information Protection without switching. AIP RMS is available as a stand-alone add-on that can be purchased separately.

There are three pricing groups for Azure Information Protection:

  • AIP for Office 365 – £1.50 user/month
  • AIP Premium P1 – £1.60 user/month
  • AIP Premium P2 – £4 user/month

Azure Information Protection Business Costs

The pricing for Azure Information Protection is calculated as follows:

(Office 365 plan cost/month per user + AIP cost/month per user) x Number of Users = Total Monthly Cost.

Here’s an example:

You have an Office 365 Enterprise E3 Subscription – the price is £17.60 per user/month.

You also need the Azure Information Protection Premium P2 – the price is £4 per user/month.

The total price per user per month is £21.60.

You have 50 users, so the price will be £21.60 x 50 = £1,080 per month for all your users.

How to Buy Azure Information Protection?

There are two options when buying Azure Information Protection:

  1. You can get it as a stand-alone option
  2. You can buy it as an integral part of the Microsoft licensing suite, such as the Microsoft 365 Enterprise or the Enterprise Mobility + Security Suite.

The license for AIP can be bought in the form of a user subscription directly on the Microsoft website, through the Microsoft Enterprise Agreement Volume Licensing program or through the Microsoft Cloud Solution Provider program.

Are you unsure on which Azure Information Protection package you need? Contact us and we can help determine which AIP deal is the right fit for your business needs to secure your data. Then, implement it with you.

Posted on

How to Hold an Azure Information Protection Staff Training

How to Hold an Azure Information Protection Staff Training feature image

In light of the latest data security climate, where a risk of a breach is higher than ever, it is of utmost importance to keep valuable data safe. Microsoft’s Azure Information Protection (AIP) helps in achieving this goal and it’s the solution we recommend.

Particularly when you consider that the UK average cost of a data breach is close to £2.87 million ($3.68 million) according to a recent report from the Ponemon Institute.

Azure Information Protection is a cloud-based data protection solution that keeps data safe through advanced encryption, identity, and authorisation policies.

But. 

Adopting AIP isn’t enough – you need to train your staff on how to use it properly. Newly accepted regulations like the EU General Data Protection Regulation (GDPR), combined with concerns about what awaits the UK in terms of free data flow after Brexit, make data security an important aspect to every company, so it makes sense to invest into Azure Information Protection staff training.

Ensuring Your Employees Are ‘On Board’

Change is something many employees are not fond of, so getting them on board with Azure Information Protection Staff Training is the first thing to do before you begin with implementation and actual training.

When your employees are educated on GDPR and data breach consequences, they will become more engaged in Azure Information Protection staff training. Not being compliant and risking a breach could cost them their job because many businesses that suffer a major data breach never recover. 

But, how do you do hold Azure Information Protection Staff Training?

Step #1 Educate on the Risks

Start by making your staff aware of the dangers of security breaches and just how little it takes for one to occur if data protection is lacking.

Step #2 Explain Their Role in Compliance & Data Protection 

Many employees are not aware of just how important they actually are in keeping data safe. Start by explaining their role in the company security and compliance. Explain that whenever they send data – be it email or access to a folder – to somebody inside or outside of the company, it can be a security risk. The risk here is that often there are no resources that would monitor or restrict misuse of that shared data.

The most recent statistics included in IBM’s Cost of a Data Breach Report show that a staggering 27% of all data breaches that happened was caused by a human error – in other words, employee negligence was the cause.

Think about the following scenario: You are sending sensitive financial data to an outside partner. The partner is negligent and sends this confidential data to parties that should not have access to it. This constitutes a data breach.

A data breach has serious consequences far beyond actual financial costs including:

  • Hacking
  • Downtime
  • Loss of customers
  • Loss of personally identifiable information (PII) from customers and employees
  • Loss of intellectual property
  • Loss of financial information
  • Breach of data protection laws
  • Legal fines and claims
  • Reputation damage

Step #3 Show Why Azure Information Protection is the Solution 

Proper training will help reduce the risk of a data breach as a result of human error. Before you fully implement AIP, ensure your staff become familiar with all the features and that each department knows how to utilise its full potential. 

Explain how Azure Information Protection works and how, when integrated, in the organisation it can help on an operational level. 

Step #4 Show off Features They Can Use

During Azure Information Protection staff training, the focus should be on providing specific and detailed guidelines to each department. Present all the important features that AIP offers:

  • You Can Classify Your Data – AIP helps classify and label data based on how sensitive it is through a system of labels that automatically protect it once applied.
  • 24/7 Protection – Once you classify data and protect it, it stays protected. AIP follows data and ensures it’s protected even when shared outside of your organisation or stored on an external device.
  • Track Data and Revoke Access  – AIP helps you track what is happening to data you have shared, and in case it’s needed, you can easily revoke access.
  • Log and Report Support Compliance – Get access to powerful features that help analyse and monitor usage of data. The reporting feature helps maintain compliance with rules and regulations.
  • Safe Collaboration – Thanks to labeling and classification, you have complete control over who has access to data and how they can interact with it.
  • Microsoft Office Integration – AIP is integrated into MS Office so you can secure any document with a single click as well as automatically in the background. 
  • Easy to Manage and Deploy – AIP works in the cloud and on-site equipment too.

Step #5 Make it Specific

Once done, provide each department with detailed guidelines and best practices for using AIP specifically for them. For example, teach your finance department staff on how to use AIP features like the Do Not Forward Button or Sensitivity Bar, or your marketing department on how to apply AIP labels and send data to external partners.

If you want to make your AIP staff training easier, we’ve created an Azure Information Protection Staff Training Course on The TowerWatch Academy.

Posted on

How to Make Technical Staff Training More Engaging

How to make technical staff training more engaging feature image

Technical staff training is crucial to keeping personnel up-to-date on the latest technological solutions you plan to implement in your business.

But.

When staff training is technical in nature, it can turn into a nightmare for both managers who organise it and staff members who attend it.

It’s hard to hold training on technical topics because they are often very dry and complex.

One of the common issues of holding technical staff training is that attendees often can’t grasp the topic so they don’t follow the lessons or they get bored and trail off easily. To efficiently battle these issues, you need to keep staff actively engaged.

Here’s some of the ways you can do this:

Include Multimedia

Your staff members have various learning styles, so, have an even mix of lessons that will accommodate each.

  • Visual learners will benefit from visual additions such as Powerpoint presentations, images, or videos.
  • Auditory learners will enjoy your presentations and engaging in conversation or sound clips.
  • Kinesthetic learners will benefit most from activities, testing or writing formats.

Gamification

Use game design elements to engage staff by applying game elements such as challenges (learning objectives), feedback (helps with progress), collaboration to achieve goals (a sense of community), competition (to keep staff motivated), and rewards for achieving them (gratification and sense of accomplishment).

Demonstrations

Using props or demonstrations are an easy way to make technical subjects more ‘real’. Often users can’t relate to new technical solutions and therefore don’t connect. If you can’t offer a tangible demonstration, show off benefits and changes in operations that they can relate to. 

Have Breaks

The more technical the training, the more breaks you need. The brain can’t process too much at once and it will actually hinder learning to try and cram everything in at the same time. Keep your lessons to 20 minutes max and then offer a breather by having a quick Q&A, telling a story, having an activity or giving free time. 

Real-Life Examples

Stories stick with people. If you use a compelling story to explain any concept of the new tech it makes it more memorable. Use real people, real examples and specific situations to engage with your staff. 

Role Play

When explaining concepts during your technical staff training, assign roles to your staff and help them explain the lesson through simple role play. They will interact with each other and remember new operations easier. Questions are also more likely to pop up and be dealt with on the spot when you’re acting things out. 

Blended Learning

A combination of digital and in-person learning can help all members. Not all staff members will be able to attend all lessons every time – the workload often doesn’t allow it. Allow members to learn remotely too, and make sure to keep tabs on their progress. Then, compliment their learning with meetings or in-person support. 

Customise For Your Business Specifically 

Whatever your company culture is, include elements so that your technical staff training feels part of the organisation itself. This way it can show employees that the business has adapted to this tech already, making it more likely they will engage. 

Offer Choices

While you might have planned every detail of how training will go, give attendees some breathing room as well. Give them the freedom to rearrange the lessons to an extent. By having a say in how technical staff training is conducted, they will be more interested in actually attending.

Hopefully this has given you more insight into how to make technical staff training engaging. Check out our IT Staff training courses at The TowerWatch Academy Here for easy training courses that can relate to your employees. 

Posted on

8 Signs Your IT Managed Service Provider Is GDPR Compliant

GDPR Compliant IT Managed Service Provider Feature Image

Before hiring an IT managed service provider you need to make sure they are GPDR compliant, and capable of making sure your business technology is compliant too. You can’t afford not to.

With the recent GDPR regulations that came into effect in May, no matter how big or small your business is, you still need to comply.

But, that’s not all. 

Under the GDPR, any 3rd parties that handle sensitive information on your behalf are processors, and your duty is to make sure they know their responsibilities too. Your service provider falls into that category. Here are 10 signs that indicate they have taken the appropriate measures to be GDPR complaint as well.

1. They can answer your questions on GDPR and how it relates to technology. 

Your GDPR compliant IT managed service provider (MSP) should be able to provide clear answers to any inquiries related to the GDPR. They should have details on the type of data they manage and how it’s being stored, processed, and protected.

They should be able to explain what steps they are taking to ensure that data is safe, and they will be able to provide you with proof of how they are doing that.

Then, they should be able to explain how they can help your specific business do the same. 

2. Their GDPR compliance is reflected in their contracts 

To ensure that they are compliant, your managed service provider should have included GDPR principles into their contracts. Since they are exchanging data with you, the contract should reflect the GDPR regulations. If you have an ongoing contract with your MSP and it wasn’t updated yet, contact them ASAP and demand the update.

They should also have an up-to-date and compliant privacy policy. 

3. They are ICO registered 

Most MSPs will need to register with the ICO, some will need to pay a fee while others won’t. Only data controllers have to pay the fee, and if that applies to them you should be able to find them on the ICO public register

Note: It’s highly likely they will need to be registered with the ICO. However, this is not always the case with every business. If they aren’t registered they should be able to demonstrate why they are exempt. 

4. They honor new personal data rights

GDPR clearly states that individuals are the owners of their data and have specific rights pertaining to their data:

  • They have the “right to be forgotten” and can request that all their data be erased. When such a request is received, it should be solved within a month.
  • They should be informed about any usage of their data.
  • They have the right to request copies of their data.
  • They also have the right to correct any data collected on them.

MSPs should have policies in place that honor every single one of these rights. Although this places an extra burden on how they are handling data, not adhering to it can jeopardise them and the data they are processing.

5. They understand GDPR compliant tools

Since your MSP regularly exchanges data with you and others, they should ensure that data can never be accessed by an unauthorised party. This can be done through encryption and other security policies that keep data safe wherever it is.

Now imagine your MSP is storing data outside of the EU their data centres are located in the US. Because they are still handling data from EU citizens, it still falls under the GDPR jurisdiction and should be treated as such. This means that no matter the location, that data should be protected in a compliant way.

7. They have updated their own practices

It’s easy to say you’re compliant but often companies will still be using their original bad practices. For example, automatic opt-ins, ignoring erasure requests, or using old lists without the proper consent. 

8. Understand their own processes that collect and store data

Your MSP should be able to tell you which stages of their process they collect data, how it’s stored and in what way it is used. That should be part of their road to compliance. If they can’t they may not have been as thorough as they first appear. 

Signs Your IT Managed Service Provider is NOT GDPR Compliant

1. They say “GDPR doesn’t apply” 

This can be a major red flag. Because in most circumstances it will apply to some degree or another. Those who aren’t compliant often use this as an excuse but ignorance won’t stop their fines (or yours) if you work with them. 

2. They aren’t willing to sign data processing agreements

A data processing agreement is needed for data controllers to use a data processor under Article 28. If this applies and your MSP is unwilling to sign, AVOID! 

3. They have a ‘GDPR certification’ 

At present (Dec, 2018) there is no form of official GDPR certification/qualification or body of official training that gives this any weight. Of course, there are many training programs which can be helpful in providing education, but you cannot be ‘GDPR certified’ or ‘GDPR qualified’ as a company (yet.) This ‘qualification’ or training does not equal compliance. 

Hopefully this has made it easier for you to determine the fact from the fiction when it comes to finding a GDPR compliant IT managed service provider! 

If you wish to make sure your data is safe and compliant, we can help. Contact us today and let us help you set up the highest security standards for all your data requirements.

Posted on

2019 Hospitality Tech Trends We’re Excited to See

2019 Hospitality Tech Trends feature image

The omnipresence of technology is bringing some exciting new hospitality tech trends that we can’t wait to see put into action in 2019. As one of the least innovative industries and yet highly customer-facing, the hospitality industry is slowly seeing the need (and customer want) for increasing technology.

In addition to improving customer experience, new technological solutions also contribute to the improvement of inner operations and management. From staff having their very own digital assistants to offering personalized hotel rooms, here are some of the coolest trends that await us in 2019.

1. Digital Assistants in a Business Use Capacity

Although voice processing and speech recognition became available in the 1990s, it still couldn’t process or deliver natural speech patterns which made usage difficult and affected user experience.

Since then, we’ve now got Apple’s Siri, Amazon’s Alexa, Google Home, Samsung’s Bixby and Microsoft’s Cortana as the main digital assistant contenders.

You can give out commands to schedule meetings, book travels, voice queries all the while preserving your natural speech pattern.

The hospitality industry has caught on to the rising trend of voice recognition technology and is incorporating them into their offering in three ways:

  1. Booking & Ordering – On websites or booking pages, there’s no need for longer drop-down boxes or code, instead, users should soon be able to speak their needs and this be picked up by the location from their end. It saves time, energy and is much more user-friendly.
  2. Customer Services – Digital assistants may become part of hotels the same way they do in our homes. They can integrate seamlessly in a hotel to offer guests a new innovative level of service. Controlling room temperature or light settings with their voice as well as order room service or choose from a list of additional purchases, all without having to call or click a button.
  3. Daily Management – Digital assistants aren’t just to benefit customers, but staff too. Daily tasks, like taking food orders, scheduling room cleaning, staff rota organisations, or internal memos could be handled by digital assistants. This will leave the staff with much more time for relevant guest interactions and ensuring everything is up to highest standards.

2. Personalised Hotel Rooms

A personal touch is the most important one in the hospitality industry, and it’s good to see hospitality tech trends focused on it. Many resorts and hotels are incorporating high-tech solutions that enable guests a fully personalised experience during their stay, with the ultimate aim being that the room feels like home as soon as guests connect their devices. This means that guests will have access to their documents, music, and streaming services, and they will be able to control environmental settings such as room temperature or lights.

The Hilton hotel chain is at the forefront of integrating personalisation options with their Connected Room experience, which enables various room controls through their mobile Hilton Honors app. The guests will have the options to set their preferences even before they arrive at the hotel, so the room will be fully tuned to them once they enter.

3. Robotic Cleaners

Automation has taken the world by storm, and it’s currently sweeping (pun intended) through hospitality too.

It has even reached the kitchens, with automated orders being just the start, and the latest development being robotic cooks doing the brunt of the work. However, over 50% of consumers are not fond of this trend and would rather not be served by a robot. There is no replacing the human element when it comes to cuisine. On the other hand, more than 80% of them are sure that robots will be cleaning restaurants soon.

This trend is already present in hotels, who are seeing a surge in robotic help with cleaning operations. While many consumers already have a Roomba in their homes, the robots helping in hotels are a bit more advanced. Maidbot as an example – named “Rosie,” has LIDAR detection to efficiently avoid obstacles and is fully autonomous in operation.  

The Radisson Blu Hotel in Delhi employs a fully automated pool cleaning robot that not only does its job exceptionally well, but also uses fewer chemicals. While it can do most work on its own, if there’s a spot that requires extra attention, it can be controlled remotely too.

4. Biometric Data Analysis to Suggest Travel Destinations

Biometric data has become a standard in many areas today, with many mobile phones and notebooks having face-recognition software and fingerprint scanners. Hotels have also embraced this technology to personalise experiences for their guests.

When a guest is recognised as soon as they enter the hotel or restaurant, their overall experience is improved, which will make them more likely to return. Oracle has conducted an extensive research on customer preferences toward new technology in hotels and restaurants and found out that:

“31% of restaurant guests and 41% of hotel guests will be more likely to visit an establishment with greater frequency if they are recognised by an employee without having to give their name or show a loyalty card.”

The truly revolutionary way to use biometrics in the hospitality industry goes toward knowing what the guests would enjoy most even before they are aware of it. Accor Hotels has introduced Seeker, an installation that suggests travel destination based on behavioural analysis. Seeker records and analyses heart rate, skin responses, brain waves, and behaviour to stimuli presented through its LED panels, waterfall, pillars, and a video board. The installation then suggests perfect destinations based on those responses.

5. Efficiency Wearables

According to Oracle’s research on hospitality tech trends “Hotel 2025,” smartwatches and fitness trackers have become as prevalent as mobile phones. While currently wearables are used to describe smartwatches and bands only, the term actually encompasses any type of accessories that can be fitted with computational capabilities.

One prediction states that wearable tech will be a disruptive change in hotel management. Staff schedules and training would be done through wearable tech, with other predicted uses being guest access to hotels, guest orders, payments, and staff access to workstations.

Some hotels are already implementing wearables, where guests can opt for a wearable device instead of a key card and access the hotel and their room with a simple wave of their wrist. Some hotels, like Westin, even offer sleep monitoring wristbands to ensure their guests get good sleep.

Hotel Alessandra in Houston, Texas, has adopted wearables for staff management and improved their hotel operations efficiency. Staff can be notified about tasks that need to be done much quicker, improving their response times.

It’s amazing to see the extent of technology’s effect on the hospitality industry and we can’t wait to see more innovation developed for the industry in the future.

Posted on

How Azure Information Protection Can Be Used in GDPR Email Compliance

Today, businesses make data-driven decisions in order to have a competitive edge. If your business deals with personal data from customers, it is required to be compliant with EU’s General Data Protection Regulation (GDPR) requirements this means disclosing how it handles data and ensuring that data remains safe.

Why You Should Use Azure Information Protection for GDPR Emails

Sending sensitive data internally or to recipients outside your company carries a certain risk. Every email you send could lead to a disclosure of sensitive data, which constitutes a breach of GDPR. Therefore, investing in the protection of emails and files that are sent is crucial.

Azure Information Protection help keep your emails safe through advanced encryption and protects data at a file level with any attachments you might share too.

It’s a great solution that we recommend to our clients and one we can deploy seamlessly.

While GDPR email compliance may seem like just another regulatory hassle, it is actually an opportunity to invest into your company’s digital security. The most recent data from the Ponemon Institute shows that the global cost of a data breach is increasing steadily, and in 2018, it has reached $3.86 million.

If that’s not enough to convince you, why not use IBM’s data breach cost calculator and see what yours could actually cost.

The Latest Data Breach Report Shows a Troubling Trend

A data breach carries serious consequences, and every business operation will suffer financial, sales, marketing, safety, you name it. The 2018 Cost of a Data Breach Study states there are three main causes of a data breach, with percentages of attack globally being:

  • Malicious or criminal attack the main reason for 48% of all breaches
  • System malfunction the cause of 25% of all breaches
  • Human error the cause of 27% of all breaches

The report shows that human error was the reason behind a data breach more often than a system malfunction was, while malicious and criminal attack took first place.

Note: It’s important to state that human error only includes insiders who were careless, while malicious attacks also include insiders, third parties, and contractors who caused a data breach intentionally.

In the UK specifically, malicious and criminal attacks were the reason of 50% of all breaches, human error was behind 26%, with system glitch causing only 24% of all data breaches.

This means as high as:

 76% of all GDPR breaches in the UK can be caused by either negligence or malicious intent.

Which can be vastly reduced when using a file or email encryption like Azure’s Information Protection

How AIP for GDPR Emails Keeps You Compliant

Azure Information Protection (AIP) is a cloud-based service that allows you to protect any sensitive and confidential data through encryption. You can protect local data you keep on your devices or data that you store in the cloud. When you send that data outside of your company, the encryption remains in place because it’s active at a file-level.

This means that even if you’re compromised, documents that are recovered cannot be read or unencrypted. Plus, intercepted emails cannot be read unless the intended user verifies themselves.

Ultimately, AIP can’t stop your users from making a mistake, but it can support them and arm them with the tools to protect company data properly.

Azure Information Protection Protects Against Malicious Intent

For example, if one of your employees or third-party recipients wants to email a file to an unauthorised person, they won’t be able to do so. Plus, AIP has a great feature called Do Not Forward for GDPR compliant emails. When this option is used, the recipient must first be authenticated to even view the email, and this is all they can do. They can’t forward the email or print, or screenshot. This ensures the email is for their eyes only and that they cannot execute a data breach by forwarding onto non-approved users that would lead to GDPR violation.

Documents attached to these emails are also counted as DO NOT FORWARD and will have the same restrictions.

Azure Information Protection Activity

Not only does AIP limit who can view the data, but it also tracks how that data is being used. By doing so, it ensures that data is safe at all times and that GDPR compliance standards are met. Plus, if you suspect there’s a risk that the data could be used in a way that violates GDPR regulations, you can even revoke access to it.

There are a range of other uses for Azure Information Protection to help keep your company emails and files protected. If you need help learning the reigns or want to deploy Azure Information Protection Yourselves, get started today by clicking here.

Posted on

Technical GDPR Staff Training Essentials

technical GDPR staff training essentials feature image

One of the challenges of implementing GDPR for businesses is the technical GDPR staff training.

But, you need to be prepared.

Your organisation’s compliance depends on having informed and well-trained staff, and the larger your business, the more difficult and vital this becomes.

We’ve dealt with many GDPR staff training sessions approaching from the technical standpoint and often consult with organisations to ensure they are passing on their knowledge correctly.

As such, we’ve decided to put together this brief list of essentials for a technical GDPR staff training session to get you started.

Before Your GDPR Staff Training

Data protection should already be part of the company culture meaning that your staff aligns with a privacy-first approach.

In practice: Incorporating privacy and data protection to your core values ensures you adhere to the GDPR “data protection by design and default” guideline – this means that your default settings should be privacy friendly, and all processes and operations, from sending GDPR Compliant emails to app development, include data protection measures at their core.

What To Include in GDPR Training Sessions

A well-rounded GDPR training should start with the basics and work towards the technical aspects of GDPR compliance like new policies and frameworks that you’ve adopted as an organisation. Key points to include are:

1. Consent

GDPR is all about consent, and ‘legitimate interest’ cases when contacting others and this needs to be thoroughly understood and explained.

If not, any one of your employees could contact someone without permission and it could lead to a complaint to the ICO and fines. This is one of the most misunderstood points of GDPR currently, particularly for marketers and businesses that thrive from reaching out to potential customers. You and your staff need to understand where the line is, and how not to cross it. 

2. The Risk of Non-Compliance

Your staff should learn about all the principles of data protection and be aware of the financial risk of not being compliant, how it hurts reputation, and what disciplinary measures the business (and they) can face. When they can connect the risks and arguments on why GDPR is necessary, they will understand just how important it is.

3. Understanding Your Business’ Role

Ensure your employees understand where your business stands. Participants should learn the difference between data processors and collectors, which category the business falls into, and the category of any other third party they conduct data-related business with.

4. Knowing Regulations & Regulatory Bodies

For example, your staff should know the role of the ICO and relevancy of the Data Protection Act 2018 and Privacy and Electronic Communications Regulations.

5. Being Specific To Your Business

There’s no point in explaining the rationale behind GDPR and the fines without some context. Your employees need specific guidelines about data-related operations and processes they do daily.

For example, your GDPR email training might be highly technical, so make sure that everyone understands how new regulations affect their daily email communication and work in general, with a focus on how it makes it better.

6. New Company Policies

Your business’ policies should be at the core of the staff training. Ultimately, you’re the ones to police your own staff and if it is enforced companywide, it’s more likely to be adopted (and stuck to.)

Every department should be aware of new company policies that ensure GDPR compliance and how they affect them – from developers working on a new app to the sales team dealing with customer data, to marketing staff sending out emails.

7. How To Spot Data Breaches

The staff should also learn how to recognise red flags – because a data breach has to be reported to ICO within 72 hours, knowing to spot one is crucial. They should also learn the correct procedure in case of a data breach, such as who to report it to in the company and whether additional measures are needed.

8. SAR Requests

Under GDPR, a company has to respect a subject access request – request for data. SAR requests need to be handled within 24 hours of being received, so having a policy in place and making sure your staff knows the correct way to respond to it is key, because the public and customers don’t always send requests to the right location straight away. 

The Technical Side of GDPR Staff Training

Implementation of new technologies and software solutions that ensure data safety is the next logical step for GDPR compliance. But this can be difficult to implement itself. 

This means that you and your staff will have to learn about new encryption technologies and software you decide to integrate into your business operations.

Article 32 of GDPR states that this can be achieved through:

  • Pseudonymisation and encryption of personal data
  • Ensuring your processing systems and services are confidential and resilient
  • Being able to restore access to personal data quickly if there was a physical or technical issue that prevented access
  • Regular testing and evaluation of technical and organisational measures that were implemented to ensure data security

For example, your email communications should be secured through solutions like Azure Information Protection – which provides email and file encryption that protects data in such a way that it’s secure no matter where it goes. Deploying systems like Azure Information Protection across your organisation can be tricky if you don’t know what you’re doing, but training your staff to use AIP should be easy – from GDPR email training to sharing documents securely – to ensure the highest security and your ‘best effort’ towards GDPR.

Continuous GDPR Training Ensures Compliance

The last point to note is that reminders and refreshers are the way to really reiterate the importance of GDPR to your business, to staff. 

Hold refresher sessions after the initial GDPR staff training on a regular basis. Data protection should be ingrained into every single business process. Make sure new members understand this too – make GDPR training an integral part of the onboarding process and make sure it becomes part of your company culture.   

If you need help with implementing Azures Information Protection in your small business, check out our fully comprehensive and supported course here:

https://towerwatchacademy.thinkific.com/courses/get-file-and-email-encryption-for-small-businesses-microsoft-aip-course