All posts by adtack

4 HIPAA Network Security Tips for Medical Offices

Technological advances have made it possible for medical offices to store more information on secure servers. This makes it vital for medical practices to implement procedures that encourage an optimal level of HIPAA network security. Not only will strong cyber security keep your patients’ sensitive information safe, but it will also promote adherence to HIPAA guidelines.

4 Ways to Foster Better HIPAA Network Security at Your Medical Facility

Improve Your HIPAA Network Security with These Tips

1. Place Emphasis on HIPAA Compliance

Whether you run a small, medium or large medical office, it’s important to emphasize HIPAA compliance to your employees. Even small offices can serve as the target for data breaches. Ensure you have the appropriate HIPAA network security procedures in place to prevent hackers from accessing your data. HIPAA violations can be extremely costly for your organization. Your company will have to pay to remedy the violation, and customers may be reluctant to use your medical office if they feel you can’t be trusted with their information.

2. Implement Strict Rules Regarding the Use and Creation of Passwords

Passwords are an essential layer of security for your medical office. You should make sure all your employees (regardless of their position) know to avoid using passwords that are easy to guess. Instead, they should create passwords that implement multiple items, like words, letters, numbers, and characters. Employees should keep passwords private and take care to change them regularly. They should avoid writing them down and use a secure password manager, like LastPass, instead. 

3. Utilize Safe Data Sharing Mediums

When you need to virtually store or share data, check that you always utilize a medium that encourages HIPAA network security. Stay away from programs designed for sharing and storing consumer data. Though these programs are effective for sharing files, they don’t contain the necessary safeguards to adequately protect private information. 

It’s also important to set up secure, encrypted networks that provide employees with a safe means of sending and receiving virtual files and data. Not only should your office use an internal Wi-Fi network separate from your guest network, but you must password-protect the network and use a strong firewall.

4. Make Sure Employees Understand Your Expectations

A set of comprehensive cyber security rules won’t be effective if your employees don’t understand your expectations. All employees should receive thorough training so they know what practices they’re required to adhere to, the steps they must take to document their adherence and how to use programs and safeguards designed to optimize network security. 

To keep your HIPAA network security up to date, Network Security Associates provides 24/7 monitoring of your systems, as well as frequent data backups and software updates. Contact us at 702-547-9800 to schedule your free network security assessment today.

Improve Your Network Security with Strong Firewalls

Hacks and network breaches have become commonplace, with corporations around the world constantly feeling the threat of external entities attempting to steal information. As a result, you need to implement the highest level of network security. One of the oldest, most essential elements of your network security is a firewall.

How Firewalls Strengthen Network Security

Maintain Your Network Security with NSA

Software and Hardware Firewalls
There are two forms of firewalls your business may want to implement:

The first is a software-based firewall. This is part of a computer’s operating system and functions much like anti-virus software. It establishes a barrier around the computer that blocks external applications attempting to gain access to the computer. Essentially, it is a software gatekeeper to a computer. 

A hardware firewall is another type, but this kind of firewall runs between the internet and your network. As a business, you’ll want a business-grade firewall. Because you have such a large quantity of data and numerous work stations and computers, you’ll want a hardware firewall configured and setup. This is designed to prevent malware, viruses and other undesirable files from moving into your network. Once inside the network, these files can wreak havoc on the entire system and move not only between stations but within the data server itself. 

Multiple Defensive Positions
The hardware firewall will be installed to function as one of the primary points of defense. The business-grade firewall will oversee the flow of information into the network and protect individual computers from possible threats. When combined with the software firewall, which works separately on each computer system, the network and individual stations are protected with the multiple layers of protection. This way, if a computer has downloaded data and has it stored offline, this information is not at risk of being stolen. While not the only line of defense, firewalls provide important security measures for your entire business network. 

Schedule a Security Assessment

In addition to firewalls, a network security assessment can aid your existing security measures. Your systems will be analyzed to determine if there are any areas where security needs to be increased. This is an important proactive step to ensure all areas of your network are secure and protected. At Network Security Associates, we’ll not only perform a network security assessment, but we also provide managed IT services to monitor and maintain the safety of your data. Contact us at 702-547-9800 to learn more about our services today.

How to Manage the Hidden Network Security Risk of Local Admin Passwords

To ensure optimal network security for your organization, it’s essential to make sure you address areas easy to overlook. One frequently neglected area is your local admin passwords. It’s important to understand how these passwords work and the steps you should take to prevent them from posing a security risk. 

What to Know About the Local Admin Password

Be Strategic About Local Admin Passwords to Ensure Reliable Network Security

During the set-up process for a PC, it’s necessary to create a local admin password to provide manual access to the computer. Though most organizations don’t regularly manually access their PCs, manual access (and a local admin password) are necessary for device access if your network goes down or your organization faces other technological difficulties.

However, local admin passwords can compromise your network security. This typically happens when you use the same password for all of your devices. A hacker only needs to crack your local password once to have access to all of your company’s computers. Hackers know this is a potential vulnerability that many businesses fail to address. 

With the phasing out of Windows 7, many companies are rolling out Windows 10. Even though Windows 10 disables local admin access by default, many businesses must enable it to ensure that they always have local access to their devices. When you enable the admin access option, you need to make sure that it doesn’t threaten your network security. 

Options for Addressing the Security Risks Posed by a Local Admin Password

You have a couple of options for handling the potential security risks associated with a local admin password. Your first alternative is to disable this setting; however, if your network goes down or you face unexpected issues, you won’t have local access to your PC.

Another option is to check each PC has its own unique admin credentials. Though this solution does require more work, it ensures a single password doesn’t provide access to every one of your business’s PCs. 

Microsoft has a tool that simplifies the process of giving each machine its own password. The tool will generate random local admin passwords for every single PC and store them in an active directory. This makes it much more cumbersome for hackers to crack and utilize your admin passwords. 

If you decide to assign local admin passwords manually to your PCs, always use a different password for each machine. Make sure you change them regularly, and avoid reusing old ones. 

Boost Your Network Security

Network Security Associates offers 24/7 data protection and network monitoring. We serve businesses in a variety of industries, including medical facilities and casinos. Contact us at 702-547-9800 to learn more about our managed IT services and how our team will ensure you receive reliable network security.

Keys to Making Excellent Conference Call Small Talk

Follow These Tips to Mitigate Awkwardness on Conference Calls

The beginning of the conference call is a particularly vulnerable period. It can take a few moments for all the callers to phone in, and it can be awkward to try to make conversation while you wait. Get your conference call off to a strong start with these small talk tips:

1. Make Sure Each Call Has a Designated Leader
An easy way to make sure your calls go smoothly is to assign a leader to direct each one. The leader will be responsible for initiating conversation if silence starts to emerge and will take steps to involve the other collaborators in the conversation if the same two or three callers are the only ones talking. If a team member begins to rant, the call leader can get the meeting back on track.

2. Consider Directing Questions to Specific People
It can be uncomfortable when one or two people knowingly or unknowingly take over the conference call. Prevent this from happening by directing questions to specific people on the call. If you know a team member has just returned from vacation, you might ask them about their trip. Someone may be working on a big project or undertaking; ask this person how it’s going (even if the project isn’t related to work). Not only does this mitigate any awkwardness, it also helps you build rapport with team members.

3. Check That Your Equipment Functions Properly
One of the easiest ways to help conference call small talk flow smoothly is to make sure that your equipment functions correctly. The last thing you want is for your conference call to begin with multiple individuals requesting technical assistance or asking questions about the equipment no one on the call knows the answer to. Encourage employees to test their systems before the call. You may even want to implement regular training sessions regarding the equipment and how to correctly use it. 

4. Broaden Your Conversational Topics
You want to avoid controversial topics (like politics or potentially volatile current issues), but don’t feel as if your small talk must be limited to the weather or company matters. It’s fine to branch out and incorporate more personal conversation. Some topics that are generally acceptable include travel plans, weekend activities, hobbies (especially activities that multiple team members enjoy), upcoming sporting events, and current entertainment (movies, TV shows and music). Use discretion; avoid bringing up an event, hobby or movie with mature or contentious subject matter.

These are just a few tips to help you make the most of conference call small talk. Remember, even on an internal call with colleagues, it’s important not to request or provide sensitive information, such as passwords. This, along with other network security best practices, will help ensure your data remains protected. To determine whether or not your company is in need of greater cyber security, contact us at 702-547-9800 to schedule a free network security assessment today.

3 Signs Your Company Needs Help from a Managed IT Services Company

If you run a small or medium-sized business, you may feel like an internal IT professional can meet all your organization’s needs for managed IT services. While an internal employee can assist with many needed tasks, there are benefits of outsourcing your network security management.

Signs It May Be Time to Hire a Managed IT Services Provider

Get Reliable Managed IT Services from Network Security Associates

1. You’re Putting All of Your IT Eggs in One Basket
When you have a single employee tending to all your business’s IT needs, you’re putting all of your eggs in one basket. Even the most reliable employees miss work occasionally. 

If your internal IT person is out for more than a few days, this can put your organization at risk. You’ll either need to put off IT tasks until they return, or you’ll have to cross train other employees to handle their work. Either option leaves your company in a lurch or potentially spreads your other employees too thin.

Working with an external IT provider ensures you always have someone available to attend to your time-sensitive needs. At Network Security Associates, we offer a guaranteed 24-hour emergency response time. You let us know what you consider an emergency, and we’ll make sure you get the rapid help your company needs.

2. Your Company Has New Projects on Its Horizon
Your organization may have plans to integrate new processes or apps that require the attention of your internal IT employee. Some projects may benefit from management from an internal employee who has an inside perspective regarding your organization. However, your employees only have so much time in their days; this makes it vital to utilize their talents in a manner that offers maximum benefits for your company.

Outsourcing some of your basic or “boring” IT tasks gives your IT employee the availability to develop new processes or assist with projects that are vital to the success of your organization. 

3. Your Current IT Employee Lacks Certifications
If your current IT person has been with your company a while or previously worked in another position, they may not have some or all the certifications typically required to work in an IT position. While these certifications aren’t always indicative of a great IT hire, they do mean the employee has acquired specialized knowledge that helps them better deal with certain situations or provide top notch managed IT services when working with sensitive data. 

Should your current employee balk at working to obtain these certifications, you can outsource some of your IT work to a company that requires its employees to have and keep these certifications up to date, like Network Security Associates. To learn more about the various managed IT services we offer, including cloud services, contact us now at 702-547-9800 to schedule your free consultation.

How Much Would Network Downtime Cost Your Business? 4 Important Factors to Consider

As a business owner, you want to make sure you and your employees stay as productive as possible during working hours. When something goes wrong, it can cost you in a big way. 

Calculating the Cost of Business Downtime

When you calculate the cost of downtime, you need to look at more than just lost revenue. Your total cost also includes your recovery costs, the cost of lost productivity, and other intangible expenses. 

Lost Revenue

To calculate lost revenue, simply determine your weekly revenue and divide it by how many hours you operate each week. Multiply this by the number of hours your business was down and multiply your total by uptime. “Uptime” is simply the percentage of your business revenue that’s dependent on your internet access and other programs working correctly. For example:

$120,000 weekly revenue / 40 hours per week = $3,000/hr.

$3,000 x 8 hours downtime x 80% uptime = $19,200 in lost revenue.

Recovery Costs

Until you fix the problem, you will continue to lose revenue. Recovery costs include repair and replacement services, data recovery and other expenses. This can vary greatly depending on the situation.

Loss of Productivity

While your business is down, you won’t earn revenue, but you’ll still have to pay your employees. To calculate this cost, look at the number of employees you have, each employee’s hourly salary, and the percentage of each employee’s productivity that’s dependent on uptime. 

Assume you have 10 employees who each make $25 per hour and all of their jobs are 50% dependent on uptime. 

10 employees x $25 per hour x 8 hours downtime x 50% uptime percentage = $1,000 in lost productivity.

The Impact of Interruptions

You don’t need a full outage to experience a serious loss of productivity. Even if your systems are running slowly or are working intermittently, every time there’s an interruption, it costs you. This may include employees contacting you to let you know a system is down, taking calls from clients who would normally do their business online or stopping work to call your IT company.

Studies suggest after every interruption, we need approximately 23 minutes to get re-focused on the task at hand. This can add up quickly and end up costing your company greatly.

Intangible Costs

Your intangible costs can include the loss of a potential lead who has no patience for your 404 error, loss of customer trust, and issues with employee morale. If the interruption is serious enough, publicly traded companies may even see their stock prices plummet. 

Reduce Downtime with Proactive Measures

While some causes of downtime, like power outages or natural disasters, can’t be avoided, you can still take steps to reduce damage. One of the most common problems is a lack of updated software programs and computer equipment. Fortunately, this hazard is easy to reduce or eliminate. 

Many small and midsized business owners try to save money by avoiding investments in IT upgrades, but this can end up being a far costlier choice, as your data will not be protected, and your company will be vulnerable to cyber attacks. Contact us at 702-547-9800 to schedule a network security assessment.

What Is Two-Factor Authentication, and Does It Increase Your Network Security?

No business owner wants to deal with a cyber attack, but do you know how much damage it can really do? The average small business that experiences a network security breach spends close to $8,700 to repair the damage. And, if you don’t protect your customers’ data, you’ll lose their trust and likely their business.

There are many things you can do to improve your cybersecurity, and some are more complex than others. One simple solution is to add two-factor authentication to all of the websites accessed by you and your employees.

Two-Factor Authentication: The Basics

Two-factor authentication is also known as two-factor verification or 2FV. It adds a second layer of security to your accounts by requiring you to add another credential in addition to your username and password. 

In most cases, you’ll receive a code by SMS (text message) which is only good for a short period of time. Unless a hacker had access to your mobile phone, they wouldn’t be able to get into the site, even if they figured out your password. Some programs or websites use different methods for authenticating, including sending a code to other “trusted devices” or using an app like Google Authenticator. 

Is Two-Factor Authentication Worth It? 

According to the most recent Verizon Data Breach Investigations Report (DBIR), 80 percent of hacking-related breaches were caused by weak login credentials. 2FV significantly improves your network security by isolating access to individual users. As long as your employees have their phones locked down with security code, fingerprint or biometrics, it will be virtually impossible for someone to impersonate an authorized user and gain access when they shouldn’t.  

You might wonder whether adding 2FV eliminates the need for you to use a password manager. The answer is no. Long, complex passwords that are changed frequently are still your first line of defense. Using a good password management program helps you stay on top of this without having to store our passwords somewhere easily accessible by others. 

2FV Is Easier Than You Think! 

It’s easy to understand how some people would think that 2FV would be overly inconvenient. However, that couldn’t be further than the truth. Setting up 2FV only takes a few minutes and the login process is only extended by a couple of seconds. In many cases, you can also authorize certain devices, so you don’t have to complete the extra authentication as long as you’re logging in from that device. 

Increase your security game today by scheduling a Network Security Assessment. During this evaluation, we’ll evaluate your information security, data protection, compliance, and performance. Contact us at 702-547-9800 to learn more about how to bolster your network security

Security Training Is the Best Way to Prevent Computer & Network Security Breaches

What’s the biggest threat to your company’s computer & network security?

It might surprise you to learn that almost 90 percent of cyber-attacks are caused by human error – an employee mistakenly clicking on a phishing email or leaving their laptop out in the open is far more likely than a criminal cyber-attack. 

Once you understand the nature of the threat you’re dealing with, it’s much easier to address it. Here are some common issues that are easily avoidable:

Increased Threat of Phishing Emails

Phishing is the practice of sending an official-looking email in an attempt to get the recipient to enter sensitive information like login credentials, credit card numbers or even their social security numbers. The senders of these emails then use the information they’ve obtained to commit fraud. 

These emails have come a long way in recent years. They now look very official, and even highly-educated executives sometimes fall victim to them. In fact, several years ago, tech giants Facebook and Google were duped out of $100 million due to phishing scams! 

You can expect to see even more phishing scams coming to light over the next months and years. They’ll continue to get more sophisticated and the cost of dealing with the fallout will grow. As of today, it’s estimated that a phishing scam can cost the average medium-sized business around $1.6 million per occurrence. 

Other Common Cyber Security Errors

While phishing is a major concern, it’s not your only computer & network security issue. Many innocent employee behaviors can leave your company vulnerable and could lead to serious consequences. Some examples include:

  • Leaving work computers unlocked and unattended
  • Leaving notes, passwords and other sensitive documents out on your desk
  • Working remotely on unsecured networks
  • Failing to delete data from devices
  • Failing to encrypt data before sending

Security breaches caused by employees who are purposely engaging in malicious behavior are rare. In most cases, they’re caused by a lack of knowledge or simple negligence. You can address this by making frequent and consistent cybersecurity training part of your internal practices. 

The Value of Security Training

While firewalls, encryption and other security measures are critical for keeping your data safe, proper employee training is your number-one line of defense. The first step is to create a clearly defined written set of cybersecurity policies and rules and distribute it to all of your employees. The second is to institute a mandatory training program that occurs during onboarding and at least once per year thereafter. 

Some of the topics that should be addressed during a training session include:

  • Overview of threats (phishing, malware, etc.)
  • Password best practices
  • Safe internet habits
  • Social media safety and security
  • Device maintenance and security
  • Preventative measures

Between training sessions, regularly test your employees and require a remedial class for anyone who fails. This will help keep the information in the forefront of their mind all year long. 

Improve Your Company’s Computer & Network Security

The consequences of a security breach are serious and can devastate a small- to medium-sized business. Fortunately, most of the vulnerabilities are preventable. Network Security Associates can help implement systems and processes to bolster your computer and network security. Contact us at 702-547-9800 to schedule a network security assessment

3 Process Documentation Best Practices

Though comprehensive process documentation is beneficial for many tasks, it’s essential when implementing technology to enhance your network security. Your process documentation must report the required steps to successfully complete a task or project, and it should also state who is completing the necessary tasks to fulfill a process. Proper process documentation ensures there is a sense of standardization every time a task is completed.

3 Process Documentation Best Practices

If your organization is in the gaming or healthcare industry, efficient process documentation provides evidence that your organization strives to adhere to the guidelines set forth by gaming or HIPAA standards. Follow these best practices to thoroughly document your processes.

1. Implement a Variety of Tools for Documenting the Process

It’s important to integrate multiple types of media when documenting your processes for maximizing your network security and enhancing your technology. Don’t feel as if you must stick to written content when documenting or explaining a process. Videos, interviews, group collaboration, and photographs are just a few items that can assist with documenting how to complete a process and determine whether the proper protocol is being followed. If you feel like your process documentation is lacking, Network Security Associates can offer tips for enhancing your documentation procedures.

2. Check the Quality of Your Documentation

For process documentation to assist your company with bolstering its technology and network security procedures, it’s essential to use high quality documentation. Your documentation should be well-written, explain the purpose or goal of the task, and reiterate why the task is essential for a secure organization. You should also remove information that feels redundant or no longer applies to the process. 

Any documents and media should be well-organized; ideally, you should include a table of contents and written headers to make it easier for employees to efficiently use the document.

3. Re-evaluate the Process as Needed

Process documentation can also assist your company with revising or updating its procedures to boast a higher sense of network security. This makes it vital for your organization to periodically re-evaluate the process, using the documented procedures. It’s also wise to make sure your documentations contain only up-to-date information and don’t cover outdated or old procedures. 

You can eliminate or revise steps that aren’t efficient, or you might utilize steps that have proven themselves helpful in other processes. Thorough process documentation makes it easier to identify what is and isn’t working for your company.

Network Security Associates can help you develop or improve your company’s process documentation. Contact us today at 702-547-9800 to get started.

How to Prioritize Upcoming Technology Updates

Technology updates are never fun for any business, but they’re increasingly important to ensure your business’s systems are safe and secure. Unfortunately, upgrading everything all at once just to get it over with isn’t a safe approach.

The investment of time and resources necessary for any major upgrade, combined with the need to identify and resolve problems in training, implementation, and compatibility make it important you establish a strategy for prioritizing updates. 

Motivation for Updating Key Components

How to Prioritize Upcoming Technology Updates

While there are countless approaches to updating necessary business equipment, consider the key motivation behind the priority: modernization, maximizing user benefits, and matching company culture. Let’s take a closer look at each.

Updates Focused on Modernizing Architecture

Updates centered around modernizing the design of your IT solutions aim to eliminate the least flexible, most needlessly specific or complex pieces of technology you rely upon. This is often seen alternatively as updating in favor of simplification; modern IT solutions share standardized languages, components, and APIs, so even as the technology beneath the surface grows more complicated, and the experience as a company using the product grows simpler. 

Not only does modernized design make it easier for your company to leverage other cutting-edge technologies, such as machine learning suites, it also makes it easier for employees and customers to interface with your business with minimal learning curve. Network Security Associates can help your company identify critical areas for modernization and put together a roadmap for quick, efficient upgrades. 

User Benefits or Customer Satisfaction-focused Updates

Another approach places the emphasis on customer satisfaction or direct benefits to users and clients. By looking at the places where your technology fails to adequately serve clients, you can quickly put together a path for updating equipment that achieves optimal customer satisfaction over time. 

Of course, optimizing for user value doesn’t mean forsaking employees and convenience for your business; in most cases, the two concepts overlap significantly without conflict. Automation and cutting-edge IT solutions applied in the right places eases the load on team members and improve the customer experience. 

Unlike an upgrade priority based on modernization, which emphasizes architecture upgrades, upgrading for user benefit begins with day-to-day software, which interacts with your customers. The team at NSA can determine the minimum adjustments to architecture necessary before moving on to end-user improvements or recommend improvements which require no adjustment to your existing core architecture. 

Company Culture or Employee-focused Updates

The third way to think about and prioritize updates looks at the way you do business – your company culture, or the unique problems your employees face in using IT solutions. This might mean adjusting your update plans and schedule with a heavy emphasis on reducing the learning curve for new technology, scheduling with a strong emphasis on alleviating pain points for employees, or simply updating by matching the priorities of your core business values. 

This approach may not show immediate results with employees or your bottom line, but it can be excellent for morale, company cohesion, or even, in some cases, branding and image.  

NSA Can Help You Prioritize Your Updates

Technology updates are vital to the overall safety and efficiency of your business. NSA’s managed IT solutions can help you make the necessary improvements as quickly, painlessly, and efficiently as possible, minimizing downtime and ensuring they’re done correctly. Contact us today at 702-547-9800 to get started on a plan.