Mannassi IT Solutions

Blog

What's happening.

Plugging potential leaks before they spring!

Many companies automatically setup a new employee’s personal smartphone with corporate email, but when the person leaves it seems that there is frequently not as much due diligence to make sure that any corporate email or data is wiped from the device. The same goes for file share and sync programs such as DropBox; confidential data can easily ‘leak’ from a company if procedures are not put in place early to make sure all corporate data is wiped from personal systems immediately upon an employee leaving the company. 

Technology such as Mobile Device Management software can bring you that level of control: it not only remotely wipes data, but is an essential tool for tracking and managing company issued mobile and portable systems.  But this software only works if you remember to use it! This is why there should be clearly documented standard operating procedures for all exiting employees.  A company like Mannassi IT Solutions can work with your HR department to design and implement onboarding and offboarding procedures for staff, making it easier for you to keep track of who has the keys to what!

Don’t get held for ransom!

The news is currently saturated with talk of the WannaCry/WannaCrypt ransomware virus that infected systems across the globe.  So, what is ransomware?

Ransomware is a type of malicious software that blocks access to the data on your computer until a fee is paid to the attacker (hence the “ransom”). The most advanced versions of the software can lock up your entire computer until a bitcoin ransom is paid. With little warning, and almost no way around the attack, victims sometimes pay large sums of money to regain access to their data.

For healthcare and associated organizations, it is especially dangerous because a successful ransomware infection of a system that has access to, or stores electronic protected health information (ePHI) is also a major breach of HIPAA compliance.  The following excerpt from the Health and Human Services website (emphasis mine) can shed some light:

Q: Is it a HIPAA breach if ransomware infects a covered entity’s or business associate’s computer system?
A: Whether or not the presence of ransomware would be a breach under the HIPAA Rules is a fact-specific determination.  A breach under the HIPAA Rules is defined as, “…the acquisition, access, use, or disclosure of PHI in a manner not permitted under the [HIPAA Privacy Rule] which compromises the security or privacy of the PHI.”  See 45 C.F.R. 164.402.6
When electronic protected health information (ePHI) is encrypted as the result of a ransomware attack, a breach has occurred because the ePHI encrypted by the ransomware was acquired (i.e., unauthorized individuals have taken possession or control of the information), and thus is a “disclosure” not permitted under the HIPAA Privacy Rule.
Unless the covered entity or business associate can demonstrate that there is a “…low probability that the PHI has been compromised,” based on the factors set forth in the Breach Notification Rule, a breach of PHI is presumed to have occurred.  The entity must then comply with the applicable breach notification provisions, including notification to affected individuals without unreasonable delay, to the Secretary of HHS, and to the media (for breaches affecting over 500 individuals) in accordance with HIPAA breach notification requirements. See 45 C.F.R. 164.400-414.

After a 22-year-old wunderkind managed to thwart last week’s global attack by registering an embedded domain, he warned that the software only needed to be modified before it would be ready to be relaunched. Ransomware attacks are likely only going to increase, therefore proactive steps to protect your network are essential. Make sure you know what security your IT system requires to keep you from being held hostage! We can assess your network and strengthen its defenses against these types of attacks. Even if you escaped unscathed this time, don’t risk getting caught up in the next ransom!

Your Office is Where You Make it.
One of our offices is serving as a temporary moving ground zero.

One of our offices is serving as a temporary moving ground zero.

This week Mannassi IT Solutions is moving out of our location in Woodland Hills, CA.  Normally when a small company like us moves the challenge is making sure that staff can still work and the business can continue to operate smoothly. A key component to this is being able to easily access the company systems and data.  In our case the move will be seamless; our central file store is constantly replicated to a secondary location and staff can connect to it via VPN, our telephone system is in the cloud, and thus staff will all be able to work from home and still be able to get to data and receive and make calls as if they were sitting at their desks in the office. With very little brouhahawe now have a virtual office!  For us, this technology was primarily put in place to address any potential disasters and provide business continuity, but while moving is not exactly a disaster it is never an entirely pleasant process, and we’re glad to take some of the stress out of moving by being able to operate normally.

Mannassi IT Solutions has designed and built many solutions to provide companies with Disaster Recovery & Business Continuity, or to just help them move a little easier. Let us help you make your next move a breeze!

Follow us on twitter @MannassiIT for more moving updates!

You can run but you can't hide!

Microsoft is getting serious about licensing.

A few years ago Microsoft discontinued the sale of Microsoft Office as a ‘boxed product’. That means there are no more jewel cases with that yellow product key inside. We all remember having a stack of those cases on the shelf, trying our best to track which license was installed on which system (and usually failing). This normally meant you would be out of license compliance for the licenses you owned and installed.  I’m sure we all remember the days of passing around those jewel cases to get the most “bang” for our buck by installing Office on multiple computers. But along came open licensing, and life got easier. There were now just one set of media and one activation key, but still the same problem of license tracking.

Now Microsoft has moved to subscription based licensing, and the ability to manage has become infinitely easier because the cloud manages the number of installs you are allowed. However, there are still many other Microsoft operating systems and applications that are not cloud managed, and business are out in the wild using software they have not paid for. Microsoft is seeking to snuff out this unauthorized use and is on a mission to catch these companies.

To that end, Microsoft is now engaging in random licensing audits. Just like the IRS, Microsoft randomly requests information regarding the licensing of your software. In the past few months many of our clients and other business we know have been hit with these audits from Microsoft, a failure to report and comply can mean legal action, and for blatant abuses criminal proceedings with very large fines and possible jail time for executives!

If you have been hit with a Microsoft audit and don’t know how to handle it, give us a call. We can be a tech liaison between you and Microsoft, smoothing out the bumps and making sure you have all the licenses you need to keep you complaint and out of the courthouse!

Follow us on twitter @MannassiIT for more updates about tech compliance.

The Wild West of HIPAA!
LAAHU's annual conference was western themed this year, hence our wild west attire!

LAAHU's annual conference was western themed this year, hence our wild west attire!

This past week Mannassi IT Solutions was an exhibitor at the annual conference for the Los Angeles Association for Health Underwriters (link).  We were showcasing our new HIPAA risk analysis services.  Many of the brokers we spoke to were very surprised to hear about the ramifications of not having their network meet HIPAA compliance standards, as required by the Office of Civil Rights (OCR).

What we discovered was that there is very little education about HIPAA outside of major hospitals about compliance standards for what the OCR calls “Business Associates”, people or businesses that interact with information protected under HIPAA but who are not doctors or nurses. The risks business associates run but not keeping their tech HIPAA compliant is huge. A single data breach can cost millions of dollars in fines, not to mention the client trust lost. Many people also don’t realize that the OCR can audit you at any time, even if you’ve never had a data breach.

The bigger picture is that HIPAA compliance is not a “one and done” process.  The dynamic and ever-changing nature of information technology means that not having an ongoing plan to monitor your network is, as the National Law Review called it in an article last week, “a plan to fail”.  Once you’ve got your systems up to HIPAA standards you need to keep a constant eye on the network, and monitor alerts for when it falls out of compliance. From a two-person office to a major hospital, keeping tabs on your security systems is a very real need.

We’ve been working on expanding our offerings, and now provide a solution called HIPAA as a Service.

With this service, you’ll have the peace of mind that you’re under 24/7 lock and key without having to man the battlements yourself. Plus, you’re provided with everything you need to prove your compliance should the OCR decide to audit you. It really does take the headache out of HIPAA compliance!

Visit our HIPAA page to learn more about how we can help you, or drop us a line at info@mannassi.com. We have limited time offers for getting started with HIPAA as a service right away.

Follow us on twitter @MannassiIT for daily updates about tech, healthcare, & everything in between!

Greatest Hits from Channel Partners Expo 2017: What We Learned

This past week we attended Channel Partner’s 2017 Conference at the Mandalay Bay Conference center in Las Vegas. This is the second year we have attended the show and we always get some great insights. This year it was apparent that the cloud telecom economy is booming, based on the increased attendance and exhibitors.

The conference and expo covers telecommunication and cloud technology, with this year’s focus being on Software Defined Wide Area Networks (SD-WAN). This tech is set to be the new way to connect multiple office locations and organizations to their cloud infrastructure. Many of the vendors at the show are currently focusing on creating relationships with managed service providers, like Mannassi IT Solutions, to promote and sell their products to consumers. Having a managed service provider streamlines your technology needs, giving you a complete IT department at a lower cost than hiring someone in-house. It’s like having an IT guy on call just when you need them!

Other topics that came up included moving some or all a company’s IT infrastructure over to the Cloud. Cloud adoption has been in the news recently, with companies large and small making the switch to save space, money, and effort. Imagine being able to house everything you need without taking up any space!

Chat with us about the cloud on twitter, @MannassitIT.

What's my Password Again?

We’ve all been there, ready to login and get to work on a server only to realize you don’t know the password. The only reset relief is in the brain of your IT guy, who just happened to pick this moment to go on a Bora Bora vacation. You’re stuck.

Documentation of a network is critical to business operations and disaster recovery. I’m sure you can imagine the headache and cost of having to rebuild all or some of your network after a major outage without comprehensive documentation. It’s true what they say, you can’t go home again and you’ll never be able to rebuild a network exactly the way it was before.

A centralized network documentation system is a live-saver. You have all the information you need in one place, easy for you to access without having to call every member of your IT department. A centralized system also makes things easier when you need to branch out and have IT consultants perform work for you; they can see all the moving parts understand your system’s unique architecture so they won’t step on any land mines while working. Be the master of your own IT domain!

So, where do you start with a centralized documentation system? Coming soon in 2017 from Mannassi IT Solutions is Documentation as a Service. Providing you with a secure, encrypted, cloud based repository for all your documentation, passwords, and diagrams. Never get locked out again!

Follow us on twitter, @mannassiIT for the latest news and updates, including when DaaS is launched!

3 Tips to Make Sure Your Security is Up to Snuff.

Cybersecurity is all over the news at the moment: every day there seems to be a new security breach or ransomware attack. So how can you make sure you’re protected from the bad guys? Here are three tips to keeping your security strong.

It’s a marathon, not a sprint. Security is an ongoing process. You need constant monitoring and adjustments just to stay ahead of the game. Hackers are constantly changing their methods to match updates in technology and you’ve got to be ready to adapt ahead of the curve and make sure your security steps stay current.

It’s like an onion, layered. There’s no “one size fits all” approach. Start with a business or enterprise class firewall with intrusion prevention enabled and build from there to anti-virus and anti-malware endpoint protection software.

Watch for the enemy within. A lot of security breaches come from the inside, so no firewall or anti-virus software is going to protect you. Manage your passwords effectively with company-wide best practices for complexity, length, and duration. Don’t forget to cancel access for employees who have left your company! Former staff with unfettered access is one of the most common security gaps.

Your security mantra should be making security a way of life, not just a footnote. Staying on top of your security needs can save you a big headache in the long-term. Security as a service is a great option for the not-so-security-savvy among us. Letting a pro take the wheel can save you time, money, and let you get back to business.

Drop us a line to hear more about our security as a service options. And make sure to follow us on twitter @MannassiIT for updates on the world of cybersecurity.  

What is U.C.a.a.S. & How Can it Help You?

In the world of business the telephone system has always been the one element that just has to work. That digital PBX box on the wall in a closet humming away doing its thing day in and day out is no longer up to snuff. Savvy business owners need more than just a device that an answer and make calls. They also need something that streamlines their communications and resists failure.

This is where a cloud hosted telephone system (AKA Unified Communications as a Service or UCaaS) comes in. UCaaS first rose to prominence in 2014 on the coattails of the Cloud Computing movement. Providers were able to deliver a solution that was affordable, easy to setup, and came with many more features than the traditional PBX setup. Most importantly, UCaaS reduces businesses exposure to outages by having no single point of failure.

Instead of paying a per minute fee, UCaaS saves money by charging only a monthly user fee of around $20-$30 after the initial startup cost of an IP phone. With very little hassle small and mid-sized businesses can have a phone system that rivals the big guys, and enterprise businesses can have a communication solution with a lower total cost of ownership and easier scalability.

Are you following us on twitter? Stay tuned here and at @MannassiIT for more info about implementing UCaaS with Mannassi IT Solutions.