---

Coming Soon: Windows Server 2003 End of Support Date

It is almost time for Windows Server 2003 to shuffle off to that big network in the sky. The official End of Support date (EOS) for the operating system is July 14, 2015, after which it will no longer be actively supported by Microsoft. Everyone working in Bay Area IT services is currently scrambling to meet the demand caused by this changeover.

Is It a Big Deal?

Very much so. It’s vital that software is regularly monitored against emerging security threats, especially on an enterprise level where the stakes are so high. If your systems are not up-to-date, with the latest patches to repair the most recent exploits, then your entire network is vulnerable to hackers.

In 2013, Microsoft issued 37 critical updates for Windows Server 2003. That’s roughly one every ten days. After July 14, you’re on your own.Your “how to” blog post should teach the reader how to do something by breaking it down into a series of steps.

 

Begin your blog post by explaining what problem you are going to solve through your explanation and be sure to include any relevant keywords. Add in a personal story to establish your credibility on this topic. And make sure to end your blog post with a summary of what your reader will gain by following your lead.

Need some inspiration? Check out these “How-To” examples from the HubSpot blog:

• How to Write a Blog Post: A Simple Formula to Follow
• How to Do Keyword Research: A Beginner’s Guide
• How to Write an Effective Meta Description (Yes, They Still Matter)

---

BODY:

Now deliver what you promised in the first section. This is the longest part of the post, so make it easy to read. Use short paragraphs, bullet lists, and bold headings to set different sections apart. 

Some common section headers include:

Step 1: Getting Started

Step 2: Do Your Background Research on…

Step 3: First Steps for…

Step 4: Analyze and Repeat

Step 5: Wrapping Up

You can use bulleted lists, numbered list, or multiple headings. Include as many steps, numbers, or bullets that will allow you to discuss your topic thoroughly.

Here are some pointers to make the best possible body of your blog:

• Include visuals
• Include short explanatory phrases in your headers
• At the end, transition into your conclusion

---

CONCLUSION:

Now it’s time to say goodbye and wrap up your post. Remind your readers of your key takeaway, reiterate what your readers need to do to get the desired result, and ask a question about how they see the topic to encourage comments and conversation. Don’t forget to add a Call-to-Action to turn your blog post into a marketing machine!

Congratulations! What a lovely how-to post you’ve created. 

---

 

Very much so. It’s vital that software is regularly monitored against emerging security threats, especially on an enterprise level where the stakes are so high. If your systems are not up-to-date, with the latest patches to repair the most recent exploits, then your entire network is vulnerable to hackers.In 2013, Microsoft issued 37 critical updates for Windows Server 2003. That’s roughly one every ten days. After July 14, you’re on your own.

Read More

How to Prepare for Windows Server 2003 End of Support

It is almost time for Windows Server 2003 to shuffle off to that big network in the sky. The official End of Support date (EOS) for the operating system is July 14, 2015, after which point businesses will no longer be actively supported by Microsoft.

With the deadline rapidly approaching, businesses throughout San Francisco and the Bay Area are currently scrambling to find technical help as they look to update and transition their systems. 

As a result, those of us working in Bay Area IT services have been hard at work to meet the demand caused by this changover as we work help improve our clients’ systems and properly educate our users as they take action. 

Is It a Big Deal?

Very much so. It’s vital that software is regularly monitored against emerging security threats, especially on an enterprise level where the stakes are so high. If your systems are not up-to-date, with the latest patches to repair the most recent exploits, then your entire network is vulnerable to hackers.

In 2013, Microsoft issued 37 critical updates for Windows Server 2003. That’s roughly one every ten days. After July 14, you’re on your own.

The Cost of Doing Nothing

Well, maybe not entirely on your own. Around 20% of users are expected to miss deadline, with many of them citing the expense and complexity of migration as a contributing factor.

It is absolutely true that migration can be difficult and costly, especially if it involves making changes to other systems. Migration is daunting, but the cost of not migrating should cause you sleepless nights. The biggest expense of all will arise if your computer network services are breached by hackers because you’re running on vulnerable systems.

In order to keep Windows Server 2003 running securely after EOS, you’ll need to invest heavily in your in-house network security. If you need any additional technical support, you’ll have to hire outside contractors. And if you purchase any new equipment or new software, you may find that it’s incompatible.

The cost of all of these things will rise exponentially over time. One way or another, your business will have to upgrade eventually.

With that in mind, each business must consider the costs and benefits tied to updating systems”

• Proactively– Before problems strike, in the driver’s seat on scheduling, able to plan around business costs and expenses
• Reactively– Emergency upgrades on tight timelines to keep your business afloat, limited by resource availability, and higher cost of completion

What’s the Easiest Way Out?

Face this challenge head-on. With the EOS deadline literally days away, the time to act is right now. Get professional assistance from reliable consultants, put them to work with your existing team, and then attack it like any other major project.

Assess

The first thing to do is to have your technical support resource help create an overview of what needs to be done.

You need to know:

• Which users will be affected?
• Which other systems will require an upgrade?
• Is this likely to impact productivity at all throughout the transition?

But not all of these questions need to be negative; you must also consider if there are any efficiencies or process improvements that can be phased in during the transition. When you’re reaching out and getting expert help, it’s important to bring them in at this early stage so that they can help build your implementation plan using the key information you’ve gathered together.

Plan

As you move forward, consider creating a roadmap for your upgrade, and communicating it to every stakeholder within your organization, including non-technical staff.

When you make sure everyone knows what is happening, (as well as how they might be impacted) you enable your teams to plan ahead and to be prepared. Your IT support provider can also help ensure you have the right contingencies in case of the unforeseen.

Implement and Support

Once you’ve got your project roadmap in place and understand the improvements necessary to avoid End-of-Support with Microsoft, you can help guide your company towards making the implementation process as straightforward as possible. 

Remember that it isn’t just software that needs to be upgraded. Your Windows Server resources may require recertification, and other members of your staff or end users may need retraining on your new systems.

When shooting for success, make sure that everyone in your organization has access to the right resouces to complete their job responsibilities.

If you want to make sure your project goes smoothly, it may be time to call in professional IT services support to make sure your server upgrade project is comprehensive, well architected and that it covers all of your business needs. With the right technical support, IT should be simple, seamless, done.

Still feeling overwhelmed?If you want to get your server migration started ASAP but don’t know where to begin, reach out to our implementation team today for a free technical assessment and keep your company moving forward.

Read More

7 Ways Professional IT Support Helps Your Business Flourish

Technology is the backbone of modern commerce, so strong technical support is vital to the success of any business. But with steadily increasing overhead costs and thinning profit margins, allocating precious funds to professional IT support often seems unnecessary. After all, when computer literacy is the norm, how does having professional IT support really benefit your business? As it turns out, there are quite a few answers.

 

1. Helpdesk Support

The vast majority of businesses use computers daily. Invariably, these computers glitch, crash and wipe data spontaneously. For small businesses, these common issues are daunting at best and catastrophic at worst. Even minor setbacks render networks unusable for hours, resulting in lost revenue, upset customers and wasted time.

Don’t pull your engineer or accountant off of their current projects just to have them struggle through business troubleshooting. When you have managers wasting hours trying to fix technical problems, it’s time to bring in professional IT support who can solve your problem in minutes.

2. Email

Professional IT support establishes and manages email systems, restores access to locked accounts, and retrieves lost or corrupted information. Once you have an ongoing relationship with your tech help, they can work with your users to tailor email configurations to meet your business’s needs, utilize options that free email service providers don’t offer, and help ensure that you have the right storage and recovery capabilities in place.

3. Network Dependability

One of the unique advantages of professional technical support is the peace of mind that comes with network dependability. In a survey of over 200 companies accross North America and Eurpe, it was found that more than $26.5 billion in revenue is lost each year, which translates to approximately $150,000 in losses per year, per business because of network outages.

Just as you rely on your car to get you to work, your business operations depend on your network and the IT solutions that you have in place. A dependable network dramatically reduces disruptions, ensuring uninterrupted operations and minimal negative impact to your business.

4. Server Hardware

While it is possible to set up and maintain a server, the process is complex, difficult, expensive and time-consuming. Furthermore, if your server hardware is improperly configured or fails at any time, reconfiguration is both costly, crippling for your business and incredibly stressful for both your employees and your clients. Professional IT support maintains, monitors, troubleshoots and resolves hardware issues proactively, thus enabling you to .

5. Backup and Storage

Additional benefits of IT support include backup and storage capabilities. Without professional support, your managers find themselves relegated to generic storage platforms, many of which don’t meet your business’s needs. Bay Area Technical Support provides storage, access and preservation in a worst-case scenario, ensuring the integrity and safety of your data.

6. Security

From email encryption to network security, database management to sensitive data, security is vital to the successful operation of your business. Repairing damage (not to mention the loss of clients’ trust) caused by a data breach can be expensive, slow and stressful. Working with the right Bay Area IT service provider means your business gets the right security solutions implemented before you are attacked in order to help eliminate many common cybersecurity related risks.

7. Time

Excellent IT support ensures efficiency, protects data, and facilitates productivity. It relieves your managers of many significant burdens, minimizing stress, maximizing time, and providing solutions on a daily basis. Ultimately, when you partner with the right professional IT support service provider, you relieve your team leaders and managers of unnecessary burdens so that they can tackle the business challenges that that matter the most!

Read More

Best Practices for Choosing a Cloud Provider for an Elective Healthcare Practice

Although cloud computing is often regarded as a fairly new phenomenon, it has in fact been in use in one form or another since the late 1990s. However, its adoption by medical practices, including those in the elective healthcare sector, has been slow. By employing these best practices when choosing a cloud provider, you can make sure you’re getting an IT services firm that is the correct match for your organization.

Security Measures and Compliance

Core cloud-security measures should be in place that include encryption and identity-based access control. A reputable cloud provider can ensure all the items that external compliance auditors check for comply with legal regulations.

Knowledge of Your Industry

The cloud provider should have an in-depth knowledge of the healthcare industry and preferably of the sector within which your practice falls. It’s important that the cloud provider’s employees understand the particular needs of your practice.

Location of Your Data

Because your data is your responsibility, you should ask the following questions:

• Where are the cloud provider’s servers located?
• Will you and your staff be able to always access the data, no matter where you are?
• Does the cloud provider have a disaster recovery or business continuity plan in place in the case of natural disasters or major outages?

Certification and Training

A cloud provider’s staff must be experienced in your field, correctly trained and depending on your security requirements, may need to be certified in healthcare IT management so that they always comply with HIPAA requirements when undertaking any work items for your practice. While shopping around, you can ask if the staff have previously undergone background and drug checks and whether they understand the medical ethics and the law surrounding such issues.

Service-Level Agreement

Before you sign a service-level agreement (SLA) with a cloud provider, check that it contains definite response and resolution times so that you don’t find yourself unable to access your data if their systems are down or unable to reach any of their IT support technicians simply because it is after hours.

While full staffing may be limited to business operations hours, any reputable technology services provider will have on-call resources available to assist their clients during emergencies.

Additionally, feel free to ask questions in order to find out exactly what services your monthly subscription fee covers.

Cloud computing is part of the modern IT world, and when properly put to use, it can help make your healthcare practice run smoothly, efficiently, and dependably, thus allowing you to focus on providing your patients the best care possible.

However, it’s also extremely important that you assess potential cloud providers to ensure that they meet your business requirements and that they are able to comply with the legislation requirements which govern your practice.

Contact Bay Computing today for your free onsite evaluation and detailed information about the right customized cloud-computing options for your business.

 

Read More

5 Questions to Ask IT Consulting Firms

The days when only big business worked with IT consultants are long gone. Increasingly, small and medium size businesses (SMBs) understand that outsourcing some or all of their IT projects to consultants can help them focus on core business objectives, leverage expertise they don’t have in-house and cut overall costs.

But not all consultants are created equal. To find one who can help your company achieve its goals, you have to ask the right questions. Here are 5 questions you should ask to ensure you hire a consultant who will help your business succeed:

1. Have you worked successfully with businesses like mine?

If a consulting firm doesn’t list current and former clients on its website, you should probably keep looking. For those who do, look for experience with clients from a broad range of industries, from healthcare to insurance to financial services. To help you in your search, the best consultants will also provide testimonials and case studies, and give you references you can check out.

2. Are you a full-service provider?

You want a service provider who has experience not only with many types of businesses, but also many types of problems. The best providers are able to deal with any issue which arises, whether it’s a server crash, network downtime or missing data. They will support you with a full array of services, including security, communications, cloud computing, network, servers and storage.

3. Will you have people dedicated to my business?

The best IT consulting firms will assign a dedicated support team to work collaboratively with you and your employees, manage your ongoing IT services needs, and ensure that support from your dedicated team will be ready, willing and able to help at the first sign of trouble.

4. Do you have a long-term plan?

When you work with experienced IT technicians, they understand the value of creating a strategic plan for your technology needs and will take the time to perform a comprehensive assessment of your IT network (some Bay Area technology services companies will even do this free of charge). They’ll provide you with a detailed road map for ongoing monitoring, technical helpdesk support and any specific maintenance requirements unique to the needs of your systems and your business.

5. Can you tell me how this benefits my business and how much it is going to cost?

When partnering with an IT services provider, you want someone who works with you to identify the best solution to fit your needs, and if necessary, someone who will push back against quick-fix or bargain-basement not-a-fit solutions when there are reasonably priced and far superior options available which satisfy all of your business needs. As your technology partner, your IT consultant should help you understand the business reason behind any new purchases, how much you’re going to pay, but also precisely what you will be getting for your money.

Conclusion

Don’t be fall into the trap of casually selecting the first IT consulting option that you come across- When it comes to keeping your office running smoothly, it is key to perform your due diligence to make sure you find the right IT services partner.

Throughout your search, if the answer to each of the above questions is “yes,” you’re well on your way to finding a dependable IT consulting firm that your company can build a strong relationship with into the future.

By asking the right questions, and getting the right answers, you will help your business find the tetechnical services resources who will become your trusted partners who are equally as committed to the success of your business as you are!

 

Read More

Five Steps: Is Your EHR Managment HIPAA Compliant?

The advent of electronic health records (EHR) have improved many aspects of health care: faster data sharing, better care coordination, increased patient participation, reduced errors and more.

But it also means that additional steps are necessary to ensure that your patients’ electronic protected health information (ePHI) is protected and that your practice is compliant with the Federal Health Insurance Portability and Accountability Act of 1996 (HIPPA).

Five Starting Steps: EHR and HIPAA

The implementation and maintenance of the following five steps may require specialized expertise, which should be available among your technology support staff. These experts can help your EHR operations run smoothly and help you navigate complex technology-related challenges.

Analyze Risk

The first step in HIPPA compliance is a risk analysis, which can identify potential threats. According to the Office for Civil Rights, a risk analysis involves identifying all sources of ePHI and all potential risks to confidentiality. Once identified, steps can be taken to protect, mitigate, or correct for problems.

Encrypt ePHI

The second step is technological: encrypting ePHI. HIPPA rules require, “the use of an algorithmic process to transform data into a form in which there is a low probability of assigning meaning without use of a confidential process or key.” Your technology services team can help ensure that the right IT solutions are implemented to keep your data properly encryptedat all times.

Secure Hardware

The third step is similar to a locked file cabinet; it provides access only to those with a key. The United States Department of Health and Human Services recommends both physical and technical safeguards for ePHI. Physical safeguards limit access to the hardware site and provide use restrictions to workstation facilities. Technical safeguards include:

• Unique identification
• Passwords
• Automatic logouts
• Emergency access procedures

Establish Clearance Levels

The fourth step is establishing an access hierarchy. Make sure you have clear definitions of who can see what information and for what reason setup properly by your computer support specialists.

As part of this process, your practice may want to create processes to assign access rights based on position levels within your organization (depending on the size of your practice) to serve as an extra precaution instead of relying solely on ad-hock access approvals

Conduct Audit Reports and Periodic Evaluations

The final step is evaluating how well your implementation is performing. This involves routine audits of which users have accessed sensitive information and the review of any healthcare IT related problems and processes observed.

As a busy medical practitioner, you are busy dedicating yourself to providing the best patient care possible. Now with HIPAA Compliance coming down the pipeline, you and your practice may be feeling overwhelmed by the seemingly endless list of requirements necessary to be HIPPA compliant.

Work with your Bay Area IT services provider to ensure that the proper roles for compliance are defined and to establish the policies and procedures necessary to proactively prevent, detect, contain and correct security problems. Our organization is readily available to answer any healthcare IT questions you may have or to set up a free assessment of your HIPPA compliance readiness.

Read More

Healthcare IT: Free Up Your Practice to Focus on Patients

Top-rate medical practices are often let down by sub-par technical support, so it may be time to source the professional-caliber IT support services you need. However, that is sometimes easier said than done, and it’s important to know what support services your practice requires to protect your electronic health records (EHR) and the Electronic Personal Health Information (ePHI) you deal with each day.

As a physician, worrying about your healthcare IT services is not what you need to spend your day focusing on. Your job is to tend to your patients, and a company that offers a skilled support service enables you to do that. Support for your EMR/EHR software (such as NexTech) includes preventing inappropriate use, malware protection and training in best practices.

Inappropriate Use

Inappropriate use often involves interaction on social media, such as Facebook and Twitter, or even on your own practice’s website. Research shows that displaying ill-chosen photographs, using discriminatory language, violating patient privacy and posting negative comments are ways that medical practices may overstep ethical rules and legal regulations. A professional IT company can enable the monitoring and disabling of inappropriate use on practice computers, whether it’s inadvertent or deliberately malicious. This enables you as a physician or office manager to devote yourself to what you are specialized in instead of having to waste precious time on policing employees.

 

Antivirus and Malware Software

Viruses, worms and malware destroy and steal or even ransom medical records and sensitive ePHI, so it’s imperative that your practice has the proper protections in place against them. Like the human variety, viruses that attack computers are constantly mutating, doing so through the workings of Internet hackers. An IT firm of good standing always keeps your office up to date with the right selection of antivirus solutions, preventative programs and safeguards against malevolent cyber invaders, giving peace of mind to you and to your patients.

Best Practices to Avoid Malicious IT Attacks

Cyber criminals are constantly searching for valuable, vulnerable data such as:

• Names, email and physical addresses of patients and employees
• Social Security, medical ID numbers, Protected Health Information (PHI or ePHI)
• Payment card info (regulated by PCI-DSS, or Payment Card Industry Data Security Standards)

This information is usually sold in bulk to the highest bidder and used for a variety of nefarious activities. Don’t risk losing your patients’ trust simply because of weak IT management.

Implementing industry standard best practices to ensure your business and office operations are secure against cyber-attacks is not always simple.

Training staff, using strong passwords that are frequently changed and limiting network access are just the beginning when implementing the necessary procedures.

Mobile devices are particularly vulnerable to cyber and physical theft, so and all patient related data needs to be encrypted before being sent across public networks. All devices, whether mobile or office-based, should be frequently backed up to preserve data. A trustworthy IT services company can develop and execute a cyber-security strategic plan for your practice.

 

Choose Carefully

One of the challenges faced by physicians during 2015, according to Medical Economics, is keeping abreast of modern technology. A fairly significant number of medical practices have, to their detriment, bought low-cost EHR software only to discover that support services were sadly lacking or simply nonexistent. Physicians Practice recommend that one of the most effective ways of protecting your practice against data breaches is to contract with IT support service firms that are familiar with EHR and compliance issues.

Concern about problems such as inappropriate use and cyber-attacks from hackers takes physicians away from what they do best — caring for patients. Contact our support team at Bay Computing for information about best practices to prevent malicious invasions of your electronic systems.

Read More

---

What is Rombertik? Latest Malware Attack Triggers Destruction Tactics Upon Detection

Just yesterday, security experts discovered the latest strain of malware, nicknamed “Rombertik”, a specialized “wiper” malware smart enough to actively take precautions to help itself avoid detection. 

But most importantly: If Rombertik even suspects, let alone confirms malware analysis, it will activate a number of “self-destruct” type functions on the host computer it has infected to stop you in your tracks. Here’s hoping you have updated backup solutions in place…

 Why self-destruct? Doesn’t that harm Rombertik’s goals too?

One of the greatest dangers of Rombertik is the malware’s obsessive secrecy, for its creators are determined not to allow malware analysis to be run on their latest masterpiece. Chris Stobing has gone as far as dubbing “Suicide Bomber” of malware attacks.

Why such an extreme title? As soon as it suspects detection, Rombertik overwrites all vital information on your computer, which in turn makes you lose all of your data and forces you to reinstall your operating system and restore your files from backups.

---

How does it know? What triggers Rombertik’s destroy function?

In the beginning of its attack, as soon as it is up and running, Rombertik completes multiple checks to ensure that it has not been detected.

According to the Talos team of cybersecurity experts responsible for its discovery, Rombertik, “is unique in that it actively attempts to destroy the computer if it detects certain attributes associated with malware analysis.”

 How is this conducted? Don’t most malware attacks try to avoid detection?

While most malware attacks these days include instructions and commands to help them evade discovery, Rombertik will automatically compute a 32-bit hash and encrypt its victim’s hard drive if at any point the infection suspects a disturbance to its operations.

 

Furthermore, the Rombertik’s infection methodology, “incorporates several layers of obfuscation along with anti-analysis functionality,” (meaning that it has the capability of actively fighting off malware analysis in multiple different ways).

The attackers have also developed a way of evading sandboxes, which have traditionally been overcome by enforcing extended “sleep” periods before executing in order to get past sandbox timeouts.

As security specialists identified this method, sleeping lost effectiveness, which is why Rombertik instead chooses flood memory by the writing of a byte of random data to memory 960 million times.

By exploiting the scale of  this new strategy, Rombertik is able to consume time without being flagged as sleeping, and also manages to flood application tracing tools with over 100 gigabytes of logged data, which further complicates and derails any potential analysis.

---

 

The Final Punch/ Going in for the Kill

Remember that 32-bit hash we mentioned? As a final anti-analysis tactic, Rombertik will computer a 32-bit hash of a resource in its host machine’s memory, which it then compares to the timestamp of is original sample upon creation. If the malware discovers that the sample has been accessed or altered in any way, Rombertik goes into “Destroy” mode.

 This Includes:

1.)    Overwriting the Master Boot Record (MBR) of PhysicalDisk0, which will fry your machine and leave it inoperable

2.)    If it is unable to overwrite your MBR, Rombertik will destroy all files in the user’s Home folder and encrypt each one using a randomly generated RC4 key.

3.)    Following the completion of MBR overwrites and Home folder encryption, Rombertik restarts its victims’ computer, but not without implementing code which forces an infinite loop and stops the system from being able to continue onto fully rebooting.

 

---

So what is this malicious spyware attack after?

Its sophisticated software for attacking to avoid detection is what makes it unique, but in terms of data capture, Rombertik isn’t picky.

Once it has infected your computer, it gathers any and everything that you do through monitoring all of your behavior on the we and each and every keystroke that you make.

Why? By capturing all of your activity before transmission, secure methods such as HTTPS become irrelevant. This method of lying in wait methodology helps Rombertik evade detection while it discovers the details of your business and your users’ sensitive data.

Once Rombertik has succeeded in transmitting the the data it has gathered while spying on you, specialized scripts can be used to identify your login credentials, passwords and payment information from the logs ofyour behaviors on the web and each keystroke that you make.

 

---

 

How do I keep this from happening to my business?

Considering that Rombertik relies heavily on spam and phishing attacks, the best place to start is by implementing strong security practices. For more information on how you can avoid malware attacks, check out this blog from one of Bay Computing’s senior technicians, Matt Simpson.

 Need a quick overview? As an intro your organization should:

1. Make sure anti-virus software is installed on all machines accross your organization
2. Regularly update your anti-virus solution
   1. (The best option is working with your IT managed service provider to implement a centrally managed antivirus solution which automatically takes care of all updates for you)
3. Teach users not to click on attachments from unknown senders or messages which seem out of place from known senders
   1. (Think safe, not sorry when it comes to malware)
4. There is never a failproof solution, but implementing and following best security practices is one of the most effective methods out there
5. Implement the right Spam filter to block suspicious emails and attachment types
6. Utilize backup and data recovery solutions to ensure that your business continuity is protected, no matter what happens.
   1. Double-check (and then triple-check) that your backups are set to occur regularly and that they are completed successfully
7. Work with your technology provider to ensure that your computer network services are implemented with a threat-centric approach which incorporates protections across your extended network and your full business IT environment.

 If you have any questions about implementing the right security solutions for your organization, need help fighting your way through a malware attack or are simply looking for the right IT service provider for your Bay Area business, contact us today!

---

 

Read More

As a business owner, it can be overwhelming trying to stay up to date in the latest and greatest best practices for business technologies, but you know you need to keep your network, systems, and data safe in order to keep your office operations humming along.

Having a comprehensive IT management plan is a key step in the right direction. The problem is, there is no single set of rules or protocols that will work perfectly for every business and accross all office needs.

When you work directly with an IT services provider, a team of experienced technicians helps you identify the technology needs of your organization and employees, and then designs your customized, reliable and comprehensive IT solutions plan.

As for mapping out the details of each IT solutions plan, the requirements and specific policies will vary greatly based upon each organization’s:

• Hardware limitations
• Industry-related security requirements (HIPAA requirements, PCI Compliance, etc.)
• Data transfer
• Data access demands
• Backup needs and requirements
• Business obligations for unified configurations

But keep in mind, there are a number of fundamentals each business must consider when developing, maintaining or revamping their IT systems and networks.  Here is a walkthrough to cover the basics of  office IT necessities to help you cover the best practices for your business. 

1) Disaster Recovery and Data Backup

First and foremost, when your business has crucial data, your office IT systems must have the right backup solutions in place. Whether you run a botique wealth management firm or a multi-office cosmetic surgery practice, data should be backed up religiously.

Not only does the success of your business depend upon having reliable, up-to-date versions of your files, but you can’t allow a natural disaster, theft or rogue user take down your operations!

A key component of protecting your business is creating the processes and procedures to properly assign the responsibility for backing up your business data each day.

Yet the hardest part can be making sure they are actually implemented and completed daily to ensure that your day’s work doesn’t go missing.

When you ensure that your information is stored, saved and replicated, you lay the foundation for proper business continuity and enable your business’ disaster recovery planning

 

Here are some of the most common data backup solutions used by local businesses and organizations:

• Manual Back-Up – One of the simplest ways to back up data is to move all your information into one file, and then transfer that file to a portable hard drive.
• This is a common data backup ritual for small businesses, but it has many drawbacks and can present significant risks to your Office IT:
  • When backing up large amounts of data, it is a slow, tedious process
  • The hard drives you use are just as likely to get lost, corrupted, or damaged in some sort of disaster scenario (fire, earthquake, etc.) if they are stored in the same location
  • If you do keep your external drives at a separate location, it is quite common to see actual backups fall behind and out of date as drives must be transported round trip and time must be allocated for periodic backups.
  • Without automated processes in place, your business becomes reliant on the manual process and employees not getting side-tracked by daily work operations
• Remote Servers – Many businesses backup their data by transferring it to a set of computer servers at another location.
  • This is a form of secure P2P file-sharing called “friend-to-friend,” and it is especially helpful for businesses that have multiple offices.
  • There chance of data getting stolen along the way is lower than with other options, and the information will be stored safely in multiple locations. However, there is still the risk of both servers being destroyed in a large-scale disaster situation.
• Cloud Storage – One of the newest, most advanced forms of data backup is Cloud storage, which  stores your data on multiple remote computer servers. 
• These cloud servers are maintained by a hosting company that ensures the data security and redundancy of their services.
• In terms of continuity, cloud technology offers one of the strongest forms of data backup solutions as it involves having multiple copies of your data created, accessible from any location with a secure Internet connection.

2) Security

The modern world is overrun with threats from cyber criminals attempting to exploit people online.

Some are sophisticated hackers looking to steal money or electronically stored protected personal health information from secure computer systems.

Others may be mere spammers attempting to inundate your company with junk mail or advertisements with hopes of hoodwinking your employees into the latest cyber scam.

Their weapons may be relatively simple (phishing attack), slightly more advanced (spear-phishing attacks) or possibly quite advanced and sophistacted in their methods (Rombertik and “wiper” malwares)

There are even “hackers for hire,” who are the digital mercenaries hired by competitors to crash your systems or harm your business reputation. Whatever the threat, you must stay prepared.

Know that different operating systems require different malware protection, but there are some basic data security tips that will keep your office IT system as foolproof as possible. Consider the following:

• Choose unique passwords
• Diversify your password
• Regularly update your anti-virus software
• Avoid pop-ups
• Limit Administrator access to one person

3) Maintenance

When it comes to office IT, it is important to make sure that you have your computer maintenance consistently covered.

This includes everything from server maintenance to scheduled software updates, and the bigger your invesment, higher the likelihood that you should also invest in an extended manufacturer’s warranty.

Whenever our clients make major investments in their technologies, we always investigate the best warranty options for them and help them evalaute if the investment is worthwhile, depending on the terms.

There are far too many variables to accept hard-line rules across the board when it comes to IT maintenance. The only thing you can know for certain is if you have the right resources on your side to ensure that you will always be able to handle dealing with any unexpected tech support problems or even IT disaster recovery necessary situations.

Basically ask yourself, “Do I know who to call?”

Computers break like everything else, and when your data is lost or your work flow is stalled, this can be a disastrous time to try “DIY” computer maintenance. Having a managed IT services provider is the best way to get your equipment back up and running in no time.

4) Disaster Planning

Disaster planning is an integral part of any foolproof IT system. Whenever there is a large scale natural disaster (like the 2011 tsunami in Japan) businesses can be destroyed just as easily as homes. If you employ local backup solutions and lose your data along with your office/equipment, you may never recover. This is why you need a plan of action for the worst possible scenario.

Disaster preparedness, or business continuity, includes 3 important aspects:

• Data Recovery – You need to recover all of your data from the backup location (and immediately “backup the backup” since the first backup becomes your original)
• Replace Damaged Equipment – This can be difficult if an office or computer server was destroyed, but it is important to salvage whatever you can. Having a well-designed BYOD policy may also allow you to get by in the short term.
• Data Access – If your office was destroyed or rendered inaccessible (but your data was stored remotely) you need a way to access the backups while you sort things out. This is where Internet-enabled cloud computing becomes so valuable.

While technology advances each and every day, making sure that your IT is built upon sound foundation will always be a wise investment to enable your company to succeed. 

As you seek out the best tech solutions and IT services for your business, make sure you have the right partner on board to help you develop the best strategy for storing, accessing and protecting your mission-critical data and for securing your network and systems. 

There’s a reason that such for a wide range of businesses throughout the Bay Area depend on managed services providers:

When you work with professional IT services experts, your business becomes free to focus on your core competencies, key clients and most crucial projects to help keep your clients happy.

If you are interested in learning more about what options would work best for your organization, Contact Us at (925) 459-8500. With years of experience and our friendly team of technicians, Bay Computing is proud to serve as one of the premier IT service providers in the East Bay Area!

 

Read More

Best Practices in Securing Mobile Healthcare Devices

Many physicians and practice support staff participate in bring your own device (BYOD) arrangements at work. Having a BYOD policy is both convenient for staff and cuts the cost of supplying staff with electronic hardware. However, without proper technology management BYOD can easily turn into a nightmare with regard to security, so follow these best practices to ensure your practice is safe.

 

Authentication and Encryption of Mobile Devices

Strong passwords and dual or two-factor authentication (2FA), which involves the entering of a password and a personal identification number (PIN), greatly aid in preventing the illicit use of mobile devices.

 

Encryption of mobile devices ensures that if your equipment is lost or stolen, the data cannot be read by unauthorized users. If your practice has a breach in security, you will have to prove to the Department of Health and Human Services (HHS) that your devices are encrypted and that you have an encryption plan in place; if no encryption is being used, your practice will be in violation of HIPAA compliance requirements and is liable to get a fine.

 

Develop a Mobile Device Policy

A written mobile device policy is also essential if you have a BYOD policy for personnel. The policy should include:

 

• Who is allowed to access the practice network?
• What medium of access is allowed? Public WiFi networks are vulnerable, while virtual private networks (VPNs) are more secure.
• Which devices are acceptable?
• What data can be stored on the devices?

Other elements to incorporate in a mobile device policy are appropriate use, support and costs. Hand out the policy document to all staff involved in the BYOD scheme, and have them sign it to indicate that they understand the policy and that they agree comply with it.

 

Keep Up to Date with New Technology

 

Advances in mobile device management (MDM) are continually being made, and it’s important to know what’s available. For example, MDM software lets administrators know which devices are accessing data and from where, gives the ability to wipe lost or stolen devices completely clean, and monitors data that is coming into and leaving the network. Secure containers keep personal apps separate from practice data, preventing inadvertent divulging of the electronic protected health information (ePHI) of patients.

 

Best Practices Training for Staff

 

All BYOD users need to know how to activate security features, how to identify “friendly” apps, and to have guidance and controls implemented to ensure they know where it’s safe to upload sensitive data such as ePHI to. Your practice needs establish this technical know-how in all of your employees and get them on board with mobile device security as humans are most often the weakest link in the cyber- security chain.

 

Partnering with a reputable IT services company smooths the way to your successful implementation of mobile device security software. Contact the team at Bay Computing for advice and information about how to secure the mobile devices used each day in your medical practice.

 

 

Read More