DKBinnovative is on the move!

Exciting things are happening at DKBinnovative, and we have important news to share!

As part of our commitment to deliver World Class Service to our customers, we have made significant investments in our people and infrastructure over the past few years. We are proud to announce that, due to our remarkable growth, we are relocating to new office space so we can continue to provide the best service possible.

Beginning 06/26/2017 we will be headquartered at our new office in Frisco. We could not be more thrilled about our new space. The new office offers more square footage, and more importantly it allows for a productive layout that will enhance collaboration, create synergy, and ultimately help us to provide the best customer experience possible.

Our new address is 1701 Legacy Dr., Suite 1450, Frisco TX 75034. Our phone number and dedicated service will remain the same.

 

DKBinnovative Accends List of 2017 World’s Top 501 Managed Services Providers (MSPs)


Exciting news to share!  MSPmentor 501 has named DKBinnovative in its List of World’s Top 501 Managed Service Providers for 2017.

 

The MSPmentor 501 ranking is the IT channel’s largest and most comprehensive list of leading Managed Service Provider (MSP) organizations worldwide.

 

The 2017 MSP 501 list and survey hinges on a revised methodology that assigns different weights to revenues by source. The methodology relies on an algorithm that evaluates company strength based on revenue contributions from various business activities.

 

The companies on the 2017 MSP 501 list reported a combined total of $14.52 billion in revenue (based on 2016 results), up 15% from the previous year. In an effort to encourage honest and robust participation, MSPmentor does not disclose specific annual revenue information (i.e., revenue dollars).

 

“With the accelerated pace of business, including security, cloud and revenue-enhancing strategies, DKBinnovative technology services drive customer productivity and competitiveness in today’s challenging marketplace.” said Keith Barthold, CEO, DKBinnovative.  “It is our mission to provide outstanding service that is personal and custom-tailored to each client’s specific needs.  We thank MSPmentor for this recognition.”

 

DKBinnovative Award-winning Growth
To achieve its worldwide leadership status in the MSP industry, DKBinnovative, has generated consistent double-digit growth since its founding in 2004. The company’s focus on IT services for healthcare, oil & gas and professional service firms mirrors a trend in the industry to concentrate on niche markets.

About DKBinnovative

DKBinnovative is a leading IT services company providing consultancy, technology and managed services. We successfully help companies reduce operational costs, improve efficiency and enhance control by enabling people, technology and applications to integrate more effectively. Our team of trained, certified IT experts deliver technology, security, cloud, mobile solutions, 24×7 outsourced network management, remote monitoring and support. Increasing client productivity, data security and profitability. Serving clients ranging from Healthcare to Oil & Gas and Professional Services firms.

An Open Letter to Our Clients

Dear DKB Clients: Remember getting ransomware this weekend?

Of course you don’t because it never happened! DKBinnovative has your back.

This past Friday, malware known as WannaCry spread over 100 countries wreaking havoc for thousands of networks, namely shutting down much of the UK’s healthcare system. It was declared the largest ransomware infection to-date until stopped on Saturday by a ‘kill switch’ discovered in its code—however, new variants have already been reported making ‘round 2’ of the outbreak ready for attack. You can read a brief on what Ransomware is on our blog here, but concisely, it is a type of malware that encrypts data, requiring a payment to decrypt and unlock the data. The WannaCry or Wcry strain is particularly harmful because it spreads virally exploiting a known vulnerability in Microsoft Windows, unlike most ransomware which is caused by accidental download through website or email.

So why were you not impacted by this attack?
1) We patch your systems weekly so you already have the preventive patches in place for current, Microsoft-supported operating systems;
2) Webroot AV/Malware protection updates in real-time and we confirmed Friday that your systems were fully updated. More here on the protection provided by Webroot;
3) DKB uses Cisco OpenDNS ransomware protection as an added layer of protection to prevent ransomware downloads and execution;
4) Our team worked diligently all weekend to force patching all assets with the newest updates, even for Microsoft unsupported OS’s like XP and Server 2003. We did this to be extra sure our clients aren’t impacted.

Are you safe? Are there any other actions required?
Cybersecurity and the war against ransomware is a daily battle we are fighting on your behalf with a team of professionals backed by the best tools and processes to keep your systems safe and your teams productive. As updates or changes in defenses are required, DKB will respond accordingly just like we have for this threat. The steps taken above for wCry put our clients at very low risk for this particular ransomware but we need help with two items:

1) If prompted to reboot your machine because of patches applied, please do so without delay. Laptops that were powered down this weekend will receive forced patches on Monday morning and will request a reboot after applied.

2) Most security experts agree that the overwhelming majority of security breaches and infections are caused by human error with most infections spreading by email. While your company email is filtered for infections, malicious links and attachments do on occasion get through and there is little protection against personal email (Yahoo, Hotmail, etc.). When in doubt, delete. DKB is now deploying cybersecurity training that will be launched to all of our clients in coming months, so be on the lookout for this ongoing web-based training.

And lastly, Happy Mother’s day to all you mothers out there and the rest of us born to a mother (includes most of us). We’ve got your back like Mom has always had mine!

Keith Barthold
CEO | Fractional IT Officer – Productivity Enhancer – Profitability Accelerator
www.dkbinnovative.com
469.277.1961 (direct) | 1-888-DKBI-TECH (888-352-4832) | www.linkedin.com/in/keithbarthold

SOCIAL MEDIA AND HIPAA COMPLIANCE

Let’s face it, social media is part of every business today.  Healthcare providers using social media face thousands of dollars in HIPAA penalties and fees if there is a breach of protected information.  Do you have a clear policy and procedure for your team? Here are basic best practices to consider.

 

Create a policy document for the type of information that will be allowed for every social platform you use. 

Everything shared on the internet is eternal and every social media platform has their own privacy and usage policies for images uploaded to their systems. Whether you are sharing happy patient pictures and their stories of well being on your own website or on Twitter, Facebook etc, remember they can be downloaded and used by anyone on the internet. Be careful not to disclose any personal information on your clients that identify thieves could use to obtain additional information. Your policy and procedure should include having a form authorizing use of images and information for marketing purposes and the retention of the authorization reviewed by your legal counsel. Don’t forget to have your employees sign as well.

 

Protect social media access

Ensure your employees authorized to access and manage social media accounts are training on HIPAA policies.  If you have a third party manage social media, verify they understand the importance of HIPAA rules. Anyone with access to social media accounts should also follow best practices for login credentials and passwords to protect against unauthorized access.

 

Monitor your social media accounts and have an incident response plan

To limit the impact of unauthorized content that is not compliant with your social media policy you must monitor your account frequently.  Social media managers can mistakenly post a personal message on a business account instead of their personal one, or you could be hacked or have the wrong image uploaded. Mistakes happen as we are only human. Be sure you have an incident response plan for each social media platform that includes information and process on how to verify ownership of the account, remove content or disable the account when needed.  Make sure you have up-to-date contact information for management and social media manager(s).

 

Template policies and procedures

The Office of Civil Rights (OCR) fines providers for using sample policies that they do not follow. It may be necessary to create custom policies and procedures and document that your staff is complying with these policies.

 

Risk Mitigation and actions you can take

Conduct a full annual risk analysis that assesses systems and provides both HIPAA Security Compliance and Threat Analysis. Document compliance activities and implementation of policies. Utilize custom HIPAA security policies based on your organization and avoid generic templates. Breaches can happen often so stay on top of compliance all year around.

Hesitant to Use Apple Pay? It May Soon Be the New Debit Card | NBC 5 Dallas-Fort Worth

Apple Pay is simple to use and works with the devices you use every day. Easily pay with your debit cards and credit cards with just a touch. And because your card details are never shared by Apple when you use Apple Pay, making payments with your iPhone, Apple Watch, iPad, and Mac is the safer, more private way to pay.  So why have consumers been hesitant to use Apple Pay?

What will be the tipping point when credit cards finally disappear and mobile phone payments become your only form of payment? Take a few minutes and listen to CEO Keith Barthold share with NBC5 Dallas-Fort Worth about the benefits, concerns and potential of Apple Pay.

Spying On Cell Phones

High-tech surveillance tools that fit in a briefcase and mimic real cell phone towers to fool nearby mobile phones is one of the resources law enforcement, military and yes – hackers use. These devices called “Stingrays”  do everything from pick up calls and texts to jamming cell service or identifying the exact location of cell phones.  As long as your phone is on, you can be tracked.

Here is an interview CEO, Keith Barthhold, conducted with WHBC News Talk 1489 in Canton, Ohio.  Give it a quick listen. Let us know if you have concerns or questions on how to protect your information on mobile devices.

 

 

Selecting Your Next Healthcare IT Partner

In 2016, the top five reasons for outsourcing IT were enhanced security, proactive approach to technology, maximizing operations, access to newer technologies and cost savings. As a healthcare provider, finding a technology service provider with Healthcare experience is also vital for you.

 

Per Omnibus federal law, your technology provider must not only sign a Business Associate Agreement (BAA) but must have an in-house HIPAA compliance program similar to you the Covered Entity.  They should protect your PHI and maintain HIPAA, HITECH and HB300 compliance for your organization be bonded with an E&O, general liability, and cyber policy that covers ePHI data breach.

Not just any IT service provider will do. Here are questions to help you evaluate whether your current provider or outsourcing provider is the right prescription for you:

 

What customized support programs will be offered?

Is service customized based on your business requirements, not the “Silver, Gold, Platinum” one size fits all package.  You want the “right” package, not anything less than their very best.

 

How would they create a Disaster Recovery or Business Continuity plan for you? 

Disaster Recovery and Business Continuity Planning are a key part of technology management– they should be able to describe their process to identify your unique needs.

 

How will they keep you informed?

Do they send you automated reports or will they have someone meet with you on a regular basis? Do they have a well-planned process around identifying & communicating risks?

 

How will you and your provider measure success? Response time and absence of downtime should not be the only factors.  Is there quantified success criteria tied to productivity?

 

How is their team structured?

World class IT can’t have proactive and reactive support people in the same roles.  A firefighter that practices prevention will always be consumed with putting out fires. Your provider should be staffed with 50-80% proactive roles dedicated to preventing problems.

 

What is their process to ensure your network is compliant with industry accepted best practices.

This should be a documented process that is completed on a regular basis, not just a reactive series of site visits.

 

How frequently will an inventory of technology assets be reviewed, updated, and what is the process to maintain documentation?

It’s important that they can articulate processes and systems built around capturing and maintaining documentation. Is it always current and readily available? Is there a repeatable process in place to manage risks?

 

Choosing a provider with strong business acumen is key to security, operations, savings and ability to resource new technologies. Choosing a technology partner that understands your business is a vital prescription to success.

 

At DKBInnovative, we love what we do. We would be happy to visit with you to learn more about your business and help evaluate if outsourcing is beneficial for you. Call us at (469) 828-2468.

Why You Need Identity Management and Governance

This New Year we have been inundated with warnings from experts and journalists that 2017 will bring an increase of DDoS, IoT and Ransomware attacks that will far exceed 2016’s record.  A New York Times report last year noted 83 million JP Morgan Chase customers had their credentials stolen when hackers were able to steal information after obtaining the credentials of a JP Morgan employee with privileged access to servers containing customer data. The scale of these attacks is monumental if the stolen identity data is used to fuel future privacy invasions.

 

To mitigate risk companies need identity and access management. It must become an integral part of every company, big and small alike. A strong rules platform will increase employee productivity while improving security. Identity Management is an essential part of ensuring that employees are both empowered to deliver value and prevented from damaging the business’s reputation, security, or bottom line. Check out these top 10 reasons to ensure identity and governance:

 

Top 10 Identity and Governance Objectives

  1. Improve decision making and business goals
  2. Automate and streamline processes
  3. Standardize
  4. Reduce cost
  5. Identify and mitigate risk
  6. Increase enterprise value
  7. Meet internal and external requirements
  8. Empower management and staff
  9. Ensure Security, Privacy and Compliance
  10. Maintain identity data integrity

 

The growth of cloud computing and a mobile workforce can make management very complex. Pressure is on for information quickly. The desires for on-demand access are real security issues that keep IT managers up at night. Facing attacks on critical applications both inside and outside, companies must make sure that access is tightly regulated and controlled.

 

“Quite often we see silos exist with each department customizing access to best suit their departmental business goals. The corporate IT requirements have gone unenforced and they end up with a puzzle of patchwork that leads to lost productivity, and potential security breaches.”  Keith Barthold, CEO DKBInnovative

 

Challenges and Solutions 

Remote workforces, distributed applications, Bring Your Own Devices (BYOD), password problems and regulatory compliance are all concerns. Without a seamless way to access applications, users struggle with password management and IT is faced with rising support costs from frustrated users.

 

One solution is to implement a holistic Identity Automated Management solution to help administrators consolidate, control, and simplify access privileges, whether the critical applications are hosted in traditional data centers, private clouds, public clouds, or a hybrid combination of all these spaces.

 

Without a centralized system, staff must provision access manually. The longer it takes for a user to gain access, the less productive that user will be. On the flip side, failing to revoke the access rights of employees who have left the company or transferred to a different department can have serious security consequences. Manual provisioning and de-provisioning access is labor-intensive and prone to human error. Mistakes can be costly and for large companies, it is not a sustainable way to manage user identities and access.

 

Bring your own device (BYOD)—there really is no choice in today’s times. Employees, contractors, partners, and guest are bringing in personal devices and connecting to the corporate network for professional and personal reasons. The challenge with BYOD is whether companies can react quickly enough to protect business assets—without disrupting employee productivity and while offering freedom of choice. Almost every company has some sort of BYOD policy that allows users to access secure resources from their own devices. Accessing internal and SaaS applications on a mobile device can be more difficult than from a networked laptop or desktop workstation.

 

Technology shifts such as the Internet of Things requires deploying solutions that scale to meet the large demand of devices looking to tax the corporate network. Companies must develop a strategy that makes it quick, easy, and secure to grant—or revoke—access based on corporate guidelines and regulatory compliance.

 

Sarbanes-Oxley regulations is another key driver for corporate governance with much of the onus to provide data falling on the IT department. Ensuring processes such as access privileges, tracking management approvals for expanded access, and documenting who has accessed what data and when can go a long way to easing the burden of compliance and ensuring a smooth audit process.

 

In conclusion, the benefits of deploying identity management and governance solutions are clear. Cost and complexity can impact even the most well-intentioned organization, however, when you consider the cost of a potential security breach or the inefficiencies to manual provisioning and de-provisioning of access, the decision is quite clear.

 

DKBInnovative assist companies with defining and effectively communicating why identity governance is critical for the organization. We understand governance benefits and can see the big picture as well as the evolving identity risk landscape. We help implement an identity governance framework which helps meet our client’s established objectives. 

Call us at (469) 828-2468 to learn more about DKBInnovative, our processes and procedures for mitigating risk while enabling our client’s technology to support and enable growth.

 

How hackers can steal your identity when using public WiFi

The Internet is an increasingly hostile environment.  DKBInnovative’s extensive background both as an integrator and consumer of wireless technology makes it possible to offer expert consulting support for a broad range of wireless applications. Our expert “ethical” hacker Randy Haba recently partnered with NBC 5 Responds to show just how easy a Hacker can steal your identity when using public WiFi.  Whether on your laptop, smart phone or tablet, be smart. Here are a few safety tips to keep in mind:

  • When a free WiFi connections is requesting account information for access, like facebook or credit card info, this should be a red flag. It could be a fake, man-in-the-middle type attack like we demonstrated on your news clip with NBC 5. Don’t enter that account info!

 

  • Use free WiFi alternatives, like tethering to a phone.

 

  • Use different passwords for your accounts – social media, email, amazon, bank, and credit card logins should all have different passwords so a single compromised password doesn’t result in major identity theft or worse.

 

  • Don’t use public WiFi to view or transmit any sensitive information (ie. checking bank and credit card statements, and shopping online should be avoided).

 

  • If you do need to purchase WiFi (like on a plane) use a credit card instead of a debit card. In the case of credit card theft, it’s better to untangle fraudulent credit charges than dealing with an empty bank account and bill due.

Please share with your family, friends and colleagues. If you need help creating a wireless security strategy that fits within the security plan for your entire business, please Contact DKBInnovative at (469) 828-2468.

 

 

Life happens. Do you have a Disaster Recovery Plan?

 

 bartlett-fam img_4053 p-gainesville-pd-house-fire_1481684766406_2438948_ver1-0_640_360

Please offer your prayers for Officer Keith D. Bartlett, Lorretta Bartlett, and their five children. Their home in Era, TX caught fire the evening of 12/12/16 and was completely lost.  Contents–including Christmas gifts, clothes, appliances, furniture, and sadly their dog Chico—are gone.

Have you set up a Disaster Recovery Plan for your business? Life happens. This week I was sadly reminded of the importance of having a plan. In the blink of an eye tragedy can strike and everything can be lost. It’s easy to put these plans in place for our clients. They love the peace of mind. But I know for every company that is properly prepared, there are another 10 who aren’t. Family plans are equally important.

Last week the Bartlett Family of North Texas lost their home in a devastating fire. While my heart sank, knowing this family has 5 kids and a long journey ahead, I knew my team at DKBInnovative could help in this crisis. I immediately set up a GoFundMe account to rally support, and within 48 hours we had raised over $34,000 online, not to mention donations collected by the church and police department working together. 

Residential fires are devastating both literally and emotionally. Greater than the loss of shelter and safety are the irreplaceable items that represent your family memories, like photo albums, furniture, art, books and documents. Our team of experts is working to salvage as many documents and photos as possible from the family’s damaged hard drive. We are blessed to be able to do what we can to take a little burden from Officer Bartlett’s family in their time of need this holiday season. 

As a business owner I believe giving is good for our community, our employees and our hearts. We care. We work hard to be great business neighbors and to provide great service for our clients, and every now and then, to a great family like the Bartletts. If you too would like to contribute to the Bartlett family, please donate here.

The American Red Cross has a great checklist for picking up the pieces after a fire. Click here to download your own copy. Taking time to plan for disaster should be on your security checklist. If your business needs a disaster recovery plan, our team at DKB is ready to help.

Is your company doing something to make a difference this December? We would love to hear your stories.

Keith