It’s common to see companies showing confidence in their security systems. Their networks are protected from external threats, which can often lead to a false sense of being secure. With this attitude, they may stop thinking about security and fail to establish internal measures within their networks, and this is a grave mistake.

In recent years the majority of security threats and compromises have come from within the company. A common threat to companies is the logic bomb - malware that targets IT systems and deletes data. As a logic bomb is introduced from within the network, the blame often lies with a disgruntled employee with full access to internal systems.

Insider threats Giving employees full access to the network when they don’t need it is a common mistake often made by companies. There’s little need for an employee who does graphic design to have access to weekly sales records. This practice could set your company up for a considerable security problem in the future.

Dawn Cappelli, an insider-threat expert at the Carnegie Mellon Software Engineering Institute stressed, "These types of insider attacks happen to businesses of all sizes, from small companies to very large corporations." This is an important issue businesses should be aware of if they want to remain secure.

Take Precautions Security threats can be a particularly harsh nightmare for small businesses, as many don’t have an IT department or staff with the technical expertise needed to maintain a secure network. If you’re one of these organizations, it’s a good idea to hire an outside consultant to help you with your network security. With consultants, it’s important that you maintain close contact with them to ensure any issues that crop up are dealt with expeditiously.

If you don’t work with an external company there are a few things you should do when you have an employee leave the company. First, their accounts should be deleted immediately and their access privileges should also be revoked. Second, if you have accounts with shared passwords, you should change them to ensure an ex-employee can’t gain access to the system.

If you’d like to learn more about internal security, and measures you can take to ensure you are safe, we are ready to help you. Please contact us.

If the past 10 years has taught us anything, it’s that many managers are woefully underprepared for disasters of any kind. We’re resilient though, and will always find a way to survive. One of the keys to a business’s survival during times of hardship is the Business Continuity Plan (BCP). A vast majority of organizations have one and believe it to be effective, but is it?

Here are six key non-IT functions and processes that need to be in place to ensure your company is ready to effectively execute your BCP.

Easy to use plans Many continuity plans have been developed mainly for the IT department, as such, they can be a little complicated to understand and follow if employees don’t have a technical background. You should aim to have a plan that’s easy to follow and can be understood by all employees.

Communicate plans Remember that your plan encompasses all facets of your organization. It’s crucial that every employee knows their role and the relevant actions to take when the plan is executed. To do this, you need to ensure that all employees have access to a copy of the plan and any changes or updates are clearly communicated.

Test plans Beyond communication, it’s important to conduct regular tests, with every quarter being sufficient. The tests should be as real as possible and span all departments within the organization. This will ensure that employees are aware of how they, and the systems, will react under duress. It’ll be beneficial to your business if the first time the employees execute the plan isn’t during an emergency.

Short term and long term plans Your BCP should consist of both long term and short term elements that can be easily adapted to meet changing business environments and the emergence of new threats. You should aim for an even mix of short and long term solutions that cover as wide a variety of situations as possible.

Ensure buy-in from all levels If you’re in the process of instituting a BCP you should ensure that the whole organization is onboard with the plan. If an employee is unsure about the validity of a part of the plan, take the time to find out why and ask for suggestions. An uninformed or uncooperative employee could be the difference between survival and failure in a disaster situation.

Update and Review After every test, staff turnover and technological update, you should review the plans and make changes if necessary. Essentially, if anything in the company changes, review and update the plan. Remember: just because you have an effective plan this month, doesn’t mean it’ll be so in the future.

Continuity plans are only as strong as the weakest link. In an emergency, the last thing you want is an employee following the wrong process or be unsure of what they should be doing. If this happens, you could see an exponential growth in recovery time and costs. We’re ready to tell you more, so please contact us if you would like to talk continuity planning.

Smartphones are one of the tools that have been instrumental in blurring the lines between our personal and professional lives. While we’re at home, we access our work email and while we’re at work, we’re checking our personal email, all on the same device. As such, we tend to have a large amount of confidential information on our phones and should be taking steps to secure them.

Whether you have an Android, iPhone or Windows Phone 7, here are two tips to keep your smartphone secure:

Lock your screen If you have data or information on your phone you would like to keep secure, the first thing you should do is lock your screen. Most smartphone users lock their phone with a 4 digit number combination, but it’s recommended you use a password for higher security.

• On Android. To establish a password on your device go to Settings and select Security. Press Screen lock. On Ice Cream Sandwich, you have six options for security, with the least secure at the top and most secure at the bottom. Many users select Pattern or Password. Enter the password twice and press Confirm.
• On iPhone. Select the Settings app followed by General. From there select Passcode Lock and turn it on. You’ll be asked to set your passcode and confirm it.
• On Windows Phone. To set a passcode go to the home screen of your device. Open Settings from your Application list and select Lock & Wallpaper. Press Password, enter your password and then press Done.

It’s recommended that you set a password that’s unique. Don’t use your birthday, address or phone number. At the same time, you have to make it easy to remember. If you’re having trouble coming up with a password, this video by Mozilla is a big help.

Enable remote wipe While passwords and other security codes will go a long way in preventing others from accessing your phone, it often isn’t enough. The next step in device security is to set up the ability to remotely wipe your device.

• On Android. At this time there is no native remote wipe option on your phone. You’ll have to download an app from the Play store. The apps work by using a push service - you “push” the commands to your phone from another source i.e., a website. When you install the app, you’ll have to register your phone and access it from a website.
• On iPhone. The iPhone has remote wipe capabilities which can be accessed through iCloud. On your device select Settings, iCloud and turn on Find my iPhone. If you lose your phone log into iCloud and select Find my iPhone. From there you’ll be able to remotely wipe your device.
• On Windows Phone. If you lose your phone you can remotely wipe it by going to the Windows Phone website, logging in and selecting My Phone. From there you’ll be able to wipe your phone.

Even if you don’t have confidential information on your phone, it’s a good idea to, at the very least, set a solid passcode on your phone. Adding the ability to remotely wipe your phone will ensure the information won’t be viewed by other people. If you’d like other ways to keep your mobile phone secure, please contact us.

As a follow up to our post defining the acronyms and terms commonly used in ERP and CRM software implementations, we’ll continue with some technical and cloud terms. When in doubt, ask your vendor to clarify the terms they are using. In their excitement to show you the latest advancements, vendors sometimes forget that not everyone lives and breathes technology.

Technical Terms You Should Understand

SQL. Structured Query Language, commonly pronounced “sequel”, is a relational database system whose primary function is to store and retrieve data as requested by other software applications.

Workflow. A sequence of connected procedural steps that are automated through the ERP or CRM system. For example, a workflow for purchase requests could automatically route POs over a defined value to a supervisor for approval before processing.

Customization. Programming that adds functionality to an ERP or CRM system to meet unique needs of an organization. ERP systems are written to offer functionality that most companies need and don’t include industry-specific functionality. Customizations can automate processes that companies need to fulfill an industry or process specific requirement.

Integration. The connection between two systems that allows for the flow of data from one system to another, or reciprocally between the systems. For example, a company’s storefront website is usually integrated to the ERP so that inventory availability is updated on the website, and transactions completed on the website flow back to the ERP.

Cloud Terms Explained

Cloud Computing. In terms of ERP and CRM, cloud computing means that users access the software through the Internet or via a remote connection.

Hosting. The ERP or CRM software application is housed and managed by a cloud services provider. Application support includes installation, upgrades and user configurations. Application licenses can be owned or rented (subscription).

SaaS, Software as a Service. The software publisher delivers the application via the Internet to users on a subscription basis.

Hybrid. Hosting services built to suit unique business needs. For example, a company owns their servers but houses them in a secure hosting facility, and receives operating system and application support from the hosting provider.

Private Cloud. Infrastructure supporting the cloud delivery of applications that is dedicated completely to one customer.

Public Cloud. Infrastructure supporting the cloud delivery of applications, that is shared or “multi-tenant”, serving a variety of businesses, individuals or groups.

With an understanding of the basics, you’ll be able to ask your solution provider better questions. We are ready to tell you more. Let’s talk about what ERP or CRM could mean for your business.

The mountain lion is often seen as a formidable cat, it’s highly adaptive and found in almost every major ecosystem in North and South America. These traits are what Apple is going for with its next version of OS X, Mountain Lion. With a scheduled release a few months from now, there are a number of features that will give small businesses the opportunity to roar.

Here are four features of Mountain Lion that small business employees will find useful:

Enhanced communication and social media If you use OS X to access and monitor your social media accounts you’ll be interested to know that you’ll have the ability to post directly to Twitter from various apps. If you use iChat, it will be renamed: Messages. With it, you’ll be able to send messages, pictures and videos to other iChat/Messages users, regardless of the device. This could be a beneficial external and internal collaboration tool due to the growing amount of Apple users.

AirPlay mirroring If you or someone in your company gives a lot of presentations, Macs running Mountain Lion will have the ability to wirelessly broadcast whatever is being shown on the screen. To share your screen with an HDTV or Projector, you’ll need to have an Apple TV box. It works by streaming content to the TV box which is connected via an HDMI cord to the TV or projector.

Gatekeeper Security is top-of-mind for companies these days, and Gatekeeper is an extra level that businesses can implement. Its purpose is to restrict the apps that can be downloaded and installed on your computer. While many businesses should have measures like this in place, this app can act as another layer to ensure an even more secure organization.

iCloud Possibly the biggest trend in small business computing is the integration of cloud storage. Apple’s cloud storage service, iCloud, will play a prominent role in Mountain Lion, especially for businesses. With this feature, employees will be able to access data stored in the cloud using Apple’s different devices. Any changes made to documents stored in the cloud will be automatically updated in realtime, without the user having to save and update.

Mountain Lion is shaping up to be one of the best versions of OS X to date. There are numerous features that users will find appealing, and many businesses are eager for the retail release. A word of warning though, while a version of Mountain Lion is available to download, it’s an unfinished product and as such, we recommend that you hold off from installing it onto your business’s computers. If you’d like to prepare your systems for the OS, please contact us.

Android versions have some pretty delicious sounding names. The newest version of the OS, codenamed Ice Cream Sandwich, has some tasty features that many users are now able to enjoy. These sweet new additions and improvements have definitely made the OS easier to use and more appealing to the multitude of discerning users.

Here are some great tips and tricks to help you get the most out of Ice Cream Sandwich:

• Settings. There’s a quick and easy way to access settings. Simply swipe down from the top of your screen and the Notifications menu will open. Press the blue icon (sliders) beside the date to access your settings.
• Uninstall apps. This used to be one of the more complicated actions of Android, but with 4.0, it’s easy. On the home screen press the Apps icon (white circle with 6 squares) and find the app you would like to uninstall. Press and hold the app, drag it up to Uninstall which will be in the top left of the screen and let go.
• Swipe away. A neat feature of 4.0 is that you can swipe away apps and messages in some locations. If you have lots of notifications, open the Notifications menu and swipe the message to the right to dismiss it. You can also do the same with recent programs (double rectangles in the bottom right of your screen) and browser tabs.
• Disable app icons. When you download and install programs from Google Play, a shortcut will be automatically placed on your home screen. You can turn this off by opening Google Play and selecting the icon with three vertical grey squares followed by Settings. Tap Auto-add widgets and app shortcuts won’t be added to your home screen after they’re installed.
• Send text response when you can’t answer. If you’re in a meeting and can’t answer a call, simply drag the call selector button up to be given a number of text responses you can send to the caller.
• Quick browser control. You can streamline the browser controls in the stock Android browser. Open the browser and select the three grey squares in the top right of the screen and tap Settings. Select Labs followed by Quick Controls. You’ll notice that your URL bar and tabs are gone. To see them, press and hold anywhere on the right side of your screen to bring up a selection wheel.

Ice Cream Sandwich is by far the best version of OS and offers users some great features. If you’d like to learn more about Ice Cream Sandwich, or other Android products please let us know. We’re happy to help.

The key to patient-centered care - a concept that continues to evolve - is the relationship between physician and patient. Finding the balance between patient engagement and information technology, however, can be challenging.

IT has benefited healthcare practices in many ways. For example, it allows patients to service themselves when it comes to transactional exchanges, such as scheduling appointments and reviewing bills.

There are fears, however, that IT can also create distance between the practitioner and patient, reducing face-to-face contact. Here are three tips to ensure that doesn’t happen:

1. Accept that patient-centered IT initiatives help the physician. Small practices need to adopt the same features as their competitors, including large practices as well as low-cost primary care providers such as CVS and Walgreens.

2. Determine your needs. Patient-centered IT practices vary. Some practices use patient portals to optimize patient input. Others use email, text, video and mobile apps to create an impact across a broader spectrum of their patients' health. You’ll need to find what works best for your patient. Younger patients, for example, might prefer text messaging; older patients might prefer email.

3. Reconsider your reimbursement model. IT advancements have patients emailing, text messaging and video conferencing their doctors without payment. That puts pressure on the physician to do more for less. This is a problem with your business model, not your IT. You can't offer services that eradicate half of your service visits or you'll bankrupt your practice.

For details, please see “Five Keys to IT and the Physician-Patient Relationship.”

The role of the Electronic Medical Record (EMR) is shifting: now, any support for next-generation business models, such as patient-centered care is key. As more electronic medical records (EMRs) come onto the market,it’s becoming difficult to choose one that will remain usable well into the future.

Tomorrow’s EMRs will need to be interoperable, scalable, easy to maintain, and offer a user-friendly interface and potential for mobile computing.

One EMR, gloEMR from gloStream, can meet these requirements. Below are some of the characteristics EMRs will likely need to have to truly be successful in the years to come - characteristics gloEMR has.

Interoperability. Microsoft Office has been around for decades, and every year Microsoft spends billions of dollars on Office-related research and development. gloEMR is the only EMR with Microsoft Office built right in, which makes the sharing of data simple.

Scalability. It doesn’t matter how small or large your practice is: gloEMR’s Microsoft technology makes it easy to create practice-specific templates for routine encounters, without expensive programming.

Maintainability. Microsoft technology is used worldwide and all IT professionals are familiar with it. gloEMR’s use of this technology reduces implementation time as well as ongoing maintenance.

Friendliness. gloEMR offers a user-friendly dashboard, so one click is all it takes to find, view and work with the most critical patient information. Through the dashboard, doctors can track patient location from admission to discharge, access and share daily schedules and calendars, order labs, refill prescriptions and more. It’s completely intuitive.

If you’re worried that you’ll be stranded by an EMR provider that isn’t in the business for the long haul, choose an EMR provider that protects your investment, such as gloStream.

There’s no doubt in the value of using social media to build your brand. But opinions differ in the use of social media by employees. It seems that companies are polarized in the issue, but are being slowly awakened to the fact that allowing employees to access social media at work has great benefits. Do you allow employees to access social media in your office?

There are four distinct advantages to allowing social media:

• Increased productivity. There have been a number of studies that have found that judicious use of social media in the workplace will actually increase productivity. A study conducted by the University of Melbourne found that employees with access to social media are 9% more productive than those without.
• Increased buy-in. Employees like to feel trusted and empowered. If they don’t you can expect to experience higher turnover and lower morale. A good way to gain trust is to allow employees to use social media in the workplace. If an employee feels like they are trusted, they’ll be more likely to stay with the company.
• Recruiting. Small businesses have started to use social media for recruitment, but limit efforts to one account. If you have 10 employees in your organization, each with a social media account with 100 friends, you have the potential to reach 1,000 people. This is achievable if employees are allowed to access social media at work and are encouraged to share posts.
• Identification of business opportunities. Through the use of social media, employees in charge of sales and business development can source new clients and build fruitful relationships.

There are many advantages to allowing access to social networks at the office. If you‘re hesitant to completely open the social media floodgates, try doing so in short periods, like the final three hours of the working day.

No matter what you decide, allowing access to social media is a good practice for your business. If you would like to learn more about social media and how you can leverage it in your business, we are happy to talk with you.

Every industry has their jargon. Acronyms can be confusing, and common terms can take on entirely different meanings when you venture outside your field. When it comes to evaluating ERP or CRM software, you’ll be well equipped with the following primer.

Start with the basics

ERP. Enterprise Resource Planning is a software system that manages the transactions and flow of data between all the business functions in an organization, including: financial management, human resources, manufacturing, supply chain management and project accounting.

CRM. Customer Relationship Management is a software system that manages the flow of data for a business’s sales, marketing and customer service functions.

XRM. A term used to describe the functionality of CRM to manage more than customer activity. XRM can be used to manage the flow of data for any definable entity. For example, XRM could be used to track and schedule the use of company equipment.

LOB. Line of Business applications are software systems that deliver functionality for a specific industry business requirement. LOB applications are often integrated with the ERP system, for example: an engineering firm uses a computer aided drawing application to calculate material requirements, which are then integrated into ERP for costing.

BI. Business Intelligence is the reporting of data from the ERP, CRM and LOB applications in a form that is useful to business decisions makers. BI applications can include dashboards and reports as well as charting and analysis tools.

Add-on Products. Most ERP applications manage the high level functionality that most organizations need, and depend on an ecosystem of development partners (see ISVs below) to create applications that manage special requirements. For example, an ISV might develop a warehouse management system specifically built for the beverage industry.

Service Providers

VAR. Value Added Resellers are professional service companies that specialize in the installation, configuration and training services supporting the implementation of ERP, LOB and CRM systems.

ISV. Independent Software Vendors are application development companies that create software to address specific industry or niche market requirements.

SI. System Integrators are professional services companies that help businesses integrate all of the systems in their organizations for a more holistic approach. SIs often have the capability to create custom applications that will integrate into enterprise ERP systems.

Partner. Includes VARs, ISVs, SIs and other service organizations that support a software vendor’s products. For example, Microsoft partners are members of the Microsoft Partner Network (MPN). The MPN program provides training and certification to their network of 640,000 partners.

MSP. Managed Service Providers are professional service companies that provide outsourced management of technical services for organizations. For example, an MSP may remotely manage a company’s in-house computer servers.

Next week, we’ll define common technical terms, including the latest “cloud” jargon.  If you would like a deeper understanding of any of these terms, give us a call. Let’s talk about what ERP or CRM could mean for your business.