Category Archives: News

If you didn’t think you needed email encryption before think again

Email Encryption Solutions

Secured Email

If you didn’t think you needed email encryption before, think again.  This article, “Feds start picking HIPAA audit targets”, appeared in LifeHealthPRO on March 22nd.   In the article the author notes the next round of audits will review privacy and data security practices at the offices of insurance agents, brokers, and other covered entities. Don’ t be caught unprepared, My Help Desk Agent has partnered with Identillect to provide you with a simple/affordable email security solution to remain HIPAA compliant and we can have you set up in minutes.

 

Identillect built its solutions specifically for companies and individuals like you. They focused on making a product that provides scalable security in a package that is easy for you and more importantly your customers to use. Through My Help Desk Agent’s partnership agreement, we are able to provide this at a discounted rate for your organization.

 

Contact us today to learn more: David.Gray@myhelpdeskagent.com or check out our website.

 

It is so simple why take a risk?

Keeping your online transactions secured

My-Help-Desk-AgentTechnology Tip:
from David Gray,
My Help Desk Agent

 

Keeping your online transactions secured

What is the number one worry with purchasing products or services online? When it comes to online purchases most people’s biggest fear is that someone might steal or intercept their credit card information while making that $40.00 or $50.00 purchase online. This in fact could cause hours and hours of research or phone calls to your Bank, Mortgage company, power company and any other company that you have your credit card listed on auto-pay. By using a pre-paid Visa or MasterCard you are putting a layer of security in between You and the online hacker. So you have a prepaid visa card, your bank is connected only one way to that card and that card has no way of grabbing anything from your bank. You want to make a purchase online for $100.00, you transfer $120.00 from your bank to your prepaid card. The transaction goes through and now you have $20.00 in your prepaid account. Joe Hacker was able to intercept your transaction and now the max he could get is $20.00 and no worries about calling Banks, Mortgage companies and so on. If you feel or hear of a threat online or TV you purchase a new $10.00 prepaid card and reload it with the money needed for your next online purchase.
Thanks,
My Help Desk Agent
www.myhelpdeskagent.com
615-988-1156
David Gray

Do you think CRM is needed and why| Insurance Agent CRM

At what point should a Sales agent look to get a CRM (Customer Relationship Manager) tool for their business?

Do you think CRM is needed and why?

My HELP DESK AGENT-CRM

A CRM is basically a contact manager that lets you keep track of any and all information you have about a person or business.

Information is the key to any sale.  If you’re calling a lead that you talked to a year or so ago, you should have notes about that call.  You should know about preexisting conditions, dependents, long-term goals, and anything else that this person might have told you during that conversation.

Imagine how much easier customer service is if you can instantly look up a client’s contact records and see a full report of everything you known about them.

I meet a shocking number of salespeople that just keep all their contacts in a Notebook, Outlook or in an Excel spreadsheet.  If you do something like that, you should seriously consider upgrading your technology.  It is probably the single easiest and most important change you can make to improve your effectiveness as a sales person.

www.myhelpdeskagent.com
615-988-1156 Opt 4

 

Mobile Workforce do’s and don’ts

Security Solutions for the Mobile Workforce

Young adult using a smart phone

We live in an increasingly wireless world. Many laptops nowadays don’t even have an Ethernet port. Working remotely—whether that’s from home, a client site, or even a hotel room across the country—is now a fact of life for many businesses. But it’s important to remember that you can’t forget about security just because your users aren’t on-site. Small businesses can still be held liable for data breaches as the result of a lost laptop, and attackers can intercept sensitive data being transmitted across wireless network. Businesses need to ensure their information-security strategy extends beyond the office so that their data and network remain safe.

Protect Your Endpoint

What happens if an employee’s laptop gets misplaced or stolen? Sensitive data such as employee records or client information can potentially be exposed. Because of that, make sure all computers issued to these employees have full disk encryption. It’s easier than it used to be, since modern operating systems now ship with built-in encryption programs. BitLocker is available for Windows users and FileVault 2 was first introduced in Mac OS X Lion.

If the employee is using his or her own computer for work, ask the employee to encrypt the drive. Disk encryption makes it extremely difficult for attackers to retrieve data from machines. It’s the first line of defense and should not be ignored. If USB sticks are popular in your workplace, encourage everyone to use encrypted drives. Make sure everyone has one—at the minimum—so that sensitive data is always copied onto secure devices. Since we are already talking about laptops, go ahead and set up a password to lock down the BIOS as well. It’s great you have the Windows accounts locked down so that thieves can’t log in, and encryption means they can’t read the saved data, but what about the BIOS? A password-protected BIOS means the attacker cannot just boot off a USB stick or CD and muck around your hard drive. Set the hard disk first on the boot order list in the BIOS, and then set a password for the BIOS. That means a thief cannot try to use USB or CD to boot up, and cannot get into the BIOS to change it.

Just because the employee isn’t in the office doesn’t mean he or she should be exempt from regular software updates and patching. Set up all devices to automatically download and install patches as they become available. Require employees to connect to the corporate network on a regular basis so that updates can be pushed to their machines. Considering how many devastating attacks have targeted unpatched security flaws (not the latest zero-day, but rather old bugs from years ago), it’s important to make sure all software packages are updated regularly. Have the latest security software, Web browser, and operating system installed. Turn on the firewall on your operating system, too.

Consider whether your employees really need administrator access. A lot of attacks nowadays take advantage of the fact that users have full privileges over the machine. Create user-level accounts for employees and restrict what they can or cannot do. That way, if they are infected with malware, that rogue program is also restricted in what it can do on the machine. Rethink whether employees should be able to install software without IT knowing about it. Only trusted IT staff should have full access over the endpoint.

Look into setting up a Virtual Private Network server to ensure employees are connecting back to work systems over a trusted connection. VPN doesn’t have to be super-difficult or onerous. Some routers can support a handful of VPN connections, and Windows offers a built-in client. If you don’t need a full-blown VPN setup, protect your users with a VPN service. It’s the best way to make sure eavesdroppers don’t intercept sensitive data when employees connect to public networks.

Protect the smartphone, too, along with all the emails, documents, and contracts that might be vulnerable on it. Make sure all devices have a lock—not just a screen swipe, but an actual passcode or pattern. And if you have the option to, use something stronger than a 4-digit PIN. iPhone users should be encouraged to use the fingerprint sensor. These measures make it harder for thieves to snoop around the device. Many devices can also be configured to wipe all the data after a set number of incorrect attempts to unlock the screen. Make sure there is a way to remote wipe mobile devices if they ever get lost. That could be accomplished through a business-wide mobile device management platform, or asking users to turn on the relevant setting on their mobile device’s operating system.

Training Employees

Yes, passwords aren’t perfect, but they’re what we’ve got right now so we need to work with the system. Educate employees to make sure they are using strong passwords on all accounts, hardware, and services. Provide single sign-on where possible, and look into two-factor authentication where it makes sense. If you have a Google Apps account for example, it makes sense to turn on two-factor authentication, especially if you have a lot of employees who log in remotely. And make sure all user passwords are changed frequently. If single sign-on isn’t a possibility and using strong passwords and changing them frequently sounds difficult (it is), consider using a password manager.

Extend the password education to password hints so that users learn why they shouldn’t use real information. Instead of putting in the model of your first car or mother’s maiden name—which could potentially be mined from social-networking sites and other sources of information—users should be encouraged to lie and put in a fake answer that they alone would know.

Teach employees the warning signs of phishing, so that at least some are stopped and trashed. The goal isn’t necessarily to make it so that employees would identify every phishing email, but you can make employees question whether some messages are real or not. Emphasize that phishing can first target personal online accounts, before piggy-backing onto corporate information. IT shouldn’t be relying on users to stop 100 percent of all phishing attacks, but if users get in the habit of reporting suspicious messages, that can help block some attacks.

Create policies and explain why users can’t do certain things. If you are worried about users uploading sensitive files to cloud services, use Web filtering to restrict access to Google Drive, Dropbox link and commerce, etc. If you do wind up doing that, make sure your users are educated about why the policy exists, and more importantly, set up approved processes for file-sharing and collaboration. Don’t just shut down employees from doing certain things—give them alternatives so that they aren’t tempted to sneak around.

Secure Everything Else

As more and more people take advantage of modern technology to work outside the office, the pressure is on the SMB to make sure their employees are protected, the data is secure, and that servers and systems aren’t vulnerable to attacks. Regularly back up data on all remote machines. Stay vigilant and keep an eye on what mobile workers are doing. Security isn’t just something for within the four walls. Make sure your end users don’t inadvertently download and install malware which can travel through your network.

Just because you are a small business doesn’t mean your data and employees aren’t at risk. Consider where the danger points are, and take advantage of built-in tools when you can. Even taking small steps is better security than not doing anything at all.