children using tin can phones voip

Ring, Ring! It’s Voice Over IP!

Is it time to modernize your phone systems?

VoIP, or Voice over Internet Protocol, uses your internet connection for phone services. Rather than transmitting a voice signal over separate analog telephone lines, a VoIP user takes advantage of your computer network and the internet already in place to make a voice or video call. You may have heard of your network having an IP address. That’s the same Internet Protocol being used here.

While VoIP has existed for years, previous iterations proved expensive and unreliable, requiring a large investment for an often poor quality service. Businesses hesitate to invest in technology that had a rocky start. So what draws businesses to VoIP today?

In the era of high-speed internet, VoIP is cost-effective, high quality, and enables advantageous features like the continuity of using the same work number while out of the office on your mobile phone. Voicemail transcription to text, mobile apps, enhanced security, and the overhead savings involved in making the switch to VoIP now convince most businesses to drop traditional phone plans.

Is VoIP The Right Solution for My Business?

The answer to this question depends on the needs of, and willingness to change within, your individual business. While VoIP is an efficient solution for most small businesses, it doesn’t meet everyone’s needs.

Signs VoIP Might Not Be Right For Your Business

Jeremy Richardson, an account executive from VoIP provider Vonage, explains, “Some businesses must have direct paging between phones, or actual ‘line’ numbers on the phones. Some of these are not available on VoIP.” If this service is integral to your business operation, there could be problems switching to VoIP.

Another reason you might not want to switch to VoIP is if the traditional system is working just fine. If the existing system is cost effective and functional, there’s very little reason to change. For example, Richardson says, “certain businesses (schools, hotels, retail stores) require a lot of phones that are rarely used.” These businesses can rely on only a few lines without business disruption. Switching to VoIP would be cost-prohibitive in these cases “because in a traditional VoIP set-up, each phone requires its own line.”

However, for a business in which the traditional model isn’t working or is too expensive, VoIP could be the answer.

What Can VoIP Offer My Business?

Investment in VoIP can establish portability, convenience, and professionalism a modest upfront investment.

Easy Transition

Richardson, who Anderson Technologies has worked with on past VoIP installations, says one of the biggest factors preventing businesses from making the switch is overthinking the setup and maintenance of a VoIP system and believing onsite support is necessary: “Many people associate using VoIP technology with having to be very tech savvy.” However, this is not necessarily the case.

VoIP phones often come pre-programmed or are easy to program on-site. “Once plugged into Ethernet,” Richardson says, “the phones and features can be easily adjusted and controlled from a user-friendly online dashboard.” After the initial set-up, the learning curve for these phone systems is far from steep. This is doable for any business, and with a managed services team, this process becomes a breeze.

Flexibility, Portability, Convenience

Using a VoIP app, your cell phone can become a switchboard for any incoming calls to your work lines. In the event of power or internet outage, VoIP keeps your business online. VoIP providers offer “business call continuity and mobile apps to combat this issue,” Richardson says. Depending on your provider, you also have the options of three-way calls, call forwarding, video, and call waiting.

A fully-integrated VoIP system allows the flexibility of communicating any time and any place that has an internet connection—ensuring your customers and employees will always be able to get in touch with you. Some VoIP options include voicemail transcriptions to email or text for when phone calls aren’t convenient. When a caller dials your office number, you’re reachable from that number even if you’re travelling. If you have multiple base camps, like offices in multiple locations, your VoIP phone system can be configured to ring all office lines simultaneously.

Lower Up-Front Cost

In the past, companies purchasing phone systems used to pay $10-25k up front for 20+ users for a PBX (Private Branch Exchange) system, then pay separately for line service. VoIP operates on a different model, eliminating the need to acquire a PBX and instead uses resources in the cloud. VoIP lines may only cost about $20 each, and the price tag usually includes long distance at a better rate than most competitors. Per-line cost often includes each headset, so there are no big, up-front investments for equipment.

High Quality

Price isn’t the only quality that’s improved over time. VoIP used to be known for dropped or poor quality calls, but as the internet becomes faster and more stable, with better network configurations, VoIP is proving itself with clearer calls than even landlines.

Quality of phone calls hinge on internet bandwidth, and setting up your network for Quality of Service (QOS), so it is important to partner with an IT services provider that can ensure your business has the optimal bandwidth for a VoIP network.

Security

While security should be a concern, especially for work on the go, VoIP shouldn’t be considered a significant risk. “Knowing that there’s risk involved with both landlines and VoIP is important,” says Luke Bragg, Senior Systems Administrator at Anderson Technologies. “Neither is ever going to be completely secure, but there isn’t any more risk with VoIP than a landline.” When choosing a VoIP provider on your own or with the help of a managed services partner, look for encryption, redundant network infrastructure, and HITRUST security compliance. These tools allow technicians to quickly identify and resolve issues if any attempted security threats arise.

That’s something every business wants to hear.

But as Mark Anderson of Anderson Technologies says, “To fully utilize the promise of your network, it’s important to invest in the proper tools.”

Does Your Business Have the Proper Tools?

Internet network speed and setup is vital to the success of a VoIP system. Richardson often asks, “Do they have enough speed to support their phones and computers? Is the internet hardwired to the building?” Richardson notes that hot spots, satellite, and microwave internet have proven too unreliable for VoIP, and asks, “Does the business have hard-lined Ethernet to each phone?” While VoIP can potentially work on a WiFi network, this is not a configuration we would recommend.

For instance, if your network isn’t configured correctly, your VoIP call quality will suffer dramatically. You’ll probably need to add bandwidth to support the extra traffic, and VoIP traffic must be prioritized. Cost for this bandwidth shouldn’t be a prohibiting factor, either. Most VoIP systems can function using-100 kbps (kilobits per second) per user, however Anderson recommends 500 kpbs to 1 Mbps (Megabits per second) per user for optimal performance. Internet bandwidth has to be sufficient for not only the phone system, but email, web usage, and streaming. A managed services team can make these adjustments to ensure that VoIP is successful for your business.

Upgrading your internet is vital for quality of service. Your firewall must be set to prioritize phone traffic to ensure that phone conversations aren’t broken up or disconnected when another user begins a major data transfer. VoIP of ten or five years ago often had a reputation for broken or disconnected calls, but with the right bandwidth and configuration, that doesn’t have to be the story for you today!

The best setup, says Anderson, involves establishing a separate subnet from the main network so the phone traffic is isolated and not interspersed with other traffic. The solution for this is a Virtual Local Area Network.

With an upgraded network, VoIP is quickly changing the standards for call quality, flexibility, mobility, and organization.

Would you like to fully utilize the potential of your network? Anderson Technologies can help ensure that you have the proper tools to not only get a VoIP system up and running, but keep it running smoothly and efficiently. Contact us today on our website or by phone at 314.394.3001!

hipaa documentation

HIPAA Part 3: Document! Document! Document!

As you read through the Privacy and Security Rules for HIPAA, you’ll see a pattern that shouldn’t be taken for granted. Nearly all the implementation specifications require some form of policy and procedure documentation. This involves more than the reasoning and justification for how you choose to implement the specifications (though that must be documented as well). These are the policies and procedures that HIPAA expects your business to follow every day.

Organizational Standards

Besides the administrative, physical, and technical safeguards which make up the majority of the Security Rule, there is a lesser known section of safeguards called organizational standards that deal largely with the paperwork required by HIPAA concerning protected health information (PHI) in any form. This section is often overlooked because many of its requirements are addressed in greater detail throughout the Privacy and Security Rules. The four standards in this section include:

  • Business Associate Contracts
  • Requirements for Group Health Plans
  • Policies and Procedures
  • Documentation

This article focuses on the last two standards: Policies and Procedures and Documentation, both of which lay the groundwork for HIPAA compliance. The other two standards shouldn’t be ignored, but they concern only those who: a) are or need a business associate or, b) are a sponsor to a group health plan that provides data beyond enrollment and summary information.

Note: If you work with or are a business associate that works with ePHI and your contract has not been updated since the HITECH Act in 2009 or the Final Omnibus HIPAA Rule in 2013, you will want to review and update all contracts to ensure they meet the current standards regarding business associates.

Standard 164.316(a): Policies and Procedures

Why have an entire standard dedicated to something addressed in nearly every single implementation standard? This standard explains what HIPAA expects from the policies and procedures that a business creates. Specifically, it references the Security Standards’ General Rule of Flexibility of Approach, which is discussed in Part 2 of this series. It also allows for policies and procedures to be changed at any time to adjust to new demands or technologies, as long as all changes are documented and implemented accordingly.

Standard 164.316(b)(1): Documentation

This standard identifies how documentation required by HIPAA is to be maintained. According to this standard and its subsequent implementation standards, all documentation required throughout the Security Rule’s standards, including but not limited to

  • policies and procedures,
  • job responsibilities and duties,
  • risk assessments, and
  • action plans

must be recorded (physically or electronically) and retained for a minimum of six years from the date of creation or when it was last in use, whichever date is later. All documentation must be available to anyone who uses those procedures, and documentation should be consistently reviewed and updated as necessary.

Note: The six-year retention rule only satisfies HIPAA standards. State law may require some documentation to be retained for longer. Always verify what state laws apply to your business, as HIPAA does not supersede many state requirements.

Bringing Your Policies into Compliance

It’s possible your business already has clear policies and procedures in place, but that doesn’t immediately make you HIPAA compliant. You still need to go through each one to ensure it satisfies the implementation specifications it pertains to. If not, policies may need to be updated or new ones added. HIPAA gives businesses a great deal of leeway in how policies and procedures are written, so both updating existing documentation and creating all new materials is acceptable.

What should the policies and procedures say?

HIPAA doesn’t dictate the exact wording of any policy or procedure. It’s up to the business, taking into consideration the Flexibility of Approach guidelines, to determine what policy needs to be implemented. Generally, a policy explains a business’s approach to the subject it relates to.  If the policy concerns removing access from those who no longer work for the company, it could read something like:

At the end of an employee’s last day of employment with [company name], security and/or IT staff will remove that employee’s access to company systems and restricted locations and document the change of access. The employee’s supervisor will verify that all access has been revoked within twenty-four hours.

This offers clear guidance about what the company intends to do to remove access from someone who no longer is allowed to work with PHI. It also provides an implementation timeline, who should implement the policy, and how the company will ensure it gets implemented properly.

The procedure that accompanies the policy would then offer easy-to-follow directions on how those responsible are to implement the policy. A sample procedure may look like this:

Regarding Policy for Removing Access of Former Employees

Duty of IT Staff or Managed Services Provider

  1. Go to [directory] and locate the list of all programs and devices employee had access to according to job title. Check this list against their user account to ensure no programs are missed.
  2. Starting at the top of the list, go through each program and device and remove employee access. For procedures regarding specific programs, see [directory of procedures].
  3. Go to Active Directory and find employee information.
  4. Backup emails and save them to [directory] to be stored for a period of one year before deletion.
  5. Backup any information relating to patient care in appropriate directories. See [directory list] for proper placement.
  6. Disable user’s Active Directory account and change their password.
  7. Document time, date, and your name in the Employee Termination log to indicate all access it removed.
  8. Inform former employee’s supervisor when access removal is completed for verification.

Procedures should be as detailed as possible so that there is no ambiguity or confusion in what needs to be done. It allows newer employees to accomplish tasks they may not have performed before. There may also be multiple procedures related to the same policy depending on the duties of each person. Margret Amatayakul wrote an excellent guide to creating policies and procedures for the Journal of AHIMA (American Health Information Management Association).

Note: Both the Security Rule and the Privacy Rule require policies and procedures to be created. A company can combine relevant Security and Privacy standards into a single policy or create entirely separate policies for the Security and Privacy Rules. Each business should determine what is best for its employees.

Employee Training

Once you have your policies and procedures written and accessible, the next vital step is to train employees on them. HIPAA requires all employees to be trained in the policies and procedures related to their job. This training includes everyone from the maintenance staff to the CEO. Each time a policy or procedure is updated, retired, or replaced, the affected staff must be informed and, if needed, new training should occur.

Of course, maintenance personnel and CEOs won’t need the same kind of HIPAA training, just as IT support doesn’t need the same training as a nurse. HIPAA doesn’t dictate the way training happens, only that it happens. This means big companies that can afford professional training materials can do so, but smaller companies may hold informational meetings, allowing each to train the way that is most effective and makes the most sense for them.

Suggestions for employee training

  • Go through your employees’ job descriptions and separate employees by the level of access they have to PHI.
  • Create training programs for each level of access and/or the duties required in the job description so each employee gets the training suited to their job.
  • Don’t overload employees with policies and procedures that don’t relate to their job.
  • Ensure all training includes how to access the company’s policies and procedures in case employees need to revisit or reference them.
  • Ensure all employees know who to contact if they have any questions.

Sanctions

Along with training employees, HIPAA also requires you have clear consequences for not following the written policies and procedures. The types of offenses should be clearly defined and the disciplinary action enacted for every infraction.

One way a company might dictate levels of disciplinary action would be to clarify whether a break in policy or HIPAA standard was accidental, made through negligence, or of malicious intent. This allows various consequences for the same infraction without being inconsistent. An example would be: a) an employee leaving a workstation unlocked because an emergency situation demanded they respond immediately, b) they consistently forget to lock their workstation even after being warned about it, or c) they intentionally leave a workstation unlocked to allow someone without access to view ePHI. While the problem is technically the same, they don’t all deserve the same consequences. As with everything else, all infractions and disciplinary actions need to be documented and retained for six years.

In 2018, the Health and Human Services Office of Civil Rights reported 279 breaches of PHI, each resulting in at least 500 individuals affected, though often the number was much higher. Policies and procedures may feel tedious to write, but they provide employees with the information necessary to do their job in a HIPAA compliant manner and could prevent a breach of PHI.

For help with developing clear and secure policies for your company’s software and devices, contact Anderson Technologies at 314.394.3001 or by email at info@andersontech.com.

Order of Operations: Moving and Upgrading the Local 562 Union Network

“It was meant to be.”

This is how Megan Branham, Executive Assistant at Plumbers & Pipefitters Local Union 562, describes the Union’s partnership with Anderson Technologies. The organization was in the process of planning a company-wide move to upgraded facilities and wanted to upgrade their IT at the same time.

Local 562 is split into two distinct halves: Union and Welfare Educational Fund (WEF). Branham’s focus was on the Union side of the organization, but the technology on the WEF side needed to improve as well. The two halves work hand-in-hand, so upgrading technology on both sides was a must. And since Local 562 is growing, they needed more than the one-man IT team that previously managed its systems.

“I knew from the beginning it was an enormous job,” Branham says. “We needed something different, and we needed someone to understand the situation they were walking into.”

Finding the Right Fit

An organization as large as Local 562 requires substantial deliberation when choosing a new vendor to partner with. They gathered quotes from many different managed services providers before making a decision. Many IT vendors had been recommended to various high-level employees, and narrowing down candidates wasn’t an easy process.

Branham knew from her experience troubleshooting Local 562’s day-to-day IT problems that they were looking for a partner that could tackle both the network overhaul required by the move and the everyday “What is XYZ?” questions.

One of the biggest factors was how the new IT vendor would mesh with her team. “You could say we have a lot of strong personalities,” Branham says with a laugh. Many organizations, both large and small, encounter resistance to change at some level; Local 562 was no different.

“From the time we met Mark [Anderson], he was just very calm,” she recalls. “He really understood where I was coming from.” Not all vendors Branham considered had the same presence of mind. “I didn’t get that same feeling from the other companies,” she says. “It felt more like they would have come in, done things the way they thought it should be done, and we’d have to figure it out from there. This is a big deal when you’ve got so many people who are used to doing everything a certain way.”

Anderson Technologies focuses on making its clients an active part of the planning and implementation process, especially during a project when a new partner could easily take control from Local 562’s employees. “Mark [Anderson] also knew that it was important that we were an intricate part of designing how it was going to be, not to change everything we already had,” Branham says. “I felt like every single one of the staff at Anderson [Technologies] was very responsive to that.”

I felt like every single one of the staff at Anderson [Technologies]
was very responsive.”

Managing Expectations

Once the partnership with Anderson Technologies was approved, planning for the move could proceed. The opportunity to take a fresh look at Local 562’s current technological status couldn’t be missed. Anderson Technologies and Local 562 together examined what could be improved – or completely restructured.
“I knew our security was not up to par,” Branham says. With emerging cyber security threats came the importance of an outside team to monitor Local 562’s safety. “I felt it was important to have that third party doing all that for us too; not that it’s all them, but they’re helping us find the right ways to do things.”

A study of Local 562’s dynamics helped Anderson Technologies determine the organization’s greatest needs, even when they were difficult to quantify. While each half of the Union performs some functions in conjunction, separate responsibilities needed to be divided. Branham describes it as “spreading everything apart but still making it easy to work together.” Previous IT solutions had muddled that line. Local 562’s sole business manager delegates operations to directors in the two departments. All of Local 562’s digital infrastructure was housed on one network.

The “separate-but-together” end goal split Union and WEF into their own individual server environments but consolidated all employees under one email domain—uniting the two departments. “I knew that there was a way for us to streamline all these things,” Branham says.

Moving the Operation

The physical move itself was a source of colossal stress for every employee of Local 562. “The Anderson [Technologies] team was very calm, and that’s really what we needed ,” Branham says, “because there was a lot of anxiety on the side of everyone here.” During the week-long move from a property in North St. Louis County to one that’s twenty miles west, Anderson Technologies was on-site through the weekend to create new separate domains, install new firewalls, configure the new servers, migrate user profiles, transfer server data, and put out any fires that happened to arise.

Branham describes how the Anderson Technologies team took every little problem in stride: they “kept it smooth and comfortable, and it was a good process and good flow the way everything worked. [The team was] extremely flexible and that made a big difference in the way that people accepted the change, too.”

The Anderson [Technologies] team was very calm,
and that’s really what we needed.”

Coping with the technical logistics of the move was an anticipated challenge. Branham and the rest of Local 562’s employees expected to be unable to use their computers for an extended period of time during the ten-day move. Operations were planned to resume fully the following week. “I expected we would be back up running on Monday [a week into the move] for sure, hopefully it would get done over the weekend,” Branham recalls, “and I was using my computer on Friday morning. . . . I was floored.” Reducing Local 562’s planned downtime by several days allowed them to adjust to the move and return to work faster than expected.

Anderson Technologies’ partnership with Local 562 continues with dedicated ongoing managed services. “Everything has been very strategically done in a way that I know that it was the right choice for us,” Branham says of Local’s 562’s teaming up with Anderson Technologies for the big move and beyond. “Just the other day, one of our guys was saying to one of the gentlemen from Anderson [Technologies] about how “he never remembers his passwords, etc.” so Eric gave me the name of the program to look into. Just little things like that . . . to make our lives easier.”

If your business is ready to move from outdated headquarters, technology, or methodology, contact Anderson Technologies today for a free consultation.

HIPAA Part 2: Diving Deep into the Security Rule

In our first HIPAA article, we offered a little history on the Health Insurance Portability and Accountability Act and a general overview of how the Privacy and Security Rules evolved from it. In this post, we’re going deep into the murky depths of the Security Rule from a business standpoint.

HIPAA’s Security Rule may seem daunting at first, especially if you’re not an IT expert, but you don’t need a degree in computer science to understand the standards it establishes. At its core, the HIPAA Security Rule is about knowing what data you have, assessing the people and technology handling it, and finding where problems could arise. Survey, assess, plan, implement, and—most importantly—repeat. This is an easy way to think about and manage the requirements laid out in the Security Rule.

What Is the Security Rule?

The Security Rule sets the standards that entities creating, using, or transmitting electronic protected health information (ePHI) must implement in order to “ensure the confidentiality, integrity, and availability of ePHI . . . protect against any reasonably anticipated threats and hazards . . . [and] protect against reasonably anticipated uses or disclosures of such information not permitted by the Privacy Rule” (NIST). If you can imagine it happening to you, then you have to protect against it.

Confidentiality, Integrity, and Availability

The Security Rule uses this phrase throughout. It’s a key tenet of its purpose, but what exactly does it mean to ePHI?

  • Confidentiality: Don’t allow anyone without proper permission to access ePHI, as described in the Privacy Rule, to see it.
  • Integrity: Ensure that the ePHI created, maintained, or transmitted isn’t altered in any way.
  • Availability: Ensure those with permission are able to access ePHI when they need it.

A quick way to think of these are “Don’t Show. Don’t Change. Can Use.” Keep these goals in mind when implementing the standards set forth in the Security Rule.

Understanding the Security Standards

The Security Rule consists of 18 security standards divided into three sections: Administrative Safeguards, Physical Safeguards, and Technical Safeguards. Some of those security standards contain implementation specifications (36 in total), which provide more detailed instructions on what needs to happen to fulfill the security standard. The Security Rule designates these implementation specifications as either required or addressable.

Important! Do not confuse addressable with optional. All implementation specifications must be handled, but those marked as addressable may not be suitable for all businesses managing ePHI. Each business must assess its own situation to determine whether an addressable implementation specification is reasonable and appropriate. Once assessed, the business has to ask themselves:

  • Is the specification reasonable and appropriate? Implement.
  • Is the specification not reasonable or appropriate? Implement an alternate solution that would be.
  • Are there no reasonable and appropriate ways to implement the specification? Do not implement.

All assessments and justifications for not implementing a specification as stated in the security standard must be fully documented.

Reasonable and Appropriate

This is another phrase that appears throughout the Security Rule. Since the Security Rule affects a wide variety of businesses, it was designed with flexibility of approach in mind. Many of its standards and implementation specifications explain what needs to be done but not how to do it. How is left up to the individual business to determine based on its use of ePHI and its environment.

The security standards general rule §164.306(b)(2) explains that when “deciding which security measures to use, a covered entity must take into account the following factors:

  1. The size, complexity, and capabilities of the covered entity.
  2. The covered entity’s technical infrastructure, hardware, and software security capabilities.
  3. The costs of security measures.
  4. The probability and criticality of potential risks to electronic protected health information.”

Flexibility, scalability, and technology neutrality are key features of the Security Rule that allow businesses of any size or function to use the same standards and adjust accordingly to the evolution of technology. It’s important to note that cost alone is not enough of a justification to not implement a security standard. All factors need to be considered together when dealing with addressable specifications.

Security Standards

Before diving into the nitty-gritty of each security standard and the implementation specifications, evaluate what your business already has in place. Some of the requirements may be satisfied by the current security infrastructure. Read all the security standards once to get a feel for what you need to be assessing, then take the time to determine what measures, policies, and hardware already protect your ePHI. Knowing where you stand can save you time and stress while working toward HIPAA compliance.

Below we’ll address each section in a high-level overview and mention some of the important standards you should be aware of. This won’t be a step-by-step breakdown of all the standards and implementation specifications. For that, the Department of Health and Human Services (HHS) produced the HIPAA Security Series papers, which are extremely helpful, as is National Institute of Standards and Technology’s (NIST) An Introductory Resource Guide for Implementing the HIPAA Security Rule.

Administrative Safeguards

Administrative Safeguards make up more than half of all the standards in the Security Rule; however, this is also where many of your current systems might already be established to satisfy the requirements with little to no alterations.

The standards and implementations categorized under Administrative Safeguards involve the process of planning, selecting, and managing a business’s protection of ePHI. This includes, but is not limited to, emergency preparedness plans, policies and procedures, contracts, and employee management and training.

This category is all about knowing what you have, planning for the future, and making sure everyone in the company knows how to enforce the confidentiality, integrity, and availability of ePHI. It’s not enough to simply implement these systems, though. Everything must be documented, accessible to all who need it, tested and reviewed periodically.

Important Standards to Note

Security Management Process §164.308(a)(1): This is the very first standard, and for good reason. Its implementation specifications require a risk analysis and continuous risk management. The information gathered in these steps will help with many of the other standards. The risk analysis can highlight areas of deficiency in your security that might otherwise appear only when a malicious actor finds and exploits it.

There is no single correct way to perform a risk analysis because all businesses have differing needs. If you are looking for where to start, there are many useful guides outlining the risk assessment process. The HHS’s HIPAA Series includes Basics of Risk Analysis and Risk Management, and Appendix E in NIST’s Introduction provides risk assessment guidelines. For a more comprehensive look at risk assessments, NIST also produced a Guide for Conducting Risk Assessments.

hippa risk analysis

Workforce Security §164.308(a)(3) & Security Awareness and Training §164.308(a)(5): These two standards have seven addressable implementation specifications between them. These deal with verifying that employees have the correct access to ePHI according to the duties they perform, and that they are informed on how to protect themselves and ePHI from cybersecurity threats. It also deals with how management handles adding new employees and removing employee access as job duties change or if the employee leaves the company. Both management and employees are responsible in protecting ePHI, but they must be given the knowledge, tools, and policies to do so.

Contingency Plan §164.308(a)(7): This standard includes the creation or revision of several different emergency preparedness plans, including a Data Backup Plan, Disaster Recovery Plan, and Emergency Mode Operation Plan. Besides preparing both management and employees in what to do, who needs to do it, and where resources are in the event of an emergency, this standard also helps assess what hardware or software is critical to the confidentiality, integrity, and availability of ePHI. This allows better prioritization and distribution of limited resources. Such precise knowledge is especially important in facilities that provide direct patient care.

Physical Safeguards

Physical Safeguards deal with the facility, hardware, and other physical mechanisms necessary to protect ePHI, as well as the policies and procedures that regulate them. These can range from locks on doors or security guards in times of disaster to employees logging off before leaving a workstation. If a person could walk into your office and access ePHI, the Physical Safeguards handle how to appropriately plan your security measures according to your needs.

Important Standards to Note

Device and Media Controls §164.310(d)(1): Given the portability of data in the daily functions of modern business, it’s vital that any movable media containing ePHI be strictly logged, tracked, and disposed of when no longer needed. Even one lost USB drive containing ePHI is a breach of the Security Rule. This standard relates to all types of removable media, including laptops, flash drives, CD/DVDs, hard drives, and portable backups. It also deals with the re-use of these materials within the office, which first requires the proper removal and destruction of all ePHI.

Technical Safeguards

Technical Safeguards deal with the technology used to create, access, transmit, and protect ePHI, as well as the policies and procedures that govern it. The Security Rule remains intentionally vague on the specific technology used to fulfill these standards to allow for advances in technology and the changes in security needs against new cyber security threats. This flexibility is also what allows a variety of businesses to handle ePHI and still comply with HIPAA’s Security Rule.

Technical Safeguards address aspects such as user access, hardware and software use, transmitting ePHI digitally, and encryption for various purposes. The Risk Analysis and Risk Management specifications from Administration Safeguards are especially useful in determining the technological needs and policies to enforce.

Important Standards to Note

Integrity §164.312(c)(1): This standard refers directly back to the key phrase confidentiality, integrity, and availability discussed earlier. It’s not enough to protect ePHI from being accessed or transmitted improperly; ePHI must also be protected from improper tampering or destruction of data. Wrong or incomplete information can have drastic effects on patient lives and care, so the ability to authenticate the validity of ePHI is a vital part of its security.

Monitor and Update

A vital part of the Security Rule is not only assessments and creating policies but implementing them so all employees are aware of and following the rules. Systems should be in place to verify that employees receive the necessary training in ePHI security procedures and understand the consequences of not following the policy. Reassessment of policies and re-training of employees should occur periodically so outdated procedures can be re-written for the current threat environment. Cyber threats are ever evolving, so too should ePHI cyber protections.

While the Security Rule may feel a bit daunting, many of its requirements are best practices for any business. Knowing exactly what data you handle, how it’s processed, and who needs access to it provides you with an informed view of your business’s operations. Having a written and tested Disaster Recovery Policy, Contingency Policy, and Continuity of Operations Plan will save you time, money, and stress should an emergency occur.

If you have any HIPAA related questions or need help implementing the Security Rule’s technical standards, contact Anderson Technologies at 314.394.3001 or info@andersontech.com.

Pink phishing lure

Are You Ready to Go Phishing?

Phishing and spear-phishing emails are an ever-present problem to businesses, and the criminals are only getting better at fooling people. Understanding and being able to spot phishing and spear-phishing emails is a vital part of employee training at Anderson Technologies. But reading about how to spot them and actually spotting emails are different things.

Worse yet, the phishing websites those email links go to often appear legitimate, right down to having the secure lock icon in the browser. In their 2018 1st Quarter Report, the Anti-Phishing Working Group notes that “more than a third of phishing attacks [reported to them] were hosted on web sites that had HTTPS and SSL certificates.” They attribute this in part to the fact that consumers believe they can trust all HTTPS sites, or they at least recognize a site without encryption asking for personal or financial information is not secure.

It’s vital to know whether your email is a legitimate business interest or a scam hoping to trap you, but how confident are you to do so? Take our quiz to see if you can tell the difference between a legitimate email and a fake one.

Are you an expert phisherman or just the phish taking the bait?

1.
2.
3.
4.
5.
6.

Hopefully you were an expert phisherman, but if not, it’s not too late to brush up on some basics.

  • Know what you’ve ordered and who your vendors are. If you didn’t order anything from the person, don’t trust their emails.
  • Always check the sender’s address before clicking on links or attachments, even if it looks like a company you trust.
  • Read the email completely before clicking links. Poor grammar or obvious spelling/branding mistakes are key signs of phishing emails.
  • If you’re unsure if an email is really from a company you trust, go to their website manually, not through a link provided in the email. If it’s real, you can look up the information through your account, and if not, you’ve just protected yourself.
  • Don’t panic! Urgent calls for action to avoid loss of service or legal action are meant to upset you. Don’t let them. Read everything carefully and verify there’s a problem by using the service mentioned or calling the company using the number on their website, not in the email.
  • If all else fails, Google it. These emails are widespread and a quick Google search will most likely bring up a hundred different people receiving the same fraudulent email.

If you’d like a refresher course on e-mail safety, contact Anderson Technologies to schedule an employee cyber security training seminar. Reach us by email at info@andersontech.com or by phone at 314.394.3001.

Seven Core Values: The Building Blocks of Anderson Technologies

We strive to be the best in every area of our niche, and that includes our company’s values. Just as your company’s values are important to us, we know that ours are important to you.

Foundationally, these seven core values express the heart of our company, and they guide our team members both in the office and out working with our clients.

Integrity 

Be truthful and demonstrate strong moral principles. Act honestly, lawfully, and honorably. Hold yourself to the highest ethical standards. Accept responsibility for your decisions and actions.

Respect

Exhibit compassion for others by recognizing each person’s views and values in all communication. Be mindful of your interactions and treat everyone as you wish to be treated. Endeavor to provide honest feedback; share opportunities for improvement and give praise when deserved.

Dedication

Show commitment to your work and persistence to see all tasks to the highest standard of completion. Strive for excellence. Apply due diligence and resolve to deliver results that clients appreciate and value. Move quickly past failures and learn from mistakes. Take pride in and ownership for all you create.

Team-Oriented

Work together with colleagues to produce unsurpassed results. Assist in helping everyone engage to the best of their ability. Communicate openly and seek to contribute your value in a way that benefits the entire solution. Foster a collaborative environment with a shared sense of purpose.

Dependable

Strive to be trustworthy and reliable. Demonstrate you can be counted on when needed – whether internally or externally – to assist in achieving goals and delivering solutions.

Initiative

Assess and initiate tasks when opportunities arise. Adapt to spontaneous situations with an eagerness to rise to the occasion and master new challenges. Look for ways to improve processes and develop skills.

Client Focus

Identify each client’s needs, principles, and insights – not just for the work at hand but also for the ways these elements help achieve overall business goals. Appreciate each client’s nuances and apply your knowledge to enable a rewarding partnership. Strive to meet clients’ needs with service and solutions that exceed their expectations.

 

Core values are the building blocks of Anderson Technologies, and they help us provide you with unparalleled service. For more information about how our core values can make a positive impact on your small business, call 314.394.3001 or email us info@andersontech.com.

Cyber Symphony: The St. Louis Children’s Choirs Sings IT Praises

Everyday reliability keeps your business running smoothly. But sometimes situations arise that require an extra layer of dependability. When an important client is visiting or you’re preparing for a major event, the last thing you want to see is the “No Internet Connection” notification at the bottom of your computer. A downed server, network, or website can bring your entire operation to a standstill.

Such was the case with The St. Louis Children’s Choirs (SLCC), a non-profit organization serving around 500 students in the metropolitan area. “We have six different ensembles for students grades one through twelve,” explains Choir Director Dan Mayo. “Based on a combination of age and where a student might be in terms of their musical development, we’ll place them in the best fit ensemble.” SLCC presents four major concerts each year, giving aspiring choral students the opportunity to sing for their communities in settings both small and large, including Powell Hall, the home of the St. Louis Symphony Orchestra.

2018 is an important anniversary year for the organization, so extra fundraising pushes, coordination with alumni, additional concerts, and the milestone 40th-anniversary gala meant more promotion and web traffic than ever. “It’s been a crazy year,” Mayo says. But juggling all the duties associated with a significant anniversary becomes much more difficult if your tools keep breaking.

“We were having issues with server and internet downtime, a lot of phone downtime as well,” Mayo explains. Acting Chief Operating Officer Pam Jones knew Mark and Amy Anderson through a relative and was subscribed to the IT TechWatch newsletter. When SLCC decided to upgrade their IT vendor, Anderson Technologies was a clear contender.

“I was grateful that Mark didn’t come in and just try to sell us on the hype,” Mayo says. “Mark was just an honest guy who came in and told us what he thought we needed to address, and we just got a great vibe from him.” The team’s knowledge and reliability spoke for itself as well. Our managed services experts have tackled all of SLCC’s problem areas with other clients, leaving a track record of success and innovation.

“We felt really confident in the level of work that [Anderson Technologies does],” Mayo recalls. “We just had a feeling that we were going to be in very good hands.” SLCC officially signed on for managed IT services in February 2018.

Learning to Site Read

The most important project Anderson Technologies completed with SLCC was a situation no one expected. When SLCC’s website was hacked in early 2018, Anderson stepped in to mitigate the damage.

Mayo describes the situation as an emergency. “I think somebody got into the back end of the site. So we were like, ‘Once we get our board approval and everything we’re going to go with [Anderson Technologies], but in the interim can you please fix this?’”

SLCC’s previous IT vendor was unable to recover the site from a malware attack, leaving our team to migrate the site to our own hosting servers and restore a backup copy. Anderson Technologies Director, Farica Chang, who has years of experience implementing website security and mitigating malware problems, addressed the attack immediately. Several plugins, pages, and custom icons had been deleted, requiring a piecemeal approach to return the site to its original state.

“[Anderson Technologies] was super responsive,” Mayo says, “really quick on it … turned over every rock, crossed every t, dotted every i to make sure we could get back up to functionality as quickly as possible. That was yet another reason why we were confident to present our board with the information and say, ‘This is going to be a really great pairing.’”

Harmonizing Hardware

What kind of music do you expect to make when your instruments are out of sync and out of tune? SLCC knew it was time for hardware upgrades, but they weren’t sure where to start.

“We needed some new equipment, and we needed some people to think outside of the box a little bit,” Mayo says. “It just didn’t seem to be a priority for the group we worked with previously.” When seeking a new managed services provider, SLCC made hardware innovation a priority.

One aspect in particular SLCC needed updated was their storage methods. “At the time we were keeping large physical hard drives here on site and not really backing them up,” Mayo says. SLCC required a way to store massive media server files and student information in a failsafe, secure way.

Anderson Technologies outfitted the organization with a new backup methodology involving both local and cloud based storage. Two storage methods ensure files are safe in the event of a disaster. “In case we have things like a fire that melts the whole place down, we can actually recover from that type of situation,” Mayo says. “It’s a much better solution.”

Wi-Fi Signal from Flat to Fortissimo

Network reliability is another area of improvement SLCC wanted to focus on. Mayo in particular struggled with the wireless connection in the rehearsal room, an area that also houses his daily office. Spotty internet service and wireless coverage led to big problems like losing valuable work time or dropping calls over their VoIP phone system.

Anderson Technologies installed a Meraki firewall and new wireless access points to extend the range and security of SLCC’s wireless internet. “That’s worked like a dream,” Mayo says. “It’s been great to have [internet and phones] working reliably every day so that we don’t get any situations where we have to shut down the whole office for the whole day.”

Keeping Tempo for 40 More Years

There is nothing more important to SLCC than reliability during their important anniversary year, and Anderson Technologies firmly guaranteed that their system would ease those worries. “You know, ‘The phones are all down, the internet’s down, why are we even here?’ It would all happen at once,” Mayo says. “Part of it is just we were cobbling together some older and/or cheaper pieces of technology to make it work, but we had some weak links in the chain.”

A concise assessment of SLCC’s IT needs combined with a clear timeline of solutions allowed the organization a smooth delivery of their anniversary events without any major hang-ups. Anderson Technologies’ continued partnership with SLCC provides them with the freedom and peace of mind to continue serving St. Louis’s young choral aficionados for another 40 years. “We’ve had the much more stable setup that [Anderson Technologies] promised us,” Mayo states. “It’s definitely worked as advertised.”

For more information about how Anderson Technologies can tune your IT to make sure every note is perfect, contact us here or call 314.394.3001.

3 Key Ingredients of Our Managed Services “Secret Sauce”

Over the past 20-plus years, Anderson Technologies has seen what works really well in the IT industry and what should be avoided. Simply completing a project is the bare minimum needed from your IT partner and shouldn’t be where managed services ends. Along with technical knowledge and skill, three key traits improve the relationship between client and IT team more than any other – excellent communication, logical systemization, and earned trust.

Technical Knowledge and Skill

One of the primary reasons you hire a managed services team is for their technical expertise and they should be capable of handling most any technical challenge you face. This really isn’t a secret! Additionally, dedication to maintaining a high level of technological skill should be key for any IT firm.

It can be difficult to determine if a managed services provider prioritizes technical skills, especially for a small business owner who isn’t familiar with the technology industry, but there are a few clues for the layperson. In addition to checking their history and references, information like certifications, education, and satisfied customers can reveal much about a managed services provider, even before they’re hired.

Fixing what’s broken is the fundamental requirement for any managed services team but when building the Anderson Technologies team, technical knowledge and skill is only the first ingredient we look for, and just the beginning of the “secret sauce” of IT services.

  1. Communication

A huge part of managed services is acting as an interpreter.

Every industry has its own language, whether it’s attorneys, dentists, non-profits, finance, manufacturing, engineering, etc. It’s probably easy to remember an incident when communication was a barrier rather than a bridge. The best managed services providers can explain a problem and its solution in laymen’s terms as well as industry-specific vernacular, and easily translate between the two for clients. Poor communication between system administrator and client makes gathering accurate information and completing a project successfully unnecessarily difficult.

Clear communication is vital to not only providing clients the best service but helping them understand what needs to be done and why it is important.

Hand-in-hand with excellent communication are the systems and processes a managed services provider follows to deliver truly excellent service.

  1. Logical Systemization

A huge part of systemization is establishing ideal methodologies and creating processes and specialized documentation designed to produce consistent, repeatable results. Taking the time to develop these best practices and build a structure around them can be easily overlooked by busy entrepreneurs. Members of an effective managed services team should be enthusiastic about combining technical and communication skills into this vital process documentation. Keeping accurate and detailed records not only helps you, the client, but maintains a consistent level of service throughout the team and ensures requests are resolved quickly and correctly.

Systemization and record keeping aren’t incidental to the best managed IT services teams – it should be built into their approach from the beginning. Included in Anderson Technologies’ managed services plans are an extensive client onboarding process, regularly scheduled proactive maintenance designed to prevent breakdown, periodic audits of client infrastructure, systems for tracking project progress and responding to user support calls.

Process documentation and customized methodologies enhance the performance of managed services providers, and, even more important, the performance of the client.

  1. Earned Trust

For some IT firms, an individual’s technical ability trumps everything else. But the system and network administrators hired to interact with your most confidential data and technological vulnerabilities should be a team you can implicitly trust.

When building our managed services team, Anderson Technologies seeks those who align with our core values: Integrity, Respect, Dedication, Team-Oriented, Dependability, Initiative, and Client Focused.

These qualities are the most important ingredients in our “secret sauce.”  They define our organization’s character, which has been developing over two decades.  It is who we are as a team and what we represent and strive for every day as a company.

The best managed services firm goes beyond that skill to provide service on another level. Excellent communication, logical systemization, and earned trust combine to make the secret sauce that comprises an IT managed service that truly shines.

Anderson Technologies looks forward to sharing our “secret sauce” of managed IT services with you. If you need assistance, call 314.394.3001 or email info@andersontech.com.

IT Glue: Holding the Keys of Your IT Kingdom Together

At Anderson Technologies, your business’s IT security is our highest concern.

To that end, last year we implemented a documentation platform called IT Glue after recognizing the benefits of storing critical information in a single, organized repository. Our team consolidates knowledge, building a shared, encrypted library that helps address your needs better than ever before and ensuring your network isn’t reliant on how well one person can remember details.

What Is IT Glue?

IT Glue is an efficient documentation repository that keeps your relevant IT information readily at hand in a customizable environment. Documentation platforms help managed service providers maintain their internal processes and client credentials.

The website securely stores configurations, domain expirations, contacts, locations, passwords, security specifics, wireless data, backup schedules, and documents in its easy-to-access dashboard. Information is updated as needed by various team members, but controlled access allows the data to be viewed by the client via separate accounts as well.

Another helpful feature of IT Glue is that it easily integrates with other tools IT consultants use—like their PSA (Professional Services Automation) application—with two-way retrieval of data. This ensures information entered in one is automatically synchronized to the other. Too often, clients that Anderson Technologies inherits from other managed service companies arrive with minimal or outdated records. Documentation platforms make record keeping easier and more integrated while strong security implementation keeps the data safe.

Keeping Your Sensitive Information Locked Down

Multifactor Authentication

To login to the secure documentation platform, users must activate multifactor authentication (MFA). After entering a username and password, MFA requires the use of a third-party app configured on a mobile device to generate a single-use, six-digit code that expires after 30 seconds. Once the code is entered, the user is granted access.

Multifactor authentication provides an important added layer of protection to keeps accounts secure by preventing unauthorized logins. If someone has the password but not the MFA device, any login attempt will be unsuccessful. The concept is similar to showing your ID when using a credit card in a store. Secondary verification mitigates the chances of a thief taking your stolen credit card on a mall shopping spree.

Passwords

IT Glue organizes passwords so users can easily access the multiple accounts for websites, email addresses, computer logins, and applications clients use every day. Credentials are organized in a user-friendly way, and URLs can be launched with the passwords populated. This saves valuable time, whether you’re monitoring servers and firewalls or updating a web page. IT Glue allows for granular permission levels as well as user-based permissions and group permissions, allowing contributors to specify who should be able to access each addition to the system.

Legal Compliance

SOC 2 compliance means that IT Glue is audited by a third party and its security and best practices are verified. Among other things, this helps companies comply with HIPAA—an essential for those providing IT consulting services to health organizations.

IT Glue’s website says, “To pass the audit for SOC 2 compliance, IT Glue had to demonstrate best security practices in terms of its physical infrastructure, the software that it uses, the personnel involved in governance, both automated and manual processes used, and data. The audit can only be passed when each of these areas of IT Glue’s system are compliant with SOC 2 standards.”

Organization Equals Efficiency

Efficiency for our IT team means your IT service is more capable with these shared resources – providing resolutions faster and reducing your frustration and down time.

IT Glue’s dashboard allows for speedy access by keeping track of recently accessed data. It also offers two types of searches—organizational and global—which helps our IT professionals quickly find information with just a couple keystrokes. Instant indexing of all uploaded data helps expedite the process for troubleshooting and problem solving.

Anderson Technologies tracks client domains within the system to keep DNS records readily at hand and has configured the platform to send an email alert if a domain is expiring. Our team documents license keys for apps and programs, allowing us to quickly install programs on new computers. IT Glue logs all user access as well as deletions and revision history within the app, providing a full access log for each team member.  By combining this data with a robust feature set, the platform gives us the ability to thoroughly document client information for more efficient service.

The key to achieving the full potential of a process documentation platform is to realize it only manages as much information as you provide it. This means it works best if clients help keep it updated with any changes, such as passwords and other credentials that may be needed in the future.

Elena Estrada, Anderson Technologies’ IT Support Coordinator says, “Whenever we’re notified of a change in the client’s environment, we add that information into IT Glue. Keeping us up to date is essential. When clients fail to share updates with us, it can get confusing. The information stored in IT Glue is only helpful when it’s accurate and current.” An important feature for documentation repositories is input of information by users.

Anderson Technologies is committed to efficient, accurate, and professional service. Using IT Glue as a documentation repository is one of the ways to serve you better. If you would like more information on IT consulting services, call 314.394.3001 or email us info@andersontech.com.

A Dynamic Network for a Dynamic Place: IT Support for a St. Louis Nonprofit

Every system your business uses needs tweaking over time. Employees come and go, technology advances, and you may find yourself facing unexpected issues as you balance your business’s vision with the changing technological tides.

Such was the case for Crown Center for Senior Living, a residential retirement community in St. Louis and one of our managed services clients since January 2018. From its founding over 50 years ago, Crown Center has grown tremendously from its start as a nonprofit affordable housing community for Jewish residents of University City.

“Our main mission is independent living for seniors,” says Theresa Dattilo, Office Manager at Crown Center. “Over the last couple of years, it’s really evolved to be a community center.” The community is an activity hub for more than just its residents. “People in the community can come here and take an exercise class, eat in the café, or take an art class. There’s always people going on trips, people doing gardening,” she explains. “It’s really a dynamic place to be!”

The influx of activities and participants meant that Crown Center relied more than ever on its online means of communication. Reaching a larger group of people required strong cyber security and reliable hardware and connections. It was time to reevaluate their previous approach to IT.

Choosing an IT Company

Before Crown Center partnered with Anderson Technologies, they’d been with the same company for ten years. “I think our needs evolved over time,” Dattilo says, “and we found they weren’t meeting our needs anymore.”

Crown Center’s server and firewall weren’t being updated, which can create network security holes on top of reducing hardware functionality. Their IT support line offered help when necessary, but Crown Center needed more than just a break/fix approach. They started looking for someone who would take ownership over their infrastructure.

“We took a pretty long time to decide which company to go with,” Dattilo admits. After narrowing the proposals down to six companies (Anderson Technologies included), it was difficult to compare them and decide which would be the best fit for Crown Center. “While I did that, Mark [Anderson] had called me a few times just to check in…. He wasn’t being a pest or anything but wanted to see if we needed any other information. That was helpful.”

But how Anderson Technologies really impressed Crown Center was through proactivity. By offering to conduct a thorough infrastructure audit “Anderson did something that no other company did,” Dattilo says. “It gave us a lot of good information about the status of our security and how our backups are working and the hardware, our remote access.” Offering an infrastructure audit with no strings attached—and making sure Crown Center fully understood their technology needs—made Anderson Technologies the clear choice for IT support.

Bolstering the Firewall

The first project on Crown Center’s to-do list was tackling their outdated firewall. Firewalls are a business’s first line of defense, but many users fail to realize they need to be monitored, maintained, and updated in order to work most effectively. The firewall established by Crown Center’s previous IT support company hadn’t been regularly updated, wasn’t running any type of internet content filtering, and didn’t provide the granular reporting data necessary to quickly detect network activity. This left any machine with internet access more vulnerable to malicious sites and programs.

Also, the team was unfamiliar with the firewall manufacturer. “I was a little concerned because they said they had never heard of it,” Dattilo says. “You know most of the tech people all use the same equipment, or they at least know the name of it.”

Anderson recommended a new Meraki firewall, a trusted name in enterprise-grade security. This cloud-based management system makes maintaining cyber security and providing IT support easier for our managed services team. “Now that we’re getting updates as they’re released by Meraki, we’re not worried about any security issues,” Dattilo says. “We know that they’re watching.”

Reconnecting with Wireless

Crown Center officially became an Anderson Technologies client at the beginning of the year, which meant tax season was approaching. This made their connection issues that much more urgent. “Every year,” Dattilo explains, “we have about six to eight people from AARP that come here to do taxes. They do taxes for the community and for our residents. Every year, they have connection issues.” Each AARP representative used their own computers, all with varying operating systems and update schedules.

Anderson sent in reinforcements to help during this time. Joseph Baker, Anderson Technologies’ System Administrator, spent a couple of days at Crown Center providing onsite IT support for the visitors from AARP. Dattilo was grateful to see their connection issues finally resolved: “I had someone who was going to take care of these people instead of them all just looking at me saying ‘I can’t get the internet.’”

Since then, Anderson replaced Crown Center’s Wi-Fi networking equipment with four new wireless access points that provide reliable connections for the entire facility. Crown Center gratefully acknowledged our onsite IT support in their time of need. “It really gave me a sense that these people are being taken care of, we’re being taken care of, and that our partnership with AARP was important, and the community members who signed up to get their taxes done were able to get them done,” says Dattilo.

Sprucing Up Hardware and Software

One technological issue that often catches our clients by surprise is how quickly hardware and software become obsolete. Many organizations budget for equipment upgrades but struggle to know when and where to implement those changes. “Each year we replace about three to five computers,” Dattilo says. Even though she keeps an updated spreadsheet of the staff’s machine specs, it’s not always easy to know which computers take priority.

Taking into account Crown Center’s budget and planning, Anderson Technologies put in place a system to replace a portion of the facility’s computers every year as a part of the managed services contract. “That’s a great feature,” says Dattilo. “That way we have new technology, and nobody’s computer is going to be more than five years old.” She’s currently working with Senior System Administrator Eric Dischert to decide the best placement for Crown Center’s new hardware for this year.

Along with complete IT support, St. Louis’s Anderson Technologies experts are always scouting out current tech news so our clients can benefit from technological advances as soon as possible. Crown Center had always purchased their software licenses from a retailer that offered discounted rates for nonprofit organizations. However, when Crown Center applied to upgrade their computers from Microsoft Office 2010 to Office 2016, Microsoft had changed their volume license qualification criteria and denied their application.

Software licenses are an expensive investment for most organizations. “We worked every angle we thought we could work,” Dattilo recalls. “That’s been a tricky thing to navigate.” To provide the staff with up-to-date software on a reasonable budget, Dischert worked to acquire five licenses and found an alternate solution.

The Best IT Support St. Louis Has to Offer

Anderson Technologies remains committed to Crown Center’s mission and priorities as it continues to cross projects off Crown Center’s checklist. Crown Center’s approach to IT called for a managed services provider that would hold themselves accountable for balancing innovation with functionality and budget. “We’re never going to be the first organization to try a new technology, but we don’t want to be the last one either,” reflects Dattilo. “I’d say we’d like to see what the early adopters discover, let the bugs get ironed out, and then we would jump in and start to have one or two people try something new.”

Recognizing this, Anderson Technologies’ focus has been and continues to be engaged, proactive service. Projects like hosting Crown Center’s website allow staff to focus on the community instead of worrying about what happens if their online communication becomes unreachable.

Dattilo has always been the go-to staff member for issues like these, so the convenience of both on-site and remote IT support alleviates her role as the tech support middleman. “Before if people contacted me I would be the contact with our old IT company because we had so many hours a month that we were charged for,” she explains. “I wanted to make sure that we were [only] charged for important issues. Now if there’s an issue I have them call you guys because there’s a record of it, and I don’t have to be the contact anymore. It’s very helpful.”

Not only does Crown Center’s nonprofit mission enrich the lives of the 300+ families they serve—it satisfies a need for engagement in St. Louis’s community. Anderson Technologies is proud to play a part in this organization’s important service. “You guys have brought some good technology to the table,” Dattilo says, “and we’re glad to be one of your clients.”

For more information about how Anderson Technologies can revolutionize your organization’s IT infrastructure, sign up for a free consultation or call us at 314.394.3001.