Author: CT Team

How IT Departments Can Automate to Increase Efficiency by 40%

Posted on by CT Team

Too many IT departments get bogged down in doing manual work that could be automated. The root cause? Given the workload, the IT team simply can’t get ahead of the game. The time is never there to put the required tools and processes in place, and to master the associated learning curve — which is often steep. So talented staff spends the majority of their time focusing on repetitive tasks and rote troubleshooting instead of driving the business forward.

See if any of these scenarios apply to your organization:

  • Has your company asked your IT department to do more with fewer resources?
  • Have you been forced to reduce IT headcount, but still need to perform the same work?
  • Would you like to do more with the same IT staff?

If the answer to any of the above questions is yes, then read on.

The Impact of Outsourcing IT Automation

At FIT Solutions, we have the tools, processes and resources — coupled with the experience to apply them — to automate, standardize and streamline the IT environment. The bottom line is this: IT departments can increase their efficiency by 40%.

That improvement comes from application of best-practices automation coupled with economies of scale. Consider this: FIT Solutions successfully supports approximately 7,500 client users with a staff of 25 engineers. That’s one IT person for 300 employees — a ratio that can’t be touched by even the largest organizations. This doesn’t negatively impact our level of service, however; over the last 90 days, our customer satisfaction after over 1,000 reviews averaged 98.6 out of 100!

Here are some of the tasks we take on for our clients:

  • Managing desktops, mobile devices, servers and network infrastructure using automated tools
  • Installing and maintaining automated systems for handling upgrades, managing patches and applying them
  • Implementing and configuring automated systems that alert on issues based on varying degrees of severity and criticality
  • Establishing systems for log analysis, visibility, reporting and remote access — all to speed performance analysis, fine-tuning and troubleshooting
  • Creating and standardizing documentation for addressing regulations and resolving issues

Not Just Tools — But Years of Experience Using Them

Our engineers have spent years working with a stack of best-in-class automation tools and have developed proven methods for applying them efficiently across a wide variety of IT environments. We’ve done that work so your IT staff can piggyback on that experience. Too often, IT organizations invest in similar tools, but don’t have the time to utilize them fully so the investment falls short of delivering what’s promised—or worse, becomes ‘shelfware’. We can create those efficiencies for you, and either train your staff to apply them or simply take the administrative burden off your IT department’s hands.

Does being 40% more efficient sound good to you? To learn more about how we can optimize your IT environment in a way that delivers measurable increases in efficiency, call us today at 888-339-5694 or contact us here.

Why “If It Ain’t Broke, Don’t Fix It” Doesn’t Work for IT

Posted on by CT Team

Let’s say you have network equipment that’s been in place for years and is working with minimal or no issues. Paying to maintain service and support on those items might seem like an unnecessary expense. Certainly that’s the way many businesses look at it when scrutinizing the IT budget and looking for items to cut. The logic to justify de-funding those contracts is pretty simple: “If it isn’t broke, why pay to fix it?” However, that is a risky position to take.

Late in 2019, a manufacturer of wireless access points announced that a number of security vulnerabilities — some with a “critical” rating — had been found in its products. They fixed the vulnerabilities in short order and distributed the fixes in the form of software upgrades to the affected products. Here’s the rub: businesses without active support contracts didn’t have access to the upgrades.

Why Service Contracts Are Vital for Critical Infrastructure

The access points in question are widely used in installations that call for reliable, widespread business-class wireless coverage. In other words, they’re an extremely critical element of the infrastructure for organizations that rely on Wi-Fi to run their business. With the prospect of a security vulnerability that would allow an intruder access and potentially bring the entire wireless network down, the seemingly minor risk of letting the service contracts lapse turned into a major risk overnight. All of a sudden, companies were faced with an unbudgeted expense. They either had to re-up the contracts for all of the controllers and access points, or else replace their entire wireless infrastructure.

The same scenario and risks apply to all manner of critical network infrastructure, including switches, routers, firewalls, VPNs and servers. Vulnerabilities are constantly being discovered and patched with updates. We often think of these devices as appliances or hardware, but the reality is, they have software inside that’s meant to be upgraded to improve performance, add features or address security problems. Those devices are at the heart of the network and hold the keys to keeping the business running.

Is the Gamble Worth It?

Many companies do take the risk of running without maintenance agreements on key pieces of network equipment. They have weighed the risks against the costs and reached the conclusion that the gamble is worth taking. While at FIT Solutions we don’t recommend this approach, we do respect that it is a business decision. We are more concerned with businesses that simply allow their service and support contracts to lapse as a cost-cutting measure, without fully understanding the risks and taking them into account.

At FIT Solutions, part of our service is knowing what the vendor policies are with regard to upgrades, support, and service agreements, and keeping track of whether your agreements are active. We use this information to help you understand the risks of running your critical network infrastructure without the benefit of a safety net. Want a true picture of these hidden risks? Give us a call at 888-339-5694 today.

Working Post-Pandemic: What’s Your New Business Normal?

Posted on by CT Team

We’re still in the throes of the COVID-19/coronavirus pandemic, but it’s not too soon to start looking ahead to what your future business landscape will look like. How prepared are you to get back to business under the “new normal”?

Many, many businesses made major changes in response to the outbreak. Most prominent was the shift to work-from-home models. That often involved some combination of rolling out virtual desktop infrastructure, upgrading the capacity of VPNs, moving major pieces of IT infrastructure from on-premises into the cloud, and shoring up work-from-home security to protect the business. Even businesses in sectors such as on-site retail, healthcare and manufacturing that weren’t able to move front-line workers did their best to comply with stay-at-home mandates by shifting some of the support functions.

Here’s the question: Are you ready to go back? And what will you be going back to? Back to business as usual? Back to basics, with a downscaled operation that will require a lower cost structure? And as for going “back to the office,” are you even going to go back?

The Scale of the COVID-19/Coronavirus Change

Let’s face it: We’re in the middle of the largest “work from home” experiment in history. Use of video conferencing software such as Microsoft Teams, Google Hangout Meets and Zoom shot up during March as the pandemic took hold. Metrics including total users and total minutes for these services saw growth from five to 25 times their pre-pandemic levels as businesses, schools and other organizations took their work home with them.

While the outcome of the experiment is still unknown, a survey of CFOs at large enterprises indicated that three-quarters are going to shift some positions to permanent work-from-home arrangements after it all shakes out. A few (4%) said they will turn half of their workforce into remote workers.

What about smaller businesses? Sadly, some are not going to survive multiple months of lost business. They already have shuttered or will soon shutter their doors for good. Others will be restarting the business amid what will likely be a down economy, will need to get by with less income on the balance sheet, and will have to take a very hard look at their capital expenses and operating costs.

Out of Pandemic Chaos, Comes Opportunity

A sea change like this, as disruptive as it’s been, also forces us to take a fresh look at things and ask some new questions. So why not use it as an opportunity? Consider the following:

  • Should you extend your work-from-home arrangements after the pandemic and make them permanent? If workers were equally or more productive working from home and liked the arrangement, would you profit from higher satisfaction and retention, and could you cut your real estate costs?
  • Is it time to move more of your data and applications into the cloud? If you were sitting on the fence about the cloud before, the COVID-19/coronavirus experience should have erased most of your doubts. The cloud proved it could scale, and in many ways it’s easier to secure. Moving more workloads to the cloud could slash your costs for maintaining computing infrastructure.
  • Could you get a better deal on your communications? If you’re going to support more work-from-home arrangements or rely more on cloud infrastructure, you might need higher-capacity connections. You could very likely get higher bandwidth for the same money. Or, you could slash your costs for Internet connectivity and telephone service by taking a fresh look at your connections. There are companies that are in the business of brokering to get you the best performance for the price, and it’s well worth having them investigate for you.
  • Could you get the same functionality with fewer vendors? Items like multifunction printers and networking equipment, servers, software licenses and communication contracts all sourced from multiple vendors are time-consuming to deal with, from an IT management and financial perspective. When you ‘right-size’ for the new normal, can you consolidate to fewer vendors at the same time?

At FIT Solutions, we can work as an adjunct to your IT department, putting to use our extensive experience cutting costs and improving IT efficiencies for hundreds of companies. Would you appreciate some efficiency-improving, rightsizing, cost-cutting help with your post-pandemic planning? Give us a call at 888-339-5694 or email us today.

Small Businesses: Does the CCPA Affect You?

Posted on by CT Team

The California Consumer Privacy Act (CCPA) went into effect January 1, 2020. This law deals with the right of consumers to know or even control how their personal information is used by organizations. For businesses that collect such information from consumers, this represents new burdens.

Do I Have to Comply with CCPA?

The CCPA comes with certain thresholds that may exclude some small or medium businesses from compliance requirements. What are these thresholds? You’re on the hook for compliance if you are:

  • Are a for-profit business operating in California
  • Collect personal information from consumers
  • Exceed one or more of the following:
    • Buy, receive, sell or share personal data from 50,000+ devices, consumers, or households
    • Have gross annual revenues of over $25 million
    • Sales of California residents’ personal data represents 50% or more of total annual revenue

I Don’t Meet the Thresholds, So Why Should I Worry About CCPA?

The CCPA is the most extensive privacy law ever passed in the US. Other states are taking a page from California’s book and are considering or have already passed similar legislation. Plus, the possibility of having different standards instituted across multiple states could result in the enactment of a privacy law at the federal level. So even if the CCPA does not currently affect you, it will eventually.

Looking at the legislative climate, given the CCPA and likelihood of more laws like it coming soon, it’s clear that there is an increasing recognition of the need for businesses to handle consumer data responsibly, for consumers to have the right to determine how that data can be used, and for businesses to protect consumer data against theft or loss.

What is “Reasonable Security”?

Part of the CCPA revolves around an organization’s responsibility to protect consumer data against theft or loss, like through a data breach. If a business fails to implement reasonable safety measures, resulting in a breach, they may be liable to pay penalties of $100-$750 per consumer per incident, or even higher. What would count as “easonable security” measures? The CCPA does not specify, but some legal experts refer to the state attorney general’s words in the California 2016 Data Breach Report:

“The 20 controls in the Center for Internet Security’s Critical Security Controls define a minimum level of information security that all organizations that collect or maintain personal information should meet. The failure to implement all the Controls that apply to an organization’s environment constitutes a lack of reasonable security.”

These CIS Controls are comprised of a set of 20 broad categories of action, each of which contains subcontrols in the form of specific tools and practices. These subcontrols vary based on the sensitivity of the data you’re protecting, the size of your organization, and the extent of your IT resources. Together, these controls form a defense strategy against breaches and cyberattacks.

We recommend that companies of all sizes take a look at the CIS Controls—especially if you’re at or near a threshold for CCPA compliance. At FIT Solutions, we use CIS Controls and other security frameworks, like NIST, to follow best cybersecurity practices for our clients. Contact us or call 888-339-5694 for help in strengthening your organization’s defenses.

Patch Tuesday & Hack Wednesday—Why Software Patching Is A Necessity

Posted on by CT Team

Applying software patches to fix security vulnerabilities is a key piece of system hygiene and protection against criminal computer attacks. Windows 10 is by default set up to handle this automatically. Unfortunately, for many users the prospect of having to stop the task at hand, wait for the updates to download and install, and hold off while the system restarts is too inconvenient. That leads many to delay the updates or tweak the settings so the updates can’t execute. This can be a big mistake—especially now.

The second Tuesday of every month is “Patch Tuesday”, when Microsoft rolls out the latest set of security patches to its operating systems and software. The set of patches first made available on April 14 closes many, many vulnerabilities. Every hour delayed in applying them leaves unpatched systems susceptible to attack.

A Whopper of a Patch Tuesday

This last Patch Tuesday was unusually large. It included:

  • 113 patches overall
  • 3 that close zero-day vulnerabilities/exploits for which no defense exists
  • 3 known to be actively used to infect systems “in the wild”
  • 17 deemed “critical”, which means a criminal can gain complete control over the system without any user interaction
  • 96 deemed “important”, which means that some user action is involved (with or without warning prompts)

The products impacted include the Microsoft Windows operating system itself, the Edge and Internet Explorer browsers, various Microsoft Office applications, Microsoft Office Services and Web Apps, Windows Defender, Microsoft Dynamics, Microsoft Apps for Android, and Microsoft Apps for Mac.

Why Prompt Patching is Vital

To help you quickly grasp the importance of patching, we’ll first define a few terms. The first two have specific meanings when applied to computer software security.

  • Vulnerability: A weakness or oversight in the way software is coded or structured. It allows the code to be overwritten or tampered with so that it performs some action other than what it was intended to do.
  • Exploit: Rogue software code that a criminal uses to take advantage of a vulnerability. Such an exploit could allow a criminal to gain unauthorized access to a system or gain administrator privileges. The aim is often to inject malicious software code into a running process, leading to the criminal gaining control of the system.
  • Zero-day:  A combination of a vulnerability and an exploit that either is unknown to the security community, or is so new that no defenses have been developed against it. A patch isn’t available to close the vulnerability. Security software hasn’t been updated or is unable to recognize the exploit and prevent it from being introduced into systems and executing.
  • In the wild: An exploit that’s out of the realm of being theoretical or a possibility. It’s being actively used to infect and take over systems.
  • Patch Tuesday: Microsoft’s monthly distribution of patches that close known vulnerabilities.
  • Hack Wednesday: What the security community calls the day after Patch Tuesday. When Microsoft releases the patches, criminal programmers are able to use the patches to understand the vulnerabilities. Within a day or two, the related exploits begin appearing for sale on the underground marketplaces of the “dark web”.

Put the above together, and you can see the importance of applying patches as soon as they’re available. The instant that the patches are released, criminals are racing to create the new exploits and infect as many machines as possible before the systems’ owners can get around to installing the patches.

How to Ensure Systems are Properly Patched

Assuming you’re running Windows 10, click on the Start button, then Settings, open Update & Security, then Windows Update. Here you can immediately check for updates, as well as review your settings to make sure you’re not effectively blocking the update process.

If you’re running a business with multiple machines, managing the update process to be sure that essential patches have been applied can be a time-consuming headache. As a managed service provider (MSP), here at FIT Solutions we use sophisticated tools to administer your systems and ensure your systems are up-to-date with the current patches—without inconveniencing your users. If you could use help with patch management, give us a call at 888-339-5694.

MSPs and Ransomware: Does Your Provider Practice What They Preach?

Posted on by CT Team

Managed service providers (MSPs) are coming under increased scrutiny because of a number of ransomware incidents reported on various security sites over the last 12 months. Criminals have learned that by infiltrating a single MSP, they can use the provider’s tools to infect and take hostage all of the MSP’s clients. Because the reporting of these incidents is haphazard, the number of compromised MSPs could be a handful, or it could be dozens. What is certain is that hundreds or thousands of their clients have experienced severe business disruption — or worse.

The enhanced scrutiny is justified, and as an MSP, we welcome it.  We use powerful tools to manage and monitor our clients’ networks and systems. With that comes a responsibility to ensure that our own security is equal to or greater than the level that we promote to our clients.

Healthcare MSPs in the Crosshairs

Given that many MSPs specialize in serving a certain type of business, here are a few examples drawn from healthcare organizations over last year:

  • During July, an MSP serving dental offices was infiltrated and used to spread ransomware across dozens of practices throughout Washington and Oregon. A week after the attack, the MSP realized it didn’t have the resources to restore all the impacted systems in a reasonable timeframe and advised customers to seek outside assistance with restoring their files. Two weeks after the attack, the MSP announced it was closing its doors.
  • An August attack on a Wisconsin-based MSP planted ransomware on 400 dental practices around the country. The attack encrypted not only patient files, but also emails and most worryingly, the company’s HIPAA-compliant backup system. A follow-up letter to their clients indicated that the MSP had a decryption key. Presumably, they paid the ransom.
  • In November, a Wisconsin-based MSP serving more than 100 clients, which operated nearly 2,500 nursing homes in 45 U.S. states, was hit, cutting off many of their facilities from patient records, email and telephone service. The MSP declined to pay the ransom. While it took days or weeks to restore the data, the MSP had a few factors working in their favor. One, a sharp-eyed employee spotted suspicious activity in the early morning hours during the attack and immediately alerted higher-ups within the company, who closed off the network. This limited the damage. Two, there were offsite backups.
  • In early December, a Colorado-based MSP was used to install ransomware on computers at more than 100 dental practices. The company refused to pay the ransom to unlock all of the client sites, and left the clients to restore their businesses on their own. Some negotiated separately to pay the ransom to restore their practices, while others restored from backups.

Closing the Vulnerabilities

Ultimately the criminals do their damage by gaining administrator access to the MSP’s remote monitoring and management (RMM) tool, which allows them to install and execute the ransomware infector on the clients’ systems. The following means of infiltrating and compromising administrator credentials are either explicitly known or have been implicated in one or more incidents. We also list the countermeasure; ask your MSP if these protections are in place.

Means of Gaining Administrator Access

Known vulnerability in an unpatched RMM tool or administrative console

Zero-day exploit in an RMM tool

Login credentials stored in cleartext on compromised machine

Exploiting open remote desktop protocol (RDP)

 

Phishing email

Protective Countermeasure

Program of regular, systematic and diligent patch management and application

Proactive monitoring of the MSP’s IT environment

Password vaulting solution or encryption and best-practices password policy

Disabling RDP if not needed, or application of access control lists to limit RDP sessions to known IP addresses

Email filtering solution backed with regular cybersecurity awareness training

Above All, Do This …

A single countermeasure would have stopped the vast majority of these attacks: Requiring two-factor (2FA) or multi-factor authentication (MFA) without fail, for each and every administrator connection and session, to each individual client’s IT environment. MSPs should enforce MFA to the enterprise login and ensure it encompasses VPN connections, RDP sessions, RMM sessions, internal management systems, and SaaS applications.

The other essential countermeasure is regular backups that are air-gapped or stored offsite. In far too many ransomware incidents, backups were stored online and the ransomware infector encrypted the backups as well, making them useless for restoring the client’s data. Also, in some instances the criminals first disabled the backup agents on each system, then waited for the old backups to age before executing the ransomware. So it’s important to not only have a backup system, but to monitor the backups and test for recoverability.

At FIT Solutions, we do all of the above and encourage you to ask your MSP if they do the same. We also have the advantage of our cybersecurity offering, SOCBOX, which provides us with the services of a Security Operations Center for 24-hour proactive monitoring—but we don’t stop there. We also contract with a separate third party to do regular penetration testing and evaluate our environment to ensure our defenses are solid.

If you’d like more information about MSP security, please give us a call at 888-339-5694.

Is Your MSP Proactive or Reactive? The Role of a Technology Business Plan

Posted on by CT Team

Here at FIT Solutions, we pride ourselves on the way our teams don’t just fix problems; they deliver additional business value for our clients. That means applying technology to improve operations, reduce costs, boost efficiency and productivity, and protect and enhance security. Let’s take a look at one of the primary ways we accomplish that: a regularly updated Technology Business Plan (or TBP, as we call it).

When you engage with us, we send one of our senior engineers onsite to take a holistic look at your facility and IT operations. A team of engineers assigned to you then delivers a set of recommendations. It is essentially a gap analysis between your current IT environment and prevailing best practices for an organization of your purpose, scope and size.

This is NOT a one-and-done exercise. The TBP is a living document, geared to a timeframe of up to 24 months, that is regularly updated to chart your progress. It’s a stepwise, realistic approach geared to budgetary realities and your own appetite for change and improvement. Many of the recommendations don’t cost anything.

While the recommendations are geared specifically to your organization, the TBP addresses four general areas.

Environment Enhancements

A great many IT environments have been built piecemeal over the years with a mix of workstations, Wi-Fi access points and various makes of networking hardware. We look for opportunities to consolidate and standardize, replace outdated equipment, and create common configurations that will make the entire environment easier to maintain and lower the cost of operations. We also address opportunities to cut costs and increase efficiency by switching Internet providers or swapping out telephone systems; bringing in management solutions for administering printers, computers, or mobile devices; making better use of existing software; or acquiring new solutions. Employees and staffing fall under this category as well, such as employee onboarding practices and user training.

Network Security

Many of the most valuable recommendations in this area are free, because they revolve around password-policy shortfalls such as password reuse, allowing short or weak passwords, not mandating regular changes, or instances where entire staff shares the same set of login credentials. Relatively low-cost security enhancements include cleaning out unused accounts and properly setting privileges. Additional security technologies such as multi-factor authentication, single sign-on, spam filtering and other email security measures, encryption or ransomware defense might be called for, depending on use patterns and your degree of susceptibility and exposure.

Licensing, Renewals, and Compliance

Here we address hardware and software that is reaching end-of-life or out-of-warranty, calling for replacement, refresh or upgrade as your budget allows. Legal matters such as email retention policies and your posture with respect to compliance and other regulations falls under this category as well, and might include our recommendations or referrals to third-party experts we have worked with.

Disaster Recovery and Business Continuity

This includes your backup and retention procedures and policies, and ability to restore if necessary. In addition, we consider shortfalls unique to your environment, such as whether you have remote users with critical files that need to be backed up, or whether you might be better served with a solution that enforces file storage on a network repository rather than individual workstations. We also consider your ability to work through a power outage or loss of Internet connectivity, and whether you need to have contingency solutions in place.

In this time of uncertainty and business upheaval, many are seeing a stark contrast between proactive and reactive managed service partners. Clients prefer proactivity. In our experience, clients appreciate these regularly updated technology business plans, especially if their experience with a previous IT service provider was more of a reactive, break-fix service than a proactive partner. Our clients use these reports to plan ahead, budget for essential improvements, and solve problems before they happen. Does this approach to IT services appeal to you? Give us a call at 888-339-5694.

Livin’ La Vida Zoom—Keeping In Touch with a Remote Workforce

Posted on by CT Team

During this time of COVID-19, self-isolation and social distancing, businesses and communities across the nation and the globe are dealing with a lot of turbulence. More and more organizations are turning to remote workforce solutions to continue operations.

Many of these businesses are used to being in a physical location; moving to a completely remote setup may take some adjustment. In our last post, we discussed how a Virtual Desktop Infrastructure (VDI) can allow your team to securely access corporate data from their personal devices. But the human element of your teams is just as important.

Now more than ever, company culture and structure are going to be vital for stability. Here at FIT Solutions, we made it a point to recreate our office environment as closely as possible in a virtual setting. This has allowed us to transition seamlessly into remote work. Some of the things we’re doing to maintain normal operations include:

  1. Structure & Routine
    We’ve encouraged our team to stick to their regular routine where possible—maybe filling the time they would have spent commuting with physical activity, like working out or walking the dog. Normal dress code still applies. By dressing professionally, team members are always ready to jump on a call or video meeting with a client or prospect. All remote employees are expected to have their cameras on for Zoom meetings; this helps everyone stay alert and engaged.
  2. Department Touchbase
    Each afternoon, department heads have a Zoom meeting, no more than 10-15 minutes, with all members of their team to make sure everybody’s on track.
  3. Client Communications
    Immediately after San Diego announced shelter-in-place guidelines, we began reaching out to our clients. Members of procurement and sales jumped in to help our account managers reach everyone as soon as possible. We asked how they were doing with the transition, whether they needed any help, and assured them that everything is business as usual on our end—they wouldn’t experience any gaps in service from our team!
  4. Team Motivation
    At FIT, we pride ourselves on the quality of service that we provide, and we love hearing positive feedback from our happy clients! We have a designated Microsoft Teams channel dedicated to sharing these testimonials and kudos with the whole team. It’s also a means for team members to shine a spotlight on a coworker that went above and beyond. These shout-outs keep us excited and determined to keep providing the best possible service we can.

Adjustments

While our normal structure was already well-arranged to support remote work, we did make a few adjustments, from which we’ve seen good results.

  1. All-Hands Huddle
    Every morning, we have a 15-minute all-hands meeting through Zoom. Cameras are required to be on, and virtual backgrounds are encouraged. Members of our management team take turns sharing recent wins, news, tips and positive thoughts to motivate our team to success. We center these stories around our core values to keep our company culture strong and focused. Since we began working from home, having this meeting daily (instead of weekly) helps to keep everybody on the same page and working towards the same goal.
  2. Storytime
    During our all-hands huddle, one or two employees take a few minutes to share something personal and positive—maybe their new home-office set-up, or what they’re doing to stay active or productive while shut-in, or a great experience they had with a coworker or client. We love seeing each other’s pets and kiddos!
  3. Virtual Happy Hour
    We usually do these monthly or semiweekly at the office, so it was only natural to continue this tradition on Zoom! Everybody’s welcome to dress-down and share a beer and stories from home.

Even though sometimes it feels like we’re practically living on Zoom these days, these tips are helping the FIT team to stay positive and busy! What is your business doing or trying to continue operations from home? If you need help getting your workforce set up with secure remote access, let us know; we’d love to have a conversation with you. Not sure if you’re fully equipped? Get your free assessment today or call 888-339-5694.

How to Quickly — and Securely — Enable Work-From-Home

Posted on by CT Team

In response to current events, your business may be faced with the challenge of quickly putting a work-from-home program in place for your employees. Here’s the hard part: those employees will be largely on their own, with varying degrees of technical knowledge, connecting from their own home networks and accessing corporate data and resources. You need not only to get them connected, but equip them to work productively, with ample security in place so you don’t put your organization at unnecessary risk.

Considering the Alternatives

The best-practices approach — under normal circumstances — is to distribute preconfigured corporate-owned laptops. Aside from the expense, time might be the bigger issue in our current situation as businesses everywhere are rushing to equip remote workforces. Currently, the time from order to delivery of new laptops is around 15-30 days, for some suppliers.

A tempting short-term fix is to allow employees to connect to corporate resources directly using their own personal home computers, laptops, or tablets. However, this exposes corporate assets to a wide variety of risks that are outside of your control. These risks include outdated or insufficient endpoint protection, access of confidential data by others in employee households, and rogue devices on a poorly secured home network — among other threats.

The Right Technology, Right Now: Virtual Desktop Infrastructure

Virtual Desktop Infrastructure (VDI) is a widely used remote access approach with many advantages. With VDI, employees use their personal devices to access a virtual desktop — a computer that they control remotely. They view the screen, and control it via mouse or keyboard. The approach is much less expensive than provisioning and distributing laptops, and far more secure than a direct connection. With VDI, business owners can:

  • Provision remote access for tens or hundreds of users cost-effectively with a cloud-hosted solution
  • Allow secure access by a wide range of employees’ personal devices, from home PCs to laptops and tablets to smartphones
  • Tightly control access by combining standard login credentials with multi-factor authentication (MFA) to guard against weak or compromised passwords
  • Keep corporate data off of personal or public networks — the corporate data only appears superficially onscreen, and never actually enters or is stored on the user’s personal device
  • Provide a familiar environment and business access —the virtual desktop can be configured to look and behave exactly like an office-based system, with access to all corporate applications and data stores, productivity, email and collaboration software

At FIT Solutions, we can quickly set up a VDI for your employee remote access. It is housed in our data center in a private cloud, with all essential security measures provided. We connect the virtual desktops to any applications or data you need, whether those are in another public or private cloud, or in your own data center with access protected through a secure point-to-point VPN.

Have questions? We have the answers. For more information or to get started right away, give us a call at 888-339-5694. We’re also offering a free Remote Workforce Readiness assessment, which you can find here.

Step-by-Step EHR Migration Checklist for Senior Care Facilities

Posted on by CT Team

Ownership changes are a fact of life in senior care. When a nursing home or LTPAC facility changes hands, you’re often faced with the challenge of migrating the electronic health record (EHR) system to a new platform — without sacrificing or impacting continuity of care. At FIT Solutions, we’ve supported many of these migrations. Over time, we’ve developed a roadmap and set of best practices for efficiently and successfully completing the handover to new ownership.

EHR Migration Roadmap: Planning Ahead

Preparation is key. In our experience, the more attention you pay to the first four steps here, the less likely you are to encounter unplanned obstacles downstream that could substantially delay your migration.

  1. Determine the migration type. We anticipate that as the new owner, you’ll be using an EHR system hosted in the cloud. There are so many advantages to a cloud-based system that hardly anyone hosts their instance on-premises in their own data center anymore. Here are the possible scenarios.
    • EHR to same EHR. If the outgoing and incoming owners use the same EHR system, the migration can be as simple as spinning up a new instance of the software in the cloud and copying the database over. Not all of the steps in this checklist will apply to you, but most assuredly, some of them will.
    • Paper records to EHR. In some ways, moving from paper records is more straightforward than migrating across different EHRs. You’ll need to do some scanning and have the resources to do that available to you.
    • EHR to different EHR. The majority of the time, this is the scenario you’ll be dealing with.
  2. Obtain and inspect the final letter of agreement. We can’t emphasize this enough. You need to have the sale confirmed and letter of agreement finalized several months before the migration. The letter of agreement spells out whether the pre-existing computing, network and telephony equipment comes along with the sale. It also spells out which EHR records you’ll be allowed to copy. Policies vary from seller to seller — sometimes widely. The letter of agreement dictates what information you can migrate, and how. You can’t presume anything.
  3. Assess the willingness of the outgoing owners to cooperate. Regardless of what’s in the letter of agreement, reach out and get an idea of the outgoing owner’s willingness to share information, grant access and respond to your inquiries. The entire process will go much smoother with a cooperative seller. Some limit access and support. Enlightened sellers understand that transferring ownership supports their overall strategy, and is just part of doing business.
  4. Conduct a coordinated site survey. If you can, go onsite well in advance and do a thorough walk-through and site survey. Ideally, the IT team as well as electrical and other contractors will all go at the same time to work through and plan any potential changes. Typically, there is some IT work that’s dependent on the electrical work. This includes the need to relocate electrical outlets and network drops, or add new ones to accommodate new kiosks, Wi-Fi access points or other equipment. If backup power isn’t in place, this is the right time to rectify that shortfall if budget allows, or to at least put a contingency plan in place. Verify that there’s a contract for the essential electrical work, and clarify who owns it.

EHR Migration Roadmap – Setting the Stage

Once you understand the landscape, it’s time to start preparing the environment for the new EHR.

  1. Purchase new equipment as necessary. Assuming you’ll be allowed to take over the old equipment, cloud-based EHR systems can often run on older hardware. However, the browser needs to be up to a certain standard and the hardware needs to support it.
  2. Complete the electrical and cabling work. If any electrical service and network connections need to be provisioned to accommodate relocated computers, servers or Wi-Fi access points, schedule that work so it’s complete before the IT teams start to install the new equipment.
  3. Identify effective, tech-savvy and smart superusers. You’ll need to press some staff into service for two jobs: handling data re-entry to populate the new EHR with the most essential data, and to serve as support for the other users during the transition.
  4. Complete the IT-related work. This includes installing any new hardware, and configurations of the network, network devices, phone and/or fax systems. Now is the time to make sure that essential items are in place to support the transition, such as online storage and multifunction printers/scanners. If you’re switching ISPs, arrange for the connections. If you’re retaining the former ISP, make sure the contracts and new billing arrangements are in place to ensure continuity.

Migration Roadmap – Preparing to Execute

Two to three weeks prior to going live with the new EHR, start the process of migrating records to the new system and preparing your staff. You’ll be using paper charting during this interval, to cover any gaps.

  1. Contact the EHR provider to create a new instance of the software. Assuming you’re already a customer with existing accounts for your other facilities, this is likely a simple phone call.
  2. Prepare manual/paper processes to cover contingencies. During the time records are being converted and uploaded to the new EHR, you’ll need to have paper forms in place so caregivers can document their actions.
  3. Start superusers on the data migration or export to .pdfs. This is where your letter of agreement dictates what you can do. The profile and MDS documents can usually be electronically copied. Census or basic resident information can be often be migrated by a third-party provider. However, the core of the records, including care plans, assessments, orders and ADL tasks typically need to be output as .pdfs or scanned in from paper copies, and attached to the patient records in the new EHR.
  4. Put training materials in place. During the lead-up to adoption of the new EHR, make preparations to train the staff. Stage any training modules or videos, and ensure that all employees can access them. Set up a sandboxed system with simulated patient data, giving the caregivers the opportunity to practice. Prepare your superusers to conduct webinars and other training sessions, and schedule them during the first two weeks post-live.
  5. Plan for staffing and superuser coverage. During at least the first two weeks post-cutover, make sure that one or two superusers are available to cover for each shift. Clarify which resources, whether the superusers, IT services team or EHR support, are to handle specific issues such as how-to questions, password resets, Internet or Wi-Fi issues, email issues and access to shared drives.
  6. Execute training programs. Once the new EHR is populated with the essential data, you can roll out your training programs across all care teams. Rely on your superusers to train other nurses, CNAs and aides as you take the system live.

At FIT Solutions, we’ve handled and supported dozens of EHR migrations for senior care facilities. If you have an upcoming project or are planning an acquisition, feel free to reach out to our staff of experts. Give us a call at 888-339-5694.

Get in touch.

Fill out the form and our team will get
back to you as soon as we can!


  • 888-339-5694
  • 2635 Camino Del Rio South, Suite 306
    San Diego, CA 92108