Team Onboarding—Best Security Practices for Senior Care Facilities

It’s a common adage in cybersecurity: humans are the weakest link in your defenses. Hackers still do manage to infiltrate networks directly, but more commonly, their preferred route of access is through your people. No matter how fortified your firewall or effective your antivirus, anyone could click on a link and fall for a phishing scheme or be fooled into sharing a password. The risks compound if you regularly take on new employees. Every system they can access also represents a potential entry point for a criminal. You not only need to be able to give employees access when they join, but more importantly, shut down all their access when they leave.

Here are a few suggestions to help you close down those security holes.

Automated Onboarding — and Offboarding

An account left open is an open opportunity. Terminated employees have used their unterminated access to steal information or otherwise take revenge. Successful crimes have also been committed when criminals exploit a still-open account after an employee has moved on. Once a criminal has a foothold, they can either use access to one system as a beachhead for escalating privileges or move laterally across systems to gain access to higher-value information. So each and every account with access to EHR, human resources, nutrition, directory services, accounting and other key systems leaves the others vulnerable. When an employee leaves, there’s no reason to leave those accounts active, but it’s easy to overlook one or two—and it happens all too often.

Solutions are available that automate the steps of onboarding. These make the process essentially self-service for the new hire and easier for everyone involved, including human resources and IT staff. Once configured correctly, with a single login the user can either automatically be given access to all the systems the role requires, or receive instructions on setting up new accounts or passwords. On the back end, any manual steps that system administrators need to take are flagged for action as part of a standard workflow. Most importantly, the chain of access and granting various system privileges is completely reversible. That is, when the employee leaves, the system cycles through a series of actions that remove the privileges of all accounts for that individual – and the security holes they represent.

These automation solutions take multiple forms. Sometimes they’re part of a Human Resources Information System (HRIS). This type of software automates the process for HR (payroll, benefits and similar functions) as well as IT. Software that handles only the IT onboarding piece is more commonly referred to as Identity Access Management (IAM) or Single Sign-On, among other terms. There’s considerable feature overlap among these categories of software. Make sure that any you are considering can automate onboarding to the specific systems you use.

User Education Services

Weak passwords, passwords shared across multiple accounts, a tendency to fall for social engineering ruses and ignorance of basic information security are all human-based vulnerabilities. Employee-education services have become an essential part of security. Enroll each new hire in these programs as an integral part of the onboarding process.

  • Cybersecurity Awareness Training. This type of training instructs employees on how to spot phishing scams as well as good password hygiene and other precautions and security measures. Training can be self-paced online, via webinar or in-person seminars. Which option you choose depends on the third-party provider’s offering and what’s practical for your organization.
  • Phishing Testing. This service sends simulated phishing emails on a regular basis, using the same social engineering tricks used by criminals. If an employee takes the bait, the service provider follows up and requires the employee to take further training. The IT or security department receives regular reports on how well the employees are doing overall, as well as an audit trail on which employees have completed the training.

One other service to consider is dark web monitoring, which crawls illegal online marketplaces looking for stolen login credentials for sale. If they find any credentials of your employees, you’ll receive an alert so you can delete the account or change the password to something stronger and more secure.

At FIT Solutions, we have partner relationships with many service providers who are the best in the business at what they do. We can assist you with selection, setup and ongoing best practices to support all of your new hires and also to close down access for former employees. If you would like to know more, give us a call at 888-339-5694.

Changing Your IT Services Provider: 5 Tips for a Smoother Switch

Let’s face it: You probably rely on your IT services provider a lot. And if there’s a substantial amount of knowledge locked up with your provider, it feels easier to stay the course — even if you know you’re outgrowing their ability to deliver the support and services you need.

With a little pre-planning, you can switch providers with confidence that you won’t lose access to critical systems and suffer the lack of business continuity that comes with it. There’s no reason to let fear of the unknown keep you from making a transition that you know will be better in the long run for the growth and prosperity of your business.

Why Switch?

A reluctance to make a change is understandable, but also unfortunate because there are many legitimate reasons for making a switch. You might feel that you’ve outgrown your current provider, or are frustrated because the level of responsiveness or quality of IT support isn’t what it could be. But in our experience, the #1 reason for switching IT providers is that the provider failed to provide proactive consulting and business planning. A true IT services partner shouldn’t just be content to keep your systems running—they should endeavor to use IT to grow your business, and make it more efficient and profitable.

Transition Tips

Preparing to switch IT providers involves taking a thorough inventory of your IT environment to make sure that the switch won’t leave you without access to systems that are critical for business operations. Especially if you’ve been with the current provider for a while, key pieces of information or infrastructure might be in their hands rather than yours, and that’s a problem. Here are five areas to check:

  1. Administrative control. Look at network equipment, servers, and applications — whether on-premises or in the cloud — and make sure you have the current logins and passwords. Verify you have the right credentials by logging in, and ensure that those accounts give you full administrative control.
  2. Ownership of equipment. Are your data and applications on servers that are leased or owned by the outgoing provider? Similarly, who owns the firewalls, switches and other networking equipment? If you don’t have ownership of the infrastructure and licenses, you’ll need to anticipate the costs of a buyout or transfer, or of purchasing new equipment.
  3. Internet service provider, telephony and other connectivity. Are the service contracts with you, or the outgoing IT provider? Don’t overlook the registration of your domain name and control of the DNS records.
  4. Software licenses. Who holds the software licenses for Office 365 and any line of business applications your team uses?
  5. Continuity planning. Before you pull the switch, consider plans for how you’ll keep your business running through the change. The incoming provider can help, but changing IT providers is more complex than simply turning over the keys to someone new. You’ll need a well-thought-out project plan—especially if the change involves moving to new applications or other infrastructure changes.

Avoiding Lock-In

It’s an unfortunate fact of life in our industry that service providers sometimes put themselves in a position where they own infrastructure or licenses, or keep administrative credentials to themselves. The more dependent you are on them, the easier it is for them to hold onto your business even after you’ve outgrown their service. But if you’re thinking about changing providers now, or can see a need to change at some point in the not-so-distant future, it’s time to start making sure you have the keys to your own kingdom.

At FIT Solutions, we share the administrative logins and full network documentation with our customers, using a third-party service to ensure full transparency. We also have a thorough and documented onboarding process to ensure the change goes smoothly. If you’ve outgrown your current IT provider, we’d love to start a conversation. Call us at 888-339-5694.

Get in touch.

Fill out the form and our team will get
back to you as soon as we can!