Everywhere you look business owners are inundated by issues pulling their attention in a multitude of directions. One issue almost every owner has managed to get under control is network security. These businesses are secure from external threats and because of this, believe their systems to be 100% safe, however, they may have missed the possibility of internal threats.

In recent years the majority of security threats and compromises have come from within the company. A common threat to companies is the logic bomb - malware that targets IT systems and deletes data. As a logic bomb is introduced from within the network, the blame often lies with a disgruntled employee with full access to internal systems.

Insider threats Giving employees full access to the network when they don’t need it is a common mistake often made by companies. There’s little need for an employee who does graphic design to have access to weekly sales records. This practice could set your company up for a considerable security problem in the future.

Dawn Cappelli, an insider-threat expert at the Carnegie Mellon Software Engineering Institute stressed, "These types of insider attacks happen to businesses of all sizes, from small companies to very large corporations." This is an important issue businesses should be aware of if they want to remain secure.

Take Precautions Security threats can be a particularly harsh nightmare for small businesses, as many don’t have an IT department or staff with the technical expertise needed to maintain a secure network. If you’re one of these organizations, it’s a good idea to hire an outside consultant to help you with your network security. With consultants, it’s important that you maintain close contact with them to ensure any issues that crop up are dealt with expeditiously.

If you don’t work with an external company there are a few things you should do when you have an employee leave the company. First, their accounts should be deleted immediately and their access privileges should also be revoked. Second, if you have accounts with shared passwords, you should change them to ensure an ex-employee can’t gain access to the system.

If you’d like to learn more about internal security, and measures you can take to ensure you are safe, we are ready to help you. Please contact us.

Respect him or not, Mao Tse-tung had it right when he said, “The only real defense is an active defense.” Businesses have taken this literally and have adopted Business Continuity Plans (BCP) to ensure that when a disaster strikes they are ready with an active plan. Many of them are prepared technology wise, but the other assets may not be so ready.

Here are six key non-IT functions and processes that need to be in place to ensure your company is ready to effectively execute your BCP.

Easy to use plans Many continuity plans have been developed mainly for the IT department, as such, they can be a little complicated to understand and follow if employees don’t have a technical background. You should aim to have a plan that’s easy to follow and can be understood by all employees.

Communicate plans Remember that your plan encompasses all facets of your organization. It’s crucial that every employee knows their role and the relevant actions to take when the plan is executed. To do this, you need to ensure that all employees have access to a copy of the plan and any changes or updates are clearly communicated.

Test plans Beyond communication, it’s important to conduct regular tests, with every quarter being sufficient. The tests should be as real as possible and span all departments within the organization. This will ensure that employees are aware of how they, and the systems, will react under duress. It’ll be beneficial to your business if the first time the employees execute the plan isn’t during an emergency.

Short term and long term plans Your BCP should consist of both long term and short term elements that can be easily adapted to meet changing business environments and the emergence of new threats. You should aim for an even mix of short and long term solutions that cover as wide a variety of situations as possible.

Ensure buy-in from all levels If you’re in the process of instituting a BCP you should ensure that the whole organization is onboard with the plan. If an employee is unsure about the validity of a part of the plan, take the time to find out why and ask for suggestions. An uninformed or uncooperative employee could be the difference between survival and failure in a disaster situation.

Update and Review After every test, staff turnover and technological update, you should review the plans and make changes if necessary. Essentially, if anything in the company changes, review and update the plan. Remember: just because you have an effective plan this month, doesn’t mean it’ll be so in the future.

Continuity plans are only as strong as the weakest link. In an emergency, the last thing you want is an employee following the wrong process or be unsure of what they should be doing. If this happens, you could see an exponential growth in recovery time and costs. We’re ready to tell you more, so please contact us if you would like to talk continuity planning.

There’s a big gap between what physicians thought they could do, and what they were eligible to do, to collect meaningful use incentives last year, according to a new study, which appears in the May issue of Health Affairs.

The study shows that 91 percent of physicians nationwide were eligible for federal electronic medical record (EMR) incentives in 2011. However, only 10 percent intended to apply for the program.

That number was on the low side of what the federal government had anticipated. The Center for Medicare & Medicaid Services had estimated that 10 percent to 36 percent of Medicare-eligible professionals and 15 percent to 47 percent of Medicaid-eligible professionals would demonstrate meaningful use in 2011.

According to the authors, among physicians intending to apply for meaningful use, about 21 percent were ready with the 10 core capabilities. Even in the state with the highest degree of readiness - Wisconsin - only 32 percent of physicians were ready with the 10 core capabilities.

The authors say the low level of readiness illustrates the challenges in meeting the federal schedule for financial incentives. Healthcare practices have support options, however. Your IT provider can help you if you need assistance preparing your meaningful use.

The key to patient-centered care - a concept that continues to evolve - is the relationship between physician and patient. Finding the balance between patient engagement and information technology, however, can be challenging.

IT has benefited healthcare practices in many ways. For example, it allows patients to service themselves when it comes to transactional exchanges, such as scheduling appointments and reviewing bills.

There are fears, however, that IT can also create distance between the practitioner and patient, reducing face-to-face contact. Here are three tips to ensure that doesn’t happen:

1. Accept that patient-centered IT initiatives help the physician. Small practices need to adopt the same features as their competitors, including large practices as well as low-cost primary care providers such as CVS and Walgreens.

2. Determine your needs. Patient-centered IT practices vary. Some practices use patient portals to optimize patient input. Others use email, text, video and mobile apps to create an impact across a broader spectrum of their patients' health. You’ll need to find what works best for your patient. Younger patients, for example, might prefer text messaging; older patients might prefer email.

3. Reconsider your reimbursement model. IT advancements have patients emailing, text messaging and video conferencing their doctors without payment. That puts pressure on the physician to do more for less. This is a problem with your business model, not your IT. You can't offer services that eradicate half of your service visits or you'll bankrupt your practice.

For details, please see “Five Keys to IT and the Physician-Patient Relationship.”

Collaboration is all around us. We see it on a daily basis in both our personal and professional lives. At work we cooperate with colleagues, managers, suppliers, customers and almost everyone we come in contact with at the office. It’s become so important that if businesses have employees who don’t mesh, their chances of success are almost non-existent.

Here are seven tips on how to improve collaboration within the office environment.

1. Open communication. One of the keys to successful teams is the adoption and encouragement of an open communication culture. With this, teams are better able to grasp what’s going on within the company, and be more efficient contributors and team players.
2. Use the right technology. It seems like there are a million different software and technology options out there. Some of the tools available offer some fantastic features and it’s easy to get sucked in by a flashy component. It’s important that when choosing a tool you pick one that meets your company’s needs and is easy to use.
3. Collaboration tools must play well with others. It’s beneficial to select systems that can be seamlessly integrated with other tools and software used by your employees. If your solutions don’t work together, all parties won’t be able to work together.
4. Employee learning is key. When you find the perfect tool to use, be careful to take time and learn how to effectively use it. Training for the users of the tool is equally important.
5. Work hard, play harder. Teams and departments should step away from their computers and actually have face-to-face meetings at least once a week. These meetings should be a mixture of formal and informal, and offer employees a chance to come together as a team, unwind and share ideas. A team that can interact well will always work together with greater efficiency.
6. Mobilize. The smartphone is here to stay and with each passing year the number of users grows exponentially. It’s beneficial to encourage the use of these devices, and look for mobile solutions that allow users to be a part of the group while out of the office. If you do allow mobile devices, be sure to establish a clear usage policy so employees know how and when they should be using their phones.
7. Don’t just focus on internal collaboration. One of the most common mistakes companies make is that they focus on group participation within the business, but don’t provide adequate support for external interactions. Be sure you integrate tools that provide stakeholders with a way to connect and work with teams within the company.

With a team that interacts effectively you’ll see happier employees and higher profits: a win-win situation. If you have any questions regarding collaboration tools, or other ways to increase business value please don’t hesitate to contact us.

Macs running OS X are often touted as the most secure machines. While OS X is definitely more secure than other operating systems, it may not be as secure as owners think. A new trojan that takes advantage of a security flaw in OS X has been discovered, and it’s a doozy. This has the potential to be a security nightmare.

If you mention “OS X” and “virus” in the same sentence, you’ll get some weird looks from Mac users. Traditionally viruses and trojans on OS X were near non-existent, but there’s a Mac specific trojan, codenamed Flashback, that has affected more than 600,000 computers. This is big news as it shows that machines running OS X may not be as secure as first thought.

Many Mac owners are unsure of what exactly the Flashback trojan is, what it does and how to ensure they’re not infected. We’re here to help clarify the situation.

What is a Trojan and What Does Flashback Do? In general terms, a trojan is a piece of malicious software that infects a computer and gives control of part, or the whole computer to hackers. The Flashback trojan takes advantage of an OS X Java vulnerability and infects computers by tricking them into downloading a fake Java update.

When the program is installed, Flashback will download and install the main trojan code without the need for permission from the administrator. From there it proceeds to hijack your browser, redirect search queries to websites developed by hackers, and then take advantage of pay-per-click advertising.

Why Should I be Worried? While this version hijacks your browser, there are far more sinister things it could do. As this trojan acts as a downloader, there’s nothing stopping the developers from updating the malware to steal passwords, banking information and other confidential information.

How do I Ensure My Mac is Clean? Apple has released an update for machines running OS X 10.6 and later. The first step you should take is to update your computer to patch the vulnerability. To update your Mac:

1. Press the Apple logo, located in the top right hand of your screen.
2. Select Software Update...
3. Press Install and Restart.

While the patch will prevent Flashback from working, it won’t delete the program if you’ve been infected. The Internet security company F-Secure has developed a script that scans your computer and removes Flashback if found. Once you have downloaded the script, open and run it. The script will search your computer and place the infected files in an encrypted ZIP folder labeled Flashback_quarantine.zip.

Flashback has infected a higher number of Macs than any other trojan to date and goes to show that Macs also have security flaws. This also serves as a reminder that you should have a virus scanner and security program running on your Mac. If you have any questions regarding the security of your Mac or other devices, please don’t hesitate to contact us. We are here to help keep your machines secure.

With the multitude of devices at our disposal we have become a society of interconnectedness, and have seen once clear divisions of work and personal life blend into one. This has created an international society of workers who are experts at balancing a number of tasks, while never really being able to focus on one task. There are just too many factors pulling our attention in multiple directions.

It’s time to reclaim our focus at work and here are seven tips to help you do so.

1. Practice productivity wind-sprints. While at work, we’re normally doing work while browsing Facebook or chatting. This can be harmful for productivity and shifts your focus from important work related activities. Interval training is a great way to increase your focus. Get a timer, set it for ten minutes, and focus solely on your work. When the timer goes off take a two minute break.
2. Defensive scheduling. Our days are filled with commitments and we struggle to keep up with our projects or find time to work uninterrupted. Schedule a meeting with yourself at a convenient time. Treat this meeting like a real meeting, no interruptions. This is your time to focus on important tasks or projects.
3. Socialize with your tablet. Separate work from social activities with a tablet. We’re often just hitting our stride with work when BING, we get a chat message. What do we do? Immediately reply to the message. When we do that we lose our focus and struggle to regain it. Why not use use your tablet for all social activities and work computer strictly for work? Combined with tip one, this could really help you focus.
4. Realize your unconscious focus. The vast majority of managers often aren’t sure what the top issue in their mind is. It comes with multitasking, we’re always making less important ideas critical, and this takes our focus off the most important issues. To realign your focus take some time, let your mind wander, and make note of the ideas you keep returning to. These are your most critical issues.
5. Focus on most important tasks first. When you get into the office in the morning switch off your phone and email alerts. Focus on your most important priorities, this will give you time to get your most important work out of the way, before you shift your focus onto other less important projects.
6. Disconnect. Many of us don’t take time to give our brains a rest, we’re always thinking and possibly worrying about work. It’s beneficial to your mental and physical health if you take time each day to disconnect from the office. Temporarily sever all ties with the office and focus on something you enjoy doing. Remember, this is your time don’t think of work, focus on the activity.
7. Can’t focus? Consider if what you’re doing is right for you. If you find that you really can’t focus, even with the previous techniques, it might be time to consider that what you’re doing is actually something you don’t care about or enjoy. If this is true for you, then it’s time to start looking for a change.

With these tips you should see an increase in your focus and productivity. If you would like to know more about how to improve your productivity please contact us, we can help.

Collaboration is important to a company’s success, and one of the tools that has enabled collaboration is Skype. Utilizing Voice over Internet Protocol (VoIP) it offers users a way to communicate and work together across vast distances at a low price. With these benefits, businesses have been integrating Skype in greater numbers.

Skype has some excellent features but many businesses stick to the basics. Here are four ways you can better utilize Skype.

• Call forwarding. If you’re expecting an important call but have to step away from the computer for a bit you can forward any calls to your phone. To set up call forwarding: open preferences and select Calls. You will see the option to set up call forwarding at the top of the page. Press the Forward calls radio followed by Set up Forwarding. Be aware that regular call rates will be charged.
• Screen sharing. Skype is a terrific collaboration tool and many businesses take advantage of it by holding virtual meetings. You can take this one step further by sharing your screen with other parties you are chatting with. This is a fantastic way to give virtual presentations. To share your screen while in a chat press the plus symbol at the bottom of your screen, or right click, and select Share Screen.
• Customer service tool. Using Skype is a convenient way to get in contact with your customers. Ask your website developer to put a Skype button on your website. Be sure to add when you or your employees are available to be contacted.
• Add-ons. Skype has solid features but there are a multitude of add-on apps that can make it even better. Some apps allow for closer collaboration, let you broadcast pre-recorded messages, or record video and audio calls. The apps can be downloaded from the Skype Shop.

Skype has many useful features that when utilized allow businesses’ clients and employees to communicate with ease. If you would like to know more about using Skype or other VoIP services in your company please give us a call.

The short answer NO. The long answer is it can be HIPAA compliant, PCI compliant and accepted as Standard Business Security if you use Remote Desktop (or RDP) across a VPN. We work with many healthcare providers and the HIPAA rules are pretty clear.

1. Any access from the Internet or a remote location must be encrypted. This means healthcare information going across the Internet cannot be read until it reaches the authenticated user on the other end where is it decrypted.
2. Passwords should be stored in a central manageable location like a managed firewall or windows server
3. Remote access is tracked and attempts to connect are also logged
4. Login and Password are sent as encrypted data
5. Unlimited attempts to guess or crack a password are stopped by the VPN device

Many organizations allow users to access their PCs via windows remote desktop connections by opening a port on the firewall and allowing the user to directly access their office computer from home. This practice is not secure, and is definitely not HIPAA compliant. Setting up a remote desktop with a weak password is just asking for trouble and opening a remote desktop port on the router for it that hackers could use is definitely a risky practice.

So how can a healthcare facility or security conscious business allow remote access without violating HIPAA, PCI and other security standards?

We recommend installing a firewall, in particular a Sonicwall Firewall. The Sonicwall line of firewalls come with an SLL VPN, which is a secure way to create an encrypted connection to your office network before initiating a remote desktop connection. Sonicwalls are affordable for almost any business starting at about $500.00. We also offer Basic Sonicwall monitoring that stores logs offsite, sends reports and sends alerts for threats.

Sonicwall’s SSL VPN feature provides easy access to work data from any Internet enabled windows PC by downloading a small SLL VPN client. For Physicians and executives who need to access sensitive data from multiple locations in a hurry this product fits the bill perfectly.

Another issue that many business owners overlook is the patching of the windows operating systems. The healthcare law states that you must take preventative measures to protect the patient data, PCI sensitive data and customer’s personal information. If you fail to keep your PCs and servers patched to the latest Microsoft security patches, then your organization could be accused of negligence and this failure can lead to virus attacks, data theft and other intrusions.

How are Healthcare businesses making sure they follow the standards on the HIPAA law and qualifying for the “meaningful use” standard? They are having Micro Doctor, Inc. install our MD-Care agents on every PC, and they rely on us to not only patch the systems but also monitor and report on PCs that a missing important patches. Our MD-Care console uses the Red – Yellow –Green alerting system so we automatically get notified via a ticket and can at a glance see which systems need attention.

Our medical customers are not only protected from HIPAA violations but qualify for “Meaningful Use” and the thousands of dollars the come with upgrading to EMR/HER.

If your practice or business is at risk, please contact us. We offer a free initial consultation with one of our technical account reps.

Mark Richmond, President and CEO of Micro Doctor Inc.        04/28/2012

With the adaptation of Stage 2, companies operating in the electronic medical records will shift their focus from the capture to exchange of health information. One industry insider has recommended 10 things your EMR needs to be truly interoperable.

1. Single sign-on (SSO). Applications tend to proliferate, and if you don't allow people to switch between these applications using a common login and password, users will get frustrated and give up.
2. Context transitions. As applications grow, and you need to integrate them into an EMR, SSO won’t be enough, because you’ll still lose the “active patient or task" being performed. You’ll also need to provide for the transition of context between applications.
3. Widget publishing. EHRs often have hundreds of functions, and if some are exportable or publishable as widgets, they become much easier to integrate into new user interfaces in the future.
4. Widget consumption. EMRs will become more like containers of cross-application functionality than innate functionality, so consuming widgets will be a basic requirement.
5. Mash-ups. EMRs should allow access to their content through the content management interoperability services (CMIS) standard, thereby allowing users to unlock content they have in various health records.
6. Customizable dashboards. EMRs should provide dashboards that can be tailored by organization, user role, or even user.
7. Interactive Voice Response (IVR). IVR, which allows an EMR to interact with users through phones and other voice systems, such as Skype, will improve collaboration with patients and other physicians who aren’t at a computer.
8. Voice recognition. This will help users conduct EMR tasks more efficiently.
9. Natural language understanding. Because most EMR data is entered by humans, an EMR must integrate with systems that can convert the spoken word or typed text to structured data.
10. Customizable data import and export. A good EMR must allow customizable importing and exporting of simple lists in common formats, such as Excel, CSV and XML.

Details about these tips, and an additional two not discussed above, can be found here.