Update to Windows 10 20H2
First – if you are running a Windows 7 operating system or older, get that updated immediately. But that is not the topic this month. Even if your computer is running Windows 10, there are multiple Windows 10 versions. Several of these versions are at the end of service. According the Microsoft website (https://support.microsoft.com/en-us/topic/some-versions-of-windows-10-display-a-notification-to-install-the-latest-version-57f35816-2e6f-1718-4a1e-529aa5cc53de) “This means that devices running these operating systems no longer receive the monthly security and quality updates that contain protection from the latest security threats.” What this means for your office is that it is important for you to ensure that your computer is running Windows 10, version 20H2.
How can you check this?
Go to your Start Menu (red) and click on Settings (orange)
You will notice that there is a notification to update to Windows 10, version 20H2. Click Download and install (red) to update to Windows 10, version 20H2. If you do not have this notification, you can click on View update history (orange) to confirm the version Windows that you currently have installed.
You will notice in this example, the computer is running Windows 10, version 1909 (red) and will need to be updated.
Get cell phones off your office WiFi
Cell phones are great. It has everything you can want at your fingertips. Scroll through Facebook, then check your emails, maybe open maps to see the restaurants in the area. There are a wide variety of apps on your phone. What is consistent about all of these applications is that we do not know to the extent that they are gathering data or what security they have enabled. In short, cellphones are a huge security risk. Unless you need a cellphone to be connected to the office WiFi for work purposes, cellphones and other personal devices should not be on the office network. Instead, set up a guest network for your cell phone and your employees cell phones. This is the network that you can share the password with your patients if you want to.
Understand your backups
This item sounds simple. There are two types of backups – cloud and local. If you have a cloud backup for all your software, this may not apply to your office. We are focusing on the local backup. For it to be considered a local backup, the data must be backed up to another device and then disconnected from the computer or server. Another computer/server connected to your network cannot be considered a backup because if your network gets attacked, that device is also at risk of being attacked. A backup is only useful if it can be used to restore the data in the case that the original is no longer usable. Consequently, if you are using an external hard drive, flash drive or other device to backup your data, yet the device remains plugged into the computer/server, this also cannot be considered a backup.
At TLD Systems, we work with your office to track the backups for each software. We identify if there are any potential risks in your current backup policy and provide recommendations on how to improve your backup policy while minimizing impact to your office.
For more information on how we can help your office be HIPAA Compliant, call (631) 403 6687 or email firstname.lastname@example.org