My IT is Compliant, So I Guess That Means It’s Secure, Right?

Short answer? No. Despite what you may have been led to believe, there’s a big difference between compliance and security.

Compliance and Regulations

IT compliance and security are not the same. IT Security refers to the best practices and IT solutions used to protect your technology assets, information, and data. It’s the process of implementing specific measures and systems that are designed to protect and safeguard your information. The right IT Security Plan utilizes various forms of technology based on your business’ unique needs to store and exchange data while preventing unauthorized access or improper disclosure.

Compliance refers to regulations imposed by a government, industry or regulatory entity to protect users’ confidential, private information. Examples of these standards include HIPAA, PCI, FINRA, and SOX.

Your IT can be compliant but not secure. “Why is this?” Compliance is a point-in-time snapshot assessment of your technology proving that you meet a minimum standard of security. You can be compliant one day, and not the next (although, you wouldn’t want this to happen).

Plus, IT compliance standards change predictably and slowly over time. These standards provide minimum guidelines for the amount and type of data protection required. IT security, on the other hand, is in a constant state of flux due to the ever-evolving, and more sophisticated cyber threats that appear on the IT landscape. Hackers are innovative and skilled at developing ways to steal your data. What happens is that compliance regulations don’t always keep up with these threats. Some require security protections and others don’t.

The main difference between compliance and security is that IT compliance is measured against prescribed controls, where IT security is defined by the ability to respond to and protect against cyber threats. IT security measures and techniques protect your data, users, networks, and assets from cybercriminals, hackers or other malicious threats.

Unfortunately, some businesses function with the bare minimum of IT security solutions they need to remain compliant. They check to make sure they meet the specific IT compliance requirements and think their data is secure when it’s not. This is a recipe for disaster. Cybercrime is growing at an explosive pace. If you restrict your defenses to only what you need to be compliant, your data and business could be at risk. To ensure IT security, your business needs a comprehensive approach to protection. The good news is that if your IT is secure, you’ll likely be compliant.

“How do I ensure IT Security?” It’s always best to consult with an IT Managed Services Provider who can assess your unique requirements and establish an IT Security Plan with a holistic, layered approach. Make sure that your provider includes the following in your IT Security Plan:

24/7 Remote IT Management and Monitoring to detect threats and block them before they affect your security posture. This includes applying patches via the cloud in real time.  

A Firewall Solution that continuously mitigates cyber-threat intrusions. This will filter the data in transit (data that comes in and leaves your network) by checking packets of information for malicious threats like Trojan viruses and worms, and other forms of malware that can steal or lock up your data. It’s best to use GEO IP Filtering whenever possible, and use a next-generation firewall with perimeter malware protection.

An Up-to-Date Antivirus Solution. Even though firewalls are an excellent source of protection from viruses, they can’t do everything. You also need an antivirus solution that constantly scans your computers to detect suspicious files, isolate and delete them before they infect your system.

A Data Encryption Solution that obfuscates data that’s stored or in transit to prevent others from accessing or reading it. The proliferation of cyber espionage has led to the need for encryption to protect your sensitive data and intellectual property from prying eyes.

A Web-Filtering Solution. This routes web traffic and applies security-filtering policies to protect your computers, laptops, and tablets from malware, botnets, and phishing.

Regular Backups Make sure you always have reliable backups of your data both onsite in a device you can unplug and take with you in case of a disaster, and offsite in a secure cloud so you can retrieve your data remotely if necessary.

Ensure Your Mobile Devices Are Secure. With the proliferation of Bring Your Own Device (BYOD) policies, your business requires secure mobile device solutions that protect your data whether it’s deployed across multiple mobile service providers or on a variety of mobile operating systems. Mobile Device Management provides for remote wiping of data if your mobile devices are lost or stolen.

Security Awareness Training for Your Employees. This should be a formalized training on the latest threats and how to mitigate them. Security Awareness Training for your employees will reduce the risk to your organization’s data and IT systems and limit the chance of a data breach. Some compliance regulations specify the need for Security Awareness Training including HIPAA, PCI DSS, SOX, and FISMA.

Vulnerability Audits to identify security gaps in your computers, network, or communications infrastructure and develop appropriate mitigation countermeasures to protect them.

Penetration Testing. This is an analysis that focuses on where security resources are needed most. When accompanied with Vulnerability Audits they locate the weakest links in your network, identify and document weaknesses in your security, and remove them. Independent Penetration Testing and Vulnerability Audits will help you meet regulatory compliance standards like HIPAA, FINRA and PCI DSS.

Ongoing Updates to your Operating Systems and Software. Whenever there’s an opportunity to update, it’s important to do so. Rather than worrying about this yourself, your IT Managed Services Provider can include this responsibility in your overall IT Security Plan. This will safeguard your system from debilitating cyber attacks and keep your IT system running at peak performance.

There will always be overlaps between compliance and security guidelines but remember that IT security provides a more extensive assurance than IT compliance alone. For help with the unique IT security requirements your business faces, contact a certified IT Managed Service Provider in your area and ask for an assessment of your entire IT network.

Having Problems with Two-Factor Authentication for Office 365?

We noticed that some people are having problems using Microsoft Office 365 with two-factor authentication (2FA) (also known as multi-factor authentication).

Office 365 Two Factor Authentication

We have a few tips for you here.

First: It’s important to know that when your admin sets up 2FA for your Office 365 users, they must enable Modern Authentication (MA) for Exchange Online if users are accessing Exchange using Outlook 2016. (The versions of Microsoft Outlook before 2013 don’t support Modern Authentication.)  For details on how to enable MA for Exchange Online tenants, see Enable Modern Authentication in Exchange Online.

Second: You shouldn’t have any problem using 2FA with Microsoft’s mobile Office apps, Outlook Groups, Office 2016 desktop apps, and OneDrive for Business in Windows 10. However, other applications may be incompatible, so make sure you test all the apps in your organization before enabling 2FA.

How to Connect to Office 365 Security & Compliance Center PowerShell Using 2FA.

If you set up 2FA for tenant administrator accounts, they can’t sign in to Office 365 using PowerShell. Instead, you must set up a specialized account for administrators. To do this, you must install the Exchange Online Remote PowerShell Module and use the Connect-IPPSSession cmdlet to connect to Security & Compliance Center PowerShell.

Important note from Microsoft: You can’t use the Exchange Online Remote PowerShell Module to connect to Exchange Online PowerShell and Security & Compliance Center PowerShell in the same session (window). You need to use separate sessions of the Exchange Online Remote PowerShell Module.

This is what Microsoft recommends you do:

  1. Open the Exchange admin center (EAC) for your Exchange Online. See Exchange admin center in Exchange Online.
  2. In the EAC, go to HybridSetup and click the appropriate Configure button to download the Exchange Online Remote PowerShell Module for multi-factor authentication.
  3. In the Application Install window that opens, click Install.

Windows Remote Management (WinRM) on your computer should allow authentication by default. If basic authentication is disabled, you’ll get an error message. Now you should be able to sign into the Security & Compliance Center PowerShell by using 2FA.

After you sign in, the Security & Compliance Center cmdlets will be imported into your Exchange Online Remote PowerShell Module session and tracked by a progress bar. If you don’t receive any errors, you’ve done this successfully.

If not, and you receive errors, check the following requirements:

  • Limit your open remote PowerShell connections to three. This prevents denial-of-service (DoS) attacks.
  • Make sure the account you connect to the Security & Compliance Center is enabled for remote PowerShell. For more information, see Enable or disable access to Exchange Online PowerShell.
  • The TCP port 80 traffic must be open between your local computer and Office 365. It may not be if your organization has a restrictive Internet access policy.

How to Enable 2FA in the Office 365 Admin Portal

Two-factor authentication (multi-factor authentication) can be enabled for individual users or in bulk. Before continuing, be sure to install Microsoft Authenticator on your user’s mobile devices, (not Authenticator, a similar app from Microsoft but without support for push notifications).  Here’s what Microsoft says to do to enable 2FA one user at a time:

  • Log in to the Office 365 admin portal using an administrator account.
  • In the menu on the left of the portal, expand Users and Active users.
  • In the list of users, click the user for which you want to enable 2FA. Note that only licensed users can use 2FA.
  • In the user’s pane, click Manage multi-factor authentication under More settings.
  • On the multi-factor authentication screen, select the user account to enable, and then click Enable under quick steps on the right.
  • In the About enabling multi-factor auth dialog box, click enable multi-factor auth.

The MULTI-FACTOR AUTH STATUS should change to Enabled. Close the browser window and sign out of the admin portal.  

How to Enroll an Account for 2FA

Once the feature is enabled, the user must now enroll for 2FA, and sign into Office 365 with their username and password, and then click Set it up now on the sign in screen and follow Microsoft’s instructions below:

  • On the Additional security verification screen, select Mobile app
  • Select Receive notifications for verification
  • Click Set up
  • Open the Microsoft Authenticator app on your phone and click Scan Barcode.
  • Use the camera on your phone to scan the barcode in the Configure mobile app You’ll then need to wait a couple of seconds while the app activates the new account.
  • Click Finished in the browser window.
  • Back on the Additional security verification screen, click Contact me.

The user will receive a notification on their phone. They should open it, and they’ll be taken to the Microsoft Authenticator app.

  • Click Verify to complete the sign-in process.
  • Click Close in the Microsoft Authentication app.
  • In the browser window, they must enter a number to receive verification codes in case they lose access to the Microsoft Authenticator app and click Next.

Web-based and mobile apps can use Microsoft Authenticator app verifications for 2FA logins, but Office desktop apps require an app password.

This final step provides the user with an app password for these apps.

  • They should copy the app password by clicking the copy icon to the right of the password and paste it somewhere safe. Click Finished.
  • They’ll be prompted to sign in again, this time by verifying the login using the Microsoft Authenticator app.

Important note from Microsoft:  If you want to use only Multi-Factor Authentication for Office 365, don’t create a Multi-Factor Authentication provider in the Azure Management Portal and link it to a directory. Doing so will take you from Multi-Factor Authentication for Office 365 to the paid version of Multi-Factor Authentication.

We hope this helps. It can be complicated to implement the proper settings for two-factor authentication in Microsoft Office 365.  If you have any problems doing this, feel free to contact the Microsoft Experts at Alltek Services in Central Florida at http://www.alltekservices.com or call 863.709.0709.

 

 

Who Is Providing IT Services for your Optometry Practice?

We all know that Optical Coherence Tomography was a gamechanger. It has allowed us to see the structures of the eye in a level of definition thought impossible earlier. As a result, we can diagnose pathologies like glaucoma, macular degeneration, and diabetic retinopathy years earlier than we could previously. This level of reliance on technology has led to a higher level of patient care and better patient outcomes.

Optometry Practice Computer Support

But along with that exceptional patient care has come a challenge that optometrists were not expecting – care of technology.

Optometry has not been immune to the tectonic shift that has impacted nearly every industry and every other branch of medicine. Technology is changing the entire process of practicing medicine, from the front office and scheduling to diagnosis and treatment.

Take a look around your office. Nearly every piece of equipment is connected to a computer, and the instruments that aren’t now will likely be replaced with newer technology within the next few years.

With all this technology in your office, you have a choice.

You Can Run Your Practice, Or You Can Run Your Technology – But You Can’t-Do Both.

So, what do you do?

There’s no upside in going back to manual diagnosis equipment, so something has to be done.

Here’s the answer.

Partner with an IT support company that specializes in the diagnostic instruments, software, and front office needs of the optometry practice.

By turning over the maintenance, management, and monitoring of your in-house technology to a competent, IT support professional you will remove the burden from your shoulders and give yourself and your staff the seamless, safe IT experience you are seeking.

An IT Support Team That Specializes In The Technology Utilized By Optometry Offices Will Provide Your Business With These Significant Advantages.

  • A single point of contact for any technical question or issue
  • An individual to deal with technology vendors, equipment purchases, and third-party integrations
  • A fast-response team for any technology-related workflow disruption
  • An IT consultant that will help you squeeze all the efficiency possible from your technology
  • An easily-budgeted monthly payment for comprehensive, proactive IT support
  • A secure IT environment that works well for your employees and protects your patient data
  • A HIPAA IT advisor that will help you keep your technology strategy in line with legislation

Setting Up a New Practice?

There may be no time that is more daunting than the setup of a new optometry office. On day #1, you’re sitting there on cardboard boxes eating pizza, talking with co-workers, and staring at empty shelves that will – within days – be filled with glasses and other product.

The computers, monitors, and servers show up on day #2 or #3, and you stare at those boxes thinking, “What have I gotten myself into?”

For a fleeting moment, you want to take your old, manual Phoropter into a testing room and hide forever from technology.

But you know that’s not terribly realistic.

By day #5 you’ve hired someone to come in and get your front-office computer system set up. But then a truck pulls up with the OCT, Keratometer, Slit Lamp, Binocular Indirect Ophthalmoscope, and your Retinal Camera – and you know that you are in way over your head.

Sure, each of those pieces of equipment has manufacturer reps that will come and get them set up, that’s not the problem.

The problem is getting it all working together and keeping all the moving parts from “bumping” into each other along the technology highway on your way to top-notch patient care.

That’s when you realize that the guy who set up your front office likely isn’t up to the job of keeping all this technology running flawlessly and secure against cyber-intrusion. So, you pick up the phone and call a company with years of optometry IT experience – a company like NOVA Computer Solutions.

So, on day #6 you put in the phone call to learn more about NOVA Computer Solutions, and on day #7 they are there to take IT management off your shoulders and to coordinate with your instrument and software vendors to ensure that everything works perfectly for your launch date.

Have An Existing Practice And Wondering If Your Current IT Support People Can Handle The Move To AI And Machine Learning?

If you’ve been to the trade shows you know that the next step in technology for optometrists is going to come in the form of artificial intelligence and machine learning. Is your current IT services team preparing your business to leverage this shift for your competitive advantage and to enhance patient care?

If not, it’s likely time for a change.

In the next year or two, Artificial Intelligence (AI) will be harnessed to assist optometrists in clinical decision-making. How?

  • Enabling high-volume practices to move patients through the process with more efficiency
  • Reducing the risk of misdiagnosis
  • Providing you with the information to make higher level, specialized opinions regarding diagnosis and treatment
  • Enabling you to make better, faster diagnosis
  • Analyzing big data for patterns – image data, blood test data, field of vision data
  • Take better imaging to see indications of pathologies much earlier than previously possible

The combination of AI and machine learning will be powerful for your patients as wearable tech begins to emerge on the marketplace, augmenting the sight of your patients through optic recognition of objects and auditory information. This technology will learn objects and faces enabling your patients to have a better quality of life – much like the hearing aid did for patients with auditory deficits.

In the end, AI and machine learning will not replace what you are already doing to help your patients, but they will be the tools that will be leveraged in the next few years to assist you in your office to make more accurate decisions in shorter timeframes and to provide revolutionary options to your patients.

If your current IT support personnel in the Northern Virginia area aren’t up to the challenge of the complex technology of your office – now and down the road – make the switch to NOVA Computer Solutions. We have a deep background in serving offices like yours in the healthcare field.

Want to read more about NOVA Computer Solutions? We have more for you here.

Will The (Cloud) Storage Wars Draw Blood?

Modern professional relationships require digital processes, like email, collaborative software, and file sharing. The cloud has opened up incredible possibilities beyond imagination a mere decade ago, but which is the right choice?

Cloud Storage

The competition is seriously fierce in cloud storage. The Internet of Things has fueled a data addiction for which traditional storage can’t physically support. We love our devices – I mean, we are straight-up addicted to our smartphones, our iPads, our Kindle Fire tablets, all of them. And there’s a reason we back up our smartphone content: we’d be absolutely lost if we lost it. Our contacts, our notes, our apps, our calendars, and everything we depend on for day-to-day use is on that tiny computer. Where do you back up your data? It’s probably safe to assume there is a cloud location you connect to that saves your backed-up data. It’s safe to assume because we would overwhelm traditional storage options.

Traditional storage hasn’t been able to meet expectations and needs for performance, availability, management, or the cost impact in comparison to growing demand. Everyone has an opinion on who their favorite cloud storage solution is, and it’s usually one of the Big Three players in the cloud game: Dropbox, OneDrive, or Google Drive – and not in that order.

Technically speaking, the first cloud storage solutions launched well before today’s modern providers. Consumers had access in the early 1980’s through CompuServe, and AT&T launched a platform in the 1990’s to support small business solutions. Amazon Web Services introduced AWS S3, their cloud storage offering, in 2006 and functions as the storage provider for Dropbox, Pinterest, and many other large digital enterprises. The only thing that has changed is file size, file type – but mainly adoption.

Cloud storage is increasing in adoption for every professional environment – and is the only solution for distributed workforces! Managing resources for storage needs to be agile, and limited solutions also limit agility. The cloud is merely an accessible extension of your data storage center. Review your full data storage needs, and consider the advantages the cloud offers your business and daily operations.

When reviewing your cloud storage priorities, there are many issues that deserve a deeper consideration. Here is the “Top Ten” List we suggest using as a checklist, and in no particular order:

  • Cost
    • The financial impact of cloud storage is usually the first factor any business considers, but we disagree with this position. While your bottom line is critical to your overall operational budget, there is a multitude of factors that could have a greater impact on your day-to-day needs.
    • It’s surprising just how many decision-makers are surprised – and unprepared for – the expenses required to utilize cloud providers.
  • Sync Simplicity
    • If storing or backing up your data to a cloud solution is cumbersome, the likelihood of full adoption by your staff – and your clients, if applicable – will be a struggle, and result in decreased productivity and decreased reliability. You don’t have time for that!
  • Sync Speed
    • Just as with simplicity, speed is a factor with the ability to sync data quickly. As with any downtime, no one can afford reduced productivity due to Internet connection issues, and it’s an even larger issue if it’s due to your cloud storage provider.
  • Location
    • As they say in real estate, “Location, location, location”! Anyone who thinks it doesn’t matter where your data is stored physically is wrong. Wrong! Though there are too many reasons this matters to list, here are just a few:
    • Data stored in the U.S. is both protected by and susceptible to U.S. laws, like the Patriot Act and the Cyber Intelligence Sharing and Protection Act. Data stored in – or containing the information of – European Union nations are subject to protection by legislation passed by European Parliament enacting strict consumer data protection rules.
    • Facilities that physically house servers for cloud storage providers are just as open to impacts of weather and natural disasters as any other structure in that locale – and accessing your data will be subject to these conditions.
    • Is the physical security of the location a concern under any other circumstances?
  • Reliability and Access
    • Is the vendor reliable? The key players in the cloud storage game tend to be the best for valid reasons, but appropriate considerations, in this case, would be hardware failures, power disruptions, or even vendor disputes. Crazier things have happened.
  • Storage Capacity
    • How much data do you anticipate storing in the cloud? This is like trying to choose your favorite song. The answer changes on a regular basis, and most of the time there is no one singular answer. Obviously, you’ll want to choose a provider that is capable of offering you more storage than you think you’ll ever need, but you also don’t want to pay for storage you’re not using nor will you ever. It’s a delicate balance, and many providers allow for variable usage.
  • File Sharing
    • How many times have you attached a document to an email message, and tried to send it only to get the dreaded error message “File exceeds the maximum size of 25MB. Try removing an attachment and send again”? You are then faced with trying to reduce the file size (Word document into a PDF, etc.) or uploading the file into a cloud solution like Dropbox, Google Drive, or OneNote, and sharing the access URL instead.
  • Application Integrations
    • The number one request made by anyone accessing cloud storage and utilizing an application is to offer an intuitive user experience. Statistics show half of all users that abandon a cloud app do so due to integration issues, citing missed deadlines.
  • Support
    • If any issues arise, it’s critical that users achieve the needed help immediately from an adequately trained member of support team equipped with the right knowledge to resolve the situation.
  • Data Security
    • The cloud and data stored in cloud environments face risks, just like any other professional endeavor. A cloud storage provider that can guarantee against cybersecurity vulnerability and takes the greatest care in safeguarding your data is an excellent vendor and partner.

We’ve talked about what you need – now let’s talk about who can help you. Here is a fantastic detailed resource when comparing many of the cloud vendors at once, but let’s talk about the Big Three. The key players in the Cloud Storage Wars are Dropbox, Google Drive, and OneNote – and any one of these providers would valiantly battle to the bloody end for your business! There is a reason that these three are the best in the biz: they’ve earned their reputation with quality service, support, and every other item in the checklist.

  • Dropbox
    • Offers a free basic storage plan (2GB)
    • Paid plans and features cater to business customers
  • Google Drive
    • Offers a free basic storage plan: clarification, Google users have 15GB of free cloud storage – shared between Gmail, Google Photos, and Google Drive. If you get a ton of emails and don’t clean out your inbox often, that eats up your 15GB
    • Paid plans and features cater to business customers
  • OneNote
    • Offers a free basic storage plan (5GB)
    • Paid plans and features cater to business customers: Here is where it truly pays to use OneNote and be an Office 365 customer, as the paid plans are included with Office 365 subscriptions, either Personal or Home.

The ability to sync, share files and speed are all a focus of these teams, and the competition is pretty ruthless. In fact, Dropbox and Microsoft have formed a partnership to allow easier integration by making Office Online available to Dropbox users at no cost. Keep your friends close, and your enemies closer!

So, which provider is right for you? Only you can make that decision. Armed with this information and reviewing our checklist will hopefully help you make the right choice!