What Does an IT Support Company Do?

IT Companies Focus on Your Technology So You Don’t Have To

Choosing an IT support company like Rx Technology is one of the most important decisions you can make for your business. With the amount of technology innovation over the last ten years, it’s imperative that organizations focus on their infrastructure improvements not just on business strategies for growth. To remain competitive businesses need to update their IT strategies along with internal processes.

Also known as Managed Services Provider (MSP), an IT support company is built around a group of IT specialists who make up the core of the company’s IT team. This team provides support for several different organizations serviced by the IT support company or MSP.

Their experience in cloud services such as server hosting, desktop hosting, file storage, or data backup and disaster recovery services, not just one company but they share that support cost across hundreds of businesses in the area they support. With a pool of knowledge workers, an IT support company can offer comprehensive services at a fraction of the cost of hiring a cadre of technology employees. With on-demand helpdesk, your employee’s can submit tickets or call the support line for immediate attention to problems faced in working with technology. Keeping your employee’s productive and reducing internal needs, you can focus on what makes your business grow.

What Does an IT Support Company Do?

There are two facets to IT companies support plan. The first is fixing issues with technology, but they go one step further. They look to remediate the underlying problems with technology systems to alleviate additional calls. Correcting core issues drives productivity on the organization side and helps drive profitability on the IT services side.

A good MSP or IT services company will provide a monitoring service for all desktops and servers to report on issues before they are widely known, think of this as an early alerting system that gives the technology support company time to address the issue quickly.

Another facet of IT support is creating a ticket. Some companies provide ticket submission via email or a portal; another great offering is allowing employees to call with quick issues to talk to a live technician to tackle easier problems quickly over the phone.

Preventative Care for your Network

Much like medical care is focusing more on managing risk rather than waiting for unmonitored issues to become full-blown problems, IT services work with your company to co-author technology solutions to stay ahead of current trends before they become a problem. If you work with a business application that has a substantial upgrade, you’ll want to know if your current desktops are ready to handle the new application needs before the update occurs. Understanding how your organization does business is another critical component, so services and trends match your business goals and create alignment between both agencies.

Preventative planning also includes providing great backup services or full disaster recovery plans to keep your data safe in the event of a simple power outage, ransomware and malware, or something much more devastating.

Other Preventative Care Services</h3

• Server Virtualization
• Offsite Cloud Backup
• Business Continuity
• High Availability

There are several services offered by IT support companies.

• Workstation and Server – patching and optimizing systems consistently for security and stability.
• Infrastructure Planning – understanding of components like servers and switches but also of cabling and connecting those systems.
• Employee Turnover Planning – having a cookie cutter routine to follow when employees move or change is critical to reducing costs.
• Ethical Phishing – training employees to become human firewalls, protecting organizational data at the source.
• Email Migration and Hosting – converting from internal email systems to external or from one service to another it’s important to have a partner that has the depth of skill for a smooth transition.
• IT Projects – if you aren’t ready to go full outsourced IT or you have a fully trained staff currently IT services organizations can deliver project management for any infrastructure or connected environment projects that may be too large or time consuming for your current team.

What Happens After You Decide to Hire an IT Support Company?

The IT support company will need to access your existing systems and processes to make the best recommendations for a mutually beneficial agreement. The assessment may be a review of your current systems, servers, desktops, or firewall and switches, or a complete scan of all devices to understand what condition they are currently in and what needs to be updated or corrected to move to a preventative care solution with an IT support services company. It may seem daunting at first but after the initial assessment things can move quickly and your organization can start realizing improved support services right away.

For additional information, please contact us today for an assessment of your environment.

Contact Us Today

Understanding Enterprise vs. Consumer Wireless Deployments

Building a Better Wireless Network Infrastructure

One topic that comes up frequently here at Rx Technology is wireless connectivity. More organizations than ever are looking to ditch the cable in return for monitoring and connecting users over the air. It’s not for everyone, and it’s not a time to go the local electronics boutique when it comes to your business.

Normally when WIFI is deployed you would select various areas to run the Wireless Access Point’s (WAP) and connect them and go. This can have a mixed return if you’re too close in some areas to another WAP or if you are too far away, or if the devices themselves do not communicate to hand off users from one device to the other as the signal changes. Wiring and metal studs can also have a profound impact on your ability to get a strong signal. One way to check is to run a test that creates a Heat Map of your office. This consists of capturing signals with a device or mesh around the building that can listen to wireless signals and determine the coverage and power across the floor plan. This creates a map like the one shown that will help to determine where devices need to be placed, and if they are adequate or if you need additional access points.

All Access Points are not the same, some promise a more power to go further, but the signal strength is inadequate, and others promote just enough power to stay in range within each of the other access points but may require additional devices. A careful review and analysis has helped us here at Rx Technology understand what those differences are in the products. Some manufacturers have ramped up the signal dispersion but fell short on the power, meaning on a heat map it will show nice coverage across the entire area but a lack of power is evident in the various areas we travel through. Clearly this isn’t optimal as we’re looking for just enough power between access points to blanket each affected area without casting your WIFI signal out to the street and neighboring buildings just because the device can run at “ludicrous” mode. More exposure means more risk, and that means more time and diligence in protecting your network.

Even in the world of Wireless technology all things aren’t created equal. Signal power can mean the difference between a file download taking a few seconds to a few minutes. It may not seem like much but in productivity tests with slower signals has shown that selecting links to enter data and submitting can increase work times for the same data by several percentage points per week. Obviously this depends on a number of factors but it’s not a stretch to note that slower connectivity will create slower data collection and distribution which will affect end users productivity. This may be nominal for one user but tie in using consumer grade equipment and the number of dropped connections, lost data, and other issues and it will lead to some serious morale issues if nothing else.

A good wireless strategy doesn’t have to be expensive. Heat maps can be done on a variety of levels and range in cost but most offices can be mapped in less than a day with significant amount of data to determine if there needs to be a rework of the existing infrastructure. Looking at that information a determination can be made if existing devices are beneficial and can be re-worked into a new plan or if a complete technology refresh is due. Running cables to the areas needing new hot spots, and connecting that back to your existing infrastructure sometimes takes two different organizations and coordination, however, some companies like Rx have the staff and team to handle both sides of that equation. You’re better off working with one vendor for the entire project than working on each piece independently due to the ability to move, reorganize, or swap WAP locations easily.

If you do go through a wireless review please remember to not only get a heat map created before the project but make sure you get a follow up after new access points have been deployed or old ones moved so you can see the results from the project. Even in that instance it’s not guaranteed to be a move and success! Sometimes the building itself will play with the signals and prevent a strong signal from one area to another. There are several levels to enterprise class wireless access points so don’t be afraid to shop around for the best products. Providers may prefer one brand over another, but in most cases there isn’t a clear winner in any brand, so much of it is subjective or based on internal configurations or simply what you are looking to achieve with your wireless management. It all depends on what you want to cover and how much control you want your solution to have.

One more point about enterprise class access points that is often overlooked but we can’t stress the importance enough is the ability to have a guest or separate internet connection broadcast from your devices. If employees bring mobile phones or tablets to work it’s best to allow them to connect to a guest network that is completely segmented from your internal infrastructure. This prevents malware from personal devices to infect the network and it insures that all the devices on your network belong and can be filtered, managed, and tracked while other unknown devices stay on an outside network connection. Remember it’s about ease of access, but you want to keep your business data as secure as possible. It’s imperative that you consider every aspect of security as it comes to your deployment for wireless. Begin with the end in mind and make sure you’re developing good security habits during the planning phase so it doesn’t have to be broken down later to fix any mistakes or oversights. Something about measure twice and cut once comes to mind… Although we don’t recommend cutting any wires until you speak with a good technology consultant first for your wireless deployment needs!

Contact Rx Technology today to talk to someone about your wireless network needs.

Contact Us Today

Top 6 Issues for HIPAA Network Compliance

Securing Patient Health Information for HIPAA Compliance

Rx Technology works with dozens of medical organizations daily on securing Patient Health Information (PHI) for HIPAA Compliance. Often when we begin, medical staff and administrators don’t understand the complexities of network communication and often fail to comply with all of the requirements. We would be the first to admit that they aren’t always that easy to follow, and the landscape of data management changes frequently like most HIPAA rules as the applications and workflows change. We want to share with everyone the basics of securing PHI and making sure your organization, if they handle patient information, is securely handling that information.

1. Find a partner for IT support like Rx Technology that handles HIPAA information frequently for guidance. A good Managed Service Provider (MSP) should have a Business Associate Agreement (BAA) in place to be a responsible handler of PHI and securing all medical information. While it is still your responsibility to identify and categorize what information is sensitive, the MSP should be able to secure all of your data to avoid any non-compliance fines.
2. Unique user identification. Every person that touches PHI or any medical systems or EMR absolutely must have their own username and password. Ten percent of all breaches are caused by users, it is imperative that we’re able to identify the offending party and train them how to properly handle sensitive information. More importantly, HHS mandates that unique logins are a critical first step in securing data. No sharing one username for multiple users!
3. Emergency access procedure is required. You need a good data recovery plan in place in the event of disaster or server failure. You need a good backup, but just as importantly a way to access that data securely in event of an emergency. This is often overlooked since tape backups or hard drive backups should be encrypted and provide no immediate recovery or data access without a lengthy time period to recover information. An onsite or remote recovery portal with a unique login with access to patient information is imperative.
4. Automatic logoff is mandatory. What can we say, it is difficult to ask employees to log in every five minutes but when it comes to PHI it’s another mandatory factor to address. We have several tools to automatically put up a lock screen within a minute of non-activity on a monitor to prevent unauthorized access. We know it’s rough, alternatively, the fines that come with it are much more than any reason not to comply. This also helps to ensure rule #2 above by disallowing users to share a desktop with the same username logged on.
5. Encryption is a must. Data must be encrypted at rest (on the desktops hard drive) and in transit (while being moved from desktop to another location like a server file share). There isn’t always an easy way to know if this is being done or not. There are several tools that Rx Technology uses to encrypt data on the hard drive and makes sure that there is a HIPAA compliant solution for storing or moving that data from one desktop to another. It is just one other reason to partner with a reliable MSP that has a track record of dealing with PHI and HIPAA compliance.
6. Audit controls are required. This is the most overlooked item in compliance we find as we move between medical offices. There are no controls to see what users can access what systems, or even desktops with PHI on them. Should person A have access to server files in a share? What if they have access to log on a PC with PHI and they aren’t part of the medical staff? How can you check? Rx Technology uses sophisticated applications that track where data is stored, who accesses it, and any anomalies related to network activity that appear suspicious. This allows us to automatically create a ticket to review and either clear or escalate a suspicious action. This brings data security to a new level and makes sure that medical environments are protected by keeping an eye on the network 24/7.

While these aren’t all the areas we need to address when working in environments that handle PHI, they are the first thing we look for. With Rx Technology’s ability to share costs for expensive scanning and monitoring applications across hundreds of customers we bring an incredible economy of scale that gives the customer flexibility to enjoy the very best protections without a huge capital expense. Contact Rx Technology today to discuss how we can help you better secure medical data for HIPAA compliance!

Contact Us Today

7 Benefits of Partnering with the Right Managed Services Provider

How Can a Partnership with Rx Technology Help You?

Managing IT services in the organization can be a real headache. Trying to stay ahead of technology changes while staying within a budget is difficult to manage even if you have internal staff. Day to day support and moving projects forward can be overwhelming even if your IT department is fully staffed.

As a leader in the SMB market, partnering with the right Managed Service Provider (MSP) can be the secret to your IT success. With a good MSP, partner labor costs can be greatly reduced, and IT services can be delegated. This will allow your internal staff to focus on projects and frees their time from “putting out fires”.

MSP’s have a variety of tools that allow them insight into managing your network from monitoring services like internet connectivity or critical services stopping to managing patches or rolling out new software updates. Affordable options that help to streamline your processes and managing your network that takes staff can be delegated to an MSP to provide a proactive level of support by creating tickets for these issues automatically and addressing problems often before your users are aware of an issue to prevent lapses in productivity.

MSP’s can provide all or a portion of network services, so you can hire internally with help, or they can run your entire infrastructure. Often full services can be offered for less than hiring an internal staff with unlimited potential for access to several techs with a broad range of experience.

Benefits of a Managed IT Service Provider

1. IT experts available 24/7 – Stuff happens, not every day but when it does you want to be ready. If the server crashes Saturday night most organizations will find out Monday morning as staff realizes they are unable to log in. Rx Technology will notify you as soon as the server goes offline to get access and remediate.
2. Enhanced Security – Managing simple tasks like patches for operating systems all the way to managing the firewall proactively and watching for anomalies in network behavior are the bread and butter of our MSP. Economies of scale give us unlimited potential in sophisticated systems at a fraction of the cost of a single organization to acquire the tools independently.
3. Vendor Management – Rx Technology takes the burden of managing multiple vendors and systems which can save you money and time. We’ll take over contacting the ISP or other support vendors to allow your staff the time to focus on internal services rather than sitting on the phone tied up with one issue. You have access to a team of experts to address different needs of your infrastructure instead of one person trying to be the “Jack of all trades”, simultaneously being able to address needs within multi-location sites with diverse infrastructure environments.
4. Cloud Solutions – As more applications are being deployed in the cloud, you need a partner that understands the complexity of cloud integrations and management. Rx Technology serves as your cloud expert, providing support, analytics, and integrations. Rather than relying on internal resources to become experts on how various applications you can count on Rx Technology to have the experience from thousands of cloud deployments to ensure successful launches and ongoing support.
5. Affordable access to the latest hardware and software – Rx Technology can save your business thousands of dollars while ensuring that you are up to date on all the latest and greatest hardware and software. We become an extension of your organization and can anticipate which applications and integrations you will need to optimize your business. Because of our relationships with a wide range of vendors and their status as a value-added reseller, we can negotiate the best price for whatever you need.
6. Cost Savings vs. a dedicated internal IT team – Budgets are tight for SMBs, and having a dedicated staff on hand to solve complex issues can be expensive. Under-staffing IT can lead to constant issues and unexpected downtimes while having internal IT staff sitting idle wastes critical company funds. By giving your support to a trusted MSP, like Rx Technology, you receive enterprise-class support well within an SMB budget. Imagine getting an entire support staff dedicated to maintaining your network for less than the cost of hiring one IT person!
7. Peace of mind – Having a dedicated MSP that streamlines your business and serves as a single point of contact for all your vendors provides invaluable peace of mind. With the right MSP partner, small and mid-sized business leaders can rest easy, knowing that their network is secure. They will always have the software and hardware they need to run efficiently, and there will always be someone on hand to help when systems go down.

Your MSP partner can also help design a cloud solution that utilizes technologies to improve your day-to-day operations without the need to hire and train your own internal IT team. A high-value MSP partner like Rx Technology takes care of all your IT issues so you can focus on running your business.

To learn more about how a partnership with Rx Technology can help streamline your business, call us today at 210-828-6081. You can also contact us by filling out the form here.

Contact Us Today

Outsource Your IT or Hire Internally?

Factors to Consider When Deciding to Outsource Your IT Department

As more companies move towards a managed IT services model to service their technology needs, there are still questions on how best to implement that technology. Some companies struggle with the decision whether to outsource their IT or hire someone internally. We’re sharing a few of those concerns below to help you decide your support future.

IT hiring can present a company with some rather unique challenges, many of which are accomplished by working with the right managed services provider. These include:

• In cost comparisons, companies found that outsourcing their IT staff saved money over full-time employees. The cost to hire, train, and reimburse for certification programs outweighed any contracts. There are no soft costs or taxes involved with managed services contracts either.
• Training internal IT staff to support your network also takes considerable time and effort. If any member leaves, there is a gap that comes where that training and the knowledge exchange occurs. A managed services organization builds out a repository of documentation surrounding your environment so that each member can pick up where another may leave off.
• Managed service providers also staff a deep bench of talent that is skilled and experienced in different areas of network support. Hiring an individual with skills in every network environment is unlikely or going to be very expensive.

“Won’t internal IT support respond to my requests for support faster?”

It is a common misconception that having someone on staff will respond quicker to technical issues than a remote staff. A good managed services partner like Rx Technology will have monitoring tools that will detect and correct or create a ticket automatically to address issues with desktops and servers. Often before an end-user is aware of the problem. When several issues occur at once, they are also able to delegate resources to multiple issues rather than tackling one at a time.

“What if my managed services contact cannot resolve the issue?”

Much like internal IT staff, any single technician will not have all the answers. Sometimes technology will be outside their realm of understanding or expertise. A managed server partner with a larger support staff will often have the leverage to escalate issues to techs or engineers that have the experience to resolve the issue.

The alternative would be to hire expensive consultants to come in and resolve the issue if the internal staff is unable to resolve.

“If I outsource my IT, will I have to dissolve my internal staff?”

Even if you go with a managed services model, there are several reasons to keep part of your internal staff. Resolving issues that don’t require specialized knowledge of a certain technology and acting as the point of communication between the managed services team and your staff brings great value to the relationship.

We leverage internal staff to handle low-level calls and escalate issues outside of their understanding to our teams. We get a great synergy and bring a huge value to having not just an onsite resource that aligns your IT plans with your business objectives, but it gives your organization the leverage of technology experience and capabilities while controlling overhead costs.

“If I outsource IT will I be introducing risk in an environment where we have strict compliance and security policies?”

If you take the time to find a reputable managed services organization you won’t risk non-compliance. With the ability to share costs among several organizations, managed services organizations can leverage the economy of scale to offer HIPAA Compliance Solutions, PCI DSS Compliance, and security monitoring and compliance at a fraction of the costs for companies to purchase directly. Technicians are screened and monitored just like any other job.

Determining those security concerns up front allows the provider to set controls for accessing certain information or systems without supervision. With monitoring and feedback systems the outsourced, IT team can detect anomalies within the network and report on end-user behaviors, logins, and what individuals have access to network locations and devices. Reporting on any activity can be tracked and delivered to your organization on a regular schedule.

There are benefits to outsourcing IT, but it’s important to spend time finding the right organization with the right staff and abilities to leverage success with your business. Rx Technology has been in the support and technology field since 1995, offering best in class solutions, with certified and seasoned engineering staff to meet your goals and objectives.

Contact Rx Technology today for a network assessment and discover how we can help your organization.

Contact Us Today

Ransomware and Protecting Organizational Data

Protecting Your Data is Critical

For the last ten years, we have been fighting an organizational scourge that threatens all levels of the SMB marketplace. This problem is ransomware, a malicious file distribution system targeting users of email by tricking them into installing malware. Once the program establishes itself, it will find all shared files that the user has permissions to view and encrypts them, so they are no longer accessible. For critical business files, this can be a disaster. Without a recent backup of the data, data is lost unless the organization agrees to pay the ransom. The most significant problem here is it empowers the attacker and provides funding for them to expand their operation to target other companies.

Why is this system so pervasive and why does your organization need to pay attention?

For starters, no matter the size of your company you are a target. Every business that contacted us for support after the attack didn’t think that they would they would be victims of a cyber attack. They felt their company size or their obscurity would protect them from having to deal with a situation like this.

It’s imperative for organizations of all size’s to start protecting their systems with training, secure data backups, and improving methods for blocking attacks. There are multiple layers to this process, but they don’t have to dedicate a considerable budget to accomplish these goals. It’s important to understand that the weakest link in any organization’s network security are the employee’s that are managing their data every day. They need to be empowered to work safely and efficiently to keep the business moving.

What to Consider When Reviewing Network Security

• Email security – a front-end cloud-based application that checks emails for malicious links and files and removes them before the end-user receives the email. This affordable service is a nominal monthly fee based on a per-mailbox pricing structure.
• Test employees with an ethical phishing campaign and provides training to help them spot and stop these attacks at the source. Ethical phishing programs create “human firewalls” out of your employees and are both incredibly effective and cost-efficient.
• Upgrade firewalls and maintain subscription updates. Updates will provide a high level of security as new threats are added continuously to firewalls via updates to protect organizations at the entry point to the network. Malicious websites and files are blocked at the network level with little to no intervention from IT support.
• Review and update your data backup plans! Too frequently cheap solutions to backup or no backup plan at all leave you wholly exposed in more ways than one. Even if you have a good backup remember it’s going to take time to recover from a Ransomware attack while your files are replaced. This is going to take productivity and time so you really want to focus on proactive solutions mentioned above and use backup as a true disaster only solution.

Try shutting your server down for one day, hypothetically of course, and try to understand what it would cost your organization. Consider employee time for non-productive paid hours, customer service issues it might cause, credits or rebates for services not rendered that day, and any impact that might have on sales or moving forward. If you have more than a few thousand dollars in mind at this point, your backup plan needs an overhaul. With virtual servers and constant snapshots of your environment you can overcome almost any challenge and keep your organization running no matter what. Now consider that you can spend less to backup for the year than it costs to recover from a day or two without being productive.

It’s a difficult thing to say, and tougher for organizations to hear, but it is the time that all business’ large and small start to take the threat landscape seriously and protect themselves. With mass involvement, organizations can create a “herd” protection system, not unlike vaccinations where the fewer the targets there are, the less malicious hackers can profit from these extortionist schemes, and we should start to move towards a network landscape free from attempts like these.

Here’s to a hopeful and safe year, but if current trends continue we’re in for a bumpier year ahead. Contact Rx Technology about how we can help you protect your data.

Contact Us Today

Network Assessment Opportunity

Choose a Network Health Assessment from a Neutral Party

Often in IT services, we find that even the most well-intentioned support staff can overlook some of the simplest protections or best practices when it comes to your organization’s network. If they focus on a break-fix model, for instance, they may not want to charge you to upgrade computer OS’s and apply patches to save money, but the truth is patches provide the most basic support for your network and prevent intrusions more often than anti-virus applications or firewalls. The primary reason for most intrusions and data loss are unpatched applications that allow for a hacker to leverage malware to gain access to your systems through tricking certain applications into allowing them access.

Equifax was breached relatively easily due to unpatched web services that the hackers got access to by doing remote scan of the network and determining the weakness. Once they found that it was unpatched, they were able to run a script to insert themselves front and center into the application to gain access to millions of accounts. Obviously, this is a worst case scenario but can you imagine a competing company or a spurned ex-employee gaining access to your account lists to share or sell to the highest bidder? We protect our accounts as carefully as we can because that information allows competing organizations to determine who they should be targeting for sales. Even if you treat them well, there’s always a chance someone will be able to convince the competitor that you aren’t doing everything you can in their best interest. For every account you lose it’s going to take two more to become whole again.

At Rx Technology, we strive to provide the most information about your network, and any weaknesses we spot in your environment. With a network assessment, we review all access information, accounts that are no longer used by may still be viable for logging on to your network, application and OS patches. The report provided will guide you in easy to understand terms on how best to approach improvements for your network and help you gain insight into your technology without the intimidation of trying to understand how the infrastructure communicates. Rx Technology has been doing technology assessments for over ten years providing valuable information to the customer to make informed decisions about their network services and how best to approach new technology and security.

A full network assessment that includes vulnerabilities and remediation will cost $2,500 or more based on the number of devices and complexity of your network. For a limited time, we’re offering this assessment for free for those that sign up. Submit your request today, and we’ll reach out to schedule your appointment and assessment as soon as possible!

Contact Us Today

How to Protect Yourself from Ransomware and Other Attacks

Protect Yourself from Cyber Attacks – at Work and Home

We’ve all heard horror stories from friends or co-workers about Ransomware and locking files only to find out that data backups weren’t effective, or worse those backups became corrupted by the infection. At least once a month we hear from organizations looking to recover files without paying the ransom and often it just isn’t possible. It gets worse, after paying the ransom, ransomware administrators send the wrong keys or nothing at all to unlock those important files. Since they ignore any regulations, they aren’t going to respond to requests for support, leaving your files damaged for a complete loss.

We’ve seen other variants in the wild now that appear not only to encrypt files, but they upload your files and databases to their servers before encryption. Effectively stealing clients lists or accounting information. Holding your documents and accounting data or client lists hostage if you refuse to pay. They may even opt to sell your data even after you pay the ransom.

Protecting yourself from Ransomware isn’t difficult, but you have to remain wary of every email you receive. There are ways to help you succeed without worrying about every link or attachment. Since some emails sent to specific users with a familiar “from” address, it is easier to trick users into thinking it is a legitimate source. The weakest link in any organization sits between the keyboard and chair. An effective training plan can help mitigate disasters and reduce the headaches of restoring files and disrupting your productivity.

First up we recommend you use a password keeper that stores all of your passwords in an encrypted container. Most of these systems use a single password that you have to remember to gain access to all of your information. This application will only fill in login information on the correct sites to prevent you from entering credentials on pages that are trying to steal your passwords by imitating a legitimate financial or important site. Automatic password filling applications are the best way to protect against entering credentials on misleading sites to expose your passwords.

Emails are frequently used to try and trick employees and sometimes even personal users. With requests to update passwords, wire transfer funds, or to update “important” information. These emails can appear to be from legitimate users by masking their identity, appearing to be from a person or organization by spoofing or faking the email address. With further examination, you can uncover a fake by replying and looking at the email address that appears in the reply line. Also hovering over links will show you the actual site that the link directs you vs. where it appears to point. These links often appear legitimate, but upon further review, you can see they are different, and that should give you a good reason not to click on any link in the email.

The subterfuge used to trick you into clicking links or files has been perfected by years of practice. If you are duped into clicking a bad file or link, do not feel like it is a failure on your part, hackers can produce some very believable emails to lure in the unsuspecting. With a proper backup, employee training, up to date firewall, spam filter, and anti-virus definitions you should be able to avoid a bulk of the scams circling the web currently.

Rx Technology provides Managed Security Services for the San Antonio, Austin, and surrounding areas. With all of the weapons to fight phishing or email scams, we can offer another level to account security and guide you in the process of not only securing your network but training your employee’s on best practices to avoid common mistakes. Contact us today to see how we can help your organization achieve your security goals.

Contact Us Today

Equifax Hack and Security Concerns

A Strong Case for Managed Security Services

As you probably have heard Equifax was hacked and up to 143 million people have had their Social Security Numbers and other data stolen. Aside from the fears and problems this brings about, let alone the fact that this is a company that along with two other credit data storing organizations, controls your financial future which puts you in a risk management mode. Do you freeze your credit with them? How do you find out if you were affected? With that many affected users, if you have a credit score, you probably were affected. Make sure you visit their site to get the latest information.

The other issue at stake is how good was their security? Many internal IT teams struggle to maintain a budget that allows them to meet growth challenges and struggle further when they ask for additional funds to shore up security concerns. Sometimes those concerns are easily fixed with patches that are readily available to download and install to protect yourself, but Anti-Virus and Firewalls aren’t going to catch all the threats as they come along. It’s simply impossible with so many new attacks developed daily.

UPDATE: Later, it was announced that it indeed was a patch released in March almost two months before the attack in mid-May occurred. Sad times for Equifax as this is going to affect most of us and has created a huge issue where most of us will have to monitor our credit reports actively week over week to stay ahead of any trouble.

Another attack, unrelated but chilling, is that the Argentina division of Equifax had a firewall connected to the internet that had the default username and password still assigned. A router like what many of us have in our homes was in use and the login which can be made from anywhere in the world was left as “admin” as the user and “admin” as the password exactly how it’s shipped from the factory. It’s difficult to come up with a scenario that many of us face daily that would paint a picture of how bad this is. It would be akin to a key fob for your car coming in from the factory with a default passcode and the dealer didn’t change them, they simply handed you a fob and you drove off only to find out later that fob opened several other cards like yours. You simply could walk the parking lot clicking your key fob and cars would unlock all around you. The only other difference is you can find those routers much quicker scanning the entire internet from a basement rather than driving to a parking lot to find a similar vehicle.

Basic security is just that, default passwords and patches should be the very least we should all practice whether at home or work. In todays connected world security through obscurity just doesn’t work. We can’t depend on the fact that billions of connected devices will hide us from predators when they can scan millions of devices per day to see if you forgot to change your password upon installation. It’s forgivable at home where many non-technical individuals are learning to live in a rapidly changing technical environment but in the workplace, with companies protecting private individuals’ personal information there is no room for a mistake like this. Two hacks to Equifax in the same week is the biggest news in security this week. I hope it’s the worst thing we hear about for years to come but it’s not likely to occur.

Business owners and executives in charge of their infrastructure should seek to shore up their internal systems. There are affordable ways to deal with monitoring and controlling access that don’t have to eat up revenue and profit. IT Consultants and Managed Security Services are great at sharing costs amongst all their customers to provide a service that would go far beyond most SMB’s ability to support.

For now, let’s look ahead and start thinking how we can all help to mitigate disasters like this by asking organizations we trust and work with how they are handling security to protect your data stored on their servers. By demanding security for our information, it will become paramount for organizations to protect their environments more carefully. Until then keep checking your credit report until the end of days if you’ve been exposed. There just isn’t a good ending to this story, or an ending at all.

Contact Us Today

Five Essential Steps to HIPAA Compliance

What is HIPAA and What Do We Do About It?

The Health Insurance Portability and Accountability Act, otherwise known as HIPAA, is a standard for protecting patient health information. You may have heard of instances where patient records were found in a dumpster (multiples times here in San Antonio over the last decade), or data breaches like the one that happened to a well know local pediatric clinic, but what does HIPAA mean for providers?

As a leader in helping healthcare providers become and stay HIPAA compliant, Rx Technology has a perspective of seeing best practices and potential hangups.

Often the protection of information is overlooked by clinics and medical providers. While not intentional, most cases we find it to be a laptop that was lost or stolen and didn’t have encryption to protect the data or worse there was a password written on a sticky note attached to the computer that would render encryption useless. These are fundamental principles we guide our medical clients to follow from the day we start providing services for them. We’re equally vested in protecting Personal Health Information (PHI) and your health information. We’re patients too!

There are four rules to follow for medical entities and those that support them.

1. HIPAA Privacy Rule. The first HIPAA rule delineates when PHI can be used or shared.
2. Security Rule. The security rule determines how electronic health information is protected. This rule is very technical and specifies best practices.
3. Enforcement Rule. This rule describes how the HIPAA law is enforced and when corrective actions will be taken.
4. Breach Notification Rule. This rule determines when a covered entity must notify certain individuals and organizations of PHI breaches.

Whether you’re creating applications for the healthcare industry or merely trying to send an email containing PHI, it’s critical that you understand these rules and think about all the ways that it might affect protected information.

Fines for failing to meet any one of the rules above can be anywhere from $100 to $50,000 for a single incident. If you sent 500 of those emails, well that’s going to be a costly mistake. For instance, in 2010, Cignet Health was fined $4.3 million for breaking the privacy rule. In more recent times, Memorial Healthcare Systems was fined $5.5 million for not auditing its systems correctly.

What Do I Do About HIPAA Compliance?

Rx Technology recommends taking a few steps to ensure you’re HIPAA Compliant. First, double check if you need HIPAA compliance. PHI is defined as any information that could be used to identify a person that was determined during healthcare treatment. While this naturally includes names, birth dates, and diagnoses, it could also include medical billing information, lab test results, email and phone records and personal health appointment scheduling information.

If that data is going to be stored locally or backed up to the cloud you want to make sure that you’re business associate provides the same controls to protecting information and that everything is shared through a secure and encrypted transfer.

For Rx Technology’s IT Services servicing medical and related fields, we prefer only to allow vendors and products that come with a BAA (Business Associate Agreement) to protect patients information and make sure that all data is protected with that same standard. Whether that’s your company financials or a spreadsheet for the company holiday potluck, we’re going to defend it with the same level of encryption and handling that we do for patient data.

The Security Rule

The HIPAA security rule is a few pages long but it’s highly sophisticated in requirements, and a good IT support vendor can help navigate those issues.

Administrative Safeguards

The administrative safeguards ensure that you are categorizing health information correctly, creating security roles around protection of that data, employee training on HIPAA, and maintaining those best practices in an ongoing manner. This also includes how and who you’re sharing that information with and that they are also compliant and carry a BAA acknowledging that relationship.

Technical Safeguards

There are three main areas here to consider.

1. How are you handling PHI and what access controls are in place? Can employee’s stay logged in permanently without a lockout? Does staff share a central workstation without logging out?
2. How are you transmitting data? Is it encrypted end to end? On the originating device (at rest) and during transmission via a secure encrypted channel?
3. How are you auditing your HIPAA compliance? You need rules or a plan in place to regularly schedule audits to ensure that these safeguards are maintained. We are offering verification that can be operated continuously to provide safe handling practices around the clock. That method would be for larger institutions to monitor for anomalies or changes in processes that may lead to unintended exposure. Otherwise, a quarterly scan and report are sufficient for maintaining safe handling practices.

Physical Safeguards

Physical security is probably the easiest but most often overlooked safeguard. How easy is it to access servers containing data? One organization we worked with had a walled in area, controlled access with, 5,000 lb. door locks, and actively monitoring log entries for everyone that entered that room. There was just one ventilation problem. The locked, metal door that led to the server room had an equalizing vent in the bottom half of the door. An electric screwdriver and about 30 seconds gave us physical access to the server without a log entry to prove it. It’s the little things, but sometimes it just takes a different set of eyes to spot these issues and correct any oversight.

Check for service provider agreements and hosting compliance

If you are going to use an outside IT support company, it’s imperative that they and any products and services they use are HIPAA compliant. Do they provide a BAA for that data? Do they understand and agree that they have access to PHI and need to be compliant?

Be sure to check this carefully before signing a contract with an IT service provider. Many providers avoid PHI entirely to avoid possible fees for noncompliance. Several providers are dedicated to HIPAA compliance with digital information and can work with both the physical and technical safeguards required.

Verify any potential HIPAA violations

Consider the most common HIPAA violations that occur on apps and through an online infrastructure and how technology can help prevent these violations. By ensuring that safeguards are built in for each of these, you will eliminate much hassle and many headaches in the future.

Get third-party audits

Regular third-party audits will help you ensure that your organization remains HIPAA compliant and that you are not at risk for expensive fines. That review should consist of a network assessment, physical vulnerability, workflow analysis, and making sure that employees are working with best practices and understand that a few seconds of saved time may mean a violation.

Rx Technology is an IT consultant providing HIPAA compliance and guidance throughout their suite of products and services. With over 20 years of experience in dealing with IT infrastructure and support, they have become a model of excellence when dealing with patient information and protection.

Contact Us Today