Fall 2019: After many years, this is the best time to upgrade or buy a new computer.

New Laptops

One of the best new releases is the Asus Zenbook Pro Duo, pictured above. Rather than wasted space above the typical laptop keyboard, Asus added a second screen that will help programmers and researchers enjoy improved productivity.

The End of the GPU shortage

ASIC devices have replaced GPUs for the vast majority of bitcoin mining loads.

For many months, Bitcoin mining reduced the supply of graphics processing cards on the market to zero. Last year, newer graphics cards started to hit the market at the same time ASIC devices came along to replace GPUs for mining. With any luck, affordable graphics performance is here to stay.

The End of the RAM Shortage

Volatility and price drops in the retail RAM market

Due to high demand and slow production – and possibly illegal market manipulation – RAM prices dropped from over $240 for a set of 8GB modules to $90 in the span of a year. While the market has been unstable over the last two months, this was a significant cost as part of a typical $600 low-end computer.

Solid State Drives and Optane

A speed boost for your traditional hard drives.

There’s one blanket recommendation we make to all of our clients these days – if you run Windows 10, you should run it on a Solid State Drive. Modern operating systems simply keep the spinning platters of a traditional Hard Drive too busy, wasting time and productivity for your staff. Solid State Drives cost significantly more on a per-megabyte basis, but often run 20 to 40 times faster. Newer NMVe drives and motherboards eliminate traditional disk drive transfer interfaces, allowing for even better performance on new computers.

If you need a large hard drive but want a bit more speed, Intel’s Optane is here to help. As the successor to Intel’s “Rapid Storage Technology”, Optane is a small-but-fast SSD designed to cache the most frequently accessed parts of your traditional hard drive.

RWA is your preferred partner for a changing world of information technology.

Our technicians and purchasing officers constantly train and keep their knowledge up-to-date, ensuring our clients always get the best advice and recommendations for their hardware and cloud investments. Are you ready to remove IT roadblocks that are keeping you and your staff from reaching their full potential? Schedule a complimentary IT health check today!

What does the UK, Windows 7, and the VW Beetle have in common?

A short list of everything going away or shutting down over the next few month:

Microsoft will stop supporting Windows 7.

The UK is leaving the EU.

Volkswagen will stop producing the Beetle.

MoviePass is failing.

Every Disney, Star Wars, and Marvel movie on Netflix will go away.

Old Towne Road rides into the sunset, hopefully.

… And that’s just the tip of the iceberg.

Fortunately, RWA can help. If you schedule an appointment in the next few weeks, our technicians can visit your site, take stock of all of your Windows 7 computers, and put together your upgrade plan for Windows 10.

Windows 10 End-of-Life takes place on January 14th, 2020. All services and support for that product will end at that time, and your business will need to upgrade before that date.

Preparing for Windows 7 End of Life

Windows 7 is currently in an ‘extended support’ status that ends on January 14, 2020. After that date, only volume licensed customers will be able to purchase support from Microsoft – at escalating rates – for the next 3 years. For everyone else – home users and business users alike – you’ll need to upgrade to Windows 10 if you intend to keep receiving software updates from Microsoft.

If you run a business that abides by any sort of regulatory compliance, you will need to upgrade to an actively supported operating system.

Back Up Your Data

If you have any in-progress projects or data that doesn’t already reside in the cloud or have a backup available, you’ll want to take care of this before upgrading to Windows 10 or allowing Windows 7 support to expire. While the upgrade process is more straightforward than it has ever been before, there are always exceptions to the rule. Take your time, catalog your data, and keep it safe – an ounce of prevention is worth a pound of cure.

Upgrading to Windows 10

If you’re a home user, upgrading to Windows 10 is a simple affair – purchase the retail product, insert the USB drive, and following the prompts.

However, if you’re a business – especially one with a managed network and domain – we recommend reaching out to RWA for consultation and network assessment. A typical modern workplace will have at least one or two “line of business” applications with specific technical and regulatory requirement. We will analyze your firewall, servers, and connected workstations, then provide detailed guidance on hardware requirements and upgrade planning. RWA technical specialists will ensure a smooth transition from Windows 7 to Windows 10.

Migrating to the Cloud

In recent years, Microsoft Azure and Amazon AWS have started offering cloud-native virtual desktops. Starting at $20/month, cloud VDI allows your employees to access their desktop and applications anywhere they go, freeing businesses from the need to secure and support actual PC and laptop hardware. Meet with us today to discuss options and plan your next steps into the cloud.

The Risk of Doing Nothing

The most significant cyberattacks of the past decade relied on exploits carried out against unsupported operating systems and features, notably Windows XP. In an effort to contain the damage, Microsoft released a support for that operating system years after support officially ceased. Businesses that stay with Windows 7 after 2020 not only put their employees and data at risk, but could possibly held liable if their compromised equipment is used to launch attacks against other targets.

Ready to upgrade to Windows 10? Reach out to RWA to schedule an initial complimentary IT health check, and let’s work together on a plan to modernize your business environment.


6 top HIPAA compliance myths and the truth

One of the biggest potential challenges when it comes to medical IT is HIPAA compliance. It’s true that HIPAA is a serious matter that you must handle with care. But don’t let concerns about HIPAA scare you away.

Here are 6 common HIPAA myths and the truth behind them.

Myth: You only have to think about it once

It would be nice if HIPAA was something you only had to deal with once. But it is not something you can put into place once and then forget about it.

In truth, HIPAA is an ongoing responsibility and companies need to continually monitor their own compliance. As with most types of issues that require attention and motivation, people may start taking shortcuts over time. Make sure your company has a well-defined and well-funded plan to address HIPAA compliance.

Myth: HIPAA violations only affect medical information

The entire purpose of HIPAA is supposed to be protecting the privacy of individual health data. But according to an article in CIO magazine, violations often reflect other security risks as well. Many companies have to outsource their IT and records management functions and not all companies are equally diligent.

A company that violates HIPAA regulations is also more likely to put other sensitive data at risk as well. Corporate security breaches, whether of HIPAA information or credit data, can result in significant fines and public relations nightmares. Read here to learn more about why you need a disaster recovery plan.

Myth: You don’t have to worry about enforcement

There’s more than one government agency in charge of enforcing HIPAA compliance. Several government agencies are obligated to ensure that companies are compliant with the law. Some of the government offices who check to make sure you’re compliant with HIPAA include the following:

  • Office for Civil Rights
  • Department of Justice
  • State and federal attorneys general
  • Federal Trade Commission

You don’t need to be terrified of the government’s involvement, but you also can’t take for granted that it will be okay at any point to take security management less seriously. If you need some outside help setting up a compliant system consider an expert IT consultant.

Myth: Only physical records and personal contacts matter

It’s true that you have to be mindful of privacy when discussing patient medical records. It’s also true that you have to protect the security of physical records. But even cloud-based storage systems need to be compliant with HIPAA regulation.

Related: HIPAA compliance in the cloud? 3 things you need to know.

Myth: Some people don’t have to worry about compliance

Everyone who comes into contact with medical records is responsible for maintaining their privacy. Some people may have the misconception that only the initial healthcare provider has to maintain the patient’s privacy. But in today’s healthcare climate, records can pass through many sets of hands.

According to Forbes, each person who has contact with patient records is responsible for keeping them private, including subcontractors, data centers, and other third parties. That also includes claims processors, data entry, utilization review, and practice managers, to name just a few.

Myth: Your data is too insignificant to matter

Some companies think that they’re too small to matter. They mistakenly think that hackers are only concerned with large companies or personal credit card information.

According to the blog Security Metrics, personal health information is much more valuable than credit card information. The former collects a couple hundred dollars for each health record, while credit card numbers only go for a dollar or two. Fortunately, there are best practices you can follow to protect your data,  including updating software and improving staff training.

Being HIPAA compliant isn’t optional and it matters to every healthcare business. But with careful attention and good network security, you can protect both your patients and your business.

How to send a HIPAA compliant email

These days, it would be unthinkable to operate any kind of business without email or other forms of electronic communication. And it’s a pretty standard practice among businesses of all sizes to at least be aware of security issues such as phishing, address spoofing, viruses, and spyware. For businesses that deal with protected health information (PHI) however, there is an added layer of security required.

We’re talking about the Health Insurance Portability and Accountability Act, most commonly known as HIPAA. HIPAA sets the standard for protecting sensitive data. All businesses dealing with PHI are required to make sure that physical, network, and administrative security measures are in place and kept in compliance.

Included in these considerations is handling HIPAA compliant email.

What’s involved?

HIPAA requires that PHI is secure both when it’s being sent and when it’s not. The email must be protected by levels of unique usernames and passwords for PCs and servers, and secure encryption procedures each time the information is sent or received.

This means that it’s not recommended to use common, free internet-based email services. If you do use an internet-based email service, you must have a signed Business Associate Agreement (BAA) which confirms that administrative, physical, and technical safeguards are being maintained. The BAA will generally cover the host server responsibility, but you’re still required to protect every other part of the email or transmission chain.

Encryption, particularly for stored files, is also your responsibility. There are many options available for encrypting data on your own computers, and failure to take steps to use encryption could result in heavy fines.

How to keep email secure

What to consider when setting up secure email procedures

  • Many email servers will encrypt emails from sender to recipient. If the recipient is not a client of that server, they are given the option to securely connect to the server in order to receive the email.
  • Patient portals allow for secure storage of PHI and other communications. An email is sent to the recipient informing them of an incoming message. They can then log in and securely receive the message.
  • When setting up your own email accounts, use strong password protections and possible 2-factor authentication.
  • While email disclaimers and confidentiality statements aren’t a guaranteed protection for you, said disclaimers should clearly state that the information sent is considered PHI and should be treated as such. This is not a replacement for encryption or other security measures.

What about the patients?

HIPAA realizes that you have no control over the email clients and security patients may use. The regulation states that as long as you’re using secure email and encryption on your end, you are not responsible for what happens on the patient’s end of things. Well… there are a few conditions:

  • You must have a fully secure, alternate option for patients to receive information (such as a patient portal).
  • You must inform patients that their personal email clients may not be secured. If they still want the information, it’s all right to send it.
  • You must document the above conditions.

Protecting different types of emails

Not all emails are sent from a provider’s office to a patient. Emails sent between doctors located in different locations, and not sharing a secured network or email server must also use encryption. Likewise, doctors who email PHI from their home computers to their work accounts must use encryption to avoid HIPAA violation. While in-office emails using the same secured email server don’t have to worry about additional encryption, remote access situations must follow encryption procedures.

In conclusion

Don’t become overwhelmed by the many requirements for sending a HIPAA compliant email. Consider working with a managed IT services provider experienced in HIPAA compliance and technology.

Healthcare-Specific Security Threats You Need to Avoid in 2019

The healthcare sector experiences twice as many cyberattacks as any other industry. Still, healthcare professionals invest less than 6% of their budgets in cybersecurity.

What gives?

If you are a medical professional, now’s as good a time as any to beef up your security efforts. As a result, you can safeguard patient data and prevent hackers from stealing sensitive information. Here are some healthcare security threats to look out for in 2019.

Phishing attacks

Phishing attacks are becoming a bigger concern in healthcare. This type of security threats starts when a healthcare clicks on an infected email. Once this malware infiltrates a computer system, it can access valuable files and folders.

“The attacker can then use this software to gain access to the healthcare organization’s financial, administrative and clinical information systems,” says Tech Crunch.

Phishing attacks can have a detrimental impact on a hospital or medical practice. Malware often renders computer systems unusable, which has a significant impact on patient safety. In this scenario, doctors and nurses are unable to access important records. In turn, this can put organizations in big trouble in terms of compliance and liability lawsuits. And, in rare cases, it can even put patients’ lives at risk.

These type of attacks greatly increase the chances of hackers stealing valuable data.

Old legacy systems and networks

Old computers and networks could increase security vulnerabilities. As you may expect, Legacy systems may not function as efficiently as newer ones, and they often lack the latest security patches and updates.

“Healthcare is vulnerable due to historic lack of investment in cybersecurity, vulnerabilities in existing technology and staff behavior,” says Science Direct.

Even if medical organizations lack the money to invest in brand new technology, they should take steps to improve their network security. Installing the latest security software and a firewall, for example, and getting rid of old programs could prevent data from being stolen, increase compliance and increase patient trust.

Staff misuse

Insider misuse makes up 15% of all security breach incidents. Usually, this involves medical employees gaining unauthorized access to sensitive data and sharing it with other people.

“Surprisingly, the reason insider misuse stands out in the healthcare industry is because of the amount of people who get jobs in the industry for the sole purpose of infiltrating the system and gaining access to patient health information,” says the University of Illinois at Chicago.

Encrypting valuable data and setting up access controls — where only certain members of staff can access information. This could help to reduce this problem.

Ransomware

Ransomware is one of the biggest security threats in healthcare right now. In May 2017, a ransomware attack called WannaCry targeted computers running the Microsoft Windows operating system and had an impact on Britain’s National Health Service — the biggest single-payer healthcare system in the world.

A similar ransomware attack on your organization could spell disaster. Once ransomware infects your computer, you will probably be unable to access files and patient records unless you pay cybercriminals a ransom.

These are just some of the security threats you need to avoid if you work in the healthcare sector. However, working with a professional who takes care of your security defense needs will reduce phishing attacks, ransomware, staff misuse and old legacy systems from malfunctioning.

4 end-user security best practices

Cybersecurity is the first line of defense in your organization. Making some simple changes to your security protocols will not only prevent hackers from stealing valuable data, but improve productivity in your workforce.

The result?

Less chances that you’ll experience downtime due to a security threat. Here are 4 end-user security best practices that you need to know about.

1. Think up new password management strategies

Cybercriminals are becoming increasingly savvy when guessing passwords and accessing computer systems. Right now, millions of accounts are at risk because of inherently weak passwords.

Research shows that 25% of employees only change their password at work when the system tells them to do so. It’s statistics like this that should encourage you to improve your password management strategy.

Here are some quick password management tips:

  • Encourage your staff to change their passwords on a regular basis — every three months or so.
  • Password-protect all your devices, including smartphones and tablets.
  • Choose passwords that contain a combination of letters, numbers and special characters.

2. Limit access to your computer systems

Insider threats could result in security vulnerabilities and, even worse, a full-scale data breach. Research shows that insiders make up 75% of all data security incidents. You can prevent this from happening in your own organization by limiting access to sensitive data.

First, encrypt your most valuable documents, files, and folders. (A professional can help you do this.) This will make it harder for insiders to access important information. Second, set up user access controls on your systems. This will prevent the wrong people from accessing important data.

3. Improve staff training

Human error can often lead to cybersecurity risks. This is why you should provide your staff with computer security training. It will help employees understand the biggest cyber threats to your business and ensure that they handle data in the proper way.

“CIOs and CISOs need to ensure that every employee in an organization is aware of the potential threats they could face, whether it’s a phishing email, sharing passwords or using an insecure network,” says Information Age.

Investing in training might sound expensive, but it could pay off in the long run and provide you with a significant return. After training, staff are less likely to make mistakes. As a result, you will spend less money on fixing staff-related security issues and concentrate on other areas of your business.

4. Update your software

Old software and legacy systems can impact network security. This is why it’s a good idea to update old programs with the latest security patches on a regular basis. Although this might be time-consuming, it will provide you with an extra layer of security.

“The truth is it’s easy to skip software updates because they can take up a few minutes of our time, and may not seem that important,” says McAfee. “But this is a mistake that keeps the door open for hackers to access your private information, putting you at risk for identity theft, loss of money, credit, and more.”

These 4 end-user best practices will optimize security management in your workplace and reduce the risk of a cyber attack. Investing in staff training, limiting access, updating old software and creating a new password management strategy will help you safeguard your most valuable data.

 

3 Business Problems That an IT Consultant Can Solve

An IT consultant wears many hats. They monitor your network performance, ensure your compliance, and evaluate your hardware infrastructure. But how do these services actually benefit your business?

Here’s something that might surprise you: An IT consultant could save you cash AND prevent hackers from stealing your customers’ credit card details.

Here are 3 business problems an IT consultant can solve.

Problem #1: Hackers are trying to steal your personal information

As you know, cybersecurity is a huge concern for almost every business owner. With more data breaches making the news, you’re probably concerned about the personal data you keep on your hard drives and servers.

43% of cyber attacks target small businesses, and 62% of companies have been victims of social engineering and phishing scams. These are sobering statistics if you own a small business.

The solution:

A good IT consultant can monitor your network performance and create network health reports so you have the peace of mind you need when it comes to computer security. A professional can also evaluate your infrastructure and suggest any necessary upgrades and adjustments that will improve network security in your workplace.

This way, you know that all the data stored on your hardware is safe and secure.

Problem #2: You’re spending way too much cash on IT

The average company spends 5.2% of their total budget exclusively on IT. For some big brands, this means spending millions of dollars on the latest hardware and software that optimizes performance and increases productivity. Many small businesses, however, just don’t have these budgets. They feel like they are spending way too much cash on IT as it is.

How can they cut costs?

The solution:

An experienced IT consultant can evaluate your current IT budget. Based on their evaluations, they can make suggestions that will save you money in the long-run. They might advise you to get rid of hardware that costs too much money to maintain, for example. They might simly deploy software that saves you cash. You can then optimize your income and expenditure and use all the money you have saved to invest in other areas of your business.

Problem #3: You’re struggling with compliance

If you own a small business, there are various laws and regulations that you need to adhere to, especially when it comes to data protection. If you don’t, the authorities could fine you or, worse, you could go out of business. It can be difficult to keep track of all these rules, though. Sometimes, you need a helping hand — someone who can improve compliance in your business and make sure you don’t get into trouble.

The solution:

The right IT consultant will ensure you adhere to all the relevant data protection procedures in your sector and prevent you from being fined. If you operate in the healthcare industry, for example, an IT consultant can make sure you are HIPAA-compliant. As a result, you can safeguard patients’ personal information at all times.

These are just 3 business problems an IT consultant can solve. If you are spending too much money on IT, want to boost your security credentials and improve compliance, investing in managed services could provide you with a decent return on your investment.

What Windows 7 End of Life Means for Your Organization

It’s the battle of the operating systems: Windows 7 vs. Windows 10. You probably use one of these operating systems to send emails, communicate with customers and clients and access software.

Windows 7 is more popular than Windows 10 right now, but experts predict that the latter will overtake the former and have more users by December. And here’s another good reason to switch – Microsoft is officially ending support in January of 2020. Without support, Windows 7 will become vulnerable to cyberthreats stemming from a lack of patches. It’ll also provide a feature-limited user experience. 

In short, Windows 7 end of life spells out trouble for outdated PCs. If you still need convincing, here are even more reasons to upgrade to Windows 10.

1. Improve your security credentials

Upgrading to Windows 10 might sound like a big deal, but it’s packed full of features that could provide you with data recovery, network security, compliance, and password management. Case in point: Microsoft Passport. It’s an alternative way to protect your passwords when browsing the web, and it’s only available on Windows 10.

Other brand-spankin’ new security features include Windows Hello, which provides you with the security you need when using your device and data, and cloud access management solution Microsoft Azure Active Directory.

Research shows that Windows 10 is just more secure than Windows 7 — definitely something you should consider if you handle valuable customer data and private business information. One study suggests that Window’s most recent operating system is twice as secure as the older version.

2. Improve your productivity

Windows 10 can streamline productivity in your office and solve many of the problems associated with older operating systems like Windows 7. First off, there’s a brand new web browser. It’s called Microsoft Edge, which and it replaces Internet Explorer. Browsing the internet has never been easier — you can even access Cortana, Microsoft’s voice assistant, from any tab or window.

Other new features include Task View, which allows you to control your desktop by quickly opening and closing programs. Have you been using Windows 7 for a while? you’ll find the start menu on Windows 10 a huge change, too. It features live tiles from your favorite apps — a feature that Microsoft introduced in Windows 8.

If you want to optimize performance in the workplace, Windows 10 can help. There are various apps that help you manage documents and share information with colleagues.

Take PDFs, for example: “There are a ton of new features in Windows 10 that makes opening, editing and creating PDFs easier than ever before,” says Tech Radar. “For instance, in Windows 10 you can create PDFs from, well, anything by using the Microsoft Print to PDF option as a printer.”

3. More support

Microsoft discontinued mainstream support for its Windows 7 operating system back in 2015. Although users can still access extended support, this will end, too. (As mentioned previously, Windows 7 support stops in January 2020.) If you are still using Windows 7, this means Microsoft won’t support your operating system in just over a year.

“Your computer will still work, but you will be vulnerable to exploits and bugs after January 14, 2020,” says Joe Anslinger from Lieberman Technologies. “I would advise you to begin planning your company’s transition to Windows 10 now, well in advance of the 2020 deadline. The sooner you begin these plans the more time you will have to address issues while Windows 7 is still supported.”

You may be comfortable using Windows 7 in your office, but making the switch to Windows 10 could provide you with a heap of benefits. Microsoft’s most recent operating system provides you with full support, more security and threat management and loads of new features that increase productivity and optimize performance.

HIPAA Security Rule: Your guide to physical safeguards

More than 1 million patients and health plan members had confidential information exposed in the first quarter of 2018 — twice the number of people impacted by data breaches in the fourth quarter of 2017. As cybercrime becomes a bigger concern in the healthcare sector, more medical professionals are cranking up their security credentials in order to safeguard valuable patient data.

HIPAA physical safeguards are a series of security standards that help you protect valuable information in your healthcare organization.

“Physical safeguards are physical measures, policies, and procedures to protect a covered entity’s electronic information systems and related buildings and equipment from natural and environmental hazards, and unauthorized intrusion,” says the Department of Health and Human Services.

Here’s everything you need to know about HIPAA physical safeguards.

1. Improve facility access controls

HIPAA lays down four facility access control specifications that improve physical security in your medical organization.

Contingency operations

You need to have a proper contingency plan in the event of a natural disaster or emergency. This will help you protect patient information and prevent data loss. Storing your data in the cloud instead of on a hard drive, for example, is one way to improve security. The result? In the event of an emergency, you will still be able to access confidential data from another device.

Facility security plan

You also need to ensure that you have physical access controls in place. This prevents unauthorized persons from accessing sensitive data and lets you control which members of staff view certain information. The latest physical access controls — smart lock systems, fingerprint sensors, swipe cards, etc. — will safeguard all the data you keep in your medical organization.

Validation procedures

Assigning different roles and functions to members of staff is another way you can protect information from ending up in the wrong place. Proper validation procedures will ensure the right people access the right information at the right time.

Maintenance records

HIPAA physical safeguards state that you must keep records of any external services you use. You will also need to keep notes about any physical modifications you make to your medical organization, such as replacing doors and locks.

2. Optimize device and media controls

As a healthcare provider, you will need to create a series of security procedures that safeguard the devices you use in your organization — desktops, laptops, smartphones, memory cards, hard drives, etc. HIPAA specifies that you dispose of unwanted devices in a safe and secure way and erase data you no longer need. You will also need to erase protected health information (PHI) from your devices if you want to re-use them.

You should also invest in a data recovery strategy, where you will be able to access healthcare information if your systems go down or malfunction.

3. Monitor workstation use

Negligent employees are the number one cause of cybersecurity breaches, according to a recent study. That’s why it’s so important to monitor staff who use IT infrastructure to collect and access PHI.

HIPAA physical safeguards stipulate that you limit workstation use to authorized users and implement security procedures to protect confidential patient information. If you don’t, you could expose sensitive data to the wrong people.

Final thoughts

If you run a medical organization, adhering to HIPAA physical safeguards is imperative. Failing to take the proper safety precautions could result in expensive fines from the government and jeopardize patient trust. Follow the tips above in order to stay HIPAA compliant.

Want to keep reading about the Security Rule? Check out the following articles:

HIPAA Security Rule: Your Guide to Administrative Safeguards

3 steps to HIPAA security rule compliance for your business

HIPAA security rule: Your guide to technical safeguards