How to Optimize Your Conversion Funnel, from ToFu to BoFu

No matter who your customer is or what you’re selling, it’s more likely than not that your customer will have to go through several steps before choosing to buy your product or service. Think about your own shopping habits: you don’t just buy the first thing you see. The first thing you do is note that you have a problem or a need, and then you research a solution online. Once you find that solution, which could be a product or service, you then decide which manufacturer or company is the best fit for your needs based on price, features, quantity — whatever it is that you are looking for.

Spotlight

Palos Community Hospital

Palos Community Hospital has served the people of Chicago's southwest suburbs for more than 40 years. The health care we provide is guided by traditions established over the years - traditions of quality, respect and trust. At Palos Community Hospital, we live by one simple philosophy: We treat people the way we would want our own family and friends to be treated…

OTHER ARTICLES
Health Technology, Digital Healthcare

NIS2 Cybersecurity Rules are Coming: Are You Ready?

Article | August 16, 2023

NIS2 Cybersecurity Rules Approaching: Is Your Organization Prepared? The EU NIS cybersecurity regulations are evolving for 2024, and if you’re not currently aware of how they’ll apply to your organization, now is the time to get up to speed with the desired requirements. Not only is the directive being tightened, but an extended range of healthcare and related organizations will be added to the list of ‘critical entities’ that must comply. These include certain medical device manufacturers, pharmaceutical companies, and organizations that carry out R&D. The Network and Information Systems (NIS) standards were set up in 2016 to protect essential services – such as water, energy, healthcare, transport, and digital infrastructure – from online cyberattacks. The updated legislation, NIS2, will have stricter rules,reporting requirements, and higher penalties for non-compliance. They will apply to medium-sized and large businesses that operate within one or more EU countries. Those based only in the UK can’t sit back; however, the original NIS regulations will still apply as part of British law. What’s more, a UK version of the rules is coming very soon, and it’s likely that the framework will closely resemble the EU’s. What will the requirements cover? There are a number of cyber risk management measures that all organizations that come under the scope of NIS2 will be required to put in place. For instance, they will need to conduct regular security assessments and risk analyses, adopt incident response and handling plans, and appoint a chief information security officer (CISO), among other obligations. The new directive will streamline and strengthen incident reporting requirements. Entities must notify regulators of any incident that has compromised data or had a significant impact on the provision of their services, such as causing severe operational disruption or financial loss. Applying information system security policies and business continuity plans will form part of the obligations, as will conducting cybersecurity testing and training for all staff. The use of multi-factor authentication (MFA) and encryption, wherever appropriate, will also be mandated. There is plenty of focus within the directive on the cornerstones of cybersecurity best practices particularly, the proper control of administrator-level account credentials, privileged access, and endpoints, all of which are prime targets for attackers. Under NIS2, organizations are being separated into ‘critical’ and ‘important’ entities. It’s important to determine which category yours’ will fall under, as each has different requirements. The third-party threat will also be addressed in NIS2 by pulling in managed service providers (MSPs) to the list of ‘critical entities’, with the aim of keeping digital supply chains secure. MSPs are often granted privileged access to clients’ corporate systems and networks, which creates security risks. What are the consequences of non-compliance? Organizations that come under the regulations’ purview will be subject to random checks, regular security audits, on-site inspections, and off-site supervision. For those found to be in breach, sanctions could include warnings, temporary suspension of certain activities, and temporary prohibition to exercise certain managerial functions. Financial penalties could be as high as 10 million Euros or 2% of an organization’s global turnover, whichever is higher. What steps should healthcare organizations take now? Organizations should take action to establish whether the EU or UK NIS2 regulations will apply to them and what their responsibilities will be. Having identified any gaps in existing cybersecurity processes, policies, and practices, they must determine what changes need to be made to address them. As a priority, they must review their incident response plans and incident management and reporting procedures. It’s also a good idea to begin assessing the security posture of partners and third parties in the supply chain and incorporating relevant security requirements into contracts. Given the framework’s focus on protecting privileged admin accounts, organizations should implement controls limiting the number of staff members with these robust credentials. Implementing privileged access management (PAM) will allow IT to control who is granted access to which systems, applications, and services, for how long, and what they can do while using them. Preparing for the introduction of the EU NIS2 regulations should be considered more than just a compliance exercise. By meeting the strengthened requirements, healthcare organizations will be building a foundation of resilience that protects them, their customers, and the essential services they provide.

Read More
Digital Healthcare

The Key Ingredient in Healthcare Compliance Success

Article | November 29, 2023

The healthcare industry has become a prime target for cybercriminals in recent times. According to The State of Ransomware in Healthcare 2023 report from Sophos, six in 10 healthcare organizations have been hit by ransomware in the last 12 months, up from 34% in 2021. Among this uptick have been several headline-grabbing attacks. For example, Shields Health Care Group became the subject of the single-largest breach affecting any organization globally in April 2023, when 2.3 million patients of the Massachusetts-based medical services provider had their personal data stolen after a cybercriminal gained unauthorized access to the organization’s systems. Meanwhile, in the UK, a ransomware attack on the University of Manchester occurred in June, affecting an NHS patient data set holding information on 1.1 million patients across 200 hospitals. Critically, the wealth of data housed in healthcare networks, and the potential impact of data unavailability in healthcare, make the industry both attractive and lucrative to threat actors. It’s no coincidence that the Sophos report shows the rate of encryption in the healthcare sector is at its highest level in recent years. Of those healthcare organizations which suffered a ransomware attack in 2023, 73% had their data encrypted – up from 61% in 2022. When cybercriminals can successfully take down hospital systems and/or encrypt patient data so it can’t be used, they can blackmail health service providers, demanding significant sums before reinstating systems and/or data availability. Considering healthcare's critical role as the highest-stake industry in our society, where people's lives depend on its success, the likelihood of attackers achieving their goals is greater than in other sectors, as confirmed by the Sophos report. Indeed, of the 73% of healthcare organizations that had their data encrypted, 42% reported that they paid the requested ransom to recover data. DSPT and the compliance burden Without question, the security-related challenges in healthcare are mounting. Right now, industry organizations are operating against a backdrop of unprecedented operational and workforce pressures, spiralling demand for care and industrial action. Moreover, there is a growing regulatory burden, with organizations continually asked to comply with evolving cybersecurity rules, battling with multiple compliance mandates at any given time. Take the NHS as an example. According to the 2023 NHS Providers’ Regulation Survey, just over half (52%) of respondents said the regulatory burden on their trust had increased. And this is expected to ramp up further in the future, with the UK government setting out a new 2030 strategy aimed at bolstering cyber resilience in healthcare. Among the compliance burdens that the NHS faces is the challenge of meeting the requirements of the newly updated Data Security and Protection Toolkit (DSPT). Mandated to minimize cyber risks and enable healthcare providers to maintain a robust information security posture, the DSPT is not a simple checklist of security controls, but a comprehensive toolkit to evaluate current security maturity and establish a risk management programme. Indeed, in more recent times, DSPT has moved away from being a guide for achieving certain levels of assurance, and toward a mandatory evidence-based system which demands NHS organizations align with 10 precise National Data Guardian (NDG) standards: 1. The organization assures good management and maintenance of identity and access control for its networks and information systems. 2. The organization closely manages privileged user access to networks and information systems supporting essential services. 3. The organization ensures passwords are suitable for the information being protected. 4. Process reviews are held at least once a year where data security is put at risk and following security incidents. 5. Action is taken to address problems as a result of feedback at meetings. 6. All user devices are subject to anti-virus protections, while email services benefit from spam filtering and protection deployed at the corporate gateway. 7. Action is taken on known vulnerabilities based on advice from NHS Digital, and lessons are learned from previous incidents and near misses. 8. The organization has a defined, planned and communicated response to data security incidents impacting sensitive information or key operational services. 9. The organization has demonstrable confidence in the effectiveness of the security of technology, people, and processes relevant to essential services. 10. The organization securely configures the network and information systems that support the delivery of essential services. Reducing Compliance Challenges with the Right Solutions Taken individually, these standards may not seem too strenuous to adhere to. However, to be compliant with DSPT, all 10 items need to be completed and deemed ‘satisfactory’. To tick all 10 key boxes in the most effective and efficient manner simultaneously, organizations should consider their strategy carefully. This could involve embracing supportive tools to accelerate and enhance their compliance journey. Boiled down, DSPT demands several key things, including unincumbered visibility of the entire ecosystem, as well as the ability to demonstrate secure access, logs and storage, and essential auditing processes to maintain data security. Achieving these things might appear complicated, even daunting. However, there are solutions known as Security Information and Event Management (SIEM) systems on the market that can make achieving these capabilities, and in turn DSPT compliance, easy. Here, we outline some of the key features to look out for to meet compliance: • Log retention: A modern SIEM should be able to provide a centralized log storage and big data platform that scales to any organization’s size. Platforms should be able to provide role-based access to log data, including ‘data privacy’ functionality that can mask sensitive data until approved. Log data should not be modified or removed by users once ingested into the platform, while all data held should also be indexed and fully searchable. • Identifying and disabling unnecessary accounts: A good SIEM will also provide account auditing facilities for Active Directory that allow administrators to quickly identify dormant accounts. They should also be able to remove privileged user access when no longer required or appropriate. More sophisticated platforms will be able to do this in an automated manner. • Easy identification of issues: Clear and easily readable dashboards, alerts and reports for user logging activity should be provided, including failed login, apparent brute-force attempts, and bad password management practices. Further, those using machine learning will be able to identify unusual behavior patterns based on a baseline of activities of users and their peer group. • Integrate with third-party threat feeds: It will also be able to integrate with a wide variety of third-party threat feeds that provide information about specific known threat payloads/hashes and destination domains/addresses. Meeting the mandate Of course, having the right features in place is only part of the puzzle. For organizations to be truly successful in embracing tools that enable them to meet DSPT compliance more effectively, they should work to ensure that solutions providers offer them ongoing support – both in terms of ease of deployment and to ensure that they are using key systems in an optimal manner. Scalability is another important aspect to consider. Systems should be able to scale and continue to support the organization as data volumes increase and become more complex over time. In respect of scalability, organizations should take time to think about pricing models, ensuring that these are based on the number of devices (nodes). In doing so, it will become easier to accurately budget future costs, as well as provide greater budgeting certainty over the short, medium and longer term. A converged SIEM allows organizations to prioritize the big picture over individual tools, enabling them to develop a seamless and easy to use security operations setup. Not only does this approach boost cost transparency and eliminate potential complexities with managing a variety of siloed products – equally, it reduces the burdens on security teams, eliminating complexities over system integration and enhancing performance. A converged SIEM combines key technologies easily to offer improved security outcomes. In doing so, organizations can easily home in on specific standards and adopt security best practices while reducing the burden on security teams tasked with meeting DSPT compliance.

Read More
Health Technology, Digital Healthcare

3 Key Considerations in Cloud Security for Healthcare Organizations

Article | September 8, 2023

With medical system consolidation and increasing numbers of medical records created, the need for digital access and storage is gaining steam. Digitizing records allows clinicians to improve accuracy and decrease redundant testing and studies, as well as reduce treatment delays. Greater availability of digitized records has other perks too. With vast amounts of accessible medical data, researchers can move public health studies forward, also potentially improving care and treatment of individual patients. As a result, cloud storage is taking off, though healthcare organizations are adopting it more slowly than other industries. According to a 2019 Nutanix report, 71% of healthcare organizations using cloud were considered the least mature – relative beginners – in that they were using fewer cloud services. Compare that figure to finance or retail, where 13% and 15% respectively were beginners. However, that is changing.

Read More

Advanced Healthcare Supply Chains: Why It’s All in the Data

Article | February 10, 2020

During the past decade, the healthcare industry has undergone an unprecedented technological transformation. The industry, once defined by manual processes, has moved squarely into the digital age. As patients, we’ve all become accustomed to seeing physicians as well as clinical staff use laptops during office visits. And behind the scenes, hospitals and health networks have made substantial investments in financial and HR systems, among others. One of the more significant digital advancements has been the industry’s focus on applying greater levels of automation to supply chain processes. In doing so, provider and supplier organizations have improved the efficiency of their supply chains, driven out millions of dollars in cost and waste, all while keeping patient care front and center.

Read More

Spotlight

Palos Community Hospital

Palos Community Hospital has served the people of Chicago's southwest suburbs for more than 40 years. The health care we provide is guided by traditions established over the years - traditions of quality, respect and trust. At Palos Community Hospital, we live by one simple philosophy: We treat people the way we would want our own family and friends to be treated…

Related News

Global Search Marketing Agency, Directive, Announces Complete Rebranding

Directive Consulting | December 05, 2018

Directive, the leading B2B and enterprise search marketing agency, announced today the launch of their new branding to reflect their evolution into a global search marketing agency. Directive’s unique approach to search marketing has positioned the company as the agency of choice for leading B2B and enterprise companies since 2014 with a portfolio comprised of 90% in the B2B space. With their extensive rebranding efforts, the company continues to offer premier SEO, PPC, CRO, content marketing and paid social services that B2B and enterprises need to scale their business. Additionally, Directive continues to invest further in employee well-being, marketing technologies and superior support for clients. “Our rebranding does not impact our services, operations or our market, as we have been working with leaders in the B2B space for some time; however, our identity now reflects and matches that,” stated Hannah Mans, Directive’s director of marketing. “This milestone is the first of many as we work towards our vision to be the largest global B2B search agency by the end of 2020.” The rebranding includes a top-to-bottom redesign of the company’s website and logo to better resonate with current and potential clients.

Read More

Directive Ranks #1 in Clutch’s Top B2B Marketing Service Providers

Directive Consulting | March 06, 2019

Directive, the leading B2B and enterprise search marketing agency, has recently been honored as the number one B2B marketing and advertising service provider in Los Angeles, according to Clutch. Clutch is a B2B research, ratings and reviews site that identifies leading IT and marketing service providers and software. Recently, Clutch has announced over 260 B2B companies that embody industry leadership in Los Angeles based on their market presence, respective expertise, verified client feedback, and their past and current clientele. Directive was awarded the leading spot on the advertising and marketing list. “We are thrilled for this opportunity to be recognized as the go-to service provider for B2B marketing,” said CEO and Co-founder Garrett Mehrguth. “This is a testament to our team’s dedication and unwavering focus on excellence and to deliver premier services to our clients.” Since its establishment in 2014, Mehrguth has led Directive in its expansion of five global offices including Orange County, California; Austin, Texas; Los Angeles; New York City; and London. Directive has increased by a year-over-year growth rate of 300 percent, and now is celebrating as the number one B2B marketing and advertising service provider in Los Angeles.

Read More

27-year-old Search Marketing CEO Lands 13-stop U.S. Speaking Tour

Directive Consulting | May 29, 2019

Garrett Mehrguth, the CEO and co-founder of the B2B and enterprise search marketing agency, Directive, recently was selected to speak at 13 stops of the Digital Summit tour. Digital Summit, the largest conference series in the digital marketing industry, has invited Mehrguth to share his unique presentation, "5 Data-Validated Tactics to Increase the Experienced Marketer's Qualified Lead Volume (...and 3 Tactics That Are Guaranteed to Fail)" with their audiences across the nation. Mehrguth will continue to discuss how B2B and enterprise marketers can advance their digital "discoverability" and take control of their residency on search engine results pages. This approach has catalyzed Directive's growth by 300 percent year-over-year. It also is the foundation that the firm's strategies are built on, which is utilized across their portfolio of over 75 clients. "I've had the pleasure of working with Garrett over the past year, as he has proven to be a stand-out speaker in our Digital Summit Series," said Leah Harris, content and product strategist for Digital Summit. "We curate 20 marketing conferences with over 1,000 speakers in total, and Garrett consistently engages the crowd with his expertise and surveys in the top 20 percent of speakers."

Read More

Global Search Marketing Agency, Directive, Announces Complete Rebranding

Directive Consulting | December 05, 2018

Directive, the leading B2B and enterprise search marketing agency, announced today the launch of their new branding to reflect their evolution into a global search marketing agency. Directive’s unique approach to search marketing has positioned the company as the agency of choice for leading B2B and enterprise companies since 2014 with a portfolio comprised of 90% in the B2B space. With their extensive rebranding efforts, the company continues to offer premier SEO, PPC, CRO, content marketing and paid social services that B2B and enterprises need to scale their business. Additionally, Directive continues to invest further in employee well-being, marketing technologies and superior support for clients. “Our rebranding does not impact our services, operations or our market, as we have been working with leaders in the B2B space for some time; however, our identity now reflects and matches that,” stated Hannah Mans, Directive’s director of marketing. “This milestone is the first of many as we work towards our vision to be the largest global B2B search agency by the end of 2020.” The rebranding includes a top-to-bottom redesign of the company’s website and logo to better resonate with current and potential clients.

Read More

Directive Ranks #1 in Clutch’s Top B2B Marketing Service Providers

Directive Consulting | March 06, 2019

Directive, the leading B2B and enterprise search marketing agency, has recently been honored as the number one B2B marketing and advertising service provider in Los Angeles, according to Clutch. Clutch is a B2B research, ratings and reviews site that identifies leading IT and marketing service providers and software. Recently, Clutch has announced over 260 B2B companies that embody industry leadership in Los Angeles based on their market presence, respective expertise, verified client feedback, and their past and current clientele. Directive was awarded the leading spot on the advertising and marketing list. “We are thrilled for this opportunity to be recognized as the go-to service provider for B2B marketing,” said CEO and Co-founder Garrett Mehrguth. “This is a testament to our team’s dedication and unwavering focus on excellence and to deliver premier services to our clients.” Since its establishment in 2014, Mehrguth has led Directive in its expansion of five global offices including Orange County, California; Austin, Texas; Los Angeles; New York City; and London. Directive has increased by a year-over-year growth rate of 300 percent, and now is celebrating as the number one B2B marketing and advertising service provider in Los Angeles.

Read More

27-year-old Search Marketing CEO Lands 13-stop U.S. Speaking Tour

Directive Consulting | May 29, 2019

Garrett Mehrguth, the CEO and co-founder of the B2B and enterprise search marketing agency, Directive, recently was selected to speak at 13 stops of the Digital Summit tour. Digital Summit, the largest conference series in the digital marketing industry, has invited Mehrguth to share his unique presentation, "5 Data-Validated Tactics to Increase the Experienced Marketer's Qualified Lead Volume (...and 3 Tactics That Are Guaranteed to Fail)" with their audiences across the nation. Mehrguth will continue to discuss how B2B and enterprise marketers can advance their digital "discoverability" and take control of their residency on search engine results pages. This approach has catalyzed Directive's growth by 300 percent year-over-year. It also is the foundation that the firm's strategies are built on, which is utilized across their portfolio of over 75 clients. "I've had the pleasure of working with Garrett over the past year, as he has proven to be a stand-out speaker in our Digital Summit Series," said Leah Harris, content and product strategist for Digital Summit. "We curate 20 marketing conferences with over 1,000 speakers in total, and Garrett consistently engages the crowd with his expertise and surveys in the top 20 percent of speakers."

Read More

Events