Category: Uncategorized

Happy Thanksgiving From Our Team To Yours!

Why Not Show Your Thanks By Helping Another Business Use Technology To Succeed?

As the days get shorter, and the nights get cozier, Canadians across the nation turn our minds to gratitude. It’s a season where we take a little time to appreciate the best things in our life.

We’re thankful for family, for friends, for a job we love, and for you, our clients who make it all worthwhile. Thank you for putting your trust in us as your IT service company.

We know that you have options for your IT service. And to show our thanks as your technology service provider, we’d like to offer a complimentary assessment to a local business that you refer.

Why Are IT Assessments Important?

An IT Assessment is a comprehensive view of your business and technology needs. It reveals the health of your IT assets and infrastructure. Routine assessments mitigate the risk of downtime and security breaches. They also ensure your technology is running at peak performance, so your workers can too.

What Do IT Assessments Reveal?

An IT assessment will optimize your system to improve security, mitigate the risk of computer crashes, interruptions and inefficiencies. It also ensures you’re getting the ROI from your technology investments that you expect.

It tells you:

• If technology is truly supporting your business goals and objectives.
• If best practices are being employed in when using technology solutions.
• The strength of your IT security posture and if there are any gaps in your defense.
• If your business could stay up and running after a disaster like a fire, flooding, accidental data deletion, or malware infections.
• If you are getting the most value and use from your IT investments.
• If your IT solutions are integrated properly.
• What steps to take to improve your IT environment.

Why Are Regular IT Assessments Valuable?

An IT Assessment will tell you what is working and what isn’t. The ever-evolving nature of technology and rapid changes and advancements make IT Assessments more important than ever. You won’t always need the latest applications or solutions, but it’s essential to detect any deficiencies that may be impacting your efficient and secure operations.

The most technically knowledgeable companies continually evaluate the status of their IT operations and whether they match their organizational goals. Assessments provide insight into what you will need for the future as your company grows and changes. It’s like an IT business plan that helps you stay on course and use the tools that will help you succeed.

Are You Wasting Money On Technology Solutions?

Are you getting the most value from your current technology? An IT Assessment will reveal if you’re paying for software and hardware you don’t need. It determines what technology is required to fill gaps without you buying more (or less) than you require. Plus, it helps you better control your IT spending.

Newer technologies like cloud computing can significantly lower your technology costs. Software-as-a-Service and Hardware-as-a-Service and other pay-per-user solutions can provide the technology you need without the upfront costs. They also provide flexibility and scalability as they can be increased as your company grows or decreased in slow times.

Is Your Technology Properly Integrated?

It’s not enough to know what applications you have and how they work, you must understand how well they integrate. With so many types of software and hardware being used today, integrating them correctly can be a challenge. And, if they’re not properly integrated, this can negatively impact your operating efficiencies.

For example, say you purchase a new software application. If it’s not supported by your operating system and web browsers, it won’t work as it should. Or perhaps you’re using a VoIP business phone system. Does it integrate with your data network as it should? It’s essential that all elements of your technology infrastructure work together seamlessly.

What Can You Expect After An IT Assessment?

We’ll provide a written report detailing your current IT standing and any suggestions we have for improvement. If during the course of the Assessment we detect backup failures, security gaps or misconfigurations, we’ll report on these right away and how they can be cost-effectively remediated.

Your leadership team will be apprised of our findings, so they can make decisions and work with us to develop an IT Plan that prioritizes recommendations based on their importance and impact on your business.

An IT Assessment Is The “Gift That Keeps On Giving”

Referring a business associate or other organization for an IT Assessment will not only help them succeed through the best use of technology but it will build goodwill between your companies. And once they realize the value an IT Assessment provides, they’ll refer another business, and so on, and so on.

So, give thanks by sharing your knowledge about technology and how it can help others succeed. Contact us, and we’ll get the process going. And thank you again for your business.

Happy Thanksgiving.

Everyone has Wi-Fi. We all expect to see it wherever we go, and most of us have more than one Wi-Fi-enabled device. Grocery stores, fast food restaurants – even your mechanic has Wi-Fi. But does that mean you REALLY need it in your school? Isn’t it less secure than wired?

To answer the first question: “Don’t be coy.” You know how backward wired-only connections look. You’re either a Luddite or unbelievably cheap trying to avoid the expense and work of building a new network. You are now out of time. The government itself says you need Wi-Fi, and in this 2017 report plainly states that a reliable, fast wireless connection is a necessity on par with other utilities such as gas, electricity, or water.

As to the second question: Well, no. Not so much anymore. With advances in encryption, Wi-Fi networks that are properly safeguarded offer security comparable to that of wired set-ups. If you still prefer to use wired internet for select devices, such as a handful of desktops and a designated copier/printer/fax machine, you can enjoy the advantages of a wireless network. Wired is a bit faster and more reliable than Wi-Fi, but this is more because of how easy it is to ensure that only a handful of users are on that hard-wired data line. Employees must literally be plugged into a wired network, so there is no issue of people overloading it by all signing on and demanding bandwidth at once.

So the advantages of wired over wireless can really be solved by properly planning out the wireless network. From there, advantage is all wireless: portability, ease-of-use, and, if you plan for it, scalability.

Why use a scalable wireless network?

Setting up a scalable wireless network means looking at the present with an eye to the future. You know that you’ll potentially have more students or employees, or even more devices per person, or more demanding apps. If you’ve built scalability into the network in the first place, you’ll easily adapt to the increased demand on your connectivity. Re-wiring not only costs money, it’s disruptive. Contractors can come out when school is not in session, but off-hour calls often cost more. To do everything more or less at once, having access points ready for later expansion allows for a nearly seamless expansion when it becomes necessary.

Adding people in will not be a matter of climbing around above the ceiling tiles, drilling holes in walls, but just a matter of entering a new user and password and updating the server. Oftentimes, it won’t even cost anything to do it.

Scalable Wi-Fi Saves Budgets In Situations Where:

• Schools are growing
• Private or charter schools with variable populations
• Schools under construction, adding more devices as they go
• Anyone in the current technological climate where new innovations increase user numbers every year
• Variable income
• BYOD programs

Factoring in the potential for future expansion will pay off in the long run when the entire network doesn’t require a re-design within a couple of years. By planning for scalability, using multi-purpose devices that can handle increased connectivity and streaming demands, you are ensuring that the initial investment pays off. The more manageable maintenance budget will be easier to get approved, and you can plan for a complete overhaul when it becomes truly necessary, rather than prematurely, due to an initial refusal to plan for growth.

Devices Are Everywhere

Smartphones have risen in popularity at a pace that’s nearly alarming for its potential ramifications. In fact, the amount of active mobile phone subscriptions in the US is 349.9 million – more than the total US population of 325.3 million. These consumers are using their phones for far more than phones. They’re on apps that often require data usage, which allows for less memory and storage use on their phones. Even apps that do not apparently require internet connection often do for this reason. People have grown to rely on their phones as a connection to their families, coworkers, and also as a means of keeping themselves organized, of keeping their emotional well-being up through habit-changing apps, diaries, and more.

As the mobile devices, we use speed towards true ubiquity, it will not do to simply watch as the tide rises. Plan for the eventuality of increasing connectivity needs by designing a scalable wireless network. This direction offers better services for the future, along with lower overall budgetary requirements. It removes some of the stress of growing. All school administrators understand the need to reduce stress and lower the budget.

Health information technology is more talked about than really understood. Part of the reason for this is that providers and their staffs usually interact with a restricted subset of health IT – the Electronic Health Record (EHR), the radiology imaging system, the billing system, and so forth. Only the organization’s IT staff and Chief Technology Officer (CTO) are in a position to see the big picture. Even they may not see all of it. This blog post tries to cover at least the larger components of Health IT.

What’s The Most Important Piece?

The EHR is arguably the central component. In an ideal system, all the information a provider or patient wants, from demographic information to lab results to radiological images to records of office visits should be there. Making the EHR the centerpiece is one way to avoid “siloing” of information that makes research and analysis difficult or impossible. If the EHR is complete, every other component—statistical reporting, radiology, billing, appointment scheduling, and lab results are present, and can be used to drive other systems.

This, of course, is an ideal situation. One barrier to accomplishing this is money. Putting in a new EHR system can cost a lot. Recent figures for installation are around $33,000 per full-time physician. Maintenance runs $1,500 per month per full-time physician. A hospital system with 500 physicians is looking at a minimum of around $17 million for initial installation and around $9 million for annual maintenance.

If the system is hosted in the cloud, storage, input, and “egress” fees (sending data to the providers for use from data stored in the cloud) have to be considered. Cloud hosting can run around $165 per “seat” per month, where “seat” is a computer linked to the cloud. Assuming an employment of 3,000, this will run around six million dollars per year. But cloud hosting may well be cheaper than buying and maintaining hardware and paying a large IT staff. Cloud hosting offers better security and offloading a lot of IT headaches as well.

What Are Some Other Components?

There will be radiology and lab subsystems, at least, plus billing and accounting. How tightly these are integrated into the EHR system and the cloud will vary. Analytical systems may include big data handling and artificial intelligence. Of course, if a physician is a hospital employee or a member of an affiliated group, it makes sense for their in-office IT systems to be integrated with, or be part of, the hospital IT operation.

What’s So Great About AI?

Artificial intelligence (AI) is still in its infancy. Studies have shown that AI systems are better at reading radiology imagery than human radiologists, and of course better at catching prescription errors and medication conflicts. But many legal questions, particularly about liability, remain unanswered. In addition, AI is intelligent only within a limited sphere. It will be far into the future before AI is able to display the kind of general intelligence that a human physician can bring to a patient.

What AI is good for now is dealing with well-defined tasks and helping to narrow down the “unknown unknowns” – interactions, sources of error, and opportunities for improvement that humans would never have suspected. Their principal role in the near term most likely will be relieving the “cognitive overload” that all physicians, no matter how narrow their specialty, have to deal with.

What Are Patient Portals?

Patient portals – interfaces, usually web-based, are systems that allow patients to see their lab results, talk to their providers, make appointments online, find providers, and do other things that patients would normally do over the phone. If properly designed and implemented, they can have a major impact on operational efficiency and patient satisfaction. On the other hand, a patient portal that is too complex and too clunky to be easily used can drive patients away.

What Are The Incentives For Using All This Stuff?

The Affordable Care Act (ACA) and the Health Information for Economic and Clinical Health Act (HITECH) provide billions of dollars for providers who implement EHR and other health IT systems and “meaningfully” use them. They are a de facto requirement for any provider which receives Federal funds, which is virtually all of them.

What Are The Downsides?

The biggest one, of course, is the expense. Even though it is large, it may well be cheaper than maintaining one’s own equipment and IT staff. It also permits renting out a lot of headaches. The downside is that, for HIPAA purposes, one has to devote as much attention to the vendor’s security practices as to one’s own. Also, system modifications and customizations necessarily involve the vendor’s staff and consulting services, which may be very extensive.

And, of course, there is training. This is not so much expensive as extensive. The example of one Pennsylvania health system that changed EHR systems three times in one year probably represents an extreme outlier, and training the entire staff three times in one year was no doubt a task worthy of being avoided if at all possible.

Finally, if the organization is moving from primarily paper-based systems to health IT, the organization’s culture needs to be adjusted, and the transition may be wrenching. Still, the advantages of health IT outweigh the disadvantages, and all providers should be making the switch as soon as possible.

Are you aware of a potentially serious data breach involving Facebook? 

According to many top news outlets, 50 million users accounts may have been impacted and Facebook now faces potential huge fines in the EU.

Read more at https://www.theguardian.com/technology/2018/oct/03/facebook-data-breach-latest-fine-investigation.

Need steps to protect your Facebook account? Here’s an interesting article containing steps to protect your personal information and security. https://www.experian.com/blogs/ask-experian/facebook-data-breach-how-to-protect-yourself/

We are continuing to follow this news and will update more on our blog as we learn more.

When you think of cybersecurity, protecting credit card numbers or government files might come to mind, but your students’ PII (Personally Identifying Information) is a target for hackers, too.

Young people make great targets because they’re a clean slate. They’re not using their identities to get a mortgage or credit card or anything, so no one is checking up on them. They also have a tremendous amount of personal information being shared – including medical, mental health, contact information, and performance evaluations in academia and sports or the arts – and it’s being saved in various, often poorly secured, locations. And finally, but perhaps of the highest utility to hackers, children are great targets because people will do ANYTHING to protect them.

It CAN Happen Here

If you’re thinking to yourself that you live in a quiet small town with no crime, no draw for a terrorist plot, think again. Yours might be the ideal spot to stage a crime like this. Look to a small Montana school district Columbia Falls in Flathead County. Home to nearly 16,000 students, the district’s parents and administrators received text messages and a seven-page letter containing threats, repeated references to Sandy Hook, creepy quotes, and claiming that the FBI could not help anyone.

Hackers generally don’t target specific cities, but instead are constantly searching for vulnerabilities wherever they may occur, security experts said. “The trick about ransomware right now is that it’s typically not a targeted, focused attack,” said Christopher Krebs, a senior official at the Department of Homeland Security, at a recent mayors’ conference in Boston. “You’re not special.” Source: WSJ

This came seemingly from nowhere, but as the extortionists explained, the choice was deliberate: the district had vulnerabilities that made it easy to gain access to confidential files. With all of the other concerns that educators have, it can be easy to overlook securing digital information properly. You may not even understand the threats that exist, and it’s hard to find qualified Information Technology professionals willing to stick it out for the comparatively low salaries school districts offer.

2017 Cyber Terrorism Attacks

A recent FBI briefing regarding attacks across the country at multiple school districts describes a terrifying ordeal: people all over the district awoke to find text messages informing them that their students’ information was up for ransom. Hackers had taken advantage of vulnerabilities in web-facing district servers to extract student PII (Personally Identifying Information). Victims received physical threats, were told that this information would be used for bad ends unless the district paid a ransom.

The extracted Information included:

• Parent, guardian, and student phone numbers
• Education plans
• Homework assignments
• Medical records
• Counselor reports
• Grades or other testing records

The hackers also demanded their ransoms in cryptocurrency, making it hard for local authorities to follow the trail (for now).

How Is PII Being Used?

PII can be used to forge false online identities, to launder money or get bad actors into the country. And once the information is out there, how do you safely get the genie back into the bottle? A child’s entire future (financial, academic) or even their physical safety is under threat if their identifying information ends up sold to bad actors. When you hold transcripts, grades, and achievements for ransom, you’re waving the flag at a future that’s quickly disappearing into the distance. Prevention is best. So where are your areas of vulnerability, and how can you shore them up?

Common Vulnerabilities

Phishing Scams

These are communications from supposedly friendly senders meant to entice you to open an email, text message, or oother messages or to click on a link. A “social engineering” hack, phishing attacks are meant to gather confidential or personal information. Make sure graphics look normal, hover over links to read their description, and check for any suspicious formatting or wording.

Phishing attacks can also come by phone. Do not give confidential information over the phone to someone who has called you first. Instead, agree to call the company back from the number that you have in your records. Don’t just click “ok” on an unexpected pop-up.

Non-school devices – your network should be configured to recognize new devices.

• Educational apps that store student identifying information
• Carefully read through privacy and security information from new software or EdTech websites.
• Improperly shared or stored PII
• Make sure everything is encrypted and password-protected.
• Ignorant or non-compliant personnel – not updating software, not checking edtech vendors out, not understanding what looks or is suspicious, not reporting suspicious activities.

Below is a list of cybersecurity measures you can take:

• Research privacy acts like FERPA, COPPA, and the PPRA as well as any state laws regarding privacy and educate staff and faculty so that everyone understands what is expected of educators and vendors of EdTech services.
• Do a survey of teachers, librarians and IT staff to see what software is being used in the school, and what information is being collected. It might be helpful to see all in one reports on how much information is being collected, and how many different services are collecting it.
  • Bonus: if anything happens, you know where leaks may have come from.
    • If parents want more specific information about these services, you’ll be able to tell them what services or websites their child’s teachers use.
• Review the privacy policies of EdTech companies that are being used in your district.
• Check for vulnerabilities in your data storage procedures.
  • Are you updating software when you’re supposed to?
    • Does everyone have their own passwords to get into high-value/confidential data storage locations?
    • Do you have a plan for how to react to a breach?
• Research school-related cyber breaches.
• Back up important data.

If you have evidence your child’s data may have been compromised, or if you have experienced any of the Internet crimes described in this PSA, please file a complaint with the Internet Crime Complaint Center at www.ic3.gov.

Federal regulations are usually complex and can have unintended consequences. If you are a lawyer, they are a goldmine both for prosecutors and consultants for clients. When it comes to the Health Insurance Portability and Accountability Act (HIPAA), there are, however, just a few (relatively) simple steps you can take to avoid violations, fines, and bad publicity for your healthcare organization. HIPAA is not a paper tiger. Healthcare organizations have been fined millions of dollars for breaches and violations so far.

Download a very informative infographic here.

What Is A Violation? What Is A Breach?

For once, there’s a nice, simple distinction which does not require a legal mind to understand. The definition of a violation is:

“A failure to do what HIPAA requires to keep protected health information (PHI) secure.”

Basically, PHI is data that HIPAA requires be protected by following the steps suggested below. There are a few simple steps one can take to avoid violations. These are things that you should be doing already to protect data in general. All HIPAA does is specify them. They are:

• Records must be secured. This means limiting access to the data that employees and providers need to do their jobs. Records can be secured by passwords, biometric identifiers, swipe cards, fingerprint readers, etc. PHI must be encrypted. Enough said. While you’re at it, what rationale do you have for not encrypting all data?
• PHI must be encrypted against hacking and breaches. This means that if there is a breach and encrypted records are stolen, you are still liable. Encryption can be broken, and every method of securing data, except for quantum encryption, which is not generally available, has vulnerabilities.
• Devices must be secured. This generally means that portable devices, such as smartphones and laptops that could be lost or stolen must be secured via encryption and passwords or have other limitations on access. The theft of a device should not enable the one who stole it (or finds it) to access PHI. If the chief of surgery leaves his or her smartphone in a cab, there must be a way to remotely erase all data on it.
• Finally, employees must be trained, not only on the importance of security, but also on the organization’s specific methods of maintaining PHI.

A breach is disclosure of PHI to parties that are not authorized by HIPAA to access it. A breach has occurred if PHI is accessed by an unauthorized party, even if that data is actually stolen.

How Do I Prevent A Breach?

• Train employees on why security is important and how to minimize risks.
• Maintain possession and control security on mobile devices.
• Enable firewalls and encryption.
• Ensure that files are encrypted and stored correctly.
• Move towards a paperless operation and properly dispose of paper files.

How Do I Plan Ahead?

HIPAA regulations require that a healthcare organization regularly audit its security and have a risk mitigation action plan. If you take the following steps, you will have gone a long way towards ensuring that your organization can pass audits and show that you have already taken steps toward risk mitigation:

• Encrypt PHI both in storage and transmission.
• Use secure access controls including strong passwords, access limited to job functions, auto timeouts, and screen locking.
• Use firewalls and antivirus software on all desktops and mobile devices.
• Keep track of incoming, as well as outgoing, data. Know where data comes from.
• Keep your risk mitigation plan updated to deal with new threats. The “threat surface” is constantly changing.
• Keep software and firmware updated. Many new attacks are aimed at hardware as well as software vulnerabilities.
• Keep employee training up-to-date.

How Can My Organization Respond to Breaches?

Your organization should have a written post-breach action plan that is regularly updated. It is foolish to assume that a breach will never occur. The plan should be updated and reviewed at least annually. What is most important is transparency. HHS needs to be notified. Those whose data has been exposed have to be notified. Your legal staff should be notified. And anything resembling a cover-up should be avoided.

Concealment of a breach is a violation of the law and regulations, and can be guaranteed not to work. Breaches will eventually be exposed, and the delay in reporting them or attempts at concealment will only make the organization look worse than would otherwise be the case.

Any breach – or even detection of an attack – should be used as a lesson for future security efforts. The first task is to figure out what went wrong. Where did your security measures fail? Once that is known, you need to determine the root cause. The root cause is usually a bit of a surprise.

In one case, the organization’s own security efforts were perfect. But it used a cloud vendor whose security practices were much laxer. Data was encrypted and communications between the organization and the cloud vendor were secure and encrypted. But the cloud vendor stored decrypted data on one of its own servers that were not even protected by a password and exposed to the public internet. The lesson here is that security audits should cover both your own organization and all of your vendors.

From its inception, Microsoft has been defining and redefining business. According to History, Microsoft was founded by Bill Gates and Paul Allen in April of 1975. The company introduced the Windows operating system in 1985. In 1995, it released its web-browser, Internet Explorer. Prior to the Microsoft Ignite 2018 conference for IT developers and professionals, the company announced the expansion of its Dynamics 365 portfolio.

According to Microsoft, the original Dynamics 365 is a “collection of intelligent business applications.” It included a line of customer relationship management (CRM) applications, which were later referred to as a customer engagement plan. It also has an enterprise resource planning (ERP) capability, which is basically a finance and business line.

Dynamics 365 is available in two editions. One is designed for small to medium-sized offices and businesses. The other is more appropriate for medium to large-sized law practices.

What Are the New Additions to Dynamics 365?

Dynamics 365 already offered assistance with accounting and financial management, customer service, field service, operations, and sales, etc. These applications work together seamlessly. Now, however, they can be combined with the following artificial intelligence and mixed reality additions.

• Dynamics 365 AI for Customer Service
• Dynamics 365 AI for Market Insights
• Dynamics 365 AI for Sales
• Dynamics 365 Layout
• Dynamics 365 Remote Assist

The Dynamics 365 Layout and Dynamics 365 Remote Assist are both mixed reality applications. They are not only new, but they are also the first of their kind. The company refers to them as “a whole new kind of business application.”

What Is Artificial Intelligence?

Artificial intelligence (AI) is essentially machines that have to use intelligence, such as when computing or analyzing, to perform tasks a human would normally carry out. They also collect data in order to adapt and learn how to do things better. Based on algorithms, statistics, and trends, AI is used to solve problems faster and more accurately than the average person would.

Common, contemporary examples of AI include the following abilities:

• Alexa by Amazon
• Facial recognition on smartphones
• John Paul—the luxury concierge company
• Netflix’s predictive user-preferences feature
• Pandora’s ability to pick user preferences based on 400 musical characteristics
• Siri by Apple
• Tesla’s self-driving feature

This is merely a handful of the many ways that people use AI on a daily basis. Oftentimes, they are completely unaware.

How Are the New Additions to Dynamics 365 Using AI?

Dynamics 365 AI for Customer Service provides firms with Virtual Agents to do some of the typical day-to-day interactions with clients. It also helps collect automated insights from clients to improve future services.

Dynamics 365 AI for Market Insights uses the actionable web and social insights to improve relationships with clients. It detects trends in marketing and social media to assist legal SEO teams to engage in meaningful actions and respond to current dynamics.

Dynamics 365 AI for Sales is used to improve an office’s bottom line by helping associates focus on high-priority endeavors. It provides detailed analysis and answers to frequently asked questions regarding outreach and income.

What Is Meant by Mixed Reality?

Considered the evolution in computer, environment, and human interaction, mixed reality blends the digital world with the physical one. With advances in computer vision, display technology, graphical processing power, and input systems, both holographic and immersive devices are possible.

Holographic devices are those with the ability to virtually place digital content into the real world like it were actually there. Immersive devices, however, are characterized by the ability to create a sense of “reality.” They replace the physical world with a completely digital experience.

How Are the New Additions to Dynamics 365 Using MR?

The two additions to Dynamics 365 that use mixed reality are the Layout and Remote Assist applications. Both are made possible with the use of Microsoft’s HoloLens. This wearable device allows people to interact with content by using gestures, vocal commands, and even their gaze. It provides the immersive experience required for Layout and Remote Assist.

The Dynamics 365 Layout allows users to visualize or even walk through physical space layouts in real-world scale. Potentially, this would be beneficial during a courtroom situation to provide jurors with an accurate depiction of a crime scene for example. It could also be used to assist clients with investment opportunities, etc.

Dynamics 365 Remote Assist is an immersive tool that helps first-line workers trouble-shoot problems in a “hands-free” environment. First-line employees are the ones to engage with clients, such as receptionists and legal support staff, etc. The Remote Assist application allows them to address situations and improve efficiency.

In Conclusion

In a virtual news briefing, Microsoft corporate Vice President Alysa Taylor stated, “We continue to expand our category with AI and mixed reality. We’re taking another step forward on our journey to help empower every organization on the planet to achieve more through the acceleration of business applications.” That they have.

Limited wireless networks are just what they sound like: small networks with limited range that cannot handle the demands of, say, the entire population of a large high school full of students, faculty, and staff all carrying one to three personal devices. Small networks cannot handle the bandwidth demand from multiple classrooms of students streaming videos at approximately the same time while all classrooms report their attendance at the top of the hour and district emails regarding cybersecurity threats go out.

Potential Small Wireless Network Areas:

1. Administrative Offices
2. Small Administrative Office, Small Multimedia Lab/Library, Mobile Computer Lab
3. Any staff that needs to be (literally) mobile/wears multiple hats
4. Very small elementary school. Teachers who are using iPads or something to take attendance. Small schools might make it with a few high-powered wired PCs and Printers, plus a wireless network for the other stuff.
5. Annexed community (e.g. a construction module office or library)

Small networks range from a small administration office with a skeleton staff to several offices, connected printers and copiers, and a couple of dozen devices spread across a tiny school (and that’s stretching it to its limits). Anything more than that and a larger network is necessary.

What is a wireless network?

Wireless networks, or Wi-Fi networks, are networked radio signals that relay information (data) from the internet to devices (laptops, desktops, mobile phones, tablets, etc.). Over the years they have improved to the point that they are as secure, reliable, and fast as most wired networks.

Advantages Of A Small Network

Small schools or contained school communities can benefit by having a faster connection on the limited space. It costs less to install and maintain a small network as well, and its general exclusivity makes it a more secure method to share and receive data.

Certain types of information or use are better on a wired connection. So one of the advantages of using a limited, small wireless network is that in an office with equipment better left on a wired connection, such as a dedicated printer or copier, wireless can be for everyone else, or for other appropriate devices as you see fit.

Where To Start

Like with any project, you must determine the scope, budget, and overall goals. What is this network supposed to be able to do? How many devices should it be able to support, and at what bandwidth? You need to know what your goals are, what the scope of the project is, and the budgeting limitations.

You’ll want your main office, the library, and maybe a small computer lab or mobile lab (cart with laptops) to have Wi-Fi. Any other computers would need to be wired or else you’d have to get a much larger system.

This small Wi-Fi network can be a separate network from the rest of the school, to separate

one network from the other for security or speed purposes, or it can be used in a smaller school, or only by a select group of people.

What Should The Small Network Be Able To Handle?

Think about the demands that each individual might put onto the network. Employees, teachers, students , and guests may be on the network if that’s what your school decides, and they will each have their own needs. In an elementary school, very few students will have their own personal devices on them at all times, and even fewer will be using internet access on those devices. This is why the small network might be all right for a small elementary school but not appropriate for a secondary school, where students often have two-three devices.

Account for at least two devices per employee on the network. They will likely have personal devices such as laptops, smartphones, or tablets that they may want to use in addition to work-provided devices.

Once you have the scope down, you can move on to the next phase: choosing your equipment.

You’ll need:

• Router(s)
• Antenna
• Extender
• Ethernet Cables
• Access Points

In Conclusion

If you have a small school or limited wireless needs to think about, go for the smaller wireless network. It offers convenient connectivity and could also be a way to test the waters on a wireless set-up. Further, elementary schools with fewer unknown devices being brought in could benefit from not wasting money on a monster system too large for the needs of the school. No matter what you decide, make sure that you properly measure the resources that you will need.

Four hospitals – Boston Medical Center, Brigham and Women’s Hospital, Massachusetts General (both teaching hospitals affiliated with the Harvard Medical School), and New York Presbyterian – have been fined by HHS’ Office of Civil Rights (OCR) for breaches of patient privacy. The takeaway here is that under HIPAA, protected health information extends to photos and films of patients, and permission has to be sought to obtain and make use of either of them.

What, Exactly, Was The Violation?

The violation in each case was allowing film crews from TV shows to film patients and their treatment without first obtaining permission. The total of fines for the four hospitals was $3, 199,000, an average of $799,750 per incident. That’s a chunk of change for even a major teaching hospital.

The first three hospitals listed above said that allowing the filming was not a violation of protected health information (PHI) and that patient consent had been obtained and that they were not liable for any fine. The OCR disagreed and decided that films and photos of patient treatment were, in fact, PHI and that the same HIPAA laws and regulations that cover data breaches applied here. This establishes a precedent that OCR can follow in the future.

Of course, healthcare organizations are proud of the services they provide, and the knee-jerk response of the public relations department will, of course, be to invite the media in when there is something to celebrate. Photos of treatment, films of procedures, and interviews with patients naturally follow. The lesson from the OCR decisions in the cases of these four hospitals is that it’s perfectly okay to do this, provided appropriate patient consent is obtained first.

OCR does not provide a standard form for permission to film or photograph. That will have to be developed by the hospital’s legal department, which should craft the consent, not only with HIPAA in mind but also any applicable state laws covering health care or privacy.

What About Digital Media?

The situation gets more complex if the films or photos are taken or stored using digital media, and that will very often be the case. Once this is done, all of the regulations and laws covering PHI in digital form apply. This gives OCR an opening to expand the fines to cover a double violation, even if the violation(s) stems from the same single incident.

It is worth noting that three of the four hospitals involved made the defense that they had, in fact, obtained patient consent. OCR apparently found that whatever form was used did not meet the HIPAA standards for consent. It should also be noted that under HIPAA, there is a difference between “authorization” and “consent.”

What Is Consent? What’s Authorization?

Authorization is more formal and must involve a signed document. The advice from the legal department is likely to be that there are ambiguities surrounding consent that are not present in the definition of authorization, and that obtaining authorization is always the safer course.

Just as providers have the motto that “if it’s not in the chart, it didn’t happen,” the posture of health care organizations should be “if we don’t have a signed form, consent was not given.” In particular, mere verbal consent is never a sufficient defense—it’s not worth the paper it isn’t printed on. The Privacy Rights Clearinghouse provides a good summary of consent versus authorization at How Can Covered Entities Use and Disclose PHI. Remember, in three of the cases discussed above, whatever the hospitals thought was consent was a violation in the eyes of the OCR.

“Health care operations” are generally, but not exclusively, exempt from HIPAA. “Health care operations” is somewhat ambiguous. Generally, the term refers to the activities that healthcare providers regularly engage in to keep the organization in operation – credentialing, billing, accounting, data operations (except handling of PHI) are generally HIPAA exempt.

But there are no necessary parallels between HIPAA and state laws, and “healthcare operations” that are perfectly exempt from HIPAA. Plus, these may be covered by privacy rights under state laws. Again, your legal department is the best authority on this, and if state laws differ from HIPAA, it makes sense for one form to cover both the required federal and state consents. A complete list of the activities covered by the term may be found at 45 Code of Federal Regulations 164.50.

What’s The Takeaway?

The chief takeaway from these four incidents is that common sense, or what appears to be common sense, does not govern here; the law and regulations do. Having good legal advice in any case where there is ambiguity is a good idea. If you are uncertain about what “covered activity” means, then consult your lawyers. You’re paying good money for legal counsel so make use of them.

Are You REALLY Secure? Follow This Checklist To Know For Sure

 

When everything is going well, the last thing you want to do is think about what will happen when something goes wrong.

It can be easy to think that just because you’ve recently bought some new hardware, or updated your security software, or simply the fact that it’s been a while since you had to deal with a major issue.

Don’t let that give you false confidence.

We don’t have to dwell on the potential for disaster though – you and I know that it’s a possibility, so let’s just leave it at that. What’s important about this is that you know to cover your bases. No need to assume the worst – just plan for it, so you know you’re covered.

What Are The Main 3 Areas Of Cybersecurity That You Need To Verify?

As important as cybersecurity is, it doesn’t have to be complicated. Follow this checklist to ensure you have all your bases covered:

• Do you have the necessary range of cybersecurity solutions?
  This is easy – do you have a firewall? Do you have antivirus software? Do you have a spam filter for your email?By investing in these solutions, you can eliminate a vast majority of common cybersecurity threats.
  
• Does your staff follow cybersecurity best practices?

The next step is to make sure your staff is contributing to your cybersecurity, not hurting it. Especially when it comes to their email practices.

Cybercriminals often use email as a way to transmit viruses, ransomware, and other malicious software. Give your staff the following list and have them walk through it when they’re unsure about an email:

• • Do I know the sender of this email?
  • Does it make sense that it was sent to me?
  • Can I verify that the attached link or PDF is safe?
  • Does the email threaten to close my accounts or cancel my cards if I don’t provide information?
  • Is this email really from someone I trust or does it just look like someone I trust? What can I do to verify?
  • Does anything seem “off” about this email, its contents or sender?
    
    
• Do you have an effective backup plan in place?

While these other two points are preventative, in this case, you’re ensuring you have a viable response to when something breaks through your cybersecurity.

In the event that your data is stolen, compromised or encrypted and held at ransom, a recent and regular backup will keep you protected.

And that’s it! Does that sound like a bit too much to handle? The good news is that you don’t have to deal with IT security on your own.

As vital as each one of those tasks is for your security, there is still the problem of making sure they are all done on a regular basis. That’s where a trusted partner in IT support can be so helpful.

By having an expert team of IT security professionals assess your network and manage its many aspects, you can ensure that your technology is secure, without having to see to it yourself.

Be sure to partner with a reliable IT support provider like {company} to make sure all your bases are covered when it comes to your cybersecurity.