The Importance Of Software Patches and Updates

The Importance Of Software Patches and Updates

We all get those annoying little pop-ups from time to time, notifying us that there are software updates available for our computer. And chances are you get them at the most inopportune time, right in the middle of a project that’s too important to quit. So you hit the “Remind Me Later” button and continue as planned.

A few days later, that friendly reminder pops up again. And once again you click “Remind Me Later.” On and on it goes.

It’s a vicious cycle of keeping your computer up-to-date and as risk-free as possible, and simply doing what needs to be done.

We all do it. Even those of us in IT and know its significance have hit the button a time or two.

Patches and updates perform a variety of tasks to both our operating systems and individual software. They add new features, remove outdated features, update drivers, deliver bug fixes, and most importantly, fix security holes that have been discovered.

While non-security patches don’t necessarily have to be applied right away, it should go without saying that security patches should be applied the moment they become available.

Easy for IT to understand. Not so easy out in the field.

If your employees are working on a project and receive a patch notification, many will hit that “Remind Me Later” button over and over again. In fact, you’ll probably find an employee or two that has never hit “okay.”

This is where your risks truly lie.

Not keeping one machine up to date with the most recent patch available can compromise the security of your entire infrastructure. Your infrastructure is only as secure as your weakest link.

Which means you have two paths to follow.

1. Provide thorough education and monitor consistently

If employees understand the risks, they are more likely to take action to prevent the risks. Education is key. Teach the importance of adding updates as soon as they become available. Create a system for alerting when patches and updates become available. Be at hand if they have questions along the way. The only way to ensure its success and reduce your vulnerability is to monitor it through every department.

2. Take control through the cloud

An advantage of a cloud-based security system is that you have the ability to centralize your security rules. You have a more uniform approach to security while decreasing the risk of attacks. Because you control changes, updates and patches, there’s no more relying on employees to do the job for you. Every policy you create is consistently applied across your enterprise by entering it once at the highest level.

The result is only legitimate business transactions are completed on a timeline that works best for you, keeping your entire network safer and more secure.

How does your company handle patches and updates?

The Internet of Things: How It Impacts Your Business

The perfect storm is brewing. It’s building no matter where you live or what you do. Geography no longer matters.

Instead, the perfect storm is being created by anything that has an on or off switch. If it can be connected to the Internet, or connected to something else, it has an impact. Cell phones, tablets, televisions, garage door openers, furnaces and coffee makers all make the list. So do jet engines, automobiles and cash registers.

When connected, it produces an estimated 26 billion links around the world.

Yes, that’s how you define the Internet of Things. A vast network of connected “things” that provides an ever-growing connection of people to people, things to things, and people to things. And it’s growing smarter every day.

There are many instances of how this looks in our lives:

  • Your FitBit talks with your smartphone to track your daily activity
  • Your tablet controls your thermostat, alarm system and lights

Even if you haven’t graduated to using this type of technology yet, you will in the coming months and years. And it’s going to change the way we do business in a big way.

Products will become smarter

No longer is a product just a standalone product. Companies will have to incorporate technology into everything to make it all work together. Sports equipment, for example, will track every movement you make, and provide you with data on how well you did and how to improve your performance.

Smarter products will lead to smarter decisions

As sensors become smaller and can be attached to more things, it will allow businesses to track at deeper levels to make better decisions. Imagine being able to connect sensors to all high-level pieces of equipment, being able to detect malfunctions from the moment they occur. Not only can this add to the longevity of the equipment by being able to fix and replace on a faster timetable, but it can also thwart significant problems in things like jet engines, preventing dangerous and life-threatening hazards in the process.

Smarter decisions will change business models forever

As businesses adjust to new levels of connectivity, they will find their business models changing before their eyes. What if a heart surgeon suddenly finds wearables make his patients more aware of their conditions and better able to control their own health? Would he move from solving problems after they occur into a business model where he helps teach heart wellness instead?

Other similar business models are sure to emerge. And as one thing changes, the impact behind it will surely change tenfold.

Risks. Rewards. 

The most important thing to do right now when considering how the Internet of Things will impact your business in the coming months and years is to think bigger. The more you understand, the more you can put into place. The more you learn, the better prepared you will be.

The future is coming. Will you be ready?

How Mobile Device Encryption Protects Your Data

Chances are your employees use smartphones and tablets in some capacity throughout their workday. What does it cost you as their employer?

According to a study by Ponemon Institute, more than you think. The study found that more than one in three mobile devices used in a business capacity contained sensitive data. Companies know:

  • They’ve probably experienced a loss or theft of sensitive data due to employees’ careless use of their mobile device
  • They have difficulty detecting and stopping employees from using insecure devices
  • They have inadequate security and control features in place
  • The popularity of cloud-based applications makes it easier than ever to put sensitive data on a mobile device, which puts the data at risk

Mobile device encryption offers an easy solution to protect against data breach. Encryption is a reversible process that scrambles data into ciphertext, blocking it from view from anyone that doesn’t have the conversion key. If the correct key is used – a password, for instance – the data is unlocked and available to the viewer.

There are two types of encryption available: hardware and software.

Hardware encryption varies by operating system, and device make and model. With Apple iOS, for example, encryption comes preprogrammed as a part of the device. The file system is written to flash memory. The device scrambles all content when the device is locked and remains encrypted until the correct passcode is entered. The device relocks itself after a predetermined amount of inactivity.

Androids are a little different. Though Android OS supports hardware encryption, most devices are incapable of using it. It will come stock without hardware encryption in place. If you desire to enable Android hardware encryption, it is necessary to lock the Android to trigger the encryption keys.

Because there isn’t a standard for hardware encryption between systems, many turn to software encryption. With software encryption, an individual program uses a third party function to encrypt and decrypt selected data. It allows you to choose only the programs you choose to have encrypted. It can also allow you to protect sensitive data in a way that most benefits your company. If multiple employees have access to a tablet device, for instance, having individual PINs and passwords to encrypt and unscramble files based on needs and requirements can ensure employees only have access to what is truly necessary.

So, is one type of encryption better than others? As with any security system, nothing is infallible.

As a company, you operate with different levels of security in place. You may have locks to enter the building, security personnel to control access to certain levels. You may have passcards or keypads limiting access to certain rooms. Hardware and software encryption can be thought of in the same manner. Hardware encryption locks the front door; it provides the first level of protection to prevent people from entering. Once in, software encryption kicks in, limiting access to sensitive files based on an as-needed basis.

Your mobile security plan should be based on understanding how your users will use technology, giving them the right controls as needed. Every device should be considered on a device and case basis, choosing the right level of protection necessary for keeping your data safe and secure.

How Artificial Intelligence Will Impact Business

How Artificial Intelligence Will Impact Business

Steve Wozniak. Elon Musk. Stephen Hawking. The list reads like the Who’s Who of people at the top of their fields.

What do they all have in common? They all have a deep commitment to integrating artificial intelligence safely into our world. They’ve even signed a letter of commitment to prove it.

But what does that mean for us, businesses and consumers that are simply trying to do our jobs as best as possible?

Artificial Intelligence is defined as the simulation of human intelligence processes by machines, especially in computer systems. These processes include a variety of human functions, including learning, reasoning, and self-correction. It’s quickly playing a role in all kinds of activities, from speech recognition, translating, and visual perception. We see it in our everyday lives.

Look no further than your phone to see AI in action. Ever ask Siri on your iPhone for a restaurant nearby? Or ask Cortana on your Android for directions? That’s AI helping you out with your everyday tasks.

At this point, our mobile devices are still primarily being used for status updates, texts, and selfies. But as artificial intelligence continues to become smarter, we see all kinds of ways to put it to use. Siri, for instance, can become your built-in assistant, and become smarter with each request you make. You no longer have to do some of the most repetitious parts of your day. Like copy/paste. Or switch back and forth between platforms to perform basic tasks. If Siri anticipates your moves, she can make them for you, saving you valuable time.

But of course, that’s only the beginning.

Imagine being able to upload an image and having everything about that image be instantly recognizable. Facial features can be analyzed and tagged, so it’s easily transferable to your social sites. And the image can also be analyzed for what is happening in the photo, creating copy that mirrors the actions in the image. It may not be perfect … yet. But AI is adding sophistication to the programming, and it’s only a matter of time before it’s a seamless process that requires little interaction from you, the user.

And of course, this is only the tip of the iceberg. Artificial intelligence doesn’t end with mobile and social media. In fact, it’s being used in every aspect of our lives.

It’s important to remember that AI is only in its infancy; it has many problems that still need to be worked out. Such as the axiom of AI being used for good versus evil. AI currently still acts randomly based on a limited number of predetermined, programmed conditions. But as AI becomes smarter, more opportunistic with the way it thinks, it can fall into many different hands for many different purposes.

Amazon, for instance, uses a machine learning service that analyzes results from data, based on its own internal algorithms, to predict customer spending habits. This concept can be transferred and used in other businesses in a variety of ways. If you can gain better insight into behavior, you can use it to produce AI that will help guide the critical decision-making process.

But what if the not-so-good use that same prediction model to learn your online search behavior, and use it to gain your trust to get access to your most private information?

While AI will continue to grow and be put into use in a variety of ways, it’s the threats that also have to be monitored along the way. When something is developed for good and has the opportunity to improve our lives, there are always threats that exist to use it for bad. Threat modeling, threat prediction, and threat analysis are all ever-growing challenges in the world of IT.

And if you don’t begin to take the necessary steps now to counteract what’s coming, the future may impact your more than you can imagine, sooner than you think.

Do You Have A Technical Disaster Recovery Plan?

Do You Have A Technical Disaster Recovery Plan?

Where is your network server? What would happen to your data in the event of a disaster?

It’s not something we like to think about. Yet the news reminds us again and again of what is possible. A fire. A flood. Power loss. Even sabotage. A single disaster could wipe out your offices and your data center all at once.

To prevent the worst from happening, all organizations should have clear ideas and strategies in place for how to keep the worst at bay. And what to do if it does strike your facilities.

A technical disaster can impact a variety of things you use in your business every day:

  • Computers
  • Telephone system
  • Equipment with computerized functionality
  • Security systems
  • Network access to both the Internet and to local servers and intranets
  • Data, customer files and financial records
  • Software for internal programs, such as billing, payroll or tax information

Depending on how your company was set up, and how your company has grown, your data center may still remain onsite. You have unique concerns. A technical disaster recovery plan must clearly define the steps you’ll take to recover your data using internal methods. You’ll have to consider a variety of things.

Start with the basics

No matter how large or small your company is, securing your data is your first line of defense. Disasters rarely pinpoint specific targets. Which means the best way to be prepared is to start from the beginning.

  • Put an uninterrupted power supply (UPS) on all critical computers to protect against power surges.
  • Institute an automatic backup schedule for routing backups of your data. Make sure data is stored off site and separate from your place of business.
  • Be sure all firewalls and antivirus programs are up to date.
  • Be conscious of where you house your IT. Make sure water pipes don’t run through the ceiling above the equipment, nor do you house equipment in a room adjacent to major plumbing equipment, such as water heaters.
  • Don’t store computer equipment on the floor. Raise them up to keep them from being damaged through minor flooding.
  • Invest in a non-water based fire extinguishing system.
  • Make sure your electrical system meets the needs of your power requirements to avoid overloaded fuses and power supplies.

Adding the details

As your coverage becomes more established, and you have better security in place, you can begin adding in more details to become even more prepared. Ask questions like:

  • What would happen if I completely lost my facility, and all computerized equipment was gone?
  • How would my customers be impacted? My employees?
  • Do I have all of my contact information, passwords, and other pertinent data for rebuilding the system outside of my facility?
  • How soon could my business be up and operational again by pulling from outside resources?

And if you haven’t already done so, your questions will quickly lead the way to establishing outside resources as well.

Finding other alternatives

An offsite data center should not be located in the same geographical region; a hurricane, for instance, can wipe out the business and the data center at once. It should also have it’s own policies and procedures in place.

Good disaster recovery plans should be concise. During the chaos of a disaster, the last thing people will think about is putting a complicated plan into action. What will your data center be accountable for? How will you retrieve your data? Who has responsibility for each piece along the way?

Having a succinct plan is important; its equally important to practice it regularly.

Because we rarely think of the worst, some of the easiest steps you can take can be missed. Disasters never come on schedule. And in many cases you have little time to prepare. By looking at your IT structure from all angles, you can prepare for the worst and make sure systems and backups in place.

There are advantages to hiring an outside consultant to help you create your recovery plan. A third party can be more objective when evaluating your plan, noticing the tiny details you may have overlooked. If you have questions, lets talk.

Shopping For EHR Software

How are you going to improve your practice in the coming year?

Because of how fast technology changes, it is estimated that 30 percent of all current EHR users will be interested in upgrading and replacing their current software as they look for more features, more convenience.

If you fall into that category, where do you begin? After all, everyone has an opinion on what makes EHR software worth the investment.

EHR manufacturers will not have the same opinion as the head of your company. The CIO will not have the same requirements as an office manager. Needs are based on what helps you do your job more effectively, and that runs different from person to person.

Yet purchasing EHR software isn’t the same as downloading the coolest app from iTunes or Google Play. EHR software is expensive. It’s something you may bring into your business and continue using for years to come.

Do you really want to make that selection on a whim?

Instead, the best place to start is with a little guidance. After all, every program can sound amazing when you look at the way marketers write up the sales copy. In the long run, you want the best software for what you do. And that starts by defining your plan of action before you tackle making a decision.

Create a clear plan

Start by clearly defining how the new EHR program will be utilized every day. Make a list of everyone in the office who will access it, what their requirements are, how they will use it, and what would most benefit them. How an office manager uses it will not be the same as how a physician uses it. Make sure you understand the nuances of each.

Include every opinion

Never guess at how people will use a system. Ask them instead. Be sure to include everyone in the decision-making process, verifying all of their user requirements. This means sitting down with each staff member and figuring out what matters most. This can help you avoid the flashy features during the demo phase.

Separate necessities from desires

When you start questioning staff members, it’s easy for them to start dreaming of potential. It’s also easy for some to cover up certain processes that would greatly enhance productivity, yet they are holding back out of fear of the unknown. Be willing to change business processes when better features are available that can aid in both the way the office runs, and also how you communicate with your customers.

Make your essential list early

There are some features that are essential to any EHR software you purchase: HIPAA compliant security, physician and patient scheduling, billing functionality, e-prescribing. There are also non-essential items that can improve productivity: mobile access, patient portals, voice recognition for dictation. Make sure you separate the two and select a program that truly has what the office staff will use most.

Don’t get overwhelmed

Do a quick search and you can easily come up with a dozen or more contenders to add to your list of possibilities. Each highlights something different; each has it’s own way of moving to the top of the list. It’s difficult to stay objective and not become overwhelmed with the bells and whistles. Use simple criteria to eliminate the majority of them as quickly as possible, weeding your list down to a more manageable three or four. Only demo at this level because the features will quickly start blurring together if you look at more.

Also, be sure to have a standardized scorecard for comparing the different products. Look realistically at how each software program handles each individualized task. Don’t get distracted by the flashy features a salesperson may try to sell you on. Instead, put your emphasis on looking for what your staff wants and how you can give them the full package they will use the most.

This can be a difficult process. It’s easy to lose sight of what is truly important. Sometimes having an impartial expert on your side can help you weed through the potentials and help you focus in on the best solution for your office.

That’s what we’re here for; just give us a call.

Is A Remote Wipe Policy Good For Business?

Is A Remote Wipe Policy Good For Business?

It’s a dilemma that faces business managers every day.

When they bring in a new hire, somewhere in the midst of the paperwork is a clause about the internal Bring Your Own Device (BYOD) policy. It gives the company the right to remotely wipe a lost or stolen phone or tablet, or to wipe any company related data at the moment an employee leaves.

But do people really understand the implications of what they are signing? Studies show the answer is no. Personal is personal; business is business. Yet when the two are co-mingled, the rules suddenly change.

As more organizations adopt BYOD policies as employees acquire a wide variety of smartphones and tablets for every day use, stricter guidelines must occur to keep company data safe. Yet for many employees, they worry equally about the personal data that invariably makes its way onto their devices.

Which is where the trouble begins.

As an organization, there are three basic reasons for wanting to remote wipe the contents of a mobile device:

  • The device is lost or stolen
  • The device belongs to an employee who quits or is fired
  • The device contains malware and security issues that are effecting the network

Time is imperative in all situations to keep the company data safe.

Yet when an employee highly values his or her personal data, they may delay telling the IT department of any trouble because they fear the consequences of losing all of their files. These delays cost businesses significantly.

In order to use remote wipes, three options are available.

1. Use your mobile provider

Every phone comes with a factory reset feature that will reset all user settings, delete all third party apps and return the device to its original factory settings. The cellular provider can explain the easiest way to execute this feature.

Most phones also have a feature that allows you to wipe your device even when it is no longer in your presence. If you have an iPhone, for example, you can register it with iCloud and use the Find My Phone app to wipe the device at any time. The key is enabling the feature before it is stolen or misplaced. Not the safest method, but it can be a good starting point to get employees to take ownership of mobile security.

2. Use encryption

IT can install an app that will contain and encrypt all data used for business in a special folder on the device. This can be useful because IT can access the container and make changes as they desire, while leaving the rest of the device content alone. This would give IT the option of wiping the entire contained section as needed, or in the case of an employee moving to a new department, delete and add new content based on requirements. This also provides an extra layer of protection as the device couldn’t be accessed without the proper authentication key in place.

3. Use outside software

There are many outside vendors that offer special programs to help IT manage data and devices, and in many cases are bundled with other services to make remote access easier. For instance, Microsoft Exchange ActiveSync (EAS) has a feature that allows users to request remote wipe to return it to factory condition. The downside of using systems like this is the device has to be connected to the Internet and turned on in order to wipe the data. This can leave the device at risk indefinitely.

No matter which policy is the right solution for your company’s data, the important thing is to keep your employees in the loop. If you stress you will never erase their personal data, they will be more likely to submit problems as they occur. If you stress how valuable the company’s data is, they will be more likely to take action.

What is your company’s remote-wipe policy?