Submit a Ticket | Upcoming Events | PCS Connect | Call us (478) 971-1834

Six Tricks to Better Digital Etiquette

It’s probably safe to assume that in one day you send more emails than you speak words. If you have a regular office job, you probably use email all day, every day. Sad, but true.

But because of this, it’s important to know the dos and don’ts of proper email etiquette. You don’t want to be giving off the wrong impression, do you?

Can I send an emoticon?
This is a bizarre one. In the past, absolutely no way. Now, however, things are a little different. Emoticons add a personal touch to emails and they can also help in your efforts to be humorous. If used correctly, an emoticon can make a detached email seem friendly or help soften an otherwise harsh body of text.

Is it funny or is it just awkward?
Writing is a funny thing because one sentence can be read a million different ways. One person may interpret something completely differently than you did based on how they read it, their education level, their personal experiences and the way the wind blew ever so gently that day.

This means you should always be careful when you use humor, especially in a professional context. What you find hilarious may come off as rude and belittling to someone else.

Stay away from Caps Lock.
When you capitalize complete words or sentences, people tend to feel threatened. They automatically think, “Is he/she angry with me?” Or they think you’re too incompetent to use a computer properly. Do you not know where the caps lock button is? Either way the cookie crumbles, it’s not good.

Use spell check.
The lines are so blurred nowadays that you finish emails through text messages and end a phone call when you physically walk up to the person you’re speaking to—however, this doesn’t give you the right to use bad grammar and spell words incorrectly.
Spellcheck your email and always make sure you use complete words. In emails, do not use: cuz, k, y? or ya. Save that for your texts, and even then, only with close friends and family. Your boss or manager likely won’t be impressed with poor English skills.

Is that a novel or an email?
Let’s face it. We don’t like big globs of text (take note of what you’re reading right now). It’s intimidating. If we receive an email with a massive amount of text, we glance through it (missing important information) or save it for later (and never come back to it).

When you write an email, keep it short. Break up your information and highlight key information (bold your font or use the highlighter function). If you can’t get your point across

Can you spot the Phish?

The most damaging thing that can happen to your business is Ransomware. The number one way it gets into your business is through an email attachment. These emails are called phishing emails. Would you know if you were the subject of a phishing attack? 80% of employees will open a phishing email. These crooked companies are very sophisticated and employ social engineers to figure out how to get you to believe the phishing emails they send are legit. With over 1.5 million new phishing sites every month, and over 70% increase in attacks in 2018 over 2017.
Hackers would not be doing this, if it was not so successful.

So how do you spot a phishing attack?

  1. Sender Email Address: Always check to make sure that the email address is legitimate. Amateur hackers will send things from Gmail or Hotmail accounts and hope you don’t notice. More sophisticated hackers will closely mimic an actual email domain, like amazon-online.com rather than amazon.com. Double check the email address before responding, clicking, or opening, even if the from name appears correct.
  2. Discrepancies in Writing Format: If the attack is coming from overseas, you’re likely to notice some small issues in writing format, like writing a date as 4th April, 2018 rather than April 4, 2018. While this is subtle, it should be a red flag.
  3. Grammar Issues: We all fall victim to the occasional typo, but if you receive an email riddled with grammar and spelling mistakes, consider the source. It’s likely a hacker, especially if the email supposedly comes from a major organization.
  4.  Sender Name: This one is also difficult to track, but phishing emails will typically close with a very generic name to avoid raising suspicion. You should recognize the people that send you emails, or at the very least, clearly understand their role at the organization.
  5.  Link Destination: Before you click on any link in an email, hover over it. The destination URL should pop up. Check out the domain name of this URL. Similar to the sender email address, make sure that this address is legitimate before clicking.
  6.  Attachments: Is it realistic to expect an attachment from this sender? Rule of thumb, don’t open any attachment you don’t expect to receive, whether it’s a Zip file, PDF or otherwise. The payload for a ransomware attack often hides inside.
  7.  Email Design: A strange font like Comic Sans should immediately raise red flags if you don’t clearly recognize the sender.
  8. Links to Verify Information: Never, ever click on a link to verify information. Instead, if you think the information does need updating, go directly to the website. Type in your email and password, and update your information from the Account tab. Always go directly to the source.
  9. Odd Logo Use: Hackers try their best to mimic the site’s look and feel. Oftentimes, they get very close; but they won’t be perfect. If something feels off, it probably is.

While there is no fool-proof method for avoiding falling victim to a phishing attack, knowing how to spot likely culprits is one step in the right direction. 

Contact us if you have any questions or need help with your cybersecurity. We provide ongoing training for your emploiees, please see our next lunch and learn event here you can RSVP now.

Does your IT company provide full HIPAA Security Risk assessments and Audits?

You may not realise it but HIPAA law requires more than just Medical facilities to adhear to the HIPAA regulations.

The following are the types of company’s that are required by law to perform HIPAA audits.

  • Hospitals
  • Urgent Care Clinics
  • Dental Offices
  • Nursing Homes
  • Behavioral Health Facilities
  • Diagnostic Labs
  • Correctional Facilities
  • Pharmacies

However In addition to the above there are many other businesses that are exposed:

  • IT Service Providers
  • Shredding Companies
  •  Documents Storage Companies
  • Attorneys, Accountants
  • Collection Agencies
  • EMR companies
  • Data Centers
  • Online Backup companies
  • Cloud vendors
  • Insurance Agents
  • Revenue Cycle Management vendors
  • Contract Transcriptionists

The following are the reports we provide:

HIPAA Policies & Procedures. The Policy and Procedures are the best practices that we have formulated to comply with the technical requirements of the HIPAA Security Rule. The policies spell out what your organization will do while the procedures detail how you will do it. In the event of an audit, the first thing an auditor will inspect are the Policies and Procedures documentation. This is more than a suggested way of doing business. The Policies and Procedures have been carefully thought out and vetted, referencing specific code sections in the Security Rule and supported by the other reports we provide.

HIPAA Risk Analysis. HIPAA is a risk-based security framework and the production of a Risk Analysis is one of primary requirements of the HIPAA Security Rule's Administrative Safeguards. In fact, a Risk Analysis is the foundation for the entire security program. It identifies the locations of electronic Protected Health Information (ePHI,) vulnerabilities to the security of the data, threats that might act on the vulnerabilities, and estimates both the likelihood and the impact of a threat acting on a vulnerability. The Risk Analysis helps HIPAA Covered Entities and Business Associates identify the locations of their protected data, how the data moves within, and in and out of, the organization. It identifies what protections are in place and where there is a need for more. The Risk Analysis results in a list of items that must be remediated to ensure the security and confidentiality of ePHI. The value of a Risk Analysis cannot be overstated. Every major data breach enforcement of HIPAA, some with penalties over $1 million, have cited the absence of, or an ineffective, Risk Analysis as the underlying cause of the data breach. The Risk Analysis must be run or updated at least annually, more often if anything significant changes that could affect ePHI.

HIPAA Risk Profile. A Risk Analysis should be done no less than once a year. However, Prestige Computer Solutions has created an abbreviated version of the Risk Analysis called the HIPAA Risk Profile designed to provide interim reporting in a streamlined manner. Whether performed monthly or quarterly, the Risk Profile updates the Risk Analysis and documents progress in addressing previously identified risks, and finds new ones that may have otherwise been missed and resulted in a data breach.

HIPAA Management Plan. Based on the findings in the Risk Analysis, the organization must create a Risk Management Plan with tasks required to minimize, avoid, or respond to risks. Beyond gathering information, Prestige Computer Solutions provides a risk scoring matrix that an organization can use to prioritize risks and appropriately allocate money and resources and ensure that issues identified are issues solved. The Risk Management plan defines the strategies and tactics the organization will use to address its risks.

Evidence of HIPAA Compliance. Just performing HIPAA-compliant tasks is not enough. Audits and investigations require evidence that compliant tasks have been carried out and completed. Documentation must be kept for six years. The Evidence of Compliance includes log-in files, patch analysis, user & computer information, and other source material to support your compliance activities. When all is said and done, the proof to proper documentation is accessibility and the detail to satisfy an auditor or investigator is included in this report.

External Network Vulnerability Scan.. Detailed reports showing security holes and warnings, informational items including CVSS scores as scanned from outside the target network. External vulnerabilities could allow a malicious attacker access to the internal network.

HIPAA On-Site Survey. The On-site Survey is an extensive list of questions about physical and technical security that cannot be gathered automatically. The survey includes questions ranging from how facility doors are locked, firewall information, how faxes are managed, and whether servers are on-site, in a data center, or in the Cloud.

Disk Encryption Report. Encryption is such an effective tool used to protect data that if an encrypted device is lost then it does not have to be reported as a data breach. The Disk Encryption Report identifies each drive and volume across the network, whether it is fixed or removable, and if Encryption is active.

File Scan Report. The underlying cause identified for many data breaches is that the organization did not know that protected data was stored on a device that was lost or stolen. After a breach of 4 million patient records a hospital executive said, "Based on our policies that data should not have been on those systems." The File Scan Report identifies data files stored on computers, servers, and storage devices. This report is useful to identify local data files that may not be protected. Based on this information the risk of a breach could be avoided if the data was moved to a more secure location, or mitigated by encrypting the device to protect the data and avoid a data breach investigation.

User Identification Worksheet. The User Identification Worksheet takes the list of users gathered by the Data Collector and lets you identify whether they are an employee or vendor. Users who should have been terminated and should have had their access terminated can also be identified. This is an effective tool to determine if unauthorized users have access to protected information. It also is a good indicator of the efforts the organization goes to so terminated employees and vendors have their access quickly disabled. 

Computer Identification Worksheet. The Computer Identification Worksheet lets you identify those that store or access ePHI. This is an effective tool in developing data management strategies including secure storage and encryption.

Network Share Identification Worksheet. The Network Share Identification Worksheet takes the list of network shares  and lets you identify those that store or access ePHI. This is an effective tool in developing data management strategies including secure storage and encryption.

HIPAA Supporting Worksheets. A set of individual documents are provided to show detailed information and the raw data the backs up the Evidence of Compliance. These includes the various interviews and worksheets, as well as detailed data collections on shares and login analysis.

For more information on HIPAA and our HIPAA Services and reports please feel free to contact us 

Why you need a Managed BDR Solution

Backup Disaster Recovery (BDR) is very different from traditional backups. Managed BDR meets the needs and challenges of today’s complex computing environments.

Fast recovery is the most important part of any backup and without a truly managed BDR system you are at serious risk.

Can your business operate for days or weeks without your computers and data? Regular backups, even offsite backups, no longer solve the need for fast recovery in today’s competitive business environments.

If you are hit with Ransomware how long, can you be down while your IT restores and rebuilds your systems? With regular traditional file backup models you could be down for days or weeks, while your critical systems are rebuilt and your data is restored. With a Managed BDR solution you can be up and running in a day or less, most systems can be recovered in as little as 15 min.

Backup and Disaster Recovery (BDR) is a combination of data backup and disaster recovery solutions that work cohesively to ensure a Company’s business continuity.

Prestige Computer Solutions Managed BDR keeps your business operations running by ensuring your data is always available. AI-based technologies proactively defend data against ransomware attacks, and with near-instant recoveries, avoid operational outages, loss of productivity and costly downtime caused by infections and recovery efforts.

Call us today to see how we can help you secure your business.

So what is the difference between traditional file backups and BDR? Take a look at the quick videos below.