Compliance Alphabet Soup

Compliance Alphabet Soup

No matter what industry you’re in, compliance acronyms are abundant, filling your days with both confusion and regulation. We call it the compliance alphabet soup. It’s time to make a little bit more sense of all those acronyms and what they likely mean for your business. 

GDPR (General Data Protection Regulation): While this regulation only applies to the European Union and information leaving the EU, we are seeing its effects state-side because it requires businesses that interact with EU citizens to comply, regardless of location. The goal of GDPR is to create greater data privacy and protect from breaches. If there is even the slightest likelihood that someone from the EU will be visiting your site or interacting with you online, make sure that you comply with GDPR regulations. We’ll cover GDPR in greater detail in our next blog.  

HIPAA (Health Insurance Portability and Accountability Act of 1996): While this law has been on the books since 1996, many medical practices are still not HIPAA compliant and believe that they are too small to be touched. Even if you aren’t directly in the medical industry, pay attention! Beyond the practices themselves, any organization that works with a medical practice has responsibility in HIPAA compliance through associate agreements. These agreements particularly apply to IT companies, law practices, accounting firms, and others that might have access to patient data in any way. Bottom line, all patient data must be protected, encrypted, and safe. You also need to have a specific HIPAA-compliance plan, breach response plans, and data recovery methodology. HIPAA has gained notoriety with larger scale medical breaches in recent years, in addition to larger fines levied for HIPAA breaches. The largest fine currently on record is $16 million. Small companies are also being hit with violations costing about $1.5 million apiece.     

HITECH (Health Information Technology and Clinical Health Act): HITECH entered the picture in 2009 and brought teeth to HIPAA violations. This regulation specifically covers the electronic transmission of health information. In its best form, it’s meant to improve patient care through better doctor coordination, better sharing of information, and strong data security of electronic health records. In practice, all those privacy forms that you sign whenever you go to the doctor really do have an important purpose.  

I-9 (Employment Eligibility Verification): This is the form that new hires must fill out within three days of employment to verify that they are eligible to work within the US. While this piece of paper may get lost among the sea of new hire paperwork, it should never be overlooked. Even if you’ve been correctly employing the I-9 form for years, you may want to go back and check for form updates. Some updates will have no impact; but to be truly in compliance, you’ll sometimes need to go back and have every employee update their I-9 information and verification documents.  

PCI DSS (Payment Card Industry Data Security Standard): Do you collect credit card information within your business? Any payment data collected and stored must be PCI compliant. To ensure compliance: 

  • Employ strong security standards, like firewalls, anti-virus protection, and regular updates that protect your network as a whole 

  • Encrypt all credit card information transmitted across open networks 

  • Maintain strong data access controls to ensure that rogue people don’t gain access to your information   

These are just a few of the compliance acronyms you may encounter in your daily work. Don’t get lost in the compliance alphabet soup. A quality IT firm can help you comply with the vast majority of these and will be able to put a clear plan of action in place to increase your cybersecurity footprint.  

To Renew or Not Renew, That Is the Question

To Renew or Not Renew, That Is the Question

You’re prepared, at least mentally, to begin your migration to Windows 10 because you’ve read What Does Windows End of Life Mean to My Business? and Getting Ahead of Windows End of Life. Is your hardware ready, though? How you handle your IT (on your own, as needed support, or with a fully managed agreement) will change how you will have to deal with your transition.  The following items should help you decide how to prepare your hardware for the Windows 10 migration.  

 

Do It Yourself 

If you own all of your own equipment and deal with IT issues in house, then you will want to get started on migrating your devices now. The good news is that Windows 10 is highly compatible with just about every PC out there. If you run into trouble, it’s likely a vendor incompatibility issue, not Microsoft, itself, so you’ll want to contact them directly. When you have that handled, upgrading from 7 to 10 is as simple as running the ISO file from Microsoft.com, from a USB, or DVD. The bad news is that it will take significant time migrating every PC in your business. You’ll also need to deal with a backlog of Microsoft customer service support if you happen to run into any issues.  Remember that almost 70% of the world’s computers are still running Windows 7. It’s almost guaranteed that others will run into issues and need support, as well.  

 

MSP 

If you are with a managed service provider, you should be just fine. In fact, you likely already have a plan in place from your most recent business review. Over the course of the next few months, your IT company will ensure software compatibility with all of your line of business applications and contact any necessary vendors and schedule a time with you to come out and run the update once their sure everything will go smoothly. Now, would also be a good time to consider any hardware upgrades that you’ve been needing. All new PCs will automatically come with Windows 10, alleviating any upgrade issues now or in the next three years or so. The best part of it, you have to do nothing. No downtime for your business, no extra IT work for you, and no worries. 

 

If you’re on a full managed services agreement, the upgrade is more than likely covered and any hardware needs will be handled on a new monthly payment plan (HaaS agreement). If you’re on a partial agreement or break/fix model, you’ll likely be billed for the time required to complete the upgrade. Either way, your IT company will have you completely in hand. Just remember that your service provider will soon be booked solid assisting other clients with this transition. It’s important to schedule now so you’re not left waiting.  

 

Time to Get a Contract? 

If you’re reading this blog as someone that had planned to do this upgrade on your own but have now decided that you don’t have the time or desire to do so? It’s time to contact Winsor Consulting. We’ll make sure that you’re taken care of through Windows 7 end of life and well beyond.

Getting Ahead of Windows End of Life

Getting Ahead of Windows End of Life

With Windows 7 end of life quickly approaching, it’s time to start thinking about what needs to be done to prepare. Technically, regular Windows 7 support has been dead since 2015, however, the extended support period is over January 2020, which means no more updates or security patches. What should you be aware of for EOL? Get ready, you may have some work to do.     

Many are concerned that their PCs will stop working. That is not the case. Your Windows software will work, but its security will depreciate rather quickly, which could put your PC in danger of cyber-attacks and viruses. Back in 2014, Microsoft ended support for Windows XP. It affected 40% of computers worldwide. Now, years later, it is estimated that about 7% of computers are still using Windows XP. These computers are the ones hackers like to target because of the security holes caused by lack of regular patching.   

Currently, about 70% of businesses worldwide use Windows 7, so it's highly likely that you need to take action before Windows 7 retires. The more systems you have on Windows 7, the sooner you need to prepare. Here‘s a quick action plan:   

  

  • Determine how many systems need an upgrade.  Simply take a count of all the systems running Windows 7 or, if you still have some, Windows XP. If systems are on Windows 7, and the hardware is up to par, you likely will be able to do a simple license upgrade.    

  • Assess your hardware. Windows 10 will not work on all hardware systems. You may need an upgrade. Contact your IT provider to help you determine if your hardware has the right specs. Easiest way to tell? If your hardware came out in the last three years or so, you’re probably in the clear. We recommend upgrading your hardware about every three to four years to avoid any compatibility issues.    

  • Create a timeline and budget. You don’t have to make all these changes all at once. You could plan them out up to and including January 2020, but we recommend getting started sooner rather than later. Again, your IT provider will be able to help determine your best path forward.   

  • Create contingency plans. Unfortunately, not all line of business applications will immediately jump to operation on Windows 10, particularly if you’re utilizing an older version of the software, or if your software provider has gone out of business or moved to their own end of life cycle. Sometimes this is inevitable, but you need to be able to quarantine these vulnerable systems from the rest of your network as much as possible or take the time to plan your upgrade now. A quality IT company will be able to help you make the decision, as well as set up a test environment so that you know your contingency plans are working long before you need them.  

  • Training Your Staff. While the transition from Windows 7 to Windows 10 is not the monumental shift past software updates have been, the new system does take a bit of getting used to. Plan time to work with your staff one-on-one or in a group so that you don’t end up with them wasting time tinkering or trying to figure out why their favorite button isn’t where it used to be. Your IT provider should be able to provide this user-based training for Windows 10, as well as the majority of software you utilize on a daily basis.   

    

Keep in mind that Windows 10 end of life takes place in January of 2025; so, while planning, ensure your devices can make the switch again in a few years, or that you’re budgeting for another upgrade. Also, document your processes during the shift. This could make life so much easier down the road. Most of all though, act. You don’t want to be stuck without security patches or an up-to-date operating system. It's like hackers can smell your outdated system and will gladly break-in. Protect yourself and your business and begin planning sooner than later.