Viewing entries in
IT Management

DATA SECURITY IS A PEOPLE PROBLEM!

DATA SECURITY IS A PEOPLE PROBLEM!

There are some things that only humans can fix. 95% of all security incidents involve human error. Ashley Schwartau of The Security Awareness Company says that the two biggest mistakes a company can make are “assuming their employees know internal security policies” and “assuming their employees care enough to follow policy.” There are many security risks to which your data is susceptible, but there is one method that remains a wonderfully effective hacking tool.  That is the phishing scam. This scam is a legitimate looking email that asks the reader to click on a link. If clicked, the link can infect the user’s computer with malicious software that can steal passwords, logins, and other critical data. Alternatively, the email appears to be from a legitimate source, perhaps even duplicating a legitimate webpage.

The distinction is that the phishing email asks the user to enter personal information, including passcodes. In either case, that is how hackers easily get into your systems. What’s the best defense against this one? The single biggest defense is education. Training your people to be constantly wary of all the emails they receive. One way some firms are educating their people is by sending out their own “fake” phishing scams. Employees who click on the link inside are greeted with a notice that they've fallen for a phishing scam and then are offered tips how not to be fooled in the future. Think of it as the hi-tech version of Punk’d.

You may not be ready to go that far, but it is important to provide ongoing training to all of your staff about phishing scams. Your staff are critical factors in your data security plans. To avoid falling into these traps, you must: a) have a plan, b) educate users about your plan, c) make them care about procedures. To give a quick summary, you need to have a defense plan for each of the layers that a hacker can attack: the physical layer (i.e. you need policies to ensure that only authorized personnel can access your devices), the network layer (i.e. make sure that only authorised devices access your network, and your devices only access authorized networks), and the human layer (i.e. you should make your employees practice good password hygiene and are aware of security threats). 

You should train employees on your security and disaster recovery policies at least twice year, and your IT person should keep your employees up-to-date on security issues on a weekly basis. Make sure that they understand the risks of a breach.

Most importantly you need to create a “culture of security,” where employees go beyond the minimum guidelines laid down by your IT staff and always ask “is this good security sense” for every action they take. You need to have clearly defined penalties for those who practice bad security, and reward those who display good security sense.

 

What is Cloud Computing?

What is Cloud Computing?

Let’s try describing the cloud for once without any tech lingo.

Data Protection and Bring Your Own Device to Work

Data Protection and Bring Your Own Device to Work

Data Protection and Bring Your Own Device to Work

BYOD refers to a firm’s policy of allowing employees to use their own personal phones, tablets and laptops for all their work applications.This is a pretty common policy, and it has many benefits, but it brings along risks. How are you addressing these risks?

Here are some of the issues raised by BYOD

  1. A lost device – If you issue company phones, you have the ability to remotely wipe the unit clean if it is lost or stolen. With employee’s personal devices, do you still have that ability. If not, your data is at risk.
  2. Software updates – Is the employee responsible for updating all the software and virus protection programs on their own devices? If that responsibility transfers to them, you are at the mercy of their willingness to keep track of such tedious tasks. If you accept responsibility for it, do you have the in-house staff to handle all the extra work?
  3. Back ups – with data being entered on many different devices, something must be done to ensure back up procedures are routinely followed.

In short, BYOD is probably an unavoidable approach to device management. It is unrealistic to expect people to carry around 2 different phones or tablets 24/7. But BYOD means extra work for the in-house staff of a small business. To learn more about these risks and a more affordable, comprehensive approach to BYOD Management, see our e-guide “Now you see it, There IT…Stays

Health Care Providers and Managed IT Services: Why are They Inseparable?

Health Care Providers and Managed IT Services: Why are They Inseparable?

In healthcare, there is absolutely no escape from the mandatory utilization of technology. From the simple task of setting an appointment to billing and procedure codes, everything requires an intensive use of protocols that can be implemented only through the use of technology. HHS mandates these processes across the board, from a doctor who is operating solo to the largest hospitals. All HIPAA covered entities must adhere to rules and standards set forth in ANSI 5010 starting Jan. 2012 and ICD-10 starting Oct. 2015. Needless to say, all providers need help using the technology that is designed to bring efficiency and accuracy to the health care system.

Let's discuss why doctor's offices and clinics need managed IT services.

  • You're a Medical Professional: As a doctor you don't have the knowledge to repair your own networks in case there is a failure. Your support staff is trained to make appointments and take blood pressure, draw blood along with several other medical-related responsibilities. They don't fix computers for a living.
  • The prohibitive cost of an in-house IT team: Hiring an IT staff even as part-time employees can be very costly, and even full-time staff may not provide all your support needs. System failures can be very unpredictable and technology can be a 24/7 concern. IT support based solely on your own payroll is not typically a practical choice for doctors or clinics.
  • Data security: This is a very serious issue in health care. Medical records of patients must be protected according to HIPAA requirements. Laws governing health care provides stiff penalties and fines in the case of a breach in patient's private information. You need to make sure that your networks are impenetrable. There are even requirements now to prove that you've had a qualified professional attempt to hack your systems on a routine basis. Managed Service Providers (MSPs) specialize in technologies that will safeguard your data. There are also software maintenance and upgrade issues to be addressed. Outdated software and hardware can expose your systems to hackers. An in-house IT team may be too busy to keep up with the changes, thus making your data vulnerable.
  • Monitoring: The best way to avoid critical breakdowns and security breaches is 24/7 monitoring. This is the surefire way to avoid and control security breaches, viruses and hacker attacks, but it isn't something a small firm can do on its own. It requires the presence of 24/7 labor plus investment in exceptionally sophisticated software and hardware. This sort of investment is not practical for smaller firms.
  • Government regulations: Now there are new government regulations in place that all health care providers must comply with. The purpose is to speed up the billing process and promote more accurate diagnostic records, all while protecting patient privacy.
  • ICD-10 and ANSI 5010: The World Health Organization has updated the international system of coding diseases. It is called ICD-10, with implementation mandated by Oct. 1st 2015. Implementation of ICD-10 requires the use of the new billing system called ANSI 5010, which was to take effect on Jan. 1st 2012. These regulations are designed to improve the information flow between systems so the providers will get paid faster and the patient's conditions will be diagnosed more precisely.
  • Electronic Health Records (EHR): The government now mandates that all the patient's health records be maintained electronically. Also, this mandate provides for the patient's right to know who has accessed their medical records and when. The patient portals that are gaining popularity will be another task to manage.

So what does all this mean for health care providers in terms of managing their networks? More data volumes, more software packages, and more privacy headaches.

At the end of the day, you have to decide what your priorities are as a health care provider. It should be to provide the best care to your patients without having to worry about your infrastructure. As a MSP, we can ensure your focus remains on healthcare.