Contact Us Today!   314.394.3001   |   info@andersontech.com

2020 Cyber Security Essentials Checklist

/in , , /by

The start of a new decade brings a sense of changing times and new beginnings. For your cyber security, it marks a good time to review how the state of cyber threats has changed since the time of Y2K or the 2013 Yahoo data breach. With the evolving threats and methods deployed in cyber crime, basic security standards have also progressed to keep your network safe. Do you know the basic security measures you should take to protect your business in 2020?

Download your copy of Anderson Technologies’ Cyber Security Essentials Checklist for 2020!

Verify everything!

We’ve talked before about the Zero Trust model for IT security. Even if you aren’t ready to bring your entire IT architecture up to Zero Trust standards, several of its security measures are now common-sense protections against modern cyber threats.

MFA

Multifactor Authentication (MFA) is quickly becoming the gold standard for preventing unauthorized access to your systems. In an age of Have I Been Pwned’s free credential checking and the all-too-often reuse of passwords, the question is no longer if your usernames and passwords have been stolen, but when and which ones.

MFA is the most basic way to prevent someone with stolen credentials from accessing your systems, and comes in various iterations, from an email or text code to authentication apps and security dongles like or RSA SecurID tokens. It’s a simple measure that ensures the bad actor needs more than a stolen credential to compromise your systems.

Access Controls: Minimum Necessary Use (Need to Know)

The days of free access within an organization are over. Clearly defining user roles and necessary access permissions is essential. There’s no reason for an intern to have the same access to your systems as the office manager or IT staff. Segmenting user access to the minimum necessary for their job performance means that if one employee is compromised, the bad actor won’t be able to reach every part of your business.

Stop Viruses and Malware in Their Tracks!

It’s common knowledge that anti-virus and anti-malware are required in this day and age, but remember that if your software firewall or anti-virus program catches an intrusion, the threat has already made it into your systems.

Know Your Hardware

Businesses need to understand the difference between a hardware firewall and a software firewall. You need to have the best protection against cyber threats, but many business owners don’t realize they are missing the necessary hardware firewall. Go to your IT closet and take a close look. Can you identify your modem, router, and hardware firewall? They are three different pieces of equipment, and if you aren’t sure which is which, talk to your IT staff or MSP to make sure all three are in place and properly configured for maximum protection and minimum interference.

Training and Filters

Firewalls and anti-virus programs won’t be of much use if an employee clicks a link in a phishing email and lets the bad actors in. Blacklisting certain websites and installing email filters like Proofpoint are great first steps for keeping malicious links and emails from getting through, but the biggest way to prevent phishing is training your employees how to recognize it. These tactics are too prevalent not to invest in comprehensive employee training.

Update! Update! Update!

Nothing invites bad actors into your systems like an unpatched computer, such as Windows 7 which stops receiving updates after January 14, 2020. Security updates are not just slight improvements; they often fix known bugs and zero-day threats that bad actors can use to infiltrate or bypass the implemented security safeguards. Without keeping up to date with your security updates, criminals can exploit unpatched vulnerabilities to breach your security and either install malware on or extract valuable and private information from your systems. So, when an update appears, make sure it gets installed right away and upgrade un-supported software as soon as possible.

Be Prepared for a Breach

The era of small businesses being too little to be profitable to hackers is long gone. Small, medium, and large business are all targets for cyber criminals and it’s essential to think not in terms of if you are breached, but when you are breached. How can you mitigate the risk or minimize the damage a breach could do to your business?

Backups

No business in 2020 should be without comprehensive and secure daily backups of their IT systems. Properly configured and tested backups are your insurance against ransomware and natural disasters. If you know you can restore all your data effectively and quickly from backups, there’s no need to pay a ransom for the hope you can get all your data back.

But don’t just grab the first out-of-the-box backup solution you find. Make sure your backup provider doesn’t keep only one iteration, meaning if your backup gets infected, you have no other options. Configure the solution correctly to back up all the information you need.

Encryption

If you are in a HIPAA-regulated industry, encryption is not optional. It’s the best way to prevent unauthorized breaches when mobile devices and laptops are lost or stolen. A properly encrypted laptop lost on a business trip isn’t a breach even if ePHI is on it, since the encryption prevents anyone who finds the machine from accessing the data.

Encryption is a good idea for any business that uses laptop and mobile devices for work purposes. The last thing you need is someone finding a lost phone or laptop and suddenly having access to sensitive business information or programs.

The Daily Routine

Sometimes it’s the little things that end up being the source of a cyber intrusion. These security measures may seem like common sense, but that doesn’t mean you shouldn’t have a clear policy for them. Failure to follow basic procedures everyday can open the door for cyber criminals.

Passwords and Password Managers

Reusing or only making minor alterations to passwords across applications is a major problem. Too many passwords are hard to keep straight, but people struggle even more to remember secure randomized passwords. This can lead to the worst-case scenario of employees writing down passwords that anyone could find. Having a long phrase or sentence the employee can remember is best practice, but if you have a lot of programs that require passwords, you don’t want employees using only one across the board.

Password managers like Myki or LastPass are a great solution to this problem. Employees can create the long, randomized alpha-numeric passwords, which are considered most secure, without the need to write them down or repeat the same password over and over. These services also provide apps for mobile phones so employees don’t need to be at the desk to access their passwords.

Screenlocks

Not every company institutes a screenlock timeout procedure for their business, but it’s a simple and effective security measure, especially if parts of your business are open to the public (HIPAA requires it). Even if you don’t have any public areas, screenlock policies can prevent insider threats from gaining access to an employee’s computer or information simply because they forgot to lock the computer before they left their desk. Make sure the screenlock requires a password and isn’t delayed to the point it’s useless to protect your information.

If you don’t have these basic policies and procedures in place, it may be time to re-evaluate the security measures you are using. Were they created for a different time and threat landscape? Can they continue to protect you against modern cyber crime? If not, it’s time to step up your basic security measures and stop criminals before they sneak into your business.

 

If you need help determining if your current security measures are adequate to protect your business, contact us today for a free consultation!

Robots? Working with Me? It’s More Likely Than You Think

/in , , /by

Remember Roomba? Maybe you have one, zipping around your home, getting caught under furniture and amidst wires. That seemingly simple machine, armed with programming and dust-sucking, became seamlessly integrated in the lives of millions. But even at the height of the Roomba revolution, there wasn’t a lot of talk about smart vacuums stealing our jobs or taking over our homes.

Everyone is fascinated with artificial intelligence right now. It is hard to deny the buzzword power of the term. Tinged with fear or awe, AI often feels like the answer to everything—or our impending downfall.

The reality is far from either. As it stands now, AI like the programming in Roomba, or Roomba’s grown-up relatives found at Walmart and Giant Foods, is a powerful tool. Limited to specific tasks or deep learning, AI may just be the best coworker you’ve ever had.

Is AI Coming for Our Jobs?

Here’s the truth: For employees whose primary job function may easily be replaced by single-task AI, the job hunt may be on. Computer-screen ordering interfaces and shipment-sorters may in fact reduce hours for the humans who previously held those positions and others like them. Fortunately, many businesses are utilizing AI as an opportunity to free their employees for more complex and customer-facing tasks.

For every job that might be eliminated or reduced, there are many more that just don’t work without human hands and minds.

And because thankless tasks are becoming automated, human workers can now spend their time and energy immersed in the more creative aspects of their jobs.

AI and IT: Working Together for You

It may not surprise you to learn that IT is currently the field most welcoming to our AI coworkers. For IT managed services firms that balance the cutting edge with enhanced security, a cautious approach still finds that within specific, defined roles, AI provides valuable services.

Tools like firewalls, antivirus, and remote monitoring, among others, are IT staples that frequently employ AI. There is a firewall AI, for example, that can be programmed to track traffic patterns (volume, uploads and downloads, behavior on websites), and if something appears contrary to what has been deemed “normal” patterns, the associated software can automatically isolate a user’s workstation and alert a human team member that there has been a potential compromise.

Deployed on a larger scale, this type of monitoring and pattern-detecting AI frees IT professionals from manually watching the same traffic. This means billing hours go to solving problems and providing meaningful solutions instead of wondering if a large file download is suspicious.

AI also has the potential to detect patterns and flag issues that human experts can’t identify themselves. Given data sets and known problems, machine-learning AI may move the IT industry into truly predictive safeguards. If used widely, this could mean no more frantic break-fix calls after hours because AI team members have long since identified the developing issue, and human counterparts have already fixed it.

AI as part of a managed services offering doesn’t have to feel inhuman. As a tool utilized by humans in order to provide an enhanced, fuller package of IT services, AI improves experiences.

 

Do you have questions about AI and what it could do to improve your business’s IT systems and cyber security? Call Anderson Technologies today at 314.394.3001 or send us an email at info@andersontech.com.

Should You Break Up with Your MSP?

/in , /by

How one St. Louis practice shed an underperforming MSP and questions to ask so you don’t end up in the same situation


Relationship challenges occasionally happen, even between businesses.

It’s frustrating when a potential vendor promises epic solutions to all your problems, but over the course of months or years prove themselves not up to the task. This was the case for M. C., owner of a St. Louis healthcare practice. She recently sought the help of Anderson Technologies to replace her managed services provider of over a decade. “I was pretty loyal to them,” M. C. says, “but it was nightmare after nightmare for ten years.”

A self-described workaholic, M. C. didn’t have time to spend worrying about the technology that carried her practice. “IT is the skeleton of [most] businesses in America today. If you don’t have it, then your practice has no skeleton. It’s just a floppy amoeba.” Much like the revenue lost during business downtime, time wasted waiting for computers to meet performance expectations or techs to return your phone call is a drain on your business’s resources.

Your managed services provider (MSP) should be working with you, not against you. According to M. C., an MSP and the work they do for your business should feel like “a blessing from God.” Here are four questions you should be asking to determine whether or not your MSP relationship is benefiting your business.

  1. Are they professional? Can I unequivocally trust them in my office and home?

M.C.’s relationship with her former MSP started with a trusted colleague’s recommendation. System administrators were in and out of her office and home, providing service on her internal systems and home workstations for remote connectivity. Her practice used specific programs and hardware daily. It was essential that these functions were reliable and safe for patients.

“Anyone with an EMR [electronic medical records] system really needs to have the best IT possible,” M. C. says.

If you don’t have good IT, you’re out of luck.”

It was when M. C. needed to move her practice to a new location that she realized how many problems the vendor had overlooked or, in some cases, caused.

“I had just spent $10k getting all new computers and they still weren’t working,” M. C. recalls. “They recommended that I change phone systems to save money, but what they actually did is cut out my fax and the phone situation just got worse.” These issues surfaced when one of M. C.’s employees pointed out that on the day of the install, the MSP only spent ten minutes on-site. Along with a few other questionable interactions with the MSP’s team at her home, M. C. began to lose complete trust.

  1. Are they communicating effectively?

After M. C. realized the extent of her technical problems, she reached out to the owner of the company, a person she felt she could trust. However, the owner wouldn’t acknowledge that his employees had been careless and made mistakes.

Aside from her annoyance with the work the company did do, it was often difficult to reach help during her early and long work hours. “I was at the point where I had to demand they come and fix things,” M. C. says. Communication breakdown reached a head when M. C. contacted the owner once more, only to be berated. “I had spent thousands of dollars at this point, and all he had to say was, ‘Why are you bothering me? You’re a demanding client.’”

  1. Are they taking ownership of their work and keeping detailed records of all solutions?

One reason problems weren’t getting resolved was because the MSP seemed very unorganized. Every time M. C. or one of her employees contacted the company about a problem, they acted like they had never stepped foot in the office, let alone replaced all the hardware.

“Troubleshooting was nearly impossible,” M. C. says. “After ten years they knew nothing. No organization, no blueprints of what I had, what went where.” The company also constantly insisted on upgrades to the practice’s hardware, but would replace them with old computers that were clearly used and not up to enterprise standards. Hardware replacement policies are a common MSP requirement, but the level of disorganization around the “new” computers they were recommending seemed suspicious. “It’s like there were no records of any improvements or work done.”

Mark Anderson stresses with importance of industry software and documentation with Business News Daily.

  1. Are they keeping their promises?

It took ten long years for M. C. to face the facts: her business relationship with her MSP was no longer serving her well. The promises the MSP made at the beginning of their partnership had never been realized. “My practice’s management system was still getting popups and crashing, computers were still slow and congested, we still had outdated hardware, no fax, scanners, or remote connectivity,” M. C. describes. “Systems were still so slow, and even slower when working remotely.”

She felt the managed services company took advantage of her, taking her money and then slapping Band-Aids on problems to conceal the bigger issues. “I was nervous spending the money to start over,” M. C. says. “It’s like getting divorced and finding someone new. For ten years I had the patience of Job, but I think it wasn’t really patience—I was just scared.”

Thankfully, she reached out to Anderson Technologies, which was able to quickly extinguish the immediate fires. “Once Anderson took over, 99% of the problems went away immediately.” Instead of making huge promises at the beginning of the partnership, Mark Anderson and the team developed a strategic action plan to implement long-term improvements.

Anderson Tech is reachable, affable, quick, professional,” M. C. says. “It’s been nothing but professionalism and action, ‘true to their word’ situations. I have never gone this long in my ten years where I didn’t have a problem.”

Now that M. C.’s IT infrastructure is efficient, reliable, and secure, she can focus on her clients and allowing her business to really grow over the next ten years. Thousands of dollars and a decade of frustration later, M. C.’s practice is building a new relationship with Anderson Technologies: “I wish I had met you ten years ago!”

 

To find out more about reevaluating your IT partnership, give Anderson Technologies a call today. We can be reached at 314.394.3001, and look forward to hearing from you.

Downtime Lifeline: One Law Firm’s Battle with Outdated Tech

/in , , /by

When companies, non-profits, or entire city governments find themselves victims of cyber crime, it can feel like they’re frozen as the world moves on around them. This feeling, to a lesser degree, might also come as you’re sitting in front of your office computer every morning, twiddling your thumbs waiting for it to boot up so you can finally start your work day.

Ransomware looms as one of the biggest business tech threats of 2019. Organizations of all sizes are finding themselves in the cross-hairs of cyber crime actors who seek high payouts from insurance agencies and panicked data hostages. Why are some companies so quick to pay off the ransom?

Too often it’s the fear of downtime, or money lost while hackers obstruct you from your data and your business’s day-to-day operations. However, while ransomware dominates the tech industry news, a much more common and avoidable cause of downtime significantly affects organizations without raising alarms—outdated technology. A minute lost every time you try to access a file or launch your internet browser adds up quickly over the course of days and weeks. These wasted (and often-unnoticed) minutes can mean thousands in lost revenue for your company.

Let’s explore the real-life implications of business downtime due to hardware and software that has long been ready to be replaced. Luke Bragg, Lead System Administrator at Anderson Technologies, witnessed this firsthand.

Efficient Until Obsolete

A St. Louis business law firm reached out to Anderson Technologies in 2018 for help. Their old server was dying. It hadn’t been patched or updated in over a year, leaving it vulnerable to ransomware and other cyber attacks.

“Security was a major concern,” Bragg says. Slow speeds and cyber vulnerabilities were starting to impact the firm’s daily operations. Days after contacting us for help, the firm’s aging server experienced a catastrophic system failure and died altogether: “The server completely failed, and we had to keep them functional on emergency hardware while we put a new server in place.” Thankfully, the failure wasn’t caused by ransomware or another cyber attack, but the law firm felt how close they came to experiencing futile downtime.

Read more about the effects of downtime on a business here!

Downtime can be detrimental to any business, but some may feel the effects more strongly than others. Law firms constantly collaborate with other businesses and clients, as well as government organizations and the judicial system. Timing can be what makes or breaks a potential account. “Every business is different in how much downtime they can tolerate,” Bragg explains.

“This is a law firm, so their workflow is very critical with very little room for outages.”

Tell Old Tech to R.I.P. (Replace Itself Promptly)

The crashed server was a wake-up call, and acted as a jumping-off point for replacing more of the firm’s outdated hardware. Their workstations and wireless network benefited from a sprucing up as well.

Aside from the obvious security breaches, law firms and all kinds of other organizations suffer from negative effects of downtime due to antiquated tech. Employee productivity suffers when hardware is sluggish or undependable. Similarly, websites that aren’t mobile-optimized or user-friendly could turn away potential clients and impact your company’s digital presence.

Law firms especially run ethical risks when using outdated technology. “Technological competence” is a modern addition to the American Bar Association’s Model Rule 1.1. The last thing a law firm wants is a law suit because negligent treatment of the devices they use every day caused harm to a client. A big part of the work Anderson Technologies did for this law firm involved maintaining uptime and strengthening security during the hardware upgrade.

“Law firms tend to have constant workflows that are time sensitive,” Bragg says. “The key to success is being extremely detailed and properly communicating every step with the client so that scheduled downtime for things like network upgrades or system replacements is properly planned and the client’s expectations are factored into the equation.”

Anderson Technologies is now focused on replacing the firm’s outdated Windows 7 machines before the January 14, 2020, end of life deadline. “No other major projects are on the horizon at this point,” Bragg says, and the firm can rest easy knowing their new server is secure.

Businesses in need of a top-notch attorney wouldn’t wait until the last minute to seek out critical legal advice.  Similarly, this St. Louis law firm discovered the value of employing knowledgeable and proactive IT experts well before the threat of downtime surfaced.

 

You don’t want to find yourself drowning in downtime because of outdated technology equipment. To find out if your business could use a tune up, contact Anderson Technologies today.

5 Fraud Trends and How to Beat Them: Top Tips to Implement for Cyber Security Awareness Month

/in , , , /by

Every October, Cyber Security Awareness Month is a time to learn, assess, and make changes to protect yourself and your business from the latest, most sophisticated dangers. Beyond damages to reputation and production, monetary costs from cyber crime add up in the billions of dollars.

Stay safe and aware this October. Here are five fraud trends that you’ll want to know:

Fabrication

Synthetic identity fraud is a cyber crime long game. First, a hacker procures a social security number by theft or purchase on the Dark Web, and then fabricates an associated name, DOB, email account, or phone number. From there, the fake identity is legitimized and nurtured.

Once a fraudster is able to become an authorized user for lines of credit, a process that typically takes 5 months, the “bust-out” is ready to be executed. This leaves creditors and businesses with dummy accounts filled with credit card maximums, loans, and cell phone/utility plans.

Ransomware

Ransomware can send chills down the spine of any business owner, and for good reason.

Two cities in Florida were forced to pay over a million dollars in aggregate bitcoin ransom after losing access to phone and email systems for multiple weeks. A quick glance at data breach headlines on any given week will reveal SMB attacks as well. Ultimately, ransomware boils down to economics, and it will require a concerted effort by organizations to shift the paradigm, refuse to pay criminals, and protect data before attacks.

Business Email Compromise (BEC)

A sophisticated scam, BEC targets anyone who regularly processes requests for electronic fund transfers. The scammer compromises an email account through phishing or intrusion tactics and requests that transfers of funds or personal information such as W2 forms be sent immediately.

Because the request comes from a familiar face, and may even be routine, this scam is highly effective—and very expensive. As of July 2019, total dollar loss has exceeded $26 billion.

Account Takeover (ATO)

The commoditization of crimeware and “spray-and-pray” techniques have led to a higher frequency in breaches, many of which are executed by non-sophisticated hackers. Solving ATO fraud at the small and medium business level in today’s world requires purpose-driven teams and technologies that can protect your business in a smarter, more efficient way.

Dark Web

Security researchers estimate that in the first half of this year alone, over 23 million credit and debit card details were being sold in underground forums. What’s worse, nearly two out of every three originated in the United States (64%), followed by the UK (7%) and India (4%). Once such data dumps hit the Dark Web, cyber criminals will exchange stolen information and credentials in order to orchestrate damaging fraud schemes.

Now that you know some of the trends in cyber crime, here are several helpful solutions.

Guard yourself and your business against these threats. Here are our Top 12 Cyber Security Tips:

  1. Involve all stakeholders in raising cyber security awareness across your organization.
  2. Backup key data regularly and perform scheduled test restores to ensure their integrity.
  3. Enable multi-factor authentication company-wide and establish and enforce an appropriate password policy for all users.
  4. Install enterprise-grade anti-malware and spam-filtering solutions with anti-phishing capabilities across your network.
  5. Leverage internet content filtering to block phishy websites.
  6. Prepare for cryptojacking attacks.
  7. Purchase SMB security suites that include Dark Web monitoring.
  8. Assess your organization’s cyber security policies and procedures and review annually.
  9. Ensure that all third-party partners have cyber security protocols and policies in place.
  10. Build a cyber security incident response plan and democratize key information.
  11. Bind an appropriate level of cyber security insurance to cover your company in case of a breach
  12. Partner up with expert managed IT services providers to train your employees and implement the above.

Awareness and action go hand in hand. This Cyber Security Awareness Month, contact Anderson Technologies to protect your business from the newest threats, and enhance business functions every day.

Don’t Wait for Your IT Infrastructure to Break Down

/in , , /by

5 Benefits of an Annual Network Tune-up!

The importance of performing a network security audit can’t be overstated, but don’t be fooled into thinking network security is a one-time event. Just like you need to bring your car to a mechanic for a tune up, a yearly network security audit keeps your infrastructure running smoothly and allows your managed services provider (MSP) a chance to look at what’s going on beneath the hood. Better to keep everything running smoothly so problems can’t lurk unseen.

What is a Network Security Audit?

An initial network security audit provides a baseline for the status of your IT infrastructure, what is doing well, where the holes are, and allows you to get in front of any issues that could compromise your systems. Forgetting to fix a known vulnerability could cost you time and money if cyber criminals find and exploit it.

What exactly does a network security audit do? When performed by a professional IT firm, physical processes combine with state-of-the-art software solutions to assess the quality and security of your network. This means reviewing not only your IT systems for digital vulnerabilities but also walking through your physical work space to make sure hardware isn’t set up in a way that would decrease efficiency or be hazardous (such as plugging a space heater into the same surge protector as a computer).

A thorough network security audit should include a review of your business’s

  • firewall,
  • anti-virus and anti-malware software,
  • web and electronic communication filtering,
  • Active Directory environment,
  • password policies,
  • backups and disaster recovery policies,
  • and include an in-person assessment.

Five Benefits of an Annual Network Security Audit

As important as the initial security audit is, performing regular audits each year provides you with additional insights that can keep you moving forward in a secure and productive manner. Below are the top five benefits of performing an annual security audit.

  1. Assess how well you’ve addressed last year’s problems.

A network security audit is useless unless the issues it reveals are addressed. By performing an annual audit, you can compare where you were the year before with where you are now to see what systems improved and what still requires attention.

Have all your planned policies and IT practices been implemented? Did the fixes you put in place successfully mitigate the previous year’s problems? An annual security audit serves as benchmark to the condition and maintenance of your business’s IT environment.

  1. Review your security vulnerability analysis with your MSP or IT department.

As part of a thorough audit, your MSP or IT department should use specialized software to probe all the nooks and crannies of your network to search for vulnerabilities. But simply performing the audit isn’t enough. An annual review of your network security audit with your MSP or IT staff allows you to go over the security vulnerability scans each year and look at any reoccurring failures. By discussing the results together, you can work to find the underlying reason for any trends you find. Sometimes the problem revealed is actually a symptom of a much larger issue.

  1. Prioritize your technology needs for the next year.

IT security and maintenance can be expensive, especially when technology changes happen outside of your control, such as Windows 7 reaching end-of-life on January 14, 2020. An annual network security audit is a chance for your MSP or IT staff to discuss what needs to be done in the coming year, and more importantly when it needs to be done, so you can prepare accordingly.

  1. Address the nitty gritty details of IT management.

As part of an annual audit, your MSP or IT staff should review the state of your hardware, Active Directory for any overlooked users who have left the company, and the configurations of permissions to your systems. These are basic issues that  sometimes get lost amidst the pressing everyday IT issues that arise. Having a dedicated time to check foundational elements keeps your IT infrastructure productive and secure.

  1. Provide feedback to your MSP or IT department and keep the dialogue open.

IT security may feel like it lives solely in the realm of IT professionals, but it requires two-way communication to remain effective. An annual network security audit is an effective mechanism to open a dialogue with your MSP or IT staff and address any concerns you have. The annual audit is a great place to discuss what’s working and what’s not that so all your IT needs are met in the way your business requires.

 

Don’t wait too long to tune up your IT systems with an annual network security audit. You can’t fix a problem you don’t know exists, and cyber attacks get more sophisticated each day. A look under the hood every now and then offers more than solutions to your problems—it offers peace of mind.

For managed services clients of Anderson Technologies, a network security audit is performed annually. If you want help with a network security audit, contact us today for a free consultation.

Plan for Natural Disaster: Small Businesses in St. Louis

/in , , /by

St. Louis, Missouri, known as the Gateway to the West, is well-loved by its residents for a variety of reasons that make it a great location for businesses and home to their employees. St. Louisans love their sports teams (Congrats to our NHL Stanley Cup CHAMPIONS!) and are proud hosts of the famous, award-winning St. Louis Zoo and other free attractions in Forest Park, such as the History and Art Museums. Situated in the northernmost Ozark foothills, the city also has a lovely, rolling landscape and is close to many state parks.

St. Louis ranks on many best-of lists across the nation, including:

  • One of the “Top 100 Best Places to Live” for 2019 (livability.com)
  • Number 2 of the “10 Best Cities for Entrepreneurs 2019” (fitsmallbusiness.com)
  • One of the “Top 10 Rising Cities For Startups” in 2018 (forbes.com)
  • Number 2 of the 2018 list of “Best Cities for Jobs” (glassdoor.com)
  • Number 1 on the “25 U.S. Cities That Millennials Can Afford – and Actually Want to Live In” for 2018 (thepennyhoarder.com)
  • The Number 2 “Food City” in the United States (Yelp, reported by riverfronttimes.com)

These rankings paint an appropriately pleasant and prosperous picture of St. Louis! However, businesses looking for a home in this city should know that St. Louis has a long history of natural disasters because of its location.

The Mississippi and Missouri Rivers often become overburdened from heavy deluges in the north, which doesn’t help the fact that St. Louis is tucked into the eastern edge of Tornado Alley. The city often feels the effects of blizzards, hurricanes, and even earthquakes. This unique set of natural factors is something business owners and technology teams must consider ­in their disaster preparedness planning, to keep business running no matter what nature has in store.

IT Backup in St. Louis

Disaster planning is a critical part of your business’s backup process. This process is outlined in HIPAA regulations, but is important for every business and organization, whether HIPAA compliant or not. When you begin to design your plan, you must think from every angle of your business, not just the IT side. How will your business prepare for a disaster? What physical aspects could be affected? How will your business implement measures once a disaster has happened? And what steps will your business need to take to recover? When creating a plan, identify all things that can happen, determine the likelihood that they will happen, and tailor the overall risk to your St. Louis-specific location.

For your IT, you’ll want to document your network and computer infrastructure configuration and safeguard your equipment prior to a disaster. You’ll also want to make sure you have a two-fold backup system, with one being a physical backup stored at a safe location and one being a cloud backup. An essential for every business is insurance, both for the physical location and for digital data loss. With a disaster plan in place, you’ll be well on your way through disaster recovery, even before a disaster happens.

In addition, you should regularly test your backups and make sure the full-recovery test is successful just in case of that dreaded emergency.

Read more about disaster planning, recovery, and managed tech services for your St. Louis business!

But what natural forces specifically impact St. Louis businesses and should always factor in their disaster planning?

Flooding

Are you located in or near a flood plain? Recent major flooding in Missouri shows flooding in the last few years has exceeded the anticipated 100-year and 500-year flood levels. This should be a concern for any business located in one, and flood insurance should be obtained. Rivers notoriously breach their banks, and the Missouri River is especially unpredictable.

Originally, the Missouri was much, much wider. However, over the years, engineers funneled it into a narrower, deeper, stronger river to be used for commerce. Being a body of water, it will always try to retake the “bottom land” engineers during the New Deal era salvaged from it.

The Mississippi River is no less dangerous. As the biggest river in the United States, it has many tributaries, and by the time it travels through the St. Louis metro area, it can be swollen with excess water from the north—rain, ice, and melted snowpack. Just this year, the Mississippi has caused $12 billion in flood damage.

Floods generally provide a little more preparation time than tornadoes do, but there’s never enough time when an emergency is at hand. Don’t use warning time to procrastinate preparation. Part of disaster recovery is disaster preparedness. What steps can your business take when flood waters loom? How can you mitigate potential future loss?

Tornadoes

If the location of your company is at risk of tornadoes or very high winds, you’ll want to tailor your protection for that. Unlike floods, tornadoes can affect areas far beyond the actual funnel, with winds tearing off roofs and flipping vehicles and structures.

Most tornadoes in the St. Louis area don’t make it into the city itself, but across the county and surrounding flatlands businesses have seen the brutal effects of tornadoes touching down.

With this in mind, storing backups digitally in the cloud is imperative. If a tornado blasts through your area and carries the entire office away with it, you’ll need a place to start. Having data properly and securely backed to the cloud will ensure that your business can start up again in any location, or that you can do something as simple as contact clients from a laptop to alert them to your circumstances.

Blizzards, Earthquakes, and Hurricane Effects

The Midwest routinely receives the effects of hurricanes from the Gulf of Mexico and the sub-zero temperatures blown in from the north. Every now and then, twelve inches of snow will fall or a gale will blow through that knocks out power to a good portion of the community. Are you ready for no electricity at the office? How will your business plan for unsafe travel conditions, or below-zero temperatures when ice knocks down the powerlines?

Missouri is also known for its massive earthquake in 1812 that is thought to be one of the worst the United States has ever seen. Minor quakes have occurred during recent years due to the New Madrid fault line that clips the southeast portion of the state.

Don’t Wait

Just like any other city, St. Louis has its own set of common natural disasters, and it’s important for your company to take the proper measures to prepare for them. Planning for disaster can’t guarantee your business’s safety, but by planning for it, you’ll be ahead of the game, no matter what.

Once your fully-developed disaster plan is implemented and tested, disaster recovery shouldn’t be too detrimental on time and resources. Even smaller disasters, such as local fires or theft and vandalism are essential to prepare for.

Are you ready to develop your disaster plan? If you’d like more information on disaster recovery for your IT systems in St. Louis, call Anderson Technologies at 314.394.3001. A team member will be happy to help!

HIPAA Part 7: Getting Started

/in , , , /by

We’ve come to the end of our HIPAA series, and if you’ve been following along, you might feel overwhelmed by the prospect of becoming HIPAA compliant. There’s a lot to do if you’re just starting out. Keep in mind that by creating a culture of compliance, it becomes easier to verify that you’re following the Security and Privacy Rules in the future. Instead of creating policies, you’ll be updating them. Instead of choosing technical safeguards, you’ll be evaluating what’s already in place. Once you are HIPAA compliant, it’s easy to stay HIPAA compliant.

Tips for Beginners

For those of you tackling HIPAA for the first time or those whose current HIPAA compliance program isn’t doing enough, here are a few tips to help you start the process.

Know what you have—The start of any HIPAA compliance program is determining what PHI and ePHI you have, what programs or processes access that information, and what policies or safeguards are already in place to protect it. Without knowing that, you can’t know what needs to be fixed.

Perform the SRA first—It’s the first security standard for a reason. A complete and thorough Security Risk Analysis is critical to compliance, and you’ll find that during the SRA process you’ll address many of the other standards in the Security Rule. If you don’t feel you can perform this on your own, it may be beneficial to call in an outside consulting company to help you.

Document everything—Get used to this right away. You must not only become compliant, but you need to prove that you are compliant, and that is done through documentation. Be careful you don’t fall into the trap of “paper compliance,” where you have the documentation but fail to follow through in everyday practice. A policy is useless if it’s not implemented.

Accept that it’s a process—Compliance doesn’t happen overnight. From the SRA to the documentation to the evaluations, compliance takes time. It is a continuous process of monitoring and updating to ensure the privacy and security of PHI.

Get everyone on the same page—Training on HIPAA needs to happen from top to bottom. This helps create a culture of compliance that will make ongoing compliance efforts easier. If those in leadership positions understand why it’s important to be HIPAA compliant, appropriate policies and procedures can be created and the budget adjusted according to needs. When employees know the rules to ensure the confidentiality, integrity, and availability of PHI, there is less chance that an avoidable breach will happen.

There is no one prescriptive way to go about HIPAA compliance. HIPAA is designed to be vague enough that any size or type of business can adopt the same requirements. This allows each business the freedom to implement in the way that best fits them, but it also requires that you take responsibility for the decisions you make. With that said, following a logical HIPAA compliance plan will help determine the most reasonable and appropriate measures for your business in a straightforward way. Compliance is always easier with a plan.

HIPAA Resources

Knowing where to go for information can assist any Compliance Officer in their efforts to become HIPAA compliant. Below is a collection of the resources found throughout this series.

Tired of Waiting to Work?

/in , /by

The true cost of ransomware.

Ransomware is a major threat right now. According to Datto, experts in data backup and recovery, 80% of managed services providers (MSP) report ransomware attacks in 2018, and 35% report that some of their clients experienced multiple attacks per day. Clearly, ransomware is nothing to sneeze about.

Surprisingly, though, it’s not the ransomware attack, but the downtime afterward that accumulates the greatest cost to your company. Time, manpower, customer and vendor trust are all affected. This increases the importance of defending your company against this threat.

Here’s a quick recap of what happens in a ransomware attack. First, your network or computer is compromised. Next, an intruder plants an infection that encrypts your data files, until, theoretically, you pay the “ransom.” Until then, you are stuck. You can’t use your hardware, applications, or access any of your data. Any employees who connect to your network for their job can’t work. Even if the ransom is paid, the likelihood of getting your data back as it was is fairly small. During this attack, your network is fair game to the cyber criminals, and you’ll have no idea which files they will exploit. In all reality, you might be starting from scratch to get your company up and running again. And that takes time. If you aren’t protected and prepared, you could suffer weeks of lost revenue with a high cost to recover.

The best solution for defending your company against ransomware is a multi-layer approach. To keep your network safe, you must have the following:

  • A properly configured hardware firewall
  • An internet content filter
  • Email scanning prior to delivery
  • Antimalware/antivirus software on each workstation
  • Current operating system and third-party application updates
  • Consistent, reliable, and tested backups

Whether it’s a cyber attack, human error, or hardware failure, a multi-layer approach is a safeguard for when one layer is compromised.

Read more about ransomware!

Backups are one of the most important aspects. They are your insurance policy to eliminate a huge amount of downtime. If ransomware infects your network despite all of the safeguards in place, your current backups will ensure your data is retrievable. Consulting with your IT department or MSP to ensure your backups are properly configured will keep the ransomware from infecting the backups as well.

Unfortunately, many companies don’t have all of these measures in place, and when ransomware hits, things get chaotic. Downtime can turn a disaster into a catastrophe.

Studies show that downtime has twelve times the cost of the actual ransomware attack. To calculate downtime, you must take into consideration direct employee costs, productivity losses, halted company production, and even more importantly, how your clients are affected. Are they getting the products and services they paid for? How does that affect their trust in you?

To counteract these detrimental costs to your company, it is important to focus on prevention and prepare for the worst, so when something does happen, your downtime is minimal. Backup services provide disaster recovery as a service to ensure your peace of mind no matter what.

Downtime Contributors

Ransomware isn’t the only cause of downtime, though. There are other things potentially sapping your company’s productivity every day. Poor performance due to outdated hardware, slow internet speeds, and hardware failure. How much are these often-overlooked daily experiences costing your business?

Old Hardware – New Software

Continually spending money on hardware can be frustrating. Unfortunately, that is the reality in the tech world. One year, the latest technology comes out with a wow and a bang, and by the next year, that amazing equipment is already out of date. Within a few years, it’s obsolete and can no longer handle even the most basic software updates.

Older hardware simply wasn’t designed to handle the latest resource-intensive apps.

Because technology changes so quickly, Anderson Technologies recommends replacing computers every three to five years, depending on your specific requirements. Replacing 20% of your machines per year keeps all equipment on a five-year rotation and your budget reasonable.

How can this plan save your company from downtime?

By upgrading your hardware regularly, your systems stay efficient and fast. You won’t have to wait those 30 seconds for an app to load when it should load in a fraction of that time.

Thirty seconds of downtime doesn’t seem like much until you calculate the cost of those accumulated seconds lost every week.

Hardware Failure

Hardware failure, be it a laptop or server, will happen, and inevitably it will occur at the worst possible moment, like during your busiest time of year. Because of this, it’s best to be proactive. If you’re continually refreshing hardware, not just computers, at the rate of 20% per year, everything will be less likely to experience failure due to age.

Just like with ransomware, the best insurance policy against hardware failure is having up-to-date backups. Failed hardware can easily be replaced, but the information stored on it may be lost unless it’s backed up regularly. Your MSP can help you determine the frequency of backups and provide backup options to ensure that your company can get up and running as quickly as possible.

Slow Internet

This is probably the most common downtime-inducing culprit. There are several factors that may contribute to slow internet. The first step is to double check what speed you pay for with your internet provider and make sure it matches the speed you observe on your network. If the two speeds match, then you may need to invest in more speed.

If you’re paying for a higher grade of internet, but still experiencing slow speeds, there may be something misconfigured in your firewall or switch. If the firewall or switch are over five years old, they might need to be replaced. Older firewalls or switches are just like the old hardware we mentioned earlier – they can’t keep up with the traffic going through them and act like a bottle neck. For instance, your LAN switch may be running at 100 Mbps, but you’re paying the ISP for a 400 Mbps internet connection! Upgrading to a gigabit switch in this example is a simple, cost-effective solution. A properly configured and updated firewall and network switch will give each user the full speed the internet allows instead of bogging it down.

 

Would you like more information about saving your company from the threat of ransomware and downtime? Contact Anderson Technologies at 314.394.3001 or email us at info@andersontech.com.

Talking Network Security Audits and More: An Interview

/in , , /by

What makes your business special? This is probably one of the first questions anyone will ask about your company—your IT vendor included! Nobody knows your business better than you, and learning what goals and values drive your company is an important step in the Anderson Technologies discovery process.

When a potential client reaches out to us, we offer a free network security audit that compiles the best parts of our IT consultation skills to analyze what’s unique about your company and its technology. A network security audit usually entails a system administrator coming on-site to evaluate the hardware and software your company uses, and then our team takes a closer look at the infrastructure and how it could be affecting day-to-day functions and protection from cyber threats. These audits give our IT experts a chance to familiarize themselves with your specific network and highlight any vulnerabilities in your cyber security coverage or computer system efficiency.

In order to fully understand the impact of network security audits on our clients, we spoke with A. A., Chief of Staff of a wealth management firm located in West St. Louis County that has been an Anderson Technologies client since August 2018.

Anderson Technologies (AT): What can you tell us about your technology goals before you learned about Anderson Technologies?

AA: I joined [the firm] in November 2017, and one of the first things that really became a passion project for me was how our IT was structured. I wasn’t impressed with the provider we had, with how they were addressing our concerns, issues, or responsivity. I would reach out, maybe hear back in a week if it was something that wasn’t business-critical. If it was business-critical, it would take every bit of 48 hours, and I would just get passed around. I’d be like, “Listen, we can’t access this,” and a couple days later even though I sent multiple emails, “Hey, A., got your email, we’re looking into this.” Well that’s not really a solution.

Read more about Anderson Technologies’ enlightened solutions for the financial services industry here!

AT: Your husband and Vice President of the firm, N. A., met Amy Anderson at a networking event for local business owners. He knew about your interest in IT, so what made him recommend us to you?

AA: N. A. said, “They approach IT management the same way we approach wealth management: very methodical and particular, everything is structured.” For us, that’s exactly how we want to work with our clients: What are your issues, let us take time to get to know you personally, let me see if I can identify this, this is what I heard, here’s what I think we need to do, here would be the next steps we recommend and then it’s in the clients’ hands to decide.

AT: Did your initial impression of Anderson Technologies live up to the expectation N. A. set?

AA: I basically got an hour, hour and a half with Mark and Amy [Anderson] at no charge where all they did was sit down and listen. They heard everything that we had been through as far as what we were currently trying to accomplish as a business, whether that involved our IT needs or not, over the next two-to-five years.

Wow, these people actually heard me. They know what I’m going through, and I think they actually were connecting the dots.”

I felt like these people have my privacy and my security as a top priority, which is really important to me especially in the industry we’re in. I feel like they’re really taking the time to educate me on things that I should be concerned about and things that they’re going to be looking for.

AT: What was the network security audit process like?

AA: Honestly, it was painless. Anderson Technologies came in and said, “Here’s what would need to happen,” and they went step by step—Here’s what this audit would look like: we’re going to come into your offices at a predetermined time, it’ll be completely private, we’re going to go into wherever your network closet is, and here’s what we’re going to be looking for.

AT: What issues did the network security immediately bring to your attention?

AA: One of the first things that jumped out was our server itself. Mark told me, “Your server is on its last leg, but this dovetails nicely into one of the things you had mentioned you wanted to do, which was transferring everything to the cloud.”

I went from someone who was telling me, “Eh, its good enough, when it breaks we’ll deal with it,” to someone saying, “Let’s be proactive, and let’s tie in what you already told me your goals are and how we can actually make this solution for this issue as well as for your long-term plan.”

AT: Did the network security audit reveal anything that would have been missed without it?

AA: As a wealth manager, any application you would fill out as a client and sign, or any document we may need to have a copy of, like your mortgage or your tax returns from 2016, we want to have a copy of it. We were actually paying for a service that was a branch of our CRM [customer relationship management]. It was fine, but it was cumbersome. It was not cost-prohibitive, but it didn’t make sense to spend $100 a month for this upgraded secure opportunity to store all of our files when, ultimately, we know we want to go to the cloud eventually, which again was part of our initial discussion.

Anderson Technologies said, “Based on what you’re telling us and on our experiences with HIPAA requirements, after we implement a new backup process you can put everything out on OneDrive and it will be just as secure.” Now having said that, “Check with your broker dealer” was Mark, Amy, and Farica [Chang, Director at Anderson Technologies]’s advice, “and make sure they don’t have additional requirements.” So they really covered all their bases saying, “Here’s our expertise, here’s who we recommend you double check with on your side, but here’s what we think the answer will be.”

Ultimately we went from spending $100 a month on an application system that was cumbersome, difficult to use, not intuitive, to something that integrated with our day-to-day applications in Office 365. [We went from a process of] … either adding files, which took 30 seconds, to retrieving files, which took take a minute per file based on the old system. Now we’re able to say, “Great, we’re going to access this just like anything else,” and it’s right at our fingertips in seconds.

While it may seem nominal reducing 30 seconds or a minute down to a couple of seconds, it makes a big difference when that is your day-to-day, in-and-out job.

Creating those efficiencies is invaluable to an office like ours. I would sit here and try to open something and go through a series of clicks, or because the system was slow I found myself getting distracted and checking emails when it was something that should have been my singular focus. Now I can do that.

AT: How did the audit lead to a partnership between your firm and Anderson Technologies?

AA: It was the attention to detail. After the audit, we decided we wanted to work with Anderson Technologies. We like your process, we like that we feel like a priority, which was a huge gap in our previous provider’s services. Being able to sit back and [have Anderson Technologies] say, “Here’s everything we recommend for you guys. These are the routers you need, these are the wireless access points,” and just going through and itemizing each thing and saying, “Here’s what you will see as a result of making these changes, and here’s why this is good for security, this is why this is good for speed,” was just a huge relief.

The day they came in and installed everything, it just felt like, “Great, this is one less thing I have to worry about, one less thing that I can sit there and double check and question.” I feel like these are people that have actually taken the time to say, “This is the right solution for you, and we’re on top of it and we know when it is no longer the right solution for you.”

Interested in reading more about how Anderson Technologies provide support through system administration? Click here!

AT: What do you see in the future for your partnership with Anderson Technologies?

AA: One of the things we love about you guys is you’re very similar to how we operate. We sit down with clients and everyone’s happy until there’s a problem. No one knows that they have an issue with their IT provider until suddenly they can’t get online, suddenly their phones don’t work, whatever it might be. Same thing with wealth management. Everything’s fine until the market crashes and everyone wants to call you. We get it. But you guys are also really good and you have a similar process in that you lay out line item by line item, “This is what you can expect, and if this is what you need here’s what we can deliver.” You have this level of understanding.

It’s the peace of mind that I get knowing that Anderson Technologies is watching out for not just the hardware and software, but when I walk in in the morning and that if there’s something wrong, [Senior System Administrator] Eric Dischert has already called me, explained what it is, and explained how he’s fixing it. There’s a level of proactivity there that cannot be undervalued. I’ll open a ticket and … I get a response almost immediately saying, “Here’s the deal, we know what’s going on, we have a solution” or ”We need more time to find a solution because of this,” and then I at least know that my emails are going somewhere.

AT: Thanks for taking the time to speak with us, A. Do you have any final thoughts before you go?

AA: If there’s something that you didn’t get for your article let me know, because God knows I’m pretty sure Anderson Technologies has checked that box for me.

 

Do you need your technological boxes checked? Contact Anderson Technologies at 314.394.3001 to speak to our IT experts and schedule your free network security audit.