Why Security Questions Can Be Your Biggest Threat

Passwords. We all use them every single day.

Studies consistently show that people become lazy when it comes to creating a password, with the top spots going to things like “password” and “123456”. But with a little education, you can bring your employees around to changing their habits and creating a more encrypted password choice.

But what about security questions?

Security questions are used on almost every site in which you login to an account. They are used for the “just in case” you forget your password, and have to retrieve it by some other means.

In most cases they provide you with a list of security questions to choose from, with most of them asking fairly standard things.  Top 10 lists put these at the top:

·      What is your mother’s maiden name?
·      Who is your favorite author?
·      Who is your favorite actor?
·      What is your favorite movie?
·      What is your favorite book?
·      What was your favorite pet’s name?
·      Who was your childhood friend?

You’ve probably used one or more of these yourself, over and over again. Yet how secure are they? All are simple questions that can easily be answered with a little bit of research, something a detailed profile on Facebook could make readily available with five minutes of browsing through your page.

While these questions make it relatively easy for an external hacker to gain access to an account, studies also show that its not always an external hacker that will be your biggest threat. In some cases, it may be an internal risk. If a co-worker wants to access company data through someone else’s account, what better way than to do so then through an account from someone they know? And who’s going to question a co-worker when you stand around the water cooler and ask, “what’s your favorite movie”? Its just idle chit chat that we talk about all the time.

So what makes a good security question? A good security question typically will have the following characteristics:

Be safe from guessing or research
This is the most important characteristic of a great security question. It should be something that cannot be easily found out by visiting a social media profile page, or that someone could guess simply by being around a person for a short amount of time. After all, walking your dog and calling him by name can release information to everyone at the dog park.

Won’t change over time
If a security question is vague and can have many meanings, it can be easily forgotten as time goes by. Avoid questions that ask for your “favorite” thing, such as “what is your favorite food?” And avoid questions that can fluctuate as you age, change and grow, “where do you want to retire?”

Be memorable to you
We all have things we talk about and share because it’s a part of our culture. Which is what most security questions are designed around. I’m sure you’ve had conversations with friends, even co-workers, over your very first crush in school, or the first person you ever kissed. But what about the second?

These things are memorable to you, yet they aren’t something we share on a regular basis. They are part of your past, yet don’t come up in regular conversation.

There is one other factor that should be part of online security. When someone forgets a password, having them login with a security question is an important step, but it should always be a part of a two step process. The second half of authentication should be using a code that is sent via email or text to the information used to set up the account. This will further ensure that only the correct person will be gaining access to the system.

What Cloud Computing Means For Small Businesses

What Cloud Computing Means For Small Businesses

Think back to how quickly technology has changed. A few short years ago, every computer was a free standing unit. All upgrades, all changes, all control was handled by moving from unit to unit.

Fast forward as organizations quickly found ways to integrate the entire process to help them scale their businesses. They developed an in-house infrastructure, with expensive servers, physical copies of software, and lots of fully equipped computers for each end user. Control was centralized, meaning it was easier to keep things running smoothly without having to go out to each end user to make adjustments or corrections.

And while this may still be the norm in some businesses, once again technology is changing the way businesses are operating.

Cloud computing is now moving rapidly into businesses of all sizes, and allows a business to put the processing and hosting responsibilities on a professional third party company. Instead of running everything internally, employees access their programs, email and data via browser like tools that connect them to everything they need to operate efficiently. And while large enterprises have been quick to adapt, there are many reasons why small businesses should make the transition as well.

One of the biggest reasons people move to cloud computing services is to allow your employees to work from anywhere. All documents, programs and related data is stored online, which means they will never be tied to a single computer in order to get their work done. With desktops, laptops, tablets and smartphones all being able to access the same data at the same time, employees can quickly move to where they are needed most. A doctor, for example, can make notes on his smartphone as he finishes with a patient, move to a tablet as he talks with his staff, and open up the same file on his laptop as he sits down at his desk.

Since programs are not stored locally, updates, bug fixes and changes can all be handled on the server side without the end user experiencing any of the process. This creates a stable platform that helps the entire office stay productive throughout the day, without the usual downtime associated with in-house processes.

If you’ve ever lost important client files or large amounts of data before, you know how important it is to have a strong backup and data recovery plan in place. As users create new documents, their local copies are synced with a cloud version, making it easy to access a file later from any device. These systems can also save revisions so its possible to go back in time and work with a previous version if a mistake is made. Many cloud providers have comprehensive data backups that automatically copy and protect your data on a regular basis. So there is no more relying on an end user to initiate the process.

Cloud computing can now make even the smallest of offices more productive. Instead of having to move a file from machine to machine with a flash drive or through email, a user can simply go and “check out” a file, work on it, save it, and have it waiting for the next user. Collaboration on a project file from anywhere in the world is a simple as logging in. And with automatic backups occurring along the way, there is never any risk of having one team member delete the wrong data. Simply retrieve an earlier version and get right back to work.

If you’ve never thought about upgrading to a cloud based system before, you might be surprised at how easy it really is. Many small businesses can make the switch to the cloud, and even stay on their existing equipment (meaning your end cost will be even less). Find out today what the cloud can do for your business.

How Small Practices Benefit From Electronic Health Records

How Small Practices Benefit From Electronic Health Records

Is there such a thing as being too small to benefit from technology? If you run a small medical practice, at what size will you begin to reap the largest paybacks?

Study after study are showing the benefits of using electronic health records (EHRs) instead of its paper record predecessor are many:

  • It improves health practice efficiencies and can offer substantial cost savings
  • It improves coordination of patient care
  • It improves accuracy of diagnoses and potential outcomes
  • It provides patient access to participate in their own care

And its not just the large practices that will benefit. If you have a patient, if you run an office, if you make referrals to other specialists, moving into the digital world has its benefits.

Close to two-thirds of practices across the US are considered small in nature, with less than 10 people on staff. If this sounds like you, what can you truly expect by implementing EHRs into your practice?

Paper Reduction

Lets start with the basics. Paper causes problems. When physicians or assistants handwrite medical records, the information may be subjective at best. Notes can be misread. Papers can become torn, warn, or even lost. Paper is also easily destroyed, expensive to copy, transport and store, and makes retrieval difficult as time passes. Its also important to note that paper records have been known to go missing as much as 25 percent of the time, meaning xray or lab results may be ordered again and again as diagnosis is made.

EHRs allow easy navigation of an entire medical record from beginning to end. When multiple people throughout the office can access a record at the same time, information can quickly be added and filled in without the wait time associated with paper records. Instead of putting off paperwork until the end of the day, doctors and assistants can make notes immediately, putting more thought and detail into each entry. EHRs can also be used to establish alerts and reminders, and help keep better track of a patient’s diagnosis and plan, to be better informed and provide better care as time passes.

Improved Efficiency and Productivity

When records are kept in paper format, its difficult to share information with patients, with other medical offices, and even with other doctors or assistants within your own practice. By digitizing records, the process becomes as simple as hitting send.

Consider simple lab work for a moment. Once the doctor makes a request, the request will travel from doctor, to assistant, to office clerk, to assistant, to lab technician, then flow back for results. It may touch other hands, going to a specialist who reads the results, and ultimately to the patient who may have to use it for future referrals. With that many touches, its easy to get lost in transition, and to have mixed messages about its original intent. With clarification written in electronic format, every person can see and review the original orders, and make notes at the time of processing, leaving nothing to chance.

And that’s just the start.

As our health care requirements change with new regulation, mandates will continue to demand the use of EHRs. As a health care provider, its easy to come on board and see the potential benefits. But its another thing to know where to begin.

Choosing A System

As a small practice, coming on board with the idea of implementing an EHR system into your office is the easy part. Next comes the task of doing. With hundreds of choices between EHR programs on the market today, where do you start? What do you look for? How do you know if your infrastructure is adequate for the system you choose? What are the best features and functions, when each program begins to sound a little better than the one before? How do you implement it into your office? How much time will it take?

If you’ve done a little research, chances are you can even add a few questions of your own.

The best place to start is by talking with your staff; what features would benefit them most? Create a list of functions performed every day within your office. Then begin dividing the list into “must have” and “nice to have” features.

Implementation will take several months, depending on the system chosen, the number of employees in the office, and the existing systems that will need to be modified or replaced. If you have any questions as you go through this process, I’d be happy to lend a hand.

Why It May Be Time For You To Look at VDIs and a Virtual Private Data Center

Why It May Be Time For You To Look at VDIs and a Virtual Private Data Center

Company. Employees. IT. Each have their own set of rules and expectations, and no matter how hard you try and bring them together, you’re bound to run into a few problems along the way.

The company wants safety and security, all at the most economical price. Employees want technology to be easy; available when they want it, and have someone else fix the problems as they arise. Then there’s IT; they try and and bring everyone’s wishes together; keeping the company’s data safe and secure while giving the employees immediate access to all the programs and functions they need and desire.

Every technology strategy needs a few things to remain efficient:

  • a place to store the company’s data
  • servers to integrate the process
  • desktops for the end user
  • security to protect the entire process from beginning to end

And in many cases, companies piece a system together in order to provide for their basic needs. How these pieces are put together has varied over the years, and in many ways the pendulum has swung from centralized control to decentralized control. For IT organizations, centralized control is always easier and more cost effective; for end users, decentralized (local) control provides more agility and flexibility.

Now imagine a scenario like this.

IT discovers a breach in security in the most popular browsers. A simple online test will tell a person if they are at risk, and provide the download patch to fix the problem. This is how it plays out:

  • Fred over in accounting has required a non-standard PC to run his specialty software, but when IT tells him about the risk and patch, he doesn’t have the time to implement (or allow IT) to fix the problem, and he doesn’t consider the risk that significant.
  • Brian in sales is on the road constantly, and chooses to ignore the issue altogether.
  • Amanda uses the company imposed citrix desktop and IT has fixed the browser security issues. But she remains frustrated that IT doesn’t have time to add the printer connection she’s requested, so she can print to the printer in the cubical next to her instead of the one across the building. IT has restricted access to the desktop so she can’t do it herself, even when she knows how easy it is. It just isn’t a priority for the IT department with all the network, server and security issues.

If the company’s technology is being accessed in a variety of ways, the IT team will have a difficult time keeping up on potential threats, or even simple customer service issues. How satisfied is your company with IT support? This may be a sign that the team is struggling to keep up with all the priorities they have to face.

This is where a virtual private data center and virtual desktops can come into play.

For several years now, the blending or moderating of these extremes has been through implementing a virtual desktop infrastructure (VDI) – terminal servers, citrix, and other VDI alternatives. But these are not easy technologies to implement and master. To be truly effective and stable, they require a high technology investment and ongoing commitment to maintenance. Most small companies and small IT shops either can’t or struggle to afford and maintain this software.

But the world is changing again, and evolution of cloud technologies have evolved and become affordable enough for small IT shops and companies to take advantage of VDIs. Even more interesting is moving the servers to the cloud and not having to maintain physical hardware, just the network. This balance of centralized control, and off loading low-value IT functions (like patch management, backups, etc) is at the heart of virtual data centers.

I’m always on the lookout for great resources that can offer my clients the tools and capabilities for running efficiently in today’s world. And DinCloud has caught my eye as a great resource for running a virtual private data centers and VDIs within your business. They even understand the nuances and complexities of various industries compliance requirements. For example, they are willing to sign HIPAA BAA’s.

If your goal for the year is to make your technology more secure and easier to manage, especially with limited resources, this might be a perfect solution for you. If you have further questions about how best to manage a virtual private data center for your team, I’d be happy to answer your questions.

What To Include In A Company Email Policy

Email. Its one of those tools we have a love/hate relationship with. We know it’s something we have to have, yet its become such a regular part of our lives, we rarely think about all the implications it has on us both professionally and personally. So ignoring the potential impact often becomes the path of least resistance.

In the US, there are an estimated 130 million workers. Every day, they send around 3 billion emails. Yet studies consistently show that not all of those transmissions are business related; in fact, up to 40 percent of them are personal by nature.

There’s more. Studies also show that only 1 in 3 companies monitor their business email process on an ongoing basis. The very thing that could hurt them most, the easiest tool people have to release company information and cause irreparable damage, is also the one thing most companies spend little time thinking about and planning for.

By having a company email policy in place, you can easily evaluate your employees’ performance and productivity, while discouraging them from abusing the communications system. It can help you protect confidential information and protect trade secrets and policies, and also protect from illegal activity, such as sexual harassment.

Does your company have an email policy in place? If not, its time to create one. Here are a few things you should include.

Start with usage
What is considered business use and what is considered personal use? What is acceptable? Clearly define both sides, and list guidelines for each. For example, if personal email is allowed at work, you may wish to set limits on the times of the day they can be sent (during breaks), or how they are viewed and stored. Also have clear guidelines on what can be attached to email, such as MP3 or EXE files. You may also wish to include a maximum file size for attachments sent via email.

Monitoring schedules
Once you have an email policy in place, its important to follow through with monitoring. How will you judge if your employees are using email in the correct way? Will you evaluate email files and usage on a regular basis? Make sure you clearly define these policies to the individual users so they aren’t surprised by the consequences.

Waste of resources
Email can tie up network traffic in many ways, especially with larger files and increased content. If your employees are allowed to sign up for newsletters and visit newsgroups, is there an appropriate limit to what they can receive? Also consider limiting the amount of data they can store. Some files, especially those heavy in graphic content, can quickly grow in size. Saving these files week after week, year after year, can quickly escalate the amount of storage space you need to maintain this much data.

Email risks
While we like to assume that everyone is familiar with the risks associated with email, clearly that isn’t the case when we consistently see stories in the news about cases going to court over email privacy issues. Email has inherent risks every time you type in information and hit the send button. Harmful effects can occur due to their actions. If someone doesn’t want their information shared with the world, they shouldn’t hit send. The more your employees understand this, the more control you’ll have over your email process.

Email practices
While defining the risks involved with email should be at the top of your to-do list, so to should defining the best way to use and send email. It may seem redundant, but consider it to be company security. Share with your employees etiquette tips on how to create great email – write in complete sentences, clearly define your message, use a company signature, use proper punctuation. Also share instructions on sending attachments, and proper storage procedures.

Proper storage
When dealing with customers, it may be important to file and save correspondence for future use. If confidential data exists, make sure you have specific guidelines for handling it effectively. Create a company wide system for storing email – cloud base filing systems work best – and share how to properly store documentation so others have access too. Also define how long email will remain on the servers, and the appropriate action to take to retain documentation for longer terms.

Make sure your policies for violations are clearly defined. Employees need to see in black and white what is considered a violation, and the steps that will be taken when violations occur. The more specific you can be with actions taken, the more clear it will be with your employees both as they follow the rules, and if they run into problems and potentially break the rules.

How Necessary Is An IT Strategy?

How Necessary Is An IT Strategy?

Strategy. Planning. Purpose. Tactics.

Everybody talks about the importance of having each of these things in place. Yet how many businesses are upfront with what their strategies truly are? How many employees are on board with each key tactic, and know how to move forward when challenges arise?

Strategy is a strange thing. Everyone agrees that having a strategy is an important part of operating a business. But what should it include? Who should understand the policies in the plan? How well should they be monitored? How effective are they at running the business?

Is it a solid strategy that is used before every purchase and before every decision being made? Or is it simply something that looks good on paper, and is referred to only on occasion, and usually when problems arise?

Lots of questions, I know. But as you read through and asked each of these questions to yourself, hopefully you started to see a pattern. You either began nodding your head, knowing you’ve developed a strong plan that your company adheres to very well; or you’ve seen holes in your own approach to developing a strategy, and recognize that you need improvement.

A solid IT strategy is important for many reasons.

Provides guidance for your company and industry

We are in a world of change; keeping up is not an option. Not only is new technology being developed every day, government regulation is also changing quickly, putting more requirements in place for the end user. A solid strategy helps everyone in the organization understand their core capabilities, identify where the trouble spots are, and spot risks before they arise. It helps everyone stay focused on what truly matters, and helps deliver the best performance now and as things change in the future.

Operate in a changing world

Every day, new technology is being created, digital devices become available, and equipment and programs become more effective. How do you keep up with it all? In the world of IT, it can be very confusing. Especially if you run a large organization that takes months to get things from concept to implementation. How do you implement something that is out of date even before the final user is in place?

The key in many cases isn’t about the final product or system you choose, its about how well you adapt. Whether a change is implemented due to a new policy, a new regulation, or simply as a way stay on top of technology, the importance comes from seeing the big picture first. Technology will always grow and adapt; having the keys to allow you to do so effectively will keep you relevant in a changing world.

Creating direction for the future

What is your ultimate goal? All organizations need to make sure their staff understands that purpose, and what it will take to get there. Every business has a specific purpose, a specific “thing” they offer to their clients and customers. IT is only a part of the picture. Customer service, resources, operations, even engagement all play into perception. The customer is there for an end result; not for the way you use technology, or how fast you can implement. It all comes into play in the way you perform your ultimate task and reach your definitive goal.

While its important for your staff to be trained to be as efficient as possible, its equally important for them to remember what the end goal is, and how you use that knowledge as you move and build towards the future. Clients are your ultimate purpose. If you can find a way to keep them happy, while at the same time staying relevant in your industry, that’s the perfect union of a solid IT strategy.

Health-Focused Wearables: What Do They Mean For The Future?

Health-Focused Wearables: What Do They Mean For The Future?

Has technology made its way to the top of your wish list during this holiday season? You’re not alone. New phones and tablets consistently find themselves in top placement. And something else has entered the marketplace and is zooming to the top as well: wearable technology. From glasses, to smart watches, to fitness trackers, to smart shirts, each are designed to connect with and improve our lives in some way.Health-Focused Wearables: What Do They Mean For The Future?

The wearable technology market was valued at around $6.3 million in 2010; its predicted to top out in 2014 at around $5.1 billion. Huge growth, with only more progress to come. All of this adds up to a lot of change not only for what consumers can do on their own, but how the health care industry can use it to stay more current and more relevant with their patients in the process.

Google recently released analysis from the Google Play Store, which showed that the Health and Fitness category was the fastest growing app category this past year. There are now more than 100,000 apps dedicated to mobile health for both iOs and Android technology, a figure that has more than doubled in the past two years. And while figures show that the mobile health and fitness app market is currently worth around $4 billion, that number is expected to increase to $26 billion by 2017.

In short, people care about their health like never before. And with easy ways to track everything from heart rate, to calorie intake, to how many steps they take throughout the day, its also easier than ever for health professionals and patients to reconnect and find ways to work together to improve health and keep people in the best condition of their lives.

As a health care provider, its time to think outside of the box, and see how you can begin integrating this technology into your own practice.

The wearable technology is still small. But its growing steadily.

When was the last time you visited the app store? Browsing through the health and fitness category can reveal all kinds of things. You’ll find apps that track weight, diet, exercise, calories, and of course a whole lot more.

Why use an app? Because it makes life easier. Whether you keep the data on your smart phone, or its tracked through a wearable, you have instant results for your progress. There’s no guess work, or having to go back and write things down. It can be used to pull statistics over time, and can match trends to how a person is doing compared to industry norms.

The people using this technology care about their health, and as a health care professional, this is one of the easiest places to start. If you start using wearable technology and understanding some of the apps available to the general population, you can use it as you are talking with your patients about their fitness goals. Start by using it yourself to see what the technology can do. As you find things you love, share it with patients that are also heavy into technology. The early adapters will help you determine what’s possible, and help you feel more comfortable as new and improved technology makes its way into the marketplace.

Health practitioners can drive demand

While consumers are currently driving demand because of the instant results they can see with these new devices, its health practitioners that can drive it to an entirely new level.

Just this year, Apple entered the mobile health market by partnering with Epic Systems and the Mayo Clinic to produce HealthKit, a technology that will unite feeds from health monitors and report back to a hospital’s electronic medical records system. It will be a repository of statistics, allowing a unique way to monitor highs and lows in a patient, even flagging problem areas to either contact a patient with immediately, or to address when a patient comes in for a regularly scheduled appointment.

If health practitioners see the benefits early and start using technology in whatever way possible, it has the ability to not only make this technology more readily available, but will also reduce the cost and make it more accessible to everyone.

Wearable technology is here to stay; only time will determine what direction it takes and how sophisticated it becomes. But as an early adapter, if you get involved now, even if its only on a personal level, you will lead the way as we enter this new phase of health care.

Do you use wearable technology? What is your experience?