Client Area

This section can be repurposed a number of ways.

Author: Mathew Mendel

HIPAA seal of compliance

OWG completes HIPAA compliance process.

Montville, NJ; March 29, 2022 – OWG is pleased to announce that we have taken all necessary steps to prove our good faith effort to achieve compliance with the Health Insurance Portability and Accountability Act (HIPAA). Through the use of Compliancy Group’s proprietary HIPAA solution, The Guard™, OWG can track our compliance program and have earned their Seal of Compliance™. The Seal of Compliance is issued to organizations that have implemented an effective HIPAA compliance program through the use of The Guard.

HIPAA is made up of a set of regulatory standards governing the security, privacy, and integrity of sensitive healthcare data called protected health information (PHI). PHI is any individually identifiable healthcare-related information. If vendors who service healthcare clients come into contact with PHI in any way, those vendors must be HIPAA compliant.

OWG has completed Compliancy Group’s Implementation Program, adhering to the necessary regulatory standards outlined in the HIPAA Privacy Rule, Security Rule, Breach Notification Rule, Omnibus Rule, and HITECH.  Compliancy Group has verified OWG’s good faith effort to achieve HIPAA compliance through The Guard. 

“I am so proud of our team and our continued efforts to distinguish ourselves as a best-in-class, technology consulting practice”, explains Nick Rigali, Operating Partner at OWG.” As a firm, we’ve always been dedicated to protecting sensitive data and the personal information of our partners (clients) and our partner’s clients. This certification solidifies those responsibilities and allows us to publicly demonstrate our commitment to security.” 

Clients and patients are becoming more aware of HIPAA compliance requirements and how the regulation protects their personal information. Forward-thinking providers like OWG choose the Seal of Compliance to differentiate their services.

 

About Compliancy Group:

HIPAA should be simple. That’s why Compliancy Group is the only HIPAA software with expert Compliance Coaches™ holding your hand to simplify compliance. Built by auditors, Compliancy Group gives you confidence in your compliance plan to reduce risk, increase patient loyalty, and profitability of your organization. Visit https://www.compliancy-group.com or call 855.854.4722 to learn how simple compliance can be.

Enable your team with our Cloud

Is your firm offering a true hybrid work environment with the same user experience for remote and in-office teams?

Your IT systems should enable success, not get in the way of it. Our Next-Gen Cloud is built on the highly available Azure infrastructure, and secured with enterprise class software. Here are six ways it will enable your team to be great!

Six ways Cloud will enable your team.

To find out how your business will benefit from OWG’s Next-Gen Cloud simply drop your email below, or schedule some time on our calendar.

Always Verify

Confusion about Zero Trust is making it harder to implement

 

 

As we detailed in our business case exploring the Zero Trust, at its core, ZT is a concept and shift in how organizations approach the idea of security and data privacy.

 

It’s not one product or piece of software, rather an approach that assumes breach and secures your organization by requiring users prove they are who they say they are and be granted gated access accordingly.

As explained in a recent article from WIRED, “What is Zero Trust” the approach eliminates the old moat & castle networking model and instead of trusting particular devices and assuming what’s inside your walls are safe, a Zero Trust methodology uses verification, network segmentation and least privilege to protect the enterprise.

 

Eliminate the moat & castle model of cybersecurity

 

 

Eliminate the moat & castle model of cybersecurity

Under the old model, all the computers, servers, and other devices physically in an office building were on the same network and trusted each other. Your work computer could connect to the printer on your floor or find team documents on a shared server. Tools like firewalls and antivirus were set up to view anything outside the organization as bad;everything inside the network didn’t merit much scrutiny. 

 

However, the explosion of mobile devices, cloud services,and remote/hybrid work have radically challenged those assumptions. Organizations can’t physically control every device its employees use anymore. And even if they could, once an attacker slipped by perimeter defenses, the network would instantly grant them a lot of trust and freedom. “Outside bad, inside good.”‍

“Zero Trust is a concept, not an action.”

Ken Westin, Security Researcher

Instead of trusting particular devices or connections from certain places, Zero Trust demands that people prove they are who they claim and should therefore be granted access. Typically, that means logging into a corporate account with biometrics or a hardware security key in addition to usernames and passwords to make it harder for attackers to impersonate users. And even once someone gets through, it’s on a need-to-know or need-to-access basis. If you don’t invoice contractors as part of your job, your corporate account shouldn’t tie into the billing platform.

 

Zero Trust isn’t a single piece of software you can install or a box you can check, but a philosophy, a set of concepts, a mantra,a mindset.

 

You still must implement things like device and software inventory, network segmentation, access controls.

 

Confusion about the real meaning and purpose of Zero Trust makes it harder for people to implement the ideas in practice. Proponents are largely in agreement about the overall goals and purpose behind the phrase, but busy executives or IT admins with other things to worry about can easily be led astray and end up implementing security protections that simply reinforce old approaches rather than ushering in something new. 

 

Here at OWG, we work with our partner clients and help them engineer a true Zero Trust methodology throughout their IT ecosystem. If you have questions or would like to see if we can help your organization better protect its most critical data, email partnerwithus@overwatchgrp.com or click here to set a time to speak.i 

MS Golden

Joining the top one percent of Microsoft partners worldwide, we’re proud to announce we are now a Microsoft’s Gold Partner level.

 

 

An accolade that acknowledges our deep Cloud expertise and service delivery skillset, a Gold designation is a benefit to us and our partner clients as it certifies we’re providing the most technically proficient services, support and consultative information available.

 
Here at OWG, a the new status validates our strong work ethic and expertise level, and it expands the benefits we can provide clients, such as direct access to Microsoft support and latest technologies, which are piloted with top partners first.

 

According to Microsoft, Gold Partners represent the highest standards of Microsoft’s partnership program, and organizations with this competency are recognized for their commitment to solidifying customer relationships by offering innovative and effective business solutions. By demonstrating a proven expertise in delivering quality solutions, Microsoft acknowledges OWG as a leader among certified solution providers.

 

 

OWG Golden Owl

Drop your name and email to learn more, or tag my calendar to setup a conversation.

As organizations across the country begin to adopt the Zero Trust approach, federal agencies will do the same.

As part of a new cybersecurity strategy released Wednesday, the administration outlines its vision for moving government agencies towards a “zero trust” architecture — a cybersecurity model where users and devices are only given permissions to access network resources necessary for the task at hand and are authenticated on a case-by-case basis.

 

 

The key document was published as a memorandum from the Office of Management and Budget (OMB), the administration’s policy arm, and addressed to the heads of all executive departments and agencies.
According to the memorandum, shifting towards a zero trust architecture will require the implementation of stronger enterprise identity and access controls, including more widespread use of multi-factor authentication — specifically hardware-based authentication tokens like access cards, rather than push notifications or SMS. Agencies were also instructed to aim for a complete inventory of every device authorized and operated for official business, to be monitored according to specifications set by the Cybersecurity and Infrastructure Security Agency (CISA).
 
“In the face of increasingly sophisticated cyber threats, the Administration is taking decisive action to bolster the Federal Government’s cyber defenses,” said acting OMB director Shalanda Young in a statement. “This zero trust strategy is about ensuring the Federal Government leads by example, and it marks another key milestone in our efforts to repel attacks from those who would do the United States harm.”
The White House’s announcement cited the Log4j security vulnerability as “the latest evidence that adversaries will continue to find new opportunities to get their foot in the door.” The vulnerability, one of the most serious and widespread cybersecurity threats for years, first began to be exploited in December 2021. At the time, government agencies were instructed by CISA to immediately patch vulnerable assets or take other mitigation measures. The FTC also subsequently warned companies in the private sector to remediate the vulnerability to avoid potential legal action for putting consumers at risk.
“As our adversaries continue to pursue innovative ways to breach our infrastructure, we must continue to fundamentally transform our approach to federal cybersecurity,” said CISA director Jen Easterly. “Zero trust is a key element of this effort to modernize and strengthen our defenses. CISA will continue to provide technical support and operational expertise to agencies as we strive to achieve a shared baseline of maturity.”
An initial draft of the strategy was released in September 2021 for public comment and since then has been shaped by input from the cybersecurity industry as well as other fields of the public and private sector.
With the final strategy now released, government agencies have been issued 30 days to designate a strategy implementation lead within their organization and 60 days to submit an implementation plan to the OMB.
 

Drop your name and email to learn more, or tag my calendar to setup a conversation.

 

 

Portions of this article were originally published by The Verge and is available at https://www.theverge.com/2022/1/26/22902630/white-house-instructs-agencies-cybersecurity-strategy-memo-cisa