Industry News - Part 21

A variety of untoward events can disrupt the operations of small- to medium-sized businesses (SMBs), including natural disasters or cyberattacks. These incidents can cause SMBS to lose revenue, or in some extreme cases, close permanently. Fortunately, having a concrete business continuity plan (BCP) in place will help your business recover quickly after a disaster. What […]

The post Here’s why your SMB needs a business continuity plan appeared first on Complete Technology Resources, Inc..

15 Sep, 2021 / by Complete Technology Resources / in 2021september15business_b, bcp, business, Business Continuity, business continuity plan category

Here’s why your SMB needs a business continuity plan

A variety of untoward events can disrupt the operations of small- to medium-sized businesses (SMBs), including natural disasters or cyberattacks. These incidents can cause SMBS to lose revenue, or in some extreme cases, close permanently. Fortunately, having a concrete business continuity plan (BCP) in place will help your business recover quickly after a disaster.

What is a BCP?

A BCP is a predefined set of protocols on how your business should respond in case of an emergency or natural disaster. It contains contingency plans for every aspect of your organization, including human resources, assets, and business processes.

Key threats to business continuity

Various types of threats can affect SMBs such as:

Natural disasters: These are natural phenomena such as floods, storms, earthquakes, and wildfires.
Man-made disasters: These include cyberattacks, intentional sabotage, and human negligence.
Equipment and utility failures: These include unexpected power failures, internet downtime, and disruption of communication services.

How to build an effective BCP

If your company does not have a BCP in place, now is a good time to create one. These steps will help you formulate an effective BCP that will ensure your company keeps running even during a major crisis.

Perform a risk assessment
To create an effective BCP, it’s important to identify the risks to prioritize. Start by identifying potential threats that may impact your daily operations. List down as well industry risks, geographical area, rising trends, and issues that your stakeholders may encounter. Next, categorize the risks based on the level of impact, likelihood of occurrence, or other criteria.Once risks have been identified and a plan has been developed, carefully identify any possible gaps. Collaborate with your team to identify any weak points in the plan, and make changes as necessary.
Perform a business impact analysis (BIA)
A BIA will help you determine how a disruption can affect your company’s current functions, processes, personnel, equipment, technology, and physical infrastructure. IT will also help you calculate the potential financial and operational loss from each function and process affected.
Identify your recovery options
Identify key resources for restoring your business to minimum operational levels. Some recovery options you can take include using data backups, allowing employees to work from home or operating from a secondary location.
Document the plan
Make a record of the BCP and store the document in a secure location, preferably an off-site one to reduce the risks of loss or damage in case of a disaster.
Test and train
Once your BCP is in place, your continuity team needs to perform tests regularly to identify gaps and make necessary changes to ensure the plan’s effectiveness. They also need to conduct regular employee training so that everyone knows their respective roles should a disaster strike.

Having an effective BCP is a great way to ensure your business can quickly recover after a major disaster. If you’re thinking about creating a BCP for your company but don’t know where to start, give us a call today.

Published with permission from TechAdvisory.org. Source.

The post Here’s why your SMB needs a business continuity plan appeared first on Complete Technology Resources, Inc..

Microsoft has just leveled the playing field for web browsers by bringing major changes to Microsoft Edge. The internet browser’s stunning new features help users stay organized and save time as well as protect their online data and identity. If you haven’t tried the upgraded browser yet, now is a great time to check it […]

The post Why should you use Microsoft Edge? appeared first on Complete Technology Resources, Inc..

13 Sep, 2021 / by Complete Technology Resources / in 2021september13windows_b, browser, collections, features, immersive reader, microsoft, microsoft edge, password monitor, tab groups, tracking prevention, vertical tabs, Windows category

Microsoft has just leveled the playing field for web browsers by bringing major changes to Microsoft Edge. The internet browser’s stunning new features help users stay organized and save time as well as protect their online data and identity. If you haven’t tried the upgraded browser yet, now is a great time to check it out.

1. Vertical tabs

Vertical tabs are a handy feature if you often find yourself opening dozens of tabs at once at any given time. Instead of having to hover over or click on one to see which page it’s on, you can easily find and manage your tabs on the side with a single click. You’ll never have to lose track of or accidentally close tabs again.

With the recent Microsoft Edge update, users will now be able to hide the horizontal title bar at the top of the screen so there’s additional vertical space to work with. To enable this feature, go to Settings > Appearance > Customize toolbar and select Hide title bar while in vertical tabs.

2. Tab groups

Microsoft Edge allows you to group related tabs so you can better organize your web browser and workspace. For instance, you can have all project-related tabs grouped together and designate another tab group for recreational YouTube video watching. Using tab groups is as easy as right-clicking on an open tab and selecting Add tab to a new group. From there, you’ll be able to create a label and choose a color to identify the tab group. When the tab group is set up, you can add tabs to the group by clicking and dragging.

3. Collections

Collections allows you to gather information from different sites, then organize, export, or return to it at a later time. Doing these can be especially difficult if you’re working across several sites and multiple devices. To use this feature, simply click on the Collections button and a pane will open on the right side of your browser window. Here, you can easily drag and drop web pages, text, images, videos, and other elements into a group, which you can then import to a Word document or Excel workbook.

4. Tracking prevention

Whenever you visit a site, online trackers can collect information about your internet activity, including pages you visit, links you click on, your search history, and more. Companies then use the data collected to target you with personalized advertisements and experiences.

The tracking prevention feature in Microsoft Edge is designed to keep you from being tracked by sites that you aren’t accessing directly. It’s enabled by default, and it gives you control over the types of third-party trackers to be detected and blocked, thereby enhancing your online privacy.

5. Password Monitor

Millions of online personal credentials are frequently exposed due to data breaches and sold on the dark web. To keep your online accounts safe from hackers, Microsoft developed the Password Monitor. When enabled, this feature notifies you if the credentials you’ve saved to autofill are on the dark web. It then prompts you to take action, allowing you to view a list of all the leaked credentials and then leading you to the respective site to change your password.

6. Immersive Reader

Built into the new Microsoft Edge, Immersive Reader makes reading online easier and more accessible by removing distractions on the page and creating a simplified environment that helps you to focus. This feature also gives you access to a variety of capabilities, including hearing text read aloud or adjusting the text size.

7. Easy switching

Microsoft Edge is available to download for Windows, Mac, iOS, and Android. What’s great is that you can easily copy or migrate your bookmarks, form fill information, passwords, and basic settings to the new Microsoft Edge with just a single click.

If you want to learn more about the latest features of Microsoft Edge and how to enjoy these benefits on your business computers, give us a call today.

Published with permission from TechAdvisory.org. Source.

The post Why should you use Microsoft Edge? appeared first on Complete Technology Resources, Inc..

In 2003, the National Institute of Standards and Technology (NIST) stated that strong passwords should consist of upper- and lowercase letters, numbers, and symbols. However, the institute has now reversed its stance. Find out why and learn what their new recommendations are. The problem The issue isn’t that the NIST advised people to create easy-to-crack […]

The post It’s time to rethink your password strategy appeared first on Complete Technology Resources, Inc..

10 Sep, 2021 / by Complete Technology Resources / in 2021september10security_b, account monitoring, multifactor authentication, passphrases, password, password security, Security, security best practice, single sign-on category

It’s time to rethink your password strategy

In 2003, the National Institute of Standards and Technology (NIST) stated that strong passwords should consist of upper- and lowercase letters, numbers, and symbols. However, the institute has now reversed its stance. Find out why and learn what their new recommendations are.

The problem

The issue isn’t that the NIST advised people to create easy-to-crack passwords, but their previous advice inadvertently made people generate weak passwords using predictable capitalization, special characters, and numbers, like “P@ssW0rd1.”

Such a password may seem secure, but the string of characters it’s made up of could easily be compromised by hackers using common algorithms.

Furthermore, while the NIST also recommended that people change their passwords regularly, they did not specify how and when to change them. Without proper guidance, many people assumed that this meant adding or changing one or two characters every year or so.
The NIST essentially forced everyone to use passwords that are hard for humans to remember but easy for a hacker’s algorithm to crack.

Eventually, the institution admitted that their recommendation creates more problems than it solves. The NIST has then reversed its stance on organizational password management requirements, and is recommending banishing forced periodic password changes and getting rid of complexity requirements.

The solution

Security consultant Frank Abagnale and Chief Hacking Officer for KnowBe4 Kevin Mitnick both see a future without passwords. Both security experts advise enterprises to implement multifactor authentication (MFA) in login policies.

MFA requires a user to enter one or more valid credentials aside from a password to gain access to an account. This could be a physical security key, a login prompt on a mobile device, or a facial or a fingerprint scan. Without the additional security requirements, hackers' attempts to crack passwords would be futile.

Moreover, Mitnick recommended implementing long passphrases of 25 characters or more, such as “recedemarmaladecrockplacate” or “cavalryfigurineunderdoneexalted.” These are much more difficult to guess and less prone to hacking. Simply put, passwords should be longer and include nonsensical phrases and words that make them almost impossible for an automated system to crack.

What’s more, the NIST recommends making screening of new passwords against lists of common or compromised passwords mandatory. This is because a complex, 25-character password is already considered weak the moment it has been compromised.

Finally, you should also enforce the following security solutions within your company:

Single sign-on – allows users to securely access multiple accounts with one set of credentials
Account monitoring tools – recognizes suspicious activity and locks out hackers from the network OR keeps hackers from accessing the network.

When it comes to security, ignorance is your business’s kryptonite. If you’d like to learn about what else you can do to remain secure, just give us a call.

Published with permission from TechAdvisory.org. Source.

The post It’s time to rethink your password strategy appeared first on Complete Technology Resources, Inc..

Health Insurance Portability and Accountability Act (HIPAA) regulations pertaining to IT have become much clearer over the past few years, but there are still a few areas in which your office might not be compliant. This isn’t necessarily because of negligence on your part, but rather a lack of understanding of the requirements. Let’s look […]

The post Are you HIPAA-compliant? 4 Things to look into appeared first on Complete Technology Resources, Inc..

08 Sep, 2021 / by Complete Technology Resources / in 2021september8healthcare_b, data regulations, ephi, healthcare, hipaa, hipaa-compliant, it, medical office, medical practice, phi, phi notice category

Are you HIPAA-compliant? 4 Things to look into

Health Insurance Portability and Accountability Act (HIPAA) regulations pertaining to IT have become much clearer over the past few years, but there are still a few areas in which your office might not be compliant. This isn’t necessarily because of negligence on your part, but rather a lack of understanding of the requirements. Let’s look at four things about HIPAA and your IT that you should know about

1. Whether it be on-premises, on the cloud, or both, data storage must be HIPAA-compliant

Electronic protected health information (ePHI) and any sensitive documents like billing records, appointment information, and test results must be stored in HIPAA-compliant devices and servers. More specifically, your devices and services should have multiple layers of security, including endpoint protection software, encryption systems, and strict access controls.

Healthcare providers tend to prefer building their own data centers since they won’t require internet connectivity to access on-premises data storage. However, storage space may be limited, so the cloud is viable, especially for less sensitive ePHI. When choosing cloud-based storage for your EHRs, make sure that you and your service provider meet HIPAA requirements.

2. Data must be secured while providing telehealth and mHealth services

If your practice has invested in or is thinking about investing in telehealth or mobile health (mHealth), then you need to make sure that the tech you utilize is HIPAA-compliant. While most telehealth technologies are HIPAA-approved, one or two additional measures may be required for complete compliance. For example, you may need to utilize encryption in transit to prevent man-in-the-middle attacks during virtual consultations. An IT specialist should have no problem making sure your telehealth solution is up to code.

On the other hand, mHealth may be a little more problematic, as it is a new and constantly changing field. Your best bet is to consult with an expert to make sure that you’re following all the necessary regulations when providing mHealth services.

3. Healthcare business associates must also be HIPAA-compliant

Conforming to HIPAA regulations is not just limited to medical practices, healthcare clearinghouses, and health plan organizations. Any business that has access, electronic or otherwise, to PHI is also required by law to be HIPAA-compliant. This includes any accounting or law firms you work with that may already be accessing your files electronically to carry out work.

To avoid any potential trouble for your practice or its partners, it is best to ask them if they are HIPAA-compliant before partnering with them. If they aren’t, do not grant them data access privileges.

4. Your protected health information (PHI) notice must be available online

If your practice has a website, HIPAA rules dictate that your website must contain a copy of your updated PHI notice for patients to access. This notice informs patients of their rights with regard to their health information. If this information is not currently posted on your website, rectify this as soon as possible to avoid any problems.

Still not sure if you’re 100% HIPAA-compliant? Our team of experts can run the necessary risk analysis and identify areas of your technology that may not be in line with current regulations. Just give us a call today.

Published with permission from TechAdvisory.org. Source.

The post Are you HIPAA-compliant? 4 Things to look into appeared first on Complete Technology Resources, Inc..

What is a BCP?

Key threats to business continuity

How to build an effective BCP

1. Vertical tabs

2. Tab groups

3. Collections

4. Tracking prevention

5. Password Monitor

6. Immersive Reader

7. Easy switching

The problem

The solution

1. Whether it be on-premises, on the cloud, or both, data storage must be HIPAA-compliant

2. Data must be secured while providing telehealth and mHealth services

3. Healthcare business associates must also be HIPAA-compliant

4. Your protected health information (PHI) notice must be available online

About CTR

Latest Post

Arizona:

Connecticut:

Massachusetts:

Contact Information: