Learn all about the best practices for security while using mobile devices in Anderson Technologies’ new explainer, What Are Mobile Security Best Practices.
Anderson Technologies and its division Anderson Archival is pleased to announce that our Director Farica Chang is now a partner in the company, becoming partial owner and Principal along with Founding Principals Mark and Amy Anderson.
This exciting news signifies her long-term dedication to the firm. “This is the fitting next step in my commitment to Anderson Technologies and its future,” Farica says. “Working with Mark and Amy for over ten years, we’ve built a company that puts our principles first—focused on providing clients with quality service and dedication to their needs. I have faith in our organization and my team members. I know we all care deeply about each other and the work we do.”
After graduating with honors from the University of California, Los Angeles, in 2008, Farica returned to her hometown to work for the Andersons in St. Louis, Missouri. After only three months as a contract worker, she was promoted to full-time project manager. “Farica is filled with initiative,” Amy Anderson states. “Farica has always had an ownership mentality and is willing to do whatever it takes to deliver excellent results.” An avid learner, she was part of the inaugural class of Harvard’s first computer science certification offered on edX, followed by MIT entrepreneurship classes as well as professional cybersecurity certification from the esteemed technical institution.
“The bar Farica sets for herself and the team is exceptional,” Mark Anderson says. “We are blessed to have Farica’s talents, commitment, gifts, expertise, care, work ethic, dedication, customer focus, and highest standards of quality. She is principled, honest, and fully expresses the values we have set for the company.”
By investing in Anderson Technologies, Farica attests to the longevity and commitment Anderson Technologies has to its employees and clients. “My work continues to be one of the critical pillars in my life after family,” Farica says. “I love what we do—supporting our clients and helping them solve challenging technical issues every day. To have the privilege of working with such talented team members and organizations is a blessing I do not take for granted.”
To learn more about Farica’s background, credentials, certifications, and contributions to our company, she invites you to connect with her on LinkedIn: https://www.linkedin.com/in/farica.
St. Louis, Missouri, known as the Gateway to the West, is well-loved by its residents for a variety of reasons that make it a great location for businesses and home to their employees. St. Louisans love their sports teams (Congrats to our NHL Stanley Cup CHAMPIONS!) and are proud hosts of the famous, award-winning St. Louis Zoo and other free attractions in Forest Park, such as the History and Art Museums. Situated in the northernmost Ozark foothills, the city also has a lovely, rolling landscape and is close to many state parks.
St. Louis ranks on many best-of lists across the nation, including:
- One of the “Top 100 Best Places to Live” for 2019 (livability.com)
- Number 2 of the “10 Best Cities for Entrepreneurs 2019” (fitsmallbusiness.com)
- One of the “Top 10 Rising Cities For Startups” in 2018 (forbes.com)
- Number 2 of the 2018 list of “Best Cities for Jobs” (glassdoor.com)
- Number 1 on the “25 U.S. Cities That Millennials Can Afford – and Actually Want to Live In” for 2018 (thepennyhoarder.com)
- The Number 2 “Food City” in the United States (Yelp, reported by riverfronttimes.com)
These rankings paint an appropriately pleasant and prosperous picture of St. Louis! However, businesses looking for a home in this city should know that St. Louis has a long history of natural disasters because of its location.
The Mississippi and Missouri Rivers often become overburdened from heavy deluges in the north, which doesn’t help the fact that St. Louis is tucked into the eastern edge of Tornado Alley. The city often feels the effects of blizzards, hurricanes, and even earthquakes. This unique set of natural factors is something business owners and technology teams must consider in their disaster preparedness planning, to keep business running no matter what nature has in store.
IT Backup in St. Louis
Disaster planning is a critical part of your business’s backup process. This process is outlined in HIPAA regulations, but is important for every business and organization, whether HIPAA compliant or not. When you begin to design your plan, you must think from every angle of your business, not just the IT side. How will your business prepare for a disaster? What physical aspects could be affected? How will your business implement measures once a disaster has happened? And what steps will your business need to take to recover? When creating a plan, identify all things that can happen, determine the likelihood that they will happen, and tailor the overall risk to your St. Louis-specific location.
For your IT, you’ll want to document your network and computer infrastructure configuration and safeguard your equipment prior to a disaster. You’ll also want to make sure you have a two-fold backup system, with one being a physical backup stored at a safe location and one being a cloud backup. An essential for every business is insurance, both for the physical location and for digital data loss. With a disaster plan in place, you’ll be well on your way through disaster recovery, even before a disaster happens.
In addition, you should regularly test your backups and make sure the full-recovery test is successful just in case of that dreaded emergency.
Read more about disaster planning, recovery, and managed tech services for your St. Louis business!
But what natural forces specifically impact St. Louis businesses and should always factor in their disaster planning?
Are you located in or near a flood plain? Recent major flooding in Missouri shows flooding in the last few years has exceeded the anticipated 100-year and 500-year flood levels. This should be a concern for any business located in one, and flood insurance should be obtained. Rivers notoriously breach their banks, and the Missouri River is especially unpredictable.
Originally, the Missouri was much, much wider. However, over the years, engineers funneled it into a narrower, deeper, stronger river to be used for commerce. Being a body of water, it will always try to retake the “bottom land” engineers during the New Deal era salvaged from it.
The Mississippi River is no less dangerous. As the biggest river in the United States, it has many tributaries, and by the time it travels through the St. Louis metro area, it can be swollen with excess water from the north—rain, ice, and melted snowpack. Just this year, the Mississippi has caused $12 billion in flood damage.
Floods generally provide a little more preparation time than tornadoes do, but there’s never enough time when an emergency is at hand. Don’t use warning time to procrastinate preparation. Part of disaster recovery is disaster preparedness. What steps can your business take when flood waters loom? How can you mitigate potential future loss?
If the location of your company is at risk of tornadoes or very high winds, you’ll want to tailor your protection for that. Unlike floods, tornadoes can affect areas far beyond the actual funnel, with winds tearing off roofs and flipping vehicles and structures.
Most tornadoes in the St. Louis area don’t make it into the city itself, but across the county and surrounding flatlands businesses have seen the brutal effects of tornadoes touching down.
With this in mind, storing backups digitally in the cloud is imperative. If a tornado blasts through your area and carries the entire office away with it, you’ll need a place to start. Having data properly and securely backed to the cloud will ensure that your business can start up again in any location, or that you can do something as simple as contact clients from a laptop to alert them to your circumstances.
Blizzards, Earthquakes, and Hurricane Effects
The Midwest routinely receives the effects of hurricanes from the Gulf of Mexico and the sub-zero temperatures blown in from the north. Every now and then, twelve inches of snow will fall or a gale will blow through that knocks out power to a good portion of the community. Are you ready for no electricity at the office? How will your business plan for unsafe travel conditions, or below-zero temperatures when ice knocks down the powerlines?
Missouri is also known for its massive earthquake in 1812 that is thought to be one of the worst the United States has ever seen. Minor quakes have occurred during recent years due to the New Madrid fault line that clips the southeast portion of the state.
Just like any other city, St. Louis has its own set of common natural disasters, and it’s important for your company to take the proper measures to prepare for them. Planning for disaster can’t guarantee your business’s safety, but by planning for it, you’ll be ahead of the game, no matter what.
Once your fully-developed disaster plan is implemented and tested, disaster recovery shouldn’t be too detrimental on time and resources. Even smaller disasters, such as local fires or theft and vandalism are essential to prepare for.
Are you ready to develop your disaster plan? If you’d like more information on disaster recovery for your IT systems in St. Louis, call Anderson Technologies at 314.394.3001. A team member will be happy to help!
We’ve come to the end of our HIPAA series, and if you’ve been following along, you might feel overwhelmed by the prospect of becoming HIPAA compliant. There’s a lot to do if you’re just starting out. Keep in mind that by creating a culture of compliance, it becomes easier to verify that you’re following the Security and Privacy Rules in the future. Instead of creating policies, you’ll be updating them. Instead of choosing technical safeguards, you’ll be evaluating what’s already in place. Once you are HIPAA compliant, it’s easy to stay HIPAA compliant.
Tips for Beginners
For those of you tackling HIPAA for the first time or those whose current HIPAA compliance program isn’t doing enough, here are a few tips to help you start the process.
Know what you have—The start of any HIPAA compliance program is determining what PHI and ePHI you have, what programs or processes access that information, and what policies or safeguards are already in place to protect it. Without knowing that, you can’t know what needs to be fixed.
Perform the SRA first—It’s the first security standard for a reason. A complete and thorough Security Risk Analysis is critical to compliance, and you’ll find that during the SRA process you’ll address many of the other standards in the Security Rule. If you don’t feel you can perform this on your own, it may be beneficial to call in an outside consulting company to help you.
Document everything—Get used to this right away. You must not only become compliant, but you need to prove that you are compliant, and that is done through documentation. Be careful you don’t fall into the trap of “paper compliance,” where you have the documentation but fail to follow through in everyday practice. A policy is useless if it’s not implemented.
Accept that it’s a process—Compliance doesn’t happen overnight. From the SRA to the documentation to the evaluations, compliance takes time. It is a continuous process of monitoring and updating to ensure the privacy and security of PHI.
Get everyone on the same page—Training on HIPAA needs to happen from top to bottom. This helps create a culture of compliance that will make ongoing compliance efforts easier. If those in leadership positions understand why it’s important to be HIPAA compliant, appropriate policies and procedures can be created and the budget adjusted according to needs. When employees know the rules to ensure the confidentiality, integrity, and availability of PHI, there is less chance that an avoidable breach will happen.
There is no one prescriptive way to go about HIPAA compliance. HIPAA is designed to be vague enough that any size or type of business can adopt the same requirements. This allows each business the freedom to implement in the way that best fits them, but it also requires that you take responsibility for the decisions you make. With that said, following a logical HIPAA compliance plan will help determine the most reasonable and appropriate measures for your business in a straightforward way. Compliance is always easier with a plan.
Knowing where to go for information can assist any Compliance Officer in their efforts to become HIPAA compliant. Below is a collection of the resources found throughout this series.
- The HITECH Act https://www.hhs.gov/hipaa/for-professionals/special-topics/hitech-act-enforcement-interim-final-rule/index.html
- The OMNIBUS Rule https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/combined-regulation-text/omnibus-hipaa-rulemaking/index.html
- HHS Breach Database https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
Introduction to the Security Rule
- HHS Security Series https://www.hhs.gov/hipaa/for-professionals/security/guidance/index.html
- NIST Introductory Guide to HIPAA https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-66r1.pdf
Security Risk Analysis
- ONC Myths of the SRA https://www.healthit.gov/topic/privacy-security-and-hipaa/top-10-myths-security-risk-analysis
- SRA Tool https://www.healthit.gov/topic/privacy-security-and-hipaa/security-risk-assessment-tool
- SRA Videos https://www.healthit.gov/topic/privacy-security-and-hipaa/security-risk-assessment-videos
- Privacy and Security Training Games https://www.healthit.gov/topic/privacy-security-and-hipaa/privacy-security-training-games
- HHS Security Series – SRA https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/riskassessment.pdf?language=es
- ONC Guide to Privacy and Security of ePHI https://www.healthit.gov/sites/default/files/pdf/privacy/privacy-and-security-guide.pdf
- HHS Guide on SRA https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/rafinalguidancepdf.pdf
- NIST Managing Information Security Risk https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-39.pdf
- NIST Guide to Conducting Risk Assessments https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf
- HHS Emergency Preparedness https://www.hhs.gov/hipaa/for-professionals/special-topics/emergency-preparedness/index.html
- Homeland Security Cybersecurity Insurance https://www.dhs.gov/cisa/cybersecurity-insurance
- Cost of Data Breach Study https://securityintelligence.com/series/ponemon-institute-cost-of-a-data-breach-2018/
- HHS Encryption Guidance https://www.hhs.gov/hipaa/for-professionals/breach-notification/guidance/index.html
- HHS Breach Notification https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html
- HHS Ransomware and HIPAA https://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf
- DOJ Protect from Ransomware https://www.justice.gov/criminal-ccips/file/872771/download