Even though the iPhone and the iPad are marketed primarily as consumer devices, the reality is that they are becoming more and more common in the workplace.
Why? Well, they are pretty slick, and since so many people have them it only makes sense that a large percentage of our iNation are employees somewhere. So, IT folks are tasked with integrating and managing them for business. And perhaps more importantly, making sure they are secure.
From an IT department perspective, here are the basics:
Update software. Make sure you're running the latest iOS version (right now it’s iOS 5)
Auto-lock and password-protect. Set the device is set to auto-lock (in Settings > General), and set it to a number of minutes. Also make sure there is a strong password needed to unlock it again. Finally, turn on “erase data.” This keeps the data relatively safe in case the device is stolen, because the user can remotely wipe the data (see “Find My iPhone,” below), then restore it later from the cloud via syncing.
Install “Find My iPhone.” Download "Find My iPhone," which is a free app (even those iPhone is in the title, the app is designed for both the iPhone and the iPad). So if the device is lost or stolen, you can use another iOS device to find it and protect your data. Note that this must be enabled in the iCloud settings for you to be able to locate it.
Establish and install specific configuration profiles. Configuration profiles containing device security policies and restrictions, VPN configuration information, Wi-Fi settings, email and calendar accounts, and authentication credentials will help iPhones and iPads conform a little more to a business. Encrypted and un-alterable configuration profiles can be set up to a businesses‘ specifications, then installed on the individual devices with a USB, wirelessly, or emailed as an attachment. This is especially important for employees on the road who tap into a lot of Wi-Fi networks.
Many industry experts say that Apple has quite a way to go before they are really participating in the business market like BlackBerry, for instance. But since the line between home and work - or work and play - is often blurred, IT support must understand iPhones and iPads well enough to keep business data secure.
iPhone. iPad. iMedia. an iCoincidence?
Call us at 508-790-4171 for help with your businesses’ iOS devices and more.
The Health Information Technology for Economic and Clinical Health (HITECH) Act has done a lot to raise privacy standards for personal health information.
So much, in fact, that the vendors working with medical providers had better take it seriously -- business associates and subcontractors are also directly liable under HIPAA for complying with the security and privacy rules.
Business Associate Rule
Originally, the HIPAA Security Rule required a healthcare entity to maintain administrative, technical, and physical safeguards to ensure the confidentiality of all patient information. The HITECH Act extended the rule to business associates of covered entities, making those business associates subject to civil and criminal liability for any violations of the HIPAA Security Rule.
So, how does this shake down for a small IT provider? Simply put, it could put us out of business if it ever happened. Criminal penalties and civil fines can range up to $1.5 million—a crushing amount for a business with 20 employees or less.
This is why we must do a great job
We admit that it's a bit frightening to think of the ramifications -- should a security or data breach happen with one of our clients. But we think of ourselves as business partners to a medical practice, not just the IT guys. Beyond installing and monitoring the technical aspects of the office, we make sure that staff are well trained and understand all the possible ways a breach could happen. This includes things as simple (and avoidable) as giving out computer passwords, to the bigger issues like encryption which made the news last year in a huge breach at New York City Hospital - potentially affecting over 1.7M people!
http://www.healthitlawblog.com/2011/02/articles/new-york-city-hospitals-suffer-enormous-data-breach/
Who You Gonna Call?
Now that we've instilled some fear in everyone (including ourselves!), let's talk about what we can do to sleep a little easier. There's no doubt that the job of protecting patient privacy is a big one. Which is why all medical providers should take the task of finding the right IT professionals very seriously.
You want an IT shop that not only understands all of the nuances of the HITECH Act, but has the experience and know-how to keep things running smoothly. Proudly, iMedia Technology is one of those companies: we would never set up a healthcare practice in te technical sense without staying on board to make sure all of the staff understand how to use that technology and keep it safe.
Keeping in compliance with the HITECH Act is a big deal. We can help.
Ok, so it's just a few days before Christmas, but if you're scrambling to get your gifts wrapped up, here are some ideas, both big and small, for the technically-inclined on your list:
Kindle Fire - $199
The first real competitor to the iPad. Amazon's Kindle Fire links up with all of Amazon's servces, including books, music, magazines, viedo and music. Wicked fast web browser, too. A pretty cost-friendly tablet alternative.
Digital Music - $10 and up
Gift cards (actual cards or online certificates) can satisfy any music lover in your life. And there are lots of choices. iTunes, Pandora One (premium version without ads, available at Target), MOG (also at Target) or Rdio. Oh, the choices!
Belkin Conserve Smart Power Strip - $30
Ok, admittedly this idea isn't very "sexy," but it is smart. This is a power strip that let's you control your TV and all other components with one button. When you turn your TV off, power to the peripheral components goes off too-including standby power-so no energy is wasted.
Portable/Handheld GPS - good ones are around $100
Garmin makes a highly rated one (available at Radio Shack, among other stores) that has features such as spoken street names, a speed limit indicator (for those of you that pay attention to that stuff) and storing of your trip mileage and max speed. A funny but useful gift for that person with a poor sense of direction...
Wireless Charging Mat - around $50
Depending on the device, there are all sort of new charging stations to make powering up more convenient. For the iPhone, a cool-looking accessory is a "powermat" that makes charging as easy as setting it down.
Good luck, and from all of us at iMedia, we hope you and yours have a wonderful holiday.
Sometimes you've just got to share the love by reposting funny stuff on your blog. This is one of those times. Enjoy!
1. Xtranormal "Techie" video: Mac vs. Google. Taking over the world...the galaxy...the universe and maybe beyond.
2. ...And Jimmy Fallon as "Nick Burns, Your Company's Computer Guy" on Saturday Night Live. Classic. But trust us, iMedia will never be so rude!
Just give us a shout. We promise real solutions by real people. Friendly and all!
Have a great weekend, all.
Today, we pretty much expect that we can connect anywhere, anytime. With all sorts of smart phones, iPods, and other tablets that are wi-fi enabled, we are on the internet constantly, but it's important not to take that convenience for granted.
Even though it's a nice-to-have, your office security can easily be compromised if your wi-fi isn’t properly configured or managed. Here are the best practices to follow:
1. Have a separate wi-fi hot spot for guests. Don’t give guests (or your employees) the wifi password to the business network.
2. Use strong encryption for your SSID, not a wimpy WEP passphrase
3. Use business class equipment, not consumer grade. Hackers target SMBs, thinking we're an easy crack compared to larger corporations. But no matter what your business size, business class equipment is best suited to keep yu safe by providing enhanced protection at the firewall.
4. A wireless site survey is a good way to reveal your weak coverage spots. A survey is an important step if you will use wireless as your primary network connectivity (e.g. a medical practice that uses tablets).
5. to help improve your signal, include Power over Ethernet equipment to allow for adding wireless access points in difficult areas.
6. The future is already here. The next wave of wi-fi is 5GHz: it's betterm faster and more secure. Make sure to plan ahead before your network becomes obsolete.
All of this sound too "geek?" No problem. Give us a call and ask for a secure wireless network. We can help you before you resort to Googling wifi and sorting through the 723,000,000+ search results!
So, you’re innocently surfing the web, and the next thing you know, an obnoxious pop-up message appears saying you’re infected with a virus or malware. Panic sets in, and you obediently follow the directions to purchase a removal tool, and their orders to “click here” to remove the virus.
But what actually transpired?
You were tricked by a legitimate looking message into installing malware on your computer. Next thing you know, the computer isn’t working so well, and you may be out of some cash because you were pressured to pay for the software “solution”.
Don't let 'em hook you. Understanding how the bad guys bait for fish will keep you one step ahead.
This is an example of spam, posing as Legitimate antivirus or anti malware software:
Which would actually look more like this if it were the real deal:
You win: Smart tips for avoiding fake antivirus
· Avoid suspicious looking web sites. Be a skeptic and don’t download and install software.
· Keep your computers up to date with Microsoft patches
· Update third party vendors too: Java, Flash, etc.
· Disable JavaScript in Adobe Reader. To do this, click Edit > Preferences > JavaScript, and uncheck "Enable Acrobat JavaScript"
· Have a good anti-spam solution in place to block unwanted solicitations
· Use a web-filtering firewall to block access to harmful sites
· Keep your antivirus software up-to-date; it's an absolute must
· Keep your antivirus software up-to-date; it's an absolute must
. Movie plug-ins: If you’re a fan of online videos, you might be prompted to install a new Codec to play a video (ahem, you shouldn’t be watching those videos)...don't do it.
. Social Networking Sites: Many of these sites offer endorsements for fake AV. If you don’t know who is endorsing something, don’t believe them! Same goes for malware advertising. If it isn’t something you’re familiar with, don’t trust it or install it, regardless if its free of for a fee.
· Lastly, scan for malware using a trusted solution such as Malwarebytes or Spybot
Better yet, if the to-do list is to-long, call us and inquire about our Managed Services. iMedia clients are protected from all of these risks.
Just like there are lots of ways to take your coffee, there seems to be an endless stream of ways to communicate with your customers today. Phone, email, web forms, FAQ sections, Facebook messages, online chats – with so many options – what works best?
Well, it depends on who you’re talking to. If you’re talking to Gen Y, you might want to consider texting or using social networks, because that’s how they communicate in general. On the other end of the spectrum, there are still lots of folks in the marketplace who simply won’t trust you unless you’re face-to-face.
So, how do you balance all of this out and make everyone happy? It all comes down to options.
Phone: Make sure your company phone number is easy to find on all of your business collateral, including your website. And just as important is the person on the other end of the phone; if you don’t have a sharp first-point-of-contact (we are lucky we do in Gretchen Axelson) you are better off directing callers to a friendly voicemail that will get picked up pronto.
Email: Those slightly older than the Generation Y group love email. In fact, they might even get annoyed if you call before you shoot them a quick email to let them know you’ll be calling. It probably goes without saying, but the email contact on your website should go to a real person (not “info@companyxyz.com”), and that real person should be diligent about answering his or her emails promptly.
Web Forms: These are great for collecting a little information, but don’t expect many people to fill them out. In our business, when people are having an IT pain they want relief now, not after they answer a bunch of questions and wait for a follow up. That being said, web forms are often appropriate during the discovery process, when both the client and the business want to do a little fact-finding.
Social Media Messaging: This works well when you have a big fan base, and you want to push out a message that has broad appeal. Probably not the best tactic for troubleshooting a problem, unless your subject is 25 years old and checks Facebook by the minute.
Texting: Handy if you have an established relationship with your customer and you (or they) want to communicate something quickly. In our world, a text to a client saying we are on our way to a meeting works well, if the client likes to text, that is.
Online chat: You expect it from your phone company (they take forever to answer the phone anyway…isn’t that ironic?), but this is a newer form of customer communication for many SMBs. It’s a modern way to help you make a great impression and connect in real time with your online customers. We recently implemented a chat feature and it’s very helpful for our clients to get instant support.
It’s not the call you want to get: your client got hacked and their funds were misdirected. Damage done, and you've got to fix it. What do you do?
Well, it turns out a third party document issued by the Vermont Attorney General’s office (Security Breach Notice Act, 9 V.S.A. § 2430 and § 2435) is very helpful should you ever have to use it.
Much of the information they outline talks about what to do if personal consumer information (social security number, bank account information, etc.) is violated. If that should happen to you, the most important thing to do (after taking appropriate measures to secure the data) is to notify the appropriate law enforcement agency in your area, and inform them of your obligation to notify consumers of the breach within 10 business days. From there you (or your client) should follow the steps in how, when and where to notify consumers, including mailings or emails, and posting a notice on your company website.
The Notice is quite a lengthy document, but after sorting through things, here in a nutshell are the steps you can take to get your client in good standing:
1. Immediately isolate the affected system to prevent further intrusion, release of data, damage, etc.
2. Use the telephone to communicate. Attackers may be capable of monitoring E-mail traffic.
3. Immediately notify an appropriate law enforcement agency.
4. Activate all auditing software, if not already activated.
5. Preserve all pertinent system logs, e.g., firewall, router, and intrusion detection system.
6. Make backup copies of damaged or altered files, and keep these backups in a secure location.
7. Identify where the affected system resides within the network topology.
8. Identify all systems and agencies that connect to the affected system.
9. Identify the programs and processes that operate on the affected system(s), the impact of the disruption, and the maximum allowable outage time.
10. In the event the affected system is collected as evidence, make arrangements to provide for the continuity of services, i.e., prepare redundant system and obtain data back-ups. To assist with your operational recovery of the affected system(s), pre-identify the associated IP address, MAC address, Switch Port location, ports and services required, physical location of system(s), the OS, OS version, patch history, safe shut down process, and system administrator or backup.
Also, here is a list from from the FBI National Computer Crime Squad www.emergency.com/fbi-nccs.htm - it includes some very helpful best practices on what to do both before and after you have become a computer crime victim:
• Place a login banner to ensure that unauthorized users are warned that they may be subject to monitoring.
• Turn audit trails on.
• Consider keystroke level monitoring if adequate banner is displayed.
• Request trap and tracing from your local telephone company.
• Consider installing caller identification.
• Make backups of damaged or altered files.
• Maintain old backups to show the status of the original.
• Designate one person to secure potential evidence.
• Evidence can consist of tape backups and printouts. These should be initialed by the person obtaining the evidence and should be retained in a locked cabinet with access limited to one person.
• Keep a record of resources used to reestablish the system and locate the perpetrator.
Despite the fact that it will soon be dark before most of us get out of work, there is an upside to daylight savings. We get an extra hour to snooze.
And the other good news is, technology is more seamless now, so most clocks and lots of other digital gadgets will reset themselves automatically. Windows 7 and Mac OS X are both pretty much configured to change the time on autopilot, for example. I don't think a fright like Y2K will ever be a concern again, thank goodness.
But before we cozy up in our jammies for a lazy Sunday morning this November 6th, the techie in me feels compelled to give you a handy checklist. Sometimes technology does fail us, and even if it doesn’t, Daylight Savings Time (DST) is a great time to do some routine maintenance:
-
Do an official time check. Even though many - or even most – devices will automatically set themselves to the correct time, you will inevitably have to do some things manually (think microwave ovens). Before you run around adjusting, go to www.time.gov and make sure you’ve got the time right.
-
Give your OS security a boost. Of course you should do this more often than once a year, but in case you don’t, use DST to check for software updates on your computers. If you don’t have an awesome company like iMedia handling this for you (shameless plug), now is a good time to make sure your running the latest updates to protect you from any new threats.
-
Listen to what Microsoft says. Even though most PCs are pretty intuitive about the time change now, Microsoft’s website says it’s important that the time zone settings for your computer's system clock and your calendar programs are updated. For your home PCs, the most important action you can take is to ensure you are using Windows Update, which will automatically update your operating system and make way for a seamless transition.
-
Remember, the server is the ruler. If you are in business and in a server environment, it’s important that all your computers are set to the same time. Usually it’s the server that decides this and communicates out to the other PCs. So, double check that the server clock settings are accurate after DST. If not, you could have some networking problems on your hands.
-
Schedule a safety checkup. Daylight Savings happens like clockwork (pun intended), so why not make an annual checkup time? This is a good time to make a yearly habit of changing the batteries in your smoke alarms and carbon monoxide detectors. Also, this may not relate so much to IT, but while you’re at it, why not update (or create) a home emergency kit and a car emergency kit? Hopefully you’ll never need it, but if you do, you’ll be glad you have it.
-
Have a wake-up backup. If you use your smartphone as an alarm clock, you might want to have a regular ol’ alarm clock as a back up if you don’t have the luxury of sleeping in on Sunday morning. You can plug that bad boy in and simply preset it to the time it will be the next day before you go to bed.
By the way, I assume that most of you hail from the USA, and more specifically Southeast MA, but in case you are from Russia, you can ignore most of this. This year the Russian government cancelled DST. But it’s still a good idea to make sure your computers are up to date, any time of year!