FierceCIO recently summarized some statistics about data breaches that were quite disturbing. Among them are the following:
Data breaches are up 21% so far in 2014 compared to the same time period last year (CIO.com).
After hackers, the two biggest security concerns are lax security and stupidity (CIO.com)
More than half of health care data breaches involved small businesses (CORL Technologies Survey,eWeek)
58% of health care vendors scored in the “D” grade range for their confidence in their security (CORL Technologies Survey, eWeek)
Only 32% of vendors have security certifications (CORL Technologies Survey, eWeek)
31% of third party vendor contracts contain security provisions (PricewaterhouseCoopers cyber-crime survey, eWeek)
“Organizations continued to struggle with attacks that were targeted in nature, which could be directly aimed at the energy, financial, health care, and retail industries or critical infrastructure,” according to J.D. Sherry, VP of Technology and Solutions at Trend Micro (Trend Micro’s Q1 report, CIO Insight)
I’ve hand-picked these statistics for their relevancy to how companies handle their asset retirement. There are a number of disturbing trends that have a direct impact on your asset retirement security profile.
First, breaches continue to rise in general and assailants will typically exploit the weak link in a company’s security. While online hacking and phishing scams have received the bulk of the attention, it’s only a matter of time before attackers start targeting the data found on old or retired drives.
Second, despite substantial resources being dedicated to battling online attacks, companies are allowing “lax security” and “stupidity” to make them vulnerable in other areas. This is particularly true when it comes to data sanitization and asset retirement. From our experience, the majority of companies still allow old computers, servers and hard drives to sit in the “back room” for 3 years before batch processing them or sending them to a vendor for processing. Why allow this “lax security” when the data can be completely sanitized immediately upon retirement for minimal time and cost? This is simply a security hole that need not exist for any company.
Third, several of the statistics focused on the lax management of external vendors and the negative implication it has on security. This is particularly true in the realm of asset management where the attitude of “someone else takes care of that” prevails. If you rely on a third party to sanitize your data, not only do you face the risk of data sitting around for years as mentioned earlier, but you also risk that your third party is handling your assets insecurely or improperly sanitizing your data. Once you ship your assets to a third party do you know how long they sit before they’re processed? Do you know who has access to your assets at the vendor’s warehouse? Are your assets sanitized using certified tools? We’re all in favor of having a third party sanitize your data as a backup measure, but the initial sanitization should occur quickly and internally.
Finally, it’s no secret that certain industries such as financial services and healthcare are particular targets for data breaches. It was interesting to note that attackers are targeting smaller businesses as well as large enterprises. Small and medium sized businesses businesses have less resources to dedicate to security and less sophisticated data practices. At least data sanitization is an area that is so simple and affordable to implement, it can be one area small business don’t have to worry about.
If you have questions regarding your practice's marketing strategy, feel free to contact me at darrensomsen@gmail.com.
Let’s rip this one from the headlines. This isn't about politics, but utilizes it as
a backdrop to emphasize the need to never take your eyes off the ball where
your sensitive business data is concerned.
IRS Commissioner John Koskinen has stated before Congress
that Lois Lerner’s hard drive was scratched and then shredded. When pressed, Commissioner Koskinen could not
state the hard drive had definitively been shredded, only that it had
potentially been shredded. He could not
identify the chain of custody for the hard drive in question nor provide
documentation as to whom had physically destroyed the drive and who had witnessed
the destruction. Someone told Commissioner
Koskinen the hard drive had been shredded and that was good enough for
him. For a situation as politically
pressing as the whereabouts of Lois Lerner’s hard drive, Koskinen’s actions
would lead people to believe he actually has no idea as to what actually
happened to the drive.
Data is Money
I spent many years dealing directly with data. It was drilled into everyone within the
industry that data is money. If you took
possession of records (data) you were responsible for what happened to the
records. Individuals were keenly aware
any misuse of the data would result in additional charges, fines and potential
lawsuits. If, God forbid, the records contained
credit card or social security information they were treated like unstable nitroglycerin. Regulations and potential lawsuits drove many
service bureaus out of storing volatile databases. The risks outweighed the rewards.
So, What’s It to Me?
As a business owner you have an obligation to protect your
patients, customers, clients, and employees from potential harm from the misuse
of their information. The improper
handling of obsolete hard drives can cost clients substantial income, reveal
patients private information, and put customers and employees at risk of
identity theft. It is critical your
business has an established procedure for the destruction of sensitive
information when you retire obsolete computers and servers.
What Should I Do?
Digital data sanitization is the best method you can take to
insure your business does not inadvertently share private information. By performing this task in-house before
entrusting used equipment to a recycling contractor protects you and your
business from accusations and potential losses in the future.
Implementing the use of WipeDrive by WhiteCanyon™ Software
can insure hardware doesn’t leave the office with your data. The three-pass wipe uses several wipe patterns
and is approved by the U.S. Dept. of Defense.
Data sanitization is a safe, easy method of data security that gives your
customers the peace of mind that you are watching out for their security. WipeDrive is a permanent solution for data
sanitization.
Common Sense
I know some of this information is common sense for a
business or practice handling sensitive data and using storage devices. The current coverage of the Internal Revenue
Service and the Lois Lerner hard drive show common sense is not always commonly
practiced. An organization handling some
of the most sensitive information of individuals and businesses cannot definitively
state what happened to a hard drive or confirm the data was destroyed. It is imperative to learn from the IRS' error in data sanitization to protect you and your business.
For more information about utilizing WipeDrive to protect your sensitive information, contact WhiteCanyon Software at 801-224-2952.
If you have questions regarding your practice's marketing strategy, feel free to contact me at darrensomsen@gmail.com.
In 2013, the Dept. of Health and Human Services (HHS)
reported the 2nd largest healthcare data loss when 4 laptops containing over 4 million patient records were stolen from Advocate
Medical Group. The records contained patient
social security numbers, addresses, next-of-kin and patient care data. This information can be sold to identity thieves
and ineligible workers with a value on the black market estimated at 100 to 200 million dollars.
Data losses do not only occur due to theft and unauthorized
system access. Sometimes data is lost
due to the disposal of obsolete computers without proper data
sanitization. In the United Kingdom a
man located a discarded laptop among other used computer parts in a rubbish
pile. After a little tinkering the man
was able to boot up the computer. Upon
searching through the records the man found sensitive defense information –
including over 70 top-secret files detailing two military facilities.
What Does This Have To Do With Me?
Your practice is only as good as the service you provide. This includes customer service in addition to
outstanding medical care. Placing
patients at risk to identity-theft and financial loss is distinctly in the
negative column of great customer service.
A loss of patient data will cost a practice in lost patients, lost
income, and place them at risk of a lawsuit.
According to an article in ComputerWorld, the U.S. Dept. of
Defense was sued for $4.9B, BILLION, due to a data breach involving TRICARE, a
healthcare system for military personnel and their families.
If this case establishes legal precedent, any practice experiencing
patient data loss could anticipate a cost of at least $1,000.00 per lost
record. With an average single-provider
office having 1,800 to 2,300 patients, a data loss could effectively bankrupt a small practice.
Could your practice
absorb a $250,000.00 loss due to improper data sanitization procedures?
What Can I Do to Protect My Practice?
Donating used computer equipment to a local non-profit is
great for the community, helps out those in need . . . and doesn't hurt when
filing taxes. Your practice CAN make a
donation of used PCs without placing sensitive data at risk by incorporating
data sanitization to your operations best practices. Simply moving files to the Trashcan icon is insufficient
– nor is it necessary to disassemble the computer and remove the hard
drive. Data sanitization software is
available that will thoroughly erase data while leaving the programs
intact. This is the difference between
donating a functional system that is a benefit to the local Boys and Girls Club
and a useless paperweight.
SystemSaver, a hard drive cleaner by WhiteCanyon™ Software is
an exceptional tool for your practice’s data sanitization. The program erases personal data stored by
browsers, cached documents, and erases personal data while leaving the
operating system and programs intact.
SystemSaver allows you to benefit from donating used computers while
providing peace of mind that ALL your sensitive data has been securely
sanitized.
As mentioned in previous articles, a dental practice's staff will reflect the attitude of the doctor -- good or bad. Profitability is built upon services, decor, atmosphere, prices . . . and a patient's feeling of being wanted and respected. If a doctor parks an expensive automobile in his parking lot with a vanity plate reading "BRACE$$", patients may feel they are not valued for more than a car payment. A doctor who looks at low-income or troubled patients with contempt, even in private, will find the staff mirroring the attitude.
Wise counsel once stated, "A recovering Meth addict knew how to get money for their habit. They WILL know how to find money for teeth restoration."
Who Are You and What Do You Want?!
"The face of your practice should not be . . . grumpy."
Selecting the right staff is critical to your finances and, well . . ., finances. You need to find a balance between skill, experience, personality, and cost. A recently-graduated hygienist may be a better choice for your new practice as their salary requirements may be less than one with years of experience. New techniques, willingness to take direction and a bright personality can be the right fit for you.
Your choice of front office staff is just as critical as hygienists and dental assistants. This person is the first contact your practice has with a prospective patient – likely by phone. You should conduct a first interview via telephone so you can hear what your patients will hear. Can you hear them “smile” during your call? Listen to their grammar, tone and inflections. Ask yourself,
“Is this who I want as my practice’s first impression?”
If you hesitate, move on. Your staff is a reflection upon your practice and your business – make sure it’s positive.
"Glass isn't just a barrier for your patients,
but also a barrier to your success."
A written job description for the receptionist/front office person will help you identify your practice’s needs before their first day of work. Do you expect them to handle basic accounts receivable, insurance, billing and collections in addition to answering the telephone and patient check-ins? This can relieve some pressure from your work load as a business owner and will allow you spend more time with your patients. But with greater responsibility comes greater pay. Find the person with the right balance of personality, job skills and salary expectation.
"Your mission, if you choose to accept it, is to
MAKE ME MONEY!"
Hello, My Name is Doctor . . .
"I'm the doctor. It says so on my tag."
Let’s review. You have your degree, you've selected the perfect office location, decorated it comfortably, installed the right (but not too expensive) equipment, hired the perfect staff, turned on your telephones and your name is lettered in gold leaf on the door. Now you just need to hang a grand opening sign, open the door and the patients will pour in like a gentle summer rain.
WRONG.
Other than your family, no one has been anxiously awaiting your grand opening. Why? Because you didn’t tell them. You forgot one of the key steps to opening any new business – marketing. Your prospective patients need to know who you are, where you are, and why they should select you as their new dentist. The adage, “You have to spend money to make money”, is no truer than in this moment for your new business. It’s time to invest in a concerted marketing plan to build your practice.
"Thanks Dr. Daddy."
"Dammit Jim! I'm a Doctor, Not an Adman!"
You have one goal to achieve in your business – increase your revenue stream. Revenue comes from a steady flow of new patients entering your practice. Below the simplicity of this statement hides the complexity of making it happen. Marketing your practice will be one of the most difficult procedures you perform as a dentist.
Let’s break marketing down into three categories: public relations, branding, and advertising.
Public Relations
Public relations is an outreach to the community via the press and events which shines a positive light upon your business or brand. Example:
"Doctor Doug Smith, DDS announces the opening of his new dental practice at the Three Points Shopping Center. Dr. Smith practices complete family care and specializes in dental implants . . ."
This item would run in the business section of your local newspaper on a slow news cycle. It will also encourage the advertising manager of the paper to call and discuss a great deal on a four-week advertising run in the paper.
Branding
Branding is any advertising, event, signage or social media that brings attention to your practice without specifically trying to sell an offer or service.
"Hi, I'm Dr. Doug Smith. Remember me the next time you need to see a dentist."
Th is can be a print, radio or television advertisement. The tone does not need to be compulsory.
Advertising
Advertising is a call to action for a consumer to purchase a specific product or service.
“Hey folks! Come on down to Doug Smith Dental where we are DRILLING away at tooth decay! Call us now and get a complete cleaning and exam for only $99.95! For the first 100 callers you’ll get not one, but two complete cleanings and exams! Two complete cleanings and exams for ONLY $99.95! With an offer like this I must be CRAZY!”
This is an example of a direct response advertisement. You make an offer and expect an immediate response from the viewer or listener. Variations can be designed for print advertising.
"Operators are standing by."
Effective Marketing Costs Money
"Branding is the center of your marketing . . .
and YOU are the BRAND."
To design an effective marketing plan to build your practice you should consult with an advertising agency. They can design advertising, prepare scripts, hire actors, and coordinate all media buys. Be prepared for in initial investment of at least $25,000 in advertising for the first 4 – 6 weeks. Have weekly meetings with your agency representative and review their data and compare it to your increased call volume and actual new patients generated by the branding and advertising campaign. This allows you to adjust the ad copy and offers based upon which are providing the best results. Train your staff to log where each call originated and if they became a patient. This will help you invest future spending on marketing which has a track record of success for your practice.
"Meanwhile, make sure your advertising places
your message in the best light."
Anything Else?
When I began writing this article my inner voice kept repeating,
“You wouldn't let your mechanic work on your kids’ teeth, would ya’?”
It’s snarky, but the meaning behind the statement rings true. I've counseled numerous dentists about trying to do everything themselves. I had a conversation with a dentist who had cobbled together his office computer network from used, ancient desktops but then complained about all the time he spent after-hours trying to keep the network running. His practice management software ran slow, computers crashed, and he was incredibly frustrated. I sat down with him at a dental conference and asked, “Why are you trusting your entire business to 10-year-old computers running Windows XP?”
His reply, “I’m cheap.”
He’s a doctor with a $150,000 education and $250,000 in office build-out yet he said he was too cheap to invest $7,500 in new computer equipment to properly operate his business.
You have chosen to embark on an incredible adventure as a small business owner. Look around your area and identify businesses that are thriving and those that are failing. What are they doing right and what are they doing wrong. Are they offering a product or service people want? Are their prices reasonable? Do they have a good location. Take note, the businesses which are succeeding are not trying to do it alone. They hire other businesses with expertise in specific fields for support. This doesn't make them weak – it makes them smart.
If you have questions regarding your practice's marketing strategy, feel free to contact me at darrensomsen@gmail.com.
Your decision to become a dentist may be altruistic or economic. You may have chosen the field because it was the family business or because a guidance counselor stated it was the perfect career for you. So, you invested and sacrificed a lot of years and money into earning your DMD or DDS. You made choices and became a healthcare professional - you earned the title of doctor. But what the professors, book work, and practical education didn't prepare you – you are now a business owner! You are prepared to treat patients, but now you must negotiate real estate leases, equipment leases, insurance, hiring, firing, payroll taxes, business income taxes, design, marketing, customer service, customer retention, profit and loss statements, IT, and . . .
WHOA!
I’m just a dentist.
No just about it. You are a doctor dedicated to improving your patients’ quality of life. But to do so you must also manage a successful business of dentistry.
"Don't worry, I'm a professional."
Hanging Out Your Shingle
When you decide to open your own practice you are in full control of your income. You decide this by the number of operatories in your practice, how many days a week you want to work, your hours of operation, your specialties, your staff , your location, your equipment, and how you market yourself. This series of articles will help you recognize pitfalls, practice strategies, practice operations, and quality of life to help you build a successful dental practice.
"Hi, I'm Dr. Matthews. I'll be removing your molars today."
If You Build It, They Will Come
Your first step to business ownership is where to practice. To reiterate the adage, “Location, location, location.” You need to determine to whom you are marketing (families, business professionals, baby boomers, retirees) and where they are concentrated. One successful Chicago practice opened a second location on a floor of a prestigious downtown hotel. Th is allowed them to capitalize on the business people commuting into the city. [But, this was a second location. They already had a successful suburban practice and were a recognized brand.]
You should select a location with high visibility from the road, convenient parking and easy access. A busy intersection with traffic backed up for blocks can be as big a deterrent to new patients as a medieval castle moat. Don’t take the landlord’s word that it is easy to get in and out of the parking lot – do it yourself, at different times of day. Be sure to note if it’s difficult to access the proposed location based upon time of day, and if your vehicle scrapes asphalt entering or exiting the parking lot – because your prospective patients will notice.
Once you have selected a site it’s time to build out your practice. You should minimize exposure to a long-term lease while allowing for a lease renewal favorable to you. An extended lease may have a favorable monthly cost, but can shackle you to a location that may not meet your needs in a few years. When negotiating your lease Include internal finish work to meet your current needs as well as projected growth. Include clauses to exit the lease based upon significant road construction which can hamper business, the departure of multiple tenants from the property, or an overall economic downturn within a 5-mile radius. You don’t want to be the last business in an abandoned strip mall.
"Choose an AFFORDABLE location, but not so affordable
it puts you, your staff and patients at risk."
Who Are You Trying To Impress?
How you equip reception and the waiting room is as important as the equipment used in your labs and operatories. What impresses other dentists may not make an impression upon your patients. Pleasant decor, proper heating and cooling, comfortable seating and open-access Wi-Fi will make a larger impact with patients than a $100k piece of equipment in your lab. Pay as much attention to interior design as you do your digital x-ray equipment and autoclave.
"Can I get you a martini while you are waiting, Mr. Bond?"
Regarding your equipment – GET MULTIPLE BIDS! Regardless of what your sales rep tells you, they are not “your partner in success” – they are your vendor. Request a bid, remove items you don’t need, then give another company a blind copy of the items you want. Compare the individual prices, the overall bid, the lease terms, warranties, service agreement, and interest rate on equipment financing.
Most importantly, you need to conserve your cash for operating expenses and payroll. Hygienists and office staff don’t work for free.
If you have questions regarding your practice’s marketing strategy, feel free to contact me atdarrensomsen@gmail.com.