5 Tasks to Tackle: Prep Your Business for 2019

Don’t wait until the last minute to prepare your small business for 2019!

The end of the year is a busy time. Small businesses especially need to have a plan for growth in place well before the New Year. Taking detailed stock of your operations helps uncover improvement opportunities and provides ideas.  Our “5 Tasks to Tackle” will help rocket your business forward.

  1. Assess Your Business

Properly preparing for 2019 involves taking a step back and looking at the big picture to determine if any operational changes are needed. If you’ve never performed a SWOT analysis (Strengths, Weaknesses, Opportunities, and Threats) on your business, now would be a great time to do so! This strategic process illuminates avenues where your business can expand, highlights areas previously neglected, and reveals what your clients are demanding. Whole-business reviews shed light on issues pushed to the backburner.

  1. Audit Your Hardware and Software

2019 is the last hurrah for popular older applications and operating systems.  Microsoft’s extended support for Windows 7 stops on January 14, 2020.  Adobe Flash reaches end-of-life on December 31, 2020.  If you’ve been holding out on upgrading, act now before you’re forced to scramble.

Hardware always breaks down on its own schedule, and it never happens at a convenient time. Keeping your hardware monitored and upgraded prevents unexpected crashes. We recommend replacing your hardware every 5 years at a minimum to keep pace with newer technology and reduce the risk of unexpected hardware failures.

Are you using updated versions of important software? Are there other programs that could do the same work more efficiently or save you money on licenses?  Take stock of your needs and plan for the necessary budget to replace equipment in an organized fashion.

If your business would benefit from hardware or software upgrades, the end of the year is a great time to take advantage of an IRS Section 179 tax deduction (consult your tax advisor for applicability). Splitting the hardware and labor costs between fiscal years may also be a beneficial consideration.

What about storage? Are your computers’ hard drives cramped? Are physical records filling your office space? Move towards a paperless office and further protect that digital storage by implementing cloud services.

  1. Improve Your Web Presence

When is the last time you took a good, long look at your website?  These days, if your website isn’t built on a framework that supports mobile devices or if you don’t update it regularly, your search result rankings suffer for it.  A neglected website may also inadvertently send the wrong message to potential clients.

How does your site perform in search results? If search ranking is lacking, it may be time to look into SEO (search engine optimization) best practices. Google now flags websites without a properly installed SSL security certificate as unsecure; this affects page rank and traffic in search results. Partnering with a development team helps ensure your web presence reflects the true excellence of your business.

On March 25, 2018, GDPR (General Data Protection Regulation, passed in the European Union) went into effect. If your site receives visitors from the EU, you are held to this standard and expected to comply with changes. GDPR centers on protection of user information. For most sites, compliance is relatively simple, and a knowledgeable GDPR compliance developer can perform a quick audit to identify the updates needed to bring your site up to par.

  1. Audit Your Backup and Security Policies

Have you audited your backups this year by performing a test restore to confirm everything is functioning accordingly? In case of a ransomware attack, do you have hourly on-demand backups in place? Disaster recovery protocols need management and oversight, but it’s easy to forget them because they tend to be out of sight and out of mind – until something bad happens.

Passwords should be updated regularly. Do you have a policy in place for changing passwords on a cycle appropriate for your industry (especially if your business needs to comply with HIPAA regulations)? The importance of updating passwords cannot be stressed enough. Recently, the National Institute of Standards and Technology released new Digital Identity Guidelines that drastically altered what constitutes a strong password.  While we’re waiting for internet protocols to catch up, password managers such as LastPass can help keep track of complex passwords across various websites.

Did you know 1 out of 9 employees (and 1 out of 4 nonprofit workers) spend time working from home or on the go? Is your business prepared and secure enough for this expanding number of teleworkers?

When was the last time you took a close look at your office security policy? What about communications?  Take this time to assess your technology policies and ensure your business is ready to start the new year capable of handling any opportunities that come your way.

  1. Review Your Social Media Strategy

Social media may seem daunting at first – but start small, and it will become a natural part of your marketing routine.  Ask yourself some questions before you begin: What platforms make the most sense for your business?  How can you represent your organization in a fun and engaging way?  Does a blog seem like a good way to reach out to potential clients while simultaneously increasing your site’s search engine optimization ranking?

As our world becomes increasingly internet-based, your business needs to make a strong digital first impression.  Maintaining a social media presence on the web, even if it’s on a single work-focused site like LinkedIn, provides an opportunity to tell potential clients who you are.  Perform a search for your business online and take control of its narrative.  Encourage current happy customers to post a review on Google or write a testimonial for your website.

Don’t feel compelled to implement a massive new strategy that involves updating five or six different social platforms every day.  Do what makes sense for you and balance your time, but don’t neglect this powerful tool to reach out to those who would benefit from your products and services.

 

Don’t wait for 2019 to prepare your business for growth in the New Year!  These five tasks will take your business a long way.  Build your own successful strategy and allow our team to assist you. Anderson Technologies performs an infrastructure audit annually for its managed services clients.  Our team of experts can take a fresh look at your business and make sure you have the right technical solutions in place to support your company’s goals for the coming year.

If you don’t already receive IT services from Anderson Technologies, contact us today to schedule your free initial audit!  Call 314.394.3001 or email info@andersontech.com now.

Get Hip to HIPAA!

Even if you’ve never worked in the healthcare industry, you’ve probably heard of HIPAA. An appointment to get your teeth cleaned comes complete with a slew of forms that include your rights according to HIPAA.

But can you explain what HIPAA is and why that form is necessary? We often sign and date and move on, knowing it relates vaguely to what our care provider can do with our private health information.

HIPAA includes a lot more than you may realize, and if you work with Protected Health Information (PHI), especially electronic Protected Health Information (ePHI), understanding HIPAA is crucial. This article is the first in a series discussing what HIPAA is, understanding the Privacy and Security Rules, and analyzing HIPAA compliance standards.

What Does HIPAA Stand for?

If you’re not exceptionally familiar with this acronym, you may think it stands for the Health Information Privacy and Accountability Act. That seems reasonable given how the everyday person is exposed to it. In fact, it stands for the Health Insurance Portability and Accountability Act.

That doesn’t sound so familiar, does it? HIPAA was enacted in 1996 not with the intent to protect people’s privacy, but instead to regulate and simplify the health insurance industry. According to the official HIPAA language, the objective of this government regulation is:

To amend the Internal Revenue Code of 1986 to improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery, to promote the use of medical savings accounts, to improve access to long-term care services and coverage, to simplify the administration of health insurance, and for other purposes.

Essentially, Congress wanted to make health insurance cheaper and simpler by reducing administrative costs and creating a standard method that everyone related to the health insurance industry could adopt. So where does all this privacy and security regulation come into play? The requirement “to simplify the administration of health insurance” triggered everything.

In the Administrative Simplification section of HIPAA, the Act requires that the rights of individuals relating to the use and disclosure of their health information be clearly explained and that standards are set for the electronic exchange of health information. These two subsections, privacy and safeguards, would later be addressed in what is now referred to as the Privacy Rule and the Security Rule.

The Privacy Rule

The Privacy Rule went into effect in 2000 and has been amended several times. It lays out the standards and guidelines for how PHI in all forms—verbal, physical, or electronic—can be used and disclosed. The Privacy Rule is the reason you know the acronym HIPAA at all.

Thanks to the Privacy Rule, health care providers, insurance companies, and their business partners must follow the same rules regarding health information. Individuals have the same right to access and the same expectation of privacy from all entities according to the guidelines in the Privacy Rule. PHI can include:

  • identifiable personal information,
  • any medical or mental health condition diagnosed during the lifetime of the individual,
  • any treatment or procedure performed in the lifetime of the individual,
  • payment information relating to health care,
  • and any identifiable or medical information that the individual wants restricted.

The Privacy Rule is also the reason you must sign that form stating you understand your rights according to HIPAA. Being informed that you have the right to privacy is part of your legal rights. There are exceptions to these rules, such as life-threatening emergencies, court orders, and release of information authorizations, but all are directly addressed and specified within the rule.

Ultimately, the HIPAA Privacy Rule sets the standard for each patient’s right to privacy regarding their PHI. Thanks to the Privacy Rule, PHI is automatically considered confidential in almost all circumstances, and it also explains under what circumstances PHI may be shared.

The Security Rule

The Security Rule is a little different. It first went into effect in 2003 and, unlike the Privacy Rule, relates only to ePHI. The Security Rule established the safeguard standards everyone dealing with ePHI must follow to be HIPAA compliant. Compliance means all ePHI is stored, processed, and transferred in a way that ensures patient privacy. While it doesn’t dictate specific implementation steps, since each company’s use and needs around ePHI is different, anyone dealing with ePHI must address each specification.

HIPAA began as a way to simplify health insurance procedures and make those handling health information more accountable to every citizen’s rights about their private health information, and its effects have been far-reaching. For anyone dealing with PHI, the requirements can appear daunting at first, but with a trusted IT partner, HIPAA compliance means any and all health information will be safe in your hands.

Look for our next HIPAA article, which will discuss the Security Rule in more detail. Until then, you can contact Anderson Technologies’ expert consultants for help navigating HIPAA compliance by calling 314.394.3001 or emailing info@andersontech.com.

MFA – An Extra Layer of Digital Protection

What do logging into Netflix from a new device, updating your PayPal account, answering questions about your first car before accessing your iTunes, and withdrawing money at an ATM all have in common? Authentication!

The National Institute of Standards and Technology (NIST) creates guidelines for passwords and the software that requires them, which Anderson Technologies has previously discussed. Technology is still changing to adopt these standards, so it is up to us to take cyber security into our own hands—and that includes business security practices. The most commonly used and overlooked of these measures is password safety and authentication.

Hackers are great at keeping up with technology, so as consumers and business owners, we must keep up with it as well to stay safe. Multi-factor authentication (or MFA) has been around for years, and it’s so common that we take advantage of it more than we might realize. MFA remains one of the strongest defenses surrounding our digital lives.

What Does MFA Look Like?

You’ve probably already encountered MFA without realizing it. Any website that utilizes verification codes or emails is using a form of MFA. A task as simple as changing your Apple ID requires MFA to confirm the new information. IT Glue describes instances of MFA that don’t involve technology at all, like showing government ID to verify your identity.

MFA as it applies to your business’ safety most often takes the form of software that requires a user to provide two forms of evidence proving they are authorized to access the system. This includes security codes, verification emails, security questions, and biometric software. However, it is not necessary to contact your bank or insurance company to initiate MFA. Applications like Google Authenticator or Authy can be attached to countless logins by connecting your account information.

What does this look like for the user? Validated access to your account (your email, for example) is established with a unique QR code or numerical key that securely connects your mobile device. From that point forward, logging into the site requires not just your standard user name and password but also a randomized six-digit code available only on your device.  This code refreshes every 30 seconds for even greater security. Many sites that store confidential data—think Intuit or IT Glue—require connecting your account login with an MFA application of your choice.

Some sites and servers have their own internal methods of verification, and other MFA methods may require special hardware. These are useful for businesses and organizations that use specialized systems to access confidential databases. This includes cashiers logging into their retail system or technicians scanning an ID card to pull up your file during a dentist visit.

What Are the Benefits of MFA?

Once hackers get their hands on your login credentials, it’s easy to mine data from your other accounts. MFA acts as a barrier to the hacker by assuring the identity of the user attempting to login. By using a secure method of authentication like Touch ID or Face ID on your smart phone, unless an unauthorized user has your fingerprint or face, it’s impossible for them to authenticate using your device.

MFA is beneficial for companies who have employees on the go or working remotely. Using multiple layers of authentication allow remote employees to securely access encrypted data from unfamiliar networks and devices.

What Are Some Challenges to Integrating MFA?

Resistance to change is one of the tallest hurdles when integrating MFA into your business networks. Though MFA usually uses devices your employees already have (like their smartphones and watches), the extra steps needed to gain access can seem superfluous. Some people see MFA as inconvenient or time consuming; however, this is rarely the case when using simple applications.

MFA goes hand-in-hand with the Zero Trust security model, a tool that requires authentication at every step of the login process. New security concepts can be challenging to introduce in the workplace but like all new plans of action, eventually the multiple verifications will become second nature. Your company will greatly benefit knowing all data is secure.

You and your employees may find it valuable to coordinate with a managed services provider when integrating MFA to internal networks, especially if your needs require special enterprise-grade hardware. An IT support team can provide training to ease the transition for your employees, some of whom may be hesitant or feel they don’t have the time to properly implement MFA.

With a little practice and an IT team behind your business’s transition, MFA doesn’t have to be intimidating or bothersome—and the benefits are great. For more information on how to keep your business safe using MFA, contact Anderson Technologies today at 314.394.3001.