Blog – RWA

Improved Accessibility in Windows 11

August 17, 2023/in Blog /by The Editor

As technology platforms stabilize after decades of constant, compatibility-breaking evolution, one fortunate result is the development and adoption of new accessibility technologies. One prominent example has been Microsoft’s Xbox Adaptive Controller, configurable set of devices explicitly designed to expand and help meet the needs of gamers with mobility and disability issues.

The Adaptive Controller has been a fantastic platform to test and develop new features for the broader global community that uses Windows in business. When your business combine these features in Windows 11 with best-in-class on-premises and cloud support from Ronald Walker Associates, you’ll be better able to incorporate contributions from across your entire organization.

Windows Voice Typing

One notable advancement uses artificial intelligence to recognize speech, transcribe, and automatically punctuate. Windows Voice Typing can provide substantial assistance to people with chronic pain, severe arthritis, repetitive stress injuries, cerebral palsy, and mobility related disabilities. It can also be used to assist language learners in gaining English proficiency.

Multi-Platform Accessbility

Windows 11 includes a Linux subsystem and will also start supporting Android applications. Accessibility features in Windows 11 will now work closely with these non-native apps, and also provide significantly better support across a number of virtualization platforms.

New Control Panel and More

For additional information, visit the Windows 11 blog.

3 Business Problems That RWA Specialists Can Solve

August 10, 2023/in Blog /by The Editor

Our technicians and network administrators wears many hats. They monitor your network performance, ensure compliance, and evaluate your hardware infrastructure. But how do these services actually benefit your business? Here are a few examples:

Problem #1: Hackers are trying to steal your personal information

Cybersecurity is a huge concern for almost every business owner, especially with recent headlines about ransomware and data loss. You’re probably concerned about the personal data you keep on your hard drives and servers, and might not even know if your data is backed up or encrypted.

43% of cyber attacks target small businesses, and 62% of companies have been victims of social engineering and phishing scams.

The solution:

RWA can monitor your network performance and generate reports that provide peace of mind you when it comes to computer security. Our professionals can also evaluate your infrastructure and suggest any necessary upgrades and adjustments that will improve network security in your workplace.

Problem #2: You’re spending way too much cash on IT

The average company spends 5.2% of their total budget exclusively on IT. For some big brands, this means spending millions of dollars on the latest hardware and software that optimizes performance and increases productivity. Many small businesses just don’t have these budgets and feel like they are spending way too much cash on IT as it is.

How can they cut costs?

The solution:

Our IT consultants can evaluate your current IT budget. Based on their experience and evaluations, they can make suggestions for investments that will save you money in the long-run. It may be a matter of getting rid of inefficient hardware that costs too much money to maintain, or you may simply need to deploy new technologies and software that will instantly save cash.

Problem #3: You’re struggling with compliance

If you own a small business, there are various laws and regulations that you need to adhere to, especially when it comes to data protection. It can be difficult to keep track of all these rules, and sometimes you need a helping hand,

The solution:

The best IT consultants will ensure you adhere to all the relevant data protection procedures in your sector and prevent you from being fined. If you operate in the healthcare industry, for example, RWA can make sure you are HIPAA-compliant, while safeguarding patients’ personal information at all times.

These are just 3 business problems an IT consultant from RWA can solve. If you are spending too much money on IT, want to boost your security credentials and improve compliance, investing in managed services could provide you with a decent return on your investment.

Have you performed your Security Risk Analysis this year?

July 14, 2023/0 Comments/in Blog /by The Editor

Businesses and organizations subject to HIPAA are required to undergo an annual review of their administrative, physical, and technical safeguards for Protected Health Information. An annual Security Risk Analysis uncovers potential weaknesses in security policies, processes, and systems. After your first comprehensive SRA, each subsequent SRA will only need to be reviewed and updated to reflect changes within your organization.

The HHS Office of Civil Rights announced that SRAs auditing is a top priority this year. After a disastrous round of audits in 2012 – when 68% of audited organizations had adverse findings – this second round of HIPAA audits is expected to be more pragmatic and comprehensive.

While technology has contributed greatly towards HIPAA compliance, you should be aware of the following myths…

MYTH #1: “My EHR vendor takes care of everything I need to do about HIPAA compliance.”
False . . . Your EHR vendor may be able to provide information, assistance, and training on the privacy and security aspects of the EHR product; however, responsibility for compliance with HIPAA Privacy and Security Rules lies with you. It is solely your responsibility to have a complete SRA conducted.

MYTH #2: “Simply installing a certified EHR fulfills the SRA Meaningful Use (MU) requirement.”
False . . . Even with a certified EHR, you must perform a full SRA. Security requirements address all electronic protected health information you maintain, above and beyond your EHR.

MYTH #3: “A complete SRA only needs to look at my EHR.”
False . . . A complete review covers all electronic devices that store, capture, or modify protected health information. This Includes all software and devices that can access your EHR data, e.g., your tablet, smart phone, etc. Remember that copiers also store data, and special rules apply to access of remote data.

At RWA, we pride ourselves in our ability to conduct a proper SRA; please let us know if we can help in any way! Call us at 877-385-1928 or email us at info@rwacentral.com

Healthcare-Specific Security Threats You Need to Avoid in 2023

March 9, 2023/in Blog /by The Editor

The healthcare sector experiences twice as many cyberattacks as any other industry. Still, healthcare professionals invest less than 6% of their budgets in cybersecurity.

If you are a medical professional, now’s as good a time as any to beef up your security efforts. As a result, you can safeguard patient data and prevent hackers from stealing sensitive information. Here are some healthcare security threats to look out for in 2023.

Phishing attacks

Use of e-mail in medicine has only grown over the past decade, and phishing attacks continue to escalate. This type of security threats starts when a healthcare clicks on an infected email. Once this malware infiltrates a computer system, it can access valuable files and folders.

“The attacker can then use this software to gain access to the healthcare organization’s financial, administrative and clinical information systems,” says Tech Crunch.

Phishing attacks can have a detrimental impact on a hospital or medical practice. Malware often renders computer systems unusable, which has a significant impact on patient safety. In this scenario, doctors and nurses are unable to access important records. In turn, this can put organizations in big trouble in terms of compliance and liability lawsuits. And, in rare cases, it can even put patients’ lives at risk.

These type of attacks greatly increase the chances of hackers stealing valuable data.

Old legacy systems and networks

Old computers and networks could increase security vulnerabilities. As you may expect, Legacy systems may not function as efficiently as newer ones, and they often lack the latest security patches and updates.

“Healthcare is vulnerable due to historic lack of investment in cybersecurity, vulnerabilities in existing technology and staff behavior,” says Science Direct.

Even if medical organizations lack the money to invest in brand new technology, they should take steps to improve their network security. Installing the latest security software and a firewall, for example, and getting rid of old programs could prevent data from being stolen, increase compliance and increase patient trust.

Staff misuse

Insider misuse makes up 15% of all security breach incidents. Usually, this involves medical employees gaining unauthorized access to sensitive data and sharing it with other people.

“Surprisingly, the reason insider misuse stands out in the healthcare industry is because of the amount of people who get jobs in the industry for the sole purpose of infiltrating the system and gaining access to patient health information,” says the University of Illinois at Chicago.

Encrypting valuable data and setting up access controls — where only certain members of staff can access information. This could help to reduce this problem.

Ransomware

Ransomware is one of the biggest security threats in healthcare right now. In May 2017, a ransomware attack called WannaCry targeted computers running the Microsoft Windows operating system and had an impact on Britain’s National Health Service — the biggest single-payer healthcare system in the world.

A similar ransomware attack on your organization could spell disaster. Once ransomware infects your computer, you will probably be unable to access files and patient records unless you pay cybercriminals a ransom.

These are just some of the security threats you need to avoid if you work in the healthcare sector. However, working with a professional who takes care of your security defense needs will reduce phishing attacks, ransomware, staff misuse and old legacy systems from malfunctioning.

Multi-Factor Authentication / Cybersecurity Awareness Month

October 12, 2022/in Blog /by The Editor

October is National Cybersecurity Awareness Month, and this week, are highlighting multi-factor authentication as one of the most effective tools to protect patient data and your organization.

Also known as two-factor authentication and two-step verification, multi-factor authentication (MFA) is a security measure that requires anyone logging into an account to navigate a two-step process to prove their identity. In addition to a password, it may require the physical possession of a phone or mobile computer, biometric checks, or the use of access tokens.

Is MFA supported in my organization?

Every RWA customer uses a variety of vendors, technologies, and security platforms, and our technicians will guide you through every step in the process of improving security in your organization. We recommend enabling MFA wherever it is available, and MFA will be a default requirement on cloud-based platforms such as Microsoft Exchange mail starting in October 2022.

Ready to take the first step? Reach out to RWA to schedule a pilot program for MFA in your organization today!

How Does MFA Protect Patients?

By ensuring the person accessing our secure emails, servers, or patient data is who they say they are, MFA protects our patients from cyber threat actors gaining access to our systems and ultimately causing harm to our organization.

For more information on available resources on MFA and just how important it is to keep patients safe, check out the HHS 405(d) Program’s resource titled: “Have you Heard about MFA?”

Medical Device Security

September 13, 2022/in Blog /by The Editor

This article is part of RWA’s series on the 10 Best Health Industry Cybersecurity Practices.
Learn more at HHS 405(d) HICP website.

Medical devices are essential to diagnostic, therapeutic and treatment practices – but as with all technologies, medical device benefits are accompanied by cybersecurity challenges. Vulnerabilities are sometimes introduced when medical devices connect to the internet and process required updates. Medical devices are a specialized type of Internet of Things (IoT) device, and rather than recreating cybersecurity practices for them, healthcare organizations are encouraged to extend the relevant cybersecurity practices from the rest of the network and implement them appropriately.

Establish Endpoint Protection Controls: As with other endpoints devices, medical devices should follow protocols such as installing local firewalls, routine patching, network segmentation, and changing default passwords.

Implement Identity and Access Management Policies: Just like endpoints, medical devices security should include authentication measures and remote access controls like multifactor authentication.

Institute asset Management procedures: It is important to follow your asset management procedures for medical devices just as you would for endpoints. Keep an updated list of inventory and software updates to ensure your devices are accounted for and are up to date.

Create a Vulnerability Management Program that can consume Medical Device Management disclosures and respond accordingly when received.

Add security terms to Medical Device Management contracts that enable you to hold device manufacturers accountable.

As always, contact RWA to discuss the next steps in your cybersecurity journey!

Cybersecurity Policies

August 30, 2022/in Blog /by The Editor

This article is part of RWA’s series on the 10 Best Health Industry Cybersecurity Practices.
Learn more at HHS 405(d) HICP website.

Over the past decade, one of the greatest changes in addressing cyberattacks involves establishing and implementing cybersecurity policies, procedures, and processes. These policies set expectations and foster a consistent adoption of behaviors by your workforce. With clearly articulated policies, your employees, contractors, and third-party vendors will know which data, applications, systems, and devices they are authorized to access, as well as the consequences of unauthorized access attempts.

Establish Roles and Responsibilities: Key people need to be tasked with implementing security practices and establishing policy. Even small organizations need to clearly define cybersecurity roles and responsibilities.

Education and Awareness: As technology advances, social engineering attacks will return to target the most vulnerable entities in your organization – your employees. The workforce will need regular training on practices, threats, and mitigation.

Moble and Personal Device Policies: As more work is done at home and in the field, new policies need to be developed and deployed to address these use cases, and how data can be secured and used in remote settings.

Incidence Response and Disaster Recovery Plans: It’s no longer enough for a small practice to rely on luck and agility. With the adoption of cloud and mobile technologies, disaster can strike anywhere, and it’s important to have standard practices for recovering assets, including backup plans.

As always, contact RWA to discuss the next steps in your cybersecurity journey!

Endpoint Protection Systems

August 23, 2022/in Blog /by The Editor

This article is part of RWA’s series on the 10 Best Health Industry Cybersecurity Practices.
Learn more at HHS 405(d) HICP website.

In medicine, federal law requires an organization’s endpoints to be protected and hardened against attack. Your endpoint devices typically include desktops, laptops, mobile devices, printers, and computerized medical equipment. Federal regulations also require encrypted storage and constant monitoring. For hybrid organizations or those wishing to embrace the cloud, RWA will work with you to deploy the best in modern cloud endpoint management technologies and policies.

Antivirus systems, full disk encryption, patching, and monitoring are all elements needed for modern endpoint protection systems. RWA will guide your business through all of the relevant options and services, from Microsoft Endpoint Management to our own Remote Monitoring and Managment technologies.

Benefits of migrating to properly managed endpoint protection systems include:

Stale or vulnerable administrator accounts will no longer be an issue, with access limited only regularly audited, cloud-based device management accounts.

Software updates and patching becomes a reliable process across the organization, supported by monitoring and management through the cloud. Different systems can abide by different policy based on stability requirements and typical use.

Endpoints can be automatically provisioned. With new cloud technologies such as Autopilot, group configurations can be bundled and deployed without the need to have a technician sit down for hours at each individual machine before the assigned employee can begin their work.

E-mail Protection Systems

July 21, 2022/in Blog /by The Editor

This article is part of RWA’s series on the 10 Best Health Industry Cybersecurity Practices.
Learn more at HHS 405(d) HICP website.

The two most common phishing methods occur through e-mail access.

Credential Theft – An attacker attempts to trick targets into providing access through received e-mail.

Typically, this takes the form of links in an e-mail that sends you to a fraudulent login website.

Malware Attacks – An attacker attempts to deliver malware through e-mails that compromise endpoints such as PCs and cell phones.

When an unprotected computer opens an malware application, the attacker will usually exploit vulnerabilities or lax security policies to gain additional access to the computer, your password, and your personal information. In worst case scenarios, the attacker may even encrypt your data and demand a ransom.

E-mail protection systems block attacks before they arrive in your Inbox, and work with the cloud to identify attackers and their methods as they evolve.

RWA can work with you to identify and deploy the best e-mail protection systems, cloud providers, and encryption platforms that will work with your business. Office 365 and Exchange Online features multiple layers of customizable security, along with policies that are appropriate for each group of employees.

Additionally, RWA can deploy Multi-Factor Authentication to add an additional layer of protection to your online services, and we have partnered with leading Phishing Training and Simulation services to support regulatory security compliance.

Getting Ready for Enterprise Data Protection

May 5, 2022/in Blog /by The Editor

This past week, we learned of the most notable Supreme Court information leak in history. While we are going to steer clear of the political ramifications about the pending ruling, we have to ask… Could the document leak have been prevented with modern technology?

A decade ago, probably not. Today… there’s not much of an excuse.

First, security chips have been available on electronic hardware for quite some time. If you go back all the way to the Nintendo Entertainment System in 1985, it shipped with a simple lockout system. If a game didn’t have a Nintendo-produced security chip on the cartridge, the game system would get stuck in a reboot cycle. In modern times, the first version of the Trusted Platform Module standard was produced in 2009, then superseded by TPM 2.0 in 2015. With few exceptions, Windows 11 will require a TPM 2.0 chip as well as a modern CPU, and businesses will need to replace Windows 10 with Windows 11 by October 2025.

In the near term, security chips provide exciting new opportunities to secure workstations and protect them against ransomware and other attacks. Even now, we can audit service access and document activity in the cloud, including behavior of multiple system administrators. We’ve also had the ability to prevent the extraction of information from protected apps – such as medical EMRS – through the use of screenshot and screen recording applications.

Over the next few years, as vendors get more sophisticated and cloud integration progresses, we expect a future where a document authors in Word can completely secure and control who can access the content by default. They’ll be able to explicitly allow others to view or extract the content, audit access to the document, track changes, and prevent printing of hard copies.

If you’re already using the latest hardware platforms and cloud subscription services – such as Office 365, Windows Information Protection, and Azure Information Protection – you may already be able to take advantage of some of these services, and RWA can help you deploy new information policies and support your staff.

Keep in mind that your security is only as secure as your weakest link. If you have devices or servers that have fallen behind in compliance, you’ll need a plan to bring everything up-to-date. If you contact us today, RWA will help you get ready for a more secure future.